summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormh <mh@immerda.ch>2012-06-05 22:45:46 +0200
committermh <mh@immerda.ch>2012-06-05 22:45:46 +0200
commit8cc313a49dfc03c7d915115d2e4286e1534a4dfd (patch)
tree49486d0ba71ad49497dd3adcf78e62fdc7b6a2db
parent8a4f8f5d0f349138b1c0a96b3321c6bfc9ad5a29 (diff)
new style for 2.7
Diffstat
-rw-r--r--manifests/groups/manage_user.pp38
-rw-r--r--manifests/groups/sftponly.pp8
-rw-r--r--manifests/managed.pp326
-rw-r--r--manifests/openbsd/defaults.pp18
-rw-r--r--manifests/sftp_only.pp52
5 files changed, 221 insertions, 221 deletions
diff --git a/manifests/groups/manage_user.pp b/manifests/groups/manage_user.pp
index 9df3a20..c0afdef 100644
--- a/manifests/groups/manage_user.pp
+++ b/manifests/groups/manage_user.pp
@@ -1,27 +1,27 @@
define user::groups::manage_user(
- $ensure = 'present',
- $group,
- $user = 'absent'
+ $ensure = 'present',
+ $group,
+ $user = 'absent'
){
- if ($user != 'absent'){
- $real_user = $user
- } else {
- $real_user = $name
- }
+ if ($user != 'absent'){
+ $real_user = $user
+ } else {
+ $real_user = $name
+ }
- augeas{"manage_${real_user}_in_group_${group}":
- context => '/files/etc/group',
+ augeas{"manage_${real_user}_in_group_${group}":
+ context => '/files/etc/group',
+ }
+ if ($ensure == 'present'){
+ Augeas["manage_${real_user}_in_group_${group}"]{
+ changes => [ "set ${group}/user[last()+1] ${real_user}" ],
+ onlyif => "match ${group}/*[../user='${real_user}'] size == 0"
}
- if ($ensure == 'present'){
- Augeas["manage_${real_user}_in_group_${group}"]{
- changes => [ "set ${group}/user[last()+1] ${real_user}" ],
- onlyif => "match ${group}/*[../user='${real_user}'] size == 0"
- }
- } else {
- Augeas["manage_${real_user}_in_group_${group}"]{
- changes => "rm ${group}/user[.='${real_user}']",
- }
+ } else {
+ Augeas["manage_${real_user}_in_group_${group}"]{
+ changes => "rm ${group}/user[.='${real_user}']",
}
+ }
}
diff --git a/manifests/groups/sftponly.pp b/manifests/groups/sftponly.pp
index f578803..e427443 100644
--- a/manifests/groups/sftponly.pp
+++ b/manifests/groups/sftponly.pp
@@ -1,8 +1,8 @@
# manifests/groups/sftponly.pp
class user::groups::sftponly {
- group{'sftponly':
- ensure => present,
- gid => 10000,
- }
+ group{'sftponly':
+ ensure => present,
+ gid => 10000,
+ }
}
diff --git a/manifests/managed.pp b/manifests/managed.pp
index 2018bc1..51ab964 100644
--- a/manifests/managed.pp
+++ b/manifests/managed.pp
@@ -22,194 +22,194 @@
# if you supply a uid.
# Default: true
define user::managed(
- $ensure = present,
- $name_comment = 'absent',
- $uid = 'absent',
- $gid = 'uid',
- $groups = [],
- $manage_group = true,
- $membership = 'minimum',
- $homedir = 'absent',
- $managehome = true,
- $homedir_mode = '0750',
- $sshkey = 'absent',
- $password = 'absent',
- $password_crypted = true,
- $allowdupe = false,
- $shell = 'absent'
+ $ensure = present,
+ $name_comment = 'absent',
+ $uid = 'absent',
+ $gid = 'uid',
+ $groups = [],
+ $manage_group = true,
+ $membership = 'minimum',
+ $homedir = 'absent',
+ $managehome = true,
+ $homedir_mode = '0750',
+ $sshkey = 'absent',
+ $password = 'absent',
+ $password_crypted = true,
+ $allowdupe = false,
+ $shell = 'absent'
){
- $real_homedir = $homedir ? {
- 'absent' => "/home/$name",
- default => $homedir
- }
+ $real_homedir = $homedir ? {
+ 'absent' => "/home/$name",
+ default => $homedir
+ }
- $real_name_comment = $name_comment ? {
- 'absent' => $name,
- default => $name_comment,
- }
+ $real_name_comment = $name_comment ? {
+ 'absent' => $name,
+ default => $name_comment,
+ }
- $real_shell = $shell ? {
- 'absent' => $operatingsystem ? {
- openbsd => "/usr/local/bin/bash",
- default => "/bin/bash",
- },
- default => $shell,
- }
+ $real_shell = $shell ? {
+ 'absent' => $::operatingsystem ? {
+ openbsd => "/usr/local/bin/bash",
+ default => "/bin/bash",
+ },
+ default => $shell,
+ }
- if size($name) > 31 {
- fail("Usernames can't be longer than 31 characters. ${name} is too long!")
