1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
# Class: profiles::base
# =====================
#
# This class defines the base profile that is valid for all puppet managed
# CAcert hosts and should therefore be included in any host role class in the
# roles module.
#
# Parameters
# ----------
#
# @param admins a list of admin users for the node
#
# @param users a hash containing user information
#
# Examples
# --------
#
# @example
# class roles::myhost {
# include profiles::base
# }
#
# Authors
# -------
#
# Jan Dittberner <jandd@cacert.org>
#
# Copyright
# ---------
#
# Copyright 2016 Jan Dittberner
#
class profiles::base (
Array[String] $admins = [],
Hash[String, Data] $users = {},
) {
# ensure admin users for this container
$admins.each |String $username| {
$user = $users[$username]
$osusername = $user['username']
group { $user['username']:
ensure => present,
} ->
user { $osusername:
ensure => present,
comment => $user['fullname'],
gid => $osusername,
groups => ['sudo', 'adm'],
password => $user['password'],
uid => $user['uid'],
home => "/home/${osusername}",
shell => $user['shell'],
purge_ssh_keys => true,
managehome => true,
}
$user['ssh_keys'].each |Hash[String, Data] $keydata| {
$keyname = $keydata['name']
ssh_authorized_key { "${osusername}@${keyname}":
ensure => present,
user => $user['username'],
type => $keydata['type'],
key => $keydata['key'],
require => User[$osusername],
}
}
}
file { '/etc/init.d/puppet':
ensure => file,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/profiles/puppet.init',
}
file { '/etc/apt/apt.conf.d/03proxy':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/profiles/base/apt_proxy.conf',
}
package { 'lsb-release':
ensure => present,
}
file { '/etc/apt/sources.list':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => epp(
'profiles/base/apt_sources.list.epp',
{'oscodename' => $facts['os']['distro']['codename']}),
require => Package['lsb-release'],
}
file { '/etc/apt/sources.list.d/puppetlabs-pc1.list':
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => epp(
'profiles/base/apt_sources_puppetlabs.list.epp',
{'oscodename' => $facts['os']['distro']['codename']}),
require => Package['lsb-release'],
}
}
|