0c7ecf6cbbcfa0652039bf5b7bbd5c62b4d5263d
[cacert-puppet.git] / sitemodules / profiles / manifests / base.pp
1 # Class: profiles::base
2 # =====================
3 #
4 # This class defines the base profile that is valid for all puppet managed
5 # CAcert hosts and should therefore be included in any host role class in the
6 # roles module.
7 #
8 # Parameters
9 # ----------
10 #
11 # @param admins a list of admin users for the node
12 #
13 # @param users a hash containing user information
14 #
15 # Examples
16 # --------
17 #
18 # @example
19 # class roles::myhost {
20 # include profiles::base
21 # }
22 #
23 # Authors
24 # -------
25 #
26 # Jan Dittberner <jandd@cacert.org>
27 #
28 # Copyright
29 # ---------
30 #
31 # Copyright 2016-2018 Jan Dittberner
32 #
33 class profiles::base (
34 Array[String] $admins = [],
35 Hash[String, Data] $users = {},
36 ) {
37 # ensure admin users for this container
38 $admins.each |String $username| {
39 $user = $users[$username]
40 $osusername = $user['username']
41 group { $user['username']:
42 ensure => present,
43 } ->
44 user { $osusername:
45 ensure => present,
46 comment => $user['fullname'],
47 gid => $osusername,
48 groups => ['sudo', 'adm'],
49 password => $user['password'],
50 uid => $user['uid'],
51 home => "/home/${osusername}",
52 shell => $user['shell'],
53 purge_ssh_keys => true,
54 managehome => true,
55 }
56 $user['ssh_keys'].each |Hash[String, Data] $keydata| {
57 $keyname = $keydata['name']
58 ssh_authorized_key { "${osusername}@${keyname}":
59 ensure => present,
60 user => $user['username'],
61 type => $keydata['type'],
62 key => $keydata['key'],
63 require => User[$osusername],
64 }
65 }
66 }
67
68 user { 'root':
69 ensure => present,
70 shell => '/usr/bin/zsh',
71 }
72
73 file { '/etc/init.d/puppet':
74 ensure => file,
75 owner => 'root',
76 group => 'root',
77 mode => '0755',
78 source => 'puppet:///modules/profiles/puppet.init',
79 }
80
81 file { '/etc/apt/apt.conf.d/03proxy':
82 ensure => file,
83 owner => 'root',
84 group => 'root',
85 mode => '0644',
86 source => 'puppet:///modules/profiles/base/apt_proxy.conf',
87 }
88 file { '/etc/apt/apt.conf.d/10periodic':
89 ensure => file,
90 owner => 'root',
91 group => 'root',
92 mode => '0644',
93 source => 'puppet:///modules/profiles/base/apt_periodic.conf',
94 }
95
96 package { 'lsb-release':
97 ensure => present,
98 }
99
100 package { ['zsh', 'tmux', 'less']:
101 ensure => latest,
102 }
103
104 Package["zsh"] -> User <| |>
105
106 package { ['aptitude', 'apticron']:
107 ensure => purged,
108 }
109
110 file { '/etc/zsh/newuser.zshrc.recommended':
111 ensure => file,
112 owner => 'root',
113 group => 'root',
114 mode => '0644',
115 content => epp('profiles/base/zshrc.epp'),
116 require => Package['zsh'],
117 }
118 file { '/root/.zshrc':
119 ensure => file,
120 owner => 'root',
121 group => 'root',
122 mode => '0640',
123 content => epp('profiles/base/zshrc.epp',
124 {'prompttemplate' => 'fire'}),
125 }
126
127 file { '/etc/apt/sources.list':
128 ensure => file,
129 owner => 'root',
130 group => 'root',
131 mode => '0644',
132 content => epp(
133 'profiles/base/apt_sources.list.epp',
134 {'oscodename' => $facts['os']['distro']['codename']}),
135 require => Package['lsb-release'],
136 }
137 file { '/etc/apt/sources.list.d/puppetlabs-pc1.list':
138 ensure => absent,
139 }
140 file { '/etc/apt/sources.list.d/puppet5.list':
141 ensure => file,
142 owner => 'root',
143 group => 'root',
144 mode => '0644',
145 content => epp(
146 'profiles/base/apt_sources_puppet5.list.epp',
147 {'oscodename' => $facts['os']['distro']['codename']}),
148 require => Package['lsb-release'],
149 }
150
151 file { '/etc/apt/preferences.d/blacklist_systemd-sysv.pref':
152 ensure => file,
153 owner => 'root',
154 group => 'root',
155 mode => '0644',
156 source => 'puppet:///modules/profiles/base/apt_blacklist_systemd-sysv.pref',
157 }
158
159 file { '/etc/resolv.conf':
160 ensure => file,
161 owner => 'root',
162 group => 'root',
163 mode => '0644',
164 source => 'puppet:///modules/profiles/base/resolv.conf',
165 }
166 }