new style for 2.7
authormh <mh@immerda.ch>
Tue, 5 Jun 2012 20:45:46 +0000 (22:45 +0200)
committermh <mh@immerda.ch>
Tue, 5 Jun 2012 20:45:46 +0000 (22:45 +0200)
manifests/groups/manage_user.pp
manifests/groups/sftponly.pp
manifests/managed.pp
manifests/openbsd/defaults.pp
manifests/sftp_only.pp

index 9df3a20..c0afdef 100644 (file)
@@ -1,27 +1,27 @@
 define user::groups::manage_user(
-    $ensure = 'present',
-    $group,
-    $user = 'absent'
+  $ensure = 'present',
+  $group,
+  $user = 'absent'
 ){
 
-    if ($user != 'absent'){
-        $real_user = $user
-    } else {
-        $real_user = $name
-    }
+  if ($user != 'absent'){
+    $real_user = $user
+  } else {
+    $real_user = $name
+  }
 
-    augeas{"manage_${real_user}_in_group_${group}":
-        context => '/files/etc/group',
+  augeas{"manage_${real_user}_in_group_${group}":
+    context => '/files/etc/group',
+  }
+  if ($ensure == 'present'){
+    Augeas["manage_${real_user}_in_group_${group}"]{
+      changes => [ "set ${group}/user[last()+1] ${real_user}" ],
+      onlyif => "match ${group}/*[../user='${real_user}'] size == 0"
     }
-    if ($ensure == 'present'){
-        Augeas["manage_${real_user}_in_group_${group}"]{
-            changes => [ "set ${group}/user[last()+1] ${real_user}" ],
-            onlyif => "match ${group}/*[../user='${real_user}'] size == 0"
-        }
-    } else {
-        Augeas["manage_${real_user}_in_group_${group}"]{
-            changes => "rm ${group}/user[.='${real_user}']",
-        }
+  } else {
+    Augeas["manage_${real_user}_in_group_${group}"]{
+      changes => "rm ${group}/user[.='${real_user}']",
     }
+  }
 }
 
index f578803..e427443 100644 (file)
@@ -1,8 +1,8 @@
 # manifests/groups/sftponly.pp
 
 class user::groups::sftponly {
-    group{'sftponly':
-        ensure => present,
-        gid => 10000,
-    }
+  group{'sftponly':
+    ensure => present,
+    gid => 10000,
+  }
 }
index 2018bc1..51ab964 100644 (file)
 #                   if you supply a uid.
 #                   Default: true
 define user::managed(
-    $ensure = present,
-    $name_comment = 'absent',
-    $uid = 'absent',
-    $gid = 'uid',
-    $groups = [],
-    $manage_group = true,
-    $membership = 'minimum',
-    $homedir = 'absent',
-    $managehome = true,
-    $homedir_mode = '0750',
-    $sshkey = 'absent',
-    $password = 'absent',
-    $password_crypted = true,
-    $allowdupe = false,
-    $shell = 'absent'
+  $ensure = present,
+  $name_comment = 'absent',
+  $uid = 'absent',
+  $gid = 'uid',
+  $groups = [],
+  $manage_group = true,
+  $membership = 'minimum',
+  $homedir = 'absent',
+  $managehome = true,
+  $homedir_mode = '0750',
+  $sshkey = 'absent',
+  $password = 'absent',
+  $password_crypted = true,
+  $allowdupe = false,
+  $shell = 'absent'
 ){
 
-    $real_homedir = $homedir ? {
-        'absent' => "/home/$name",
-        default => $homedir
-    }
+  $real_homedir = $homedir ? {
+    'absent' => "/home/$name",
+    default => $homedir
+  }
 
-    $real_name_comment = $name_comment ? {
-        'absent' => $name,
-        default => $name_comment,
-    }
+  $real_name_comment = $name_comment ? {
+    'absent' => $name,
+    default => $name_comment,
+  }
 