- }
+ if size($name) > 31 {
+ fail("Usernames can't be longer than 31 characters. ${name} is too long!")
+ }
- user { $name:
- ensure => $ensure,
- allowdupe => $allowdupe,
- comment => "$real_name_comment",
- home => $real_homedir,
- managehome => $managehome,
- shell => $real_shell,
- groups => $groups,
- membership => $membership,
- }
+ user { $name:
+ ensure => $ensure,
+ allowdupe => $allowdupe,
+ comment => "$real_name_comment",
+ home => $real_homedir,
+ managehome => $managehome,
+ shell => $real_shell,
+ groups => $groups,
+ membership => $membership,
+ }
- if $managehome {
- file{$real_homedir: }
- if $ensure == 'absent' {
- File[$real_homedir]{
- ensure => absent,
- purge => true,
- force => true,
- recurse => true,
- }
- } else {
- File[$real_homedir]{
- ensure => directory,
- require => User[$name],
- owner => $name, mode => $homedir_mode,
- }
- case $gid {
- 'absent','uid': {
- File[$real_homedir]{
- group => $name,
- }
- }
- default: {
- File[$real_homedir]{
- group => $gid,
- }
- }
- }
+ if $managehome {
+ file{$real_homedir: }
+ if $ensure == 'absent' {
+ File[$real_homedir]{
+ ensure => absent,
+ purge => true,
+ force => true,
+ recurse => true,
+ }
+ } else {
+ File[$real_homedir]{
+ ensure => directory,
+ require => User[$name],
+ owner => $name, mode => $homedir_mode,
+ }
+ case $gid {
+ 'absent','uid': {
+ File[$real_homedir]{
+ group => $name,
+ }
+ }
+ default: {
+ File[$real_homedir]{
+ group => $gid,
+ }
}
+ }
}
+ }
- if $uid != 'absent' {
- User[$name]{
- uid => $uid,
- }
+ if $uid != 'absent' {
+ User[$name]{
+ uid => $uid,
}
+ }
- if $gid != 'absent' {
- if $gid == 'uid' {
- if $uid != 'absent' {
- $real_gid = $uid
+ if $gid != 'absent' {
+ if $gid == 'uid' {
+ if $uid != 'absent' {
+ $real_gid = $uid
+ }
+ } else {
+ $real_gid = $gid
+ }
+ if $real_gid {
+ User[$name]{
+ gid => $real_gid,
+ }
+ }
+ }
+
+ if $name != 'root' {
+ if $uid == 'absent' {
+ if $manage_group and ($ensure == 'absent') {
+ group{$name:
+ ensure => absent,
+ }
+ case $::operatingsystem {
+ OpenBSD: {
+ Group[$name]{
+ before => User[$name],
}
- } else {
- $real_gid = $gid
+ }
+ default: {
+ Group[$name]{
+ require => User[$name],
+ }
+ }
+ }
+ }
+ } else {
+ if $manage_group {
+ group { $name:
+ allowdupe => false,
+ ensure => $ensure,
}
if $real_gid {
- User[$name]{
- gid => $real_gid,
- }
+ Group[$name]{
+ gid => $real_gid,
+ }
}
- }
-
- if $name != 'root' {
- if $uid == 'absent' {
- if $manage_group and ($ensure == 'absent') {
- group{$name:
- ensure => absent,
+ if $ensure == 'absent' {
+ case $::operatingsystem {
+ OpenBSD: {
+ Group[$name]{
+ before => User[$name],
}
- case $operatingsystem {
- OpenBSD: {
- Group[$name]{
- before => User[$name],
- }
- }
- default: {
- Group[$name]{
- require => User[$name],
- }
- }
+ }
+ default: {
+ Group[$name]{
+ require => User[$name],
}
}
+ }
} else {
- if $manage_group {
- group { $name:
- allowdupe => false,
- ensure => $ensure,
- }
- if $real_gid {
- Group[$name]{
- gid => $real_gid,
- }
- }
- if $ensure == 'absent' {
- case $operatingsystem {
- OpenBSD: {
- Group[$name]{
- before => User[$name],
- }
- }
- default: {
- Group[$name]{
- require => User[$name],
- }
- }
- }
- } else {
- Group[$name]{
- before => User[$name],
- }
- }
- }
+ Group[$name]{
+ before => User[$name],
+ }
}
+ }
}
- case $ensure {
- present: {
- if $sshkey != 'absent' {
- User[$name]{
- before => Class[$sshkey],
- }
- include $sshkey
- }
+ }
+ case $ensure {
+ present: {
+ if $sshkey != 'absent' {
+ User[$name]{
+ before => Class[$sshkey],
+ }
+ include $sshkey
+ }
- if $password != 'absent' {
- case $operatingsystem {
- openbsd: {
- exec { "setpass ${name}":
- unless => "grep -q '^${name}:${password}:' /etc/master.passwd",
- command => "usermod -p '${password}' ${name}",
- require => User["${name}"],
- }
- }
- default: {
- require ruby::shadow
- if $password_crypted {
- $real_password = $password
- } else {
- if $password_salt {
- $real_password = mkpasswd($password,$password_salt)
- } else {
- fail("To use unencrypted passwords you have to define a variable \$password_salt to an 8 character salt for passwords!")
