1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
define site_sshd::authorized_keys ($keys, $ensure = 'present', $home = '') {
# We want to purge unmanaged keys from the authorized_keys file so that only
# keys added in the provider are valid. Any manually added keys will be
# overridden.
#
# In order to do this, we have to use a custom define to deploy the
# authorized_keys file because puppet's internal resource doesn't allow
# purging before populating this file.
#
# See the following for more information:
# https://tickets.puppetlabs.com/browse/PUP-1174
# https://leap.se/code/issues/2990
# https://leap.se/code/issues/3010
#
# This line allows default homedir based on $title variable.
# If $home is empty, the default is used.
$homedir = $home ? {'' => "/home/${title}", default => $home}
file {
"${homedir}/.ssh":
ensure => 'directory',
owner => $title,
group => $title,
mode => '0700';
"${homedir}/.ssh/authorized_keys":
ensure => $ensure,
owner => $ensure ? {'present' => $title, default => undef },
group => $ensure ? {'present' => $title, default => undef },
mode => '0600',
require => File["${homedir}/.ssh"],
content => template('site_sshd/authorized_keys.erb');
}
}
|