-    $real_shell = $shell ? {
-        'absent' =>  $operatingsystem ? {
-                          openbsd => "/usr/local/bin/bash",
-                          default => "/bin/bash",
-                    },
-        default => $shell,
-    }
+  $real_shell = $shell ? {
+    'absent' =>  $::operatingsystem ? {
+      openbsd => "/usr/local/bin/bash",
+      default => "/bin/bash",
+    },
+    default => $shell,
+  }
 
-    if size($name) > 31 {
-      fail("Usernames can't be longer than 31 characters. ${name} is too long!")
-    }
+  if size($name) > 31 {
+    fail("Usernames can't be longer than 31 characters. ${name} is too long!")
+  }
 
-    user { $name:
-        ensure => $ensure,
-        allowdupe => $allowdupe,
-        comment => "$real_name_comment",
-        home => $real_homedir,
-        managehome => $managehome,
-        shell => $real_shell,
-        groups => $groups,
-        membership => $membership,
-    }
+  user { $name:
+    ensure => $ensure,
+    allowdupe => $allowdupe,
+    comment => "$real_name_comment",
+    home => $real_homedir,
+    managehome => $managehome,
+    shell => $real_shell,
+    groups => $groups,
+    membership => $membership,
+  }
 
 
-    if $managehome {
-        file{$real_homedir: }
-        if $ensure == 'absent' {
-            File[$real_homedir]{
-                ensure => absent,
-                purge => true,
-                force => true,
-                recurse => true,
-            }
-        } else {
-            File[$real_homedir]{
-                ensure => directory,
-                require => User[$name],
-                owner => $name, mode => $homedir_mode,
-            }
-            case $gid {
-                'absent','uid': {
-                    File[$real_homedir]{
-                        group => $name,
-                    }
-                }
-                default: {
-                    File[$real_homedir]{
-                        group => $gid,
-                    }
-                }
-            }
+  if $managehome {
+    file{$real_homedir: }
+    if $ensure == 'absent' {
+      File[$real_homedir]{
+        ensure => absent,
+        purge => true,
+        force => true,
+        recurse => true,
+      }
+    } else {
+      File[$real_homedir]{
+        ensure => directory,
+        require => User[$name],
+        owner => $name, mode => $homedir_mode,
+      }
+      case $gid {
+        'absent','uid': {
+          File[$real_homedir]{
+            group => $name,
+          }
+        }
+        default: {
+          File[$real_homedir]{
+            group => $gid,
+          }
         }
+      }
     }
+  }
 
-    if $uid != 'absent' {
-        User[$name]{
-            uid => $uid,
-        }
+  if $uid != 'absent' {
+    User[$name]{
+      uid => $uid,
     }
+  }
 
-    if $gid != 'absent' {
-        if $gid == 'uid' {
-            if $uid != 'absent' {
-                $real_gid = $uid
+  if $gid != 'absent' {
+    if $gid == 'uid' {
+      if $uid != 'absent' {
+        $real_gid = $uid
+      }
+    } else {
+      $real_gid = $gid
+    }
+    if $real_gid {
+      User[$name]{
+        gid => $real_gid,
+      }
+    }
+  }
+
+  if $name != 'root' {
+    if $uid == 'absent' {
+      if $manage_group and ($ensure == 'absent') {
+        group{$name:
+          ensure => absent,
+        }
+        case $::operatingsystem {
+          OpenBSD: {
+            Group[$name]{
+              before => User[$name],
             }
-        } else {
-            $real_gid = $gid
+          }
+          default: {
+            Group[$name]{
+              require => User[$name],
+            }
+          }
+        }
+      }
+    } else {
+      if $manage_group {
+        group { $name:
+          allowdupe => false,
+          ensure => $ensure,
         }
         if $real_gid {
-            User[$name]{
-                gid => $real_gid,
-            }
+          Group[$name]{
+            gid => $real_gid,
+          }
         }
-    }
-
-    if $name != 'root' {
-        if $uid == 'absent' {
-            if $manage_group and ($ensure == 'absent') {
-              group{$name:
-                ensure => absent,
+        if $ensure == 'absent' {
+          case $::operatingsystem {
+            OpenBSD: {
+              Group[$name]{
+                before => User[$name],
               }
-              case $operatingsystem {
-                OpenBSD: {
-                  Group[$name]{
-                    before => User[$name],
-                  }
-                }
-                default: {
-                  Group[$name]{
-                    require => User[$name],
-                  }
-                }
+            }
+            default: {
+              Group[$name]{
+                require => User[$name],
               }
             }
+          }
         } else {
-            if $manage_group {
-                group { $name:
-                    allowdupe => false,
-                    ensure => $ensure,
-                }
-                if $real_gid {
-                    Group[$name]{
-                        gid => $real_gid,
-                    }
-                }
-                if $ensure == 'absent' {
-                  case $operatingsystem {
-                    OpenBSD: {
-                      Group[$name]{
-                        before => User[$name],
-                      }
-                    }
-                    default: {
-                      Group[$name]{
-                        require => User[$name],
-                      }
-                    }
-                  }
-                } else {
-                   Group[$name]{
-                     before => User[$name],
-                   }
-                }
-            }
+          Group[$name]{
+            before => User[$name],
+          }
         }
+      }
     }
-    case $ensure {
-        present: {
-            if $sshkey != 'absent' {
-                User[$name]{
-                    before => Class[$sshkey],
-                }
-                include $sshkey
-            }
+  }
+  case $ensure {
+    present: {
+      if $sshkey != 'absent' {
+        User[$name]{
+          before => Class[$sshkey],
+        }
+        include $sshkey
+      }
 