- }
- }
- User[$name]{
- password => $real_password,
- }
- }
- }
+ if $password != 'absent' {
+ case $::operatingsystem {
+ openbsd: {
+ exec { "setpass ${name}":
+ unless => "grep -q '^${name}:${password}:' /etc/master.passwd",
+ command => "usermod -p '${password}' ${name}",
+ require => User["${name}"],
+ }
+ }
+ default: {
+ require ruby::shadow
+ if $password_crypted {
+ $real_password = $password
+ } else {
+ if $password_salt {
+ $real_password = mkpasswd($password,$password_salt)
+ } else {
+ fail("To use unencrypted passwords you have to define a variable \$password_salt to an 8 character salt for passwords!")
+ }
+ }
+ User[$name]{
+ password => $real_password,
}
+ }
}
+ }
}
+ }
}
diff --git a/manifests/openbsd/defaults.pp b/manifests/openbsd/defaults.pp
index b2f6d4a..d724a6a 100644
--- a/manifests/openbsd/defaults.pp
+++ b/manifests/openbsd/defaults.pp
@@ -1,14 +1,14 @@
# manifests/openbsd/defaults.pp
class user::openbsd::defaults {
- # we need this somehow to mange it
- user::managed{root:
- name => 'root',
- name_comment => 'Charlie &',
- uid => '0',
- gid => '0',
- homedir => '/root',
- homedir_mode => '0700',
- }
+ # we need this somehow to mange it
+ user::managed{root:
+ name => 'root',
+ name_comment => 'Charlie &',
+ uid => '0',
+ gid => '0',
+ homedir => '/root',
+ homedir_mode => '0700',
+ }
}
diff --git a/manifests/sftp_only.pp b/manifests/sftp_only.pp
index b77d5b1..0990af2 100644
--- a/manifests/sftp_only.pp
+++ b/manifests/sftp_only.pp
@@ -1,30 +1,30 @@
# gid: by default it will take the same as the uid
define user::sftp_only(
- $ensure = present,
- $managehome = false,
- $uid = 'absent',
- $gid = 'uid',
- $homedir = 'absent',
- $homedir_mode = '0750',
- $password = 'absent',
- $password_crypted = true
+ $ensure = present,
+ $managehome = false,
+ $uid = 'absent',
+ $gid = 'uid',
+ $homedir = 'absent',
+ $homedir_mode = '0750',
+ $password = 'absent',
+ $password_crypted = true
) {
- require user::groups::sftponly
- user::managed{"${name}":
- ensure => $ensure,
- uid => $uid,
- gid => $gid,
- name_comment => "SFTP-only_user_${name}",
- groups => [ 'sftponly' ],
- managehome => $managehome,
- homedir => $homedir,
- homedir_mode => $homedir_mode,
- shell => $operatingsystem ? {
- debian => '/usr/sbin/nologin',
- ubuntu => '/usr/sbin/nologin',
- default => '/sbin/nologin'
- },
- password => $password,
- password_crypted => $password_crypted;
- }
+ require user::groups::sftponly
+ user::managed{$name:
+ ensure => $ensure,
+ uid => $uid,
+ gid => $gid,
+ name_comment => "SFTP-only_user_${name}",
+ groups => [ 'sftponly' ],
+ managehome => $managehome,
+ homedir => $homedir,
+ homedir_mode => $homedir_mode,
+ shell => $::operatingsystem ? {
+ debian => '/usr/sbin/nologin',
+ ubuntu => '/usr/sbin/nologin',
+ default => '/sbin/nologin'
+ },
+ password => $password,
+ password_crypted => $password_crypted;
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 04:16:36 +0000