sitemodules/profiles/manifests/base.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

# Class: profiles::base
# =====================
#
# This class defines the base profile that is valid for all puppet managed
# CAcert hosts and should therefore be included in any host role class in the
# roles module.
#
# Parameters
# ----------
#
# @param admins a list of admin users for the node
#
# @param users a hash containing user information
#
# Examples
# --------
#
# @example
#   class roles::myhost {
#     include profiles::base
#   }
#
# Authors
# -------
#
# Jan Dittberner <jandd@cacert.org>
#
# Copyright
# ---------
#
# Copyright 2016 Jan Dittberner
#
class profiles::base (
  Array[String] $admins = [],
  Hash[String, Data] $users = {},
) {
  # ensure admin users for this container
  $admins.each |String $username| {
    $user = $users[$username]
    $osusername = $user['username']
    group { $user['username']:
      ensure => present,
    } ->
    user { $osusername:
      ensure         => present,
      comment        => $user['fullname'],
      gid            => $osusername,
      groups         => ['sudo', 'adm'],
      password       => $user['password'],
      uid            => $user['uid'],
      home           => "/home/${osusername}",
      shell          => $user['shell'],
      purge_ssh_keys => true,
      managehome     => true,
    }
    $user['ssh_keys'].each |Hash[String, Data] $keydata| {
      $keyname    = $keydata['name']
      ssh_authorized_key { "${osusername}@${keyname}":
        ensure  => present,
        user    => $user['username'],
        type    => $keydata['type'],
        key     => $keydata['key'],
        require => User[$osusername],
      }
    }
  }

  file { '/etc/init.d/puppet':
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => '0755',
    source => 'puppet:///modules/profiles/puppet.init',
  }

  file { '/etc/apt/apt.conf.d/03proxy':
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => '0644',
    source => 'puppet:///modules/profiles/base/apt_proxy.conf',
  }

  package { 'lsb-release':
    ensure => present,
  }

  file { '/etc/apt/sources.list':
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => epp(
      'profiles/base/apt_sources.list.epp',
      {'oscodename' => $facts['os']['distro']['codename']}),
    require => Package['lsb-release'],
  }
  file { '/etc/apt/sources.list.d/puppetlabs-pc1.list':
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => epp(
      'profiles/base/apt_sources_puppetlabs.list.epp',
      {'oscodename' => $facts['os']['distro']['codename']}),
    require => Package['lsb-release'],
  }
}