-            if $password != 'absent' {
-                case $operatingsystem {
-                    openbsd: {
-                        exec { "setpass ${name}":
-                            unless => "grep -q '^${name}:${password}:' /etc/master.passwd",
-                            command => "usermod -p '${password}' ${name}",
-                            require => User["${name}"],
-                        }
-                    }
-                    default: {
-                        require ruby::shadow
-                        if $password_crypted {
-                            $real_password = $password
-                        } else {
-                            if $password_salt {
-                                $real_password = mkpasswd($password,$password_salt)
-                            } else {
-                                fail("To use unencrypted passwords you have to define a variable \$password_salt to an 8 character salt for passwords!")
-                            }
-                        }
-                        User[$name]{
-                            password => $real_password,
-                        }
-                    }
-                }
+      if $password != 'absent' {
+        case $::operatingsystem {
+          openbsd: {
+            exec { "setpass ${name}":
+              unless => "grep -q '^${name}:${password}:' /etc/master.passwd",
+              command => "usermod -p '${password}' ${name}",
+              require => User["${name}"],
+            }
+          }
+          default: {
+            require ruby::shadow
+            if $password_crypted {
+              $real_password = $password
+            } else {
+              if $password_salt {
+                $real_password = mkpasswd($password,$password_salt)
+              } else {
+                fail("To use unencrypted passwords you have to define a variable \$password_salt to an 8 character salt for passwords!")
+              }
+            }
+            User[$name]{
+              password => $real_password,
             }
+          }
         }
+      }
     }
+  }
 }
index b2f6d4a..d724a6a 100644 (file)
@@ -1,14 +1,14 @@
 # manifests/openbsd/defaults.pp 
 
 class user::openbsd::defaults {
-    # we need this somehow to mange it
-    user::managed{root: 
-        name => 'root', 
-        name_comment => 'Charlie &',
-        uid => '0', 
-        gid => '0', 
-        homedir => '/root', 
-        homedir_mode => '0700', 
-    }
+  # we need this somehow to mange it
+  user::managed{root: 
+    name => 'root', 
+    name_comment => 'Charlie &',
+    uid => '0', 
+    gid => '0', 
+    homedir => '/root', 
+    homedir_mode => '0700', 
+  }
 }
 
index b77d5b1..0990af2 100644 (file)
@@ -1,30 +1,30 @@
 # gid:  by default it will take the same as the uid
 define user::sftp_only(
-    $ensure = present,
-    $managehome = false,
-    $uid = 'absent',
-    $gid = 'uid',
-    $homedir = 'absent',
-    $homedir_mode = '0