Remove unmanaged ssh keys
[cacert-puppet.git] / sitemodules / profiles / manifests / base.pp
1 # Class: profiles::base
2 # =====================
3 #
4 # This class defines the base profile that is valid for all puppet managed
5 # CAcert hosts and should therefore be included in any host role class in the
6 # roles module.
7 #
8 # Parameters
9 # ----------
10 #
11 # @param admins a list of admin users for the node
12 #
13 # @param users a hash containing user information
14 #
15 # Examples
16 # --------
17 #
18 # @example
19 # class roles::myhost {
20 # include profiles::base
21 # }
22 #
23 # Authors
24 # -------
25 #
26 # Jan Dittberner <jandd@cacert.org>
27 #
28 # Copyright
29 # ---------
30 #
31 # Copyright 2016 Jan Dittberner
32 #
33 class profiles::base (
34 Array[String] $admins = [],
35 Hash[String, Data] $users = {},
36 ) {
37 # ensure admin users for this container
38 $admins.each |String $username| {
39 $user = $users[$username]
40 group { $user['username']:
41 ensure => present,
42 } ->
43 user { $user['username']:
44 ensure => present,
45 comment => $user['fullname'],
46 gid => $user['username'],
47 groups => ['sudo', 'adm'],
48 password => $user['password'],
49 uid => $user['uid'],
50 purge_ssh_keys => true,
51 }
52 $user['ssh_keys'].each |Hash[String, Data] $keydata| {
53 $osusername = $user['username']
54 $keyname = $keydata['name']
55 ssh_authorized_key { "${osusername}@${keyname}":
56 ensure => present,
57 user => $user['username'],
58 type => $keydata['type'],
59 key => $keydata['key'],
60 require => User[$user['username']],
61 }
62 }
63 }
64
65 file { '/etc/init.d/puppet':
66 ensure => file,
67 owner => 'root',
68 group => 'root',
69 mode => '0755',
70 source => 'puppet:///modules/profiles/puppet.init',
71 }
72 }