diff options
Diffstat (limited to 'manifests/manage.pp')
-rw-r--r-- | manifests/manage.pp | 174 |
1 files changed, 174 insertions, 0 deletions
diff --git a/manifests/manage.pp b/manifests/manage.pp new file mode 100644 index 0000000..240ca2f --- /dev/null +++ b/manifests/manage.pp @@ -0,0 +1,174 @@ +# +# User module based on git://git.puppet.immerda.ch/module-user.git +# +# Password hash can be generated with mkpasswd provided by whois +# debian package: mkpasswd -m sha-256, see crypt(3) for details +# on supported hashes. +# +define user::manage( + $password, + $ensure = present, + $uid = 'absent', + $gid = 'uid', + $groups = [], + $managehome = true, + $homedir_mode = '0750', + $comment = 'absent', + $homedir = 'absent', + $shell = 'absent', + $sshkey = 'absent', + $sshkey_options = [], + $sshkey_type = 'absent', + $membership = 'minimum', + $ticket = false, + $refresh_keys = false) { + + $real_groups = $groups ? { + '' => [ "$title", ], + default => $groups, + } + + $real_homedir = $homedir ? { + 'absent' => "/home/$name", + default => $homedir, + } + + $real_name_comment = $comment ? { + 'absent' => $name, + default => $comment, + } + + $real_sshkey_type = $sshkey_type ? { + 'absent' => "ssh-rsa", + default => $sshkey_type, + } + + $real_shell = $shell ? { + 'absent' => $operatingsystem ? { + openbsd => "/usr/local/bin/bash", + default => "/bin/bash", + }, + default => $shell, + } + + if $managehome == true { + if $ensure == 'absent' { + file{"$real_homedir": + ensure => absent, + purge => true, + force => true, + recurse => true, + } + } else { + file{"$real_homedir": + ensure => directory, + require => User[$name], + owner => $name, mode => $homedir_mode; + } + case $gid { + 'absent','uid': { + File[$real_homedir]{ + group => $name, + } + } + default: { + File[$real_homedir]{ + group => $gid, + } + } + } + } + } else { + if $managehome != false { + if !defined(File[$managehome]) { + file { $managehome: + ensure => present, + owner => $name, + mode => $homedir_mode, + require => User[$name], + } + } + + case $gid { + 'absent','uid': { + File[$managehome] { + group => $name, + } + } + default: { + File[$managehome] { + group => $gid, + } + } + } + + file{ "$real_homedir": + ensure => $managehome, + require => File[$managehome], + } + } + } + + if $uid != 'absent' { + $real_uid = $uid + } else { + $real_uid = false + } + + if $gid != 'absent' { + if $gid == 'uid' { + if $uid != 'absent' { + $real_gid = $uid + } else { + $real_gid = false + } + } else { + $real_gid = $gid + } + } else { + $real_gid = false + } + + # see http://www.mail-archive.com/puppet-users@googlegroups.com/msg00795.html + user { "$title": + ensure => $ensure, + allowdupe => false, + comment => "$real_name_comment", + home => $real_homedir, + managehome => $managehome, + shell => $real_shell, + groups => $real_groups, + membership => $membership, + password => $password, + uid => $real_uid ? { false => undef, default => $real_uid }, + gid => $real_gid ? { false => undef, default => $real_gid }, + } + + if $refresh_keys == true { + cron { "gpg-refresh-keys-${title}": + command => "/usr/bin/gpg --refresh-keys > /dev/null 2>&1", + user => $title, + hour => "*/1", + minute => "0", + ensure => present, + require => User[$title], + } + } + + # lots of bugs preventing a good implementation for ssh keys + # http://projects.reductivelabs.com/issues/1409 + # http://projects.reductivelabs.com/issues/2004 + # http://projects.reductivelabs.com/issues/2020 + # http://groups.google.com/group/puppet-users/browse_thread/thread/131bc7cdc507e3c8/6b61dbcd0b6a68b5?lnk=raot + if $sshkey != 'absent' { + ssh_authorized_key { "$title": + ensure => $ensure, + key => $sshkey, + user => $title, + options => $sshkey_options, + type => $real_sshkey_type, + target => "$real_homedir/.ssh/authorized_keys", + require => User["$title"], + } + } +} |