Set root's login shell to zsh
[cacert-puppet.git] / sitemodules / profiles / manifests / base.pp
index f892bce..9caf8cf 100644 (file)
@@ -28,7 +28,7 @@
 # Copyright
 # ---------
 #
-# Copyright 2016 Jan Dittberner
+# Copyright 2016-2018 Jan Dittberner
 #
 class profiles::base (
   Array[String] $admins = [],
@@ -37,30 +37,39 @@ class profiles::base (
   # ensure admin users for this container
   $admins.each |String $username| {
     $user = $users[$username]
+    $osusername = $user['username']
     group { $user['username']:
       ensure => present,
     } ->
-    user { $user['username']:
-      ensure   => present,
-      comment  => $user['fullname'],
-      gid      => $user['username'],
-      groups   => ['sudo', 'adm'],
-      password => $user['password'],
-      uid      => $user['uid'],
+    user { $osusername:
+      ensure         => present,
+      comment        => $user['fullname'],
+      gid            => $osusername,
+      groups         => ['sudo', 'adm'],
+      password       => $user['password'],
+      uid            => $user['uid'],
+      home           => "/home/${osusername}",
+      shell          => $user['shell'],
+      purge_ssh_keys => true,
+      managehome     => true,
     }
     $user['ssh_keys'].each |Hash[String, Data] $keydata| {
-       $osusername = $user['username']
-       $keyname    = $keydata['name']
-        ssh_authorized_key { "${osusername}@${keyname}":
-            ensure  => present,
-            user    => $user['username'],
-            type    => $keydata['type'],
-            key     => $keydata['key'],
-            require => User[$user['username']],
-        }
+      $keyname    = $keydata['name']
+      ssh_authorized_key { "${osusername}@${keyname}":
+        ensure  => present,
+        user    => $user['username'],
+        type    => $keydata['type'],
+        key     => $keydata['key'],
+        require => User[$osusername],
+      }
     }
   }
 
+  user { 'root':
+    ensure => present,
+    shell  => '/usr/bin/zsh',
+  }
+
   file { '/etc/init.d/puppet':
     ensure => file,
     owner  => 'root',
@@ -68,4 +77,79 @@ class profiles::base (
     mode   => '0755',
     source => 'puppet:///modules/profiles/puppet.init',
   }
+
+  file { '/etc/apt/apt.conf.d/03proxy':
+    ensure => file,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0644',
+    source => 'puppet:///modules/profiles/base/apt_proxy.conf',
+  }
+  file { '/etc/apt/apt.conf.d/10periodic':
+    ensure => file,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0644',
+    source => 'puppet:///modules/profiles/base/apt_periodic.conf',
+  }
+
+  package { 'lsb-release':
+    ensure => present,
+  }
+
+  package { ['zsh', 'tmux', 'less']:
+    ensure => latest,
+  }
+  package { ['aptitude', 'apticron']:
+    ensure => purged,
+  }
+
+  file { '/etc/zsh/newuser.zshrc.recommended':
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    content => epp('profiles/base/zshrc.epp'),
+    require => Package['zsh'],
+  }
+  file { '/root/.zshrc':
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0640',
+    content => epp('profiles/base/zshrc.epp',
+      {'prompttemplate' => 'fire'}),
+  }
+
+  file { '/etc/apt/sources.list':
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    content => epp(
+      'profiles/base/apt_sources.list.epp',
+      {'oscodename' => $facts['os']['distro']['codename']}),
+    require => Package['lsb-release'],
+  }
+  file { '/etc/apt/sources.list.d/puppetlabs-pc1.list':
+    ensure => absent,
+  }
+  file { '/etc/apt/sources.list.d/puppet5.list':
+    ensure => file,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0644',
+    content => epp(
+      'profiles/base/apt_sources_puppet5.list.epp',
+      {'oscodename' => $facts['os']['distro']['codename']}),
+    require => Package['lsb-release'],
+  }
+
+  file { '/etc/apt/preferences.d/blacklist_systemd-sysv.pref':
+    ensure => file,
+    owner  => 'root',
+    group  =>'root',
+    mode   => '0644',
+    source => 'puppet:///modules/profiles/base/apt_blacklist_systemd-sysv.pref',
+  }
 }