summaryrefslogtreecommitdiff
path: root/manifests/manage.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/manage.pp')
-rw-r--r--manifests/manage.pp174
1 files changed, 174 insertions, 0 deletions
diff --git a/manifests/manage.pp b/manifests/manage.pp
new file mode 100644
index 0000000..240ca2f
--- /dev/null
+++ b/manifests/manage.pp
@@ -0,0 +1,174 @@
+#
+# User module based on git://git.puppet.immerda.ch/module-user.git
+#
+# Password hash can be generated with mkpasswd provided by whois
+# debian package: mkpasswd -m sha-256, see crypt(3) for details
+# on supported hashes.
+#
+define user::manage(
+ $password,
+ $ensure = present,
+ $uid = 'absent',
+ $gid = 'uid',
+ $groups = [],
+ $managehome = true,
+ $homedir_mode = '0750',
+ $comment = 'absent',
+ $homedir = 'absent',
+ $shell = 'absent',
+ $sshkey = 'absent',
+ $sshkey_options = [],
+ $sshkey_type = 'absent',
+ $membership = 'minimum',
+ $ticket = false,
+ $refresh_keys = false) {
+
+ $real_groups = $groups ? {
+ '' => [ "$title", ],
+ default => $groups,
+ }
+
+ $real_homedir = $homedir ? {
+ 'absent' => "/home/$name",
+ default => $homedir,
+ }
+
+ $real_name_comment = $comment ? {
+ 'absent' => $name,
+ default => $comment,
+ }
+
+ $real_sshkey_type = $sshkey_type ? {
+ 'absent' => "ssh-rsa",
+ default => $sshkey_type,
+ }
+
+ $real_shell = $shell ? {
+ 'absent' => $operatingsystem ? {
+ openbsd => "/usr/local/bin/bash",
+ default => "/bin/bash",
+ },
+ default => $shell,
+ }
+
+ if $managehome == true {
+ if $ensure == 'absent' {
+ file{"$real_homedir":
+ ensure => absent,
+ purge => true,
+ force => true,
+ recurse => true,
+ }
+ } else {
+ file{"$real_homedir":
+ ensure => directory,
+ require => User[$name],
+ owner => $name, mode => $homedir_mode;
+ }
+ case $gid {
+ 'absent','uid': {
+ File[$real_homedir]{
+ group => $name,
+ }
+ }
+ default: {
+ File[$real_homedir]{
+ group => $gid,
+ }
+ }
+ }
+ }
+ } else {
+ if $managehome != false {
+ if !defined(File[$managehome]) {
+ file { $managehome:
+ ensure => present,
+ owner => $name,
+ mode => $homedir_mode,
+ require => User[$name],
+ }
+ }
+
+ case $gid {
+ 'absent','uid': {
+ File[$managehome] {
+ group => $name,
+ }
+ }
+ default: {
+ File[$managehome] {
+ group => $gid,
+ }
+ }
+ }
+
+ file{ "$real_homedir":
+ ensure => $managehome,
+ require => File[$managehome],
+ }
+ }
+ }
+
+ if $uid != 'absent' {
+ $real_uid = $uid
+ } else {
+ $real_uid = false
+ }
+
+ if $gid != 'absent' {
+ if $gid == 'uid' {
+ if $uid != 'absent' {
+ $real_gid = $uid
+ } else {
+ $real_gid = false
+ }
+ } else {
+ $real_gid = $gid
+ }
+ } else {
+ $real_gid = false
+ }
+
+ # see http://www.mail-archive.com/puppet-users@googlegroups.com/msg00795.html
+ user { "$title":
+ ensure => $ensure,
+ allowdupe => false,
+ comment => "$real_name_comment",
+ home => $real_homedir,
+ managehome => $managehome,
+ shell => $real_shell,
+ groups => $real_groups,
+ membership => $membership,
+ password => $password,
+ uid => $real_uid ? { false => undef, default => $real_uid },
+ gid => $real_gid ? { false => undef, default => $real_gid },
+ }
+
+ if $refresh_keys == true {
+ cron { "gpg-refresh-keys-${title}":
+ command => "/usr/bin/gpg --refresh-keys > /dev/null 2>&1",
+ user => $title,
+ hour => "*/1",
+ minute => "0",
+ ensure => present,
+ require => User[$title],
+ }
+ }
+
+ # lots of bugs preventing a good implementation for ssh keys
+ # http://projects.reductivelabs.com/issues/1409
+ # http://projects.reductivelabs.com/issues/2004
+ # http://projects.reductivelabs.com/issues/2020
+ # http://groups.google.com/group/puppet-users/browse_thread/thread/131bc7cdc507e3c8/6b61dbcd0b6a68b5?lnk=raot
+ if $sshkey != 'absent' {
+ ssh_authorized_key { "$title":
+ ensure => $ensure,
+ key => $sshkey,
+ user => $title,
+ options => $sshkey_options,
+ type => $real_sshkey_type,
+ target => "$real_homedir/.ssh/authorized_keys",
+ require => User["$title"],
+ }
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-24 17:44:41 +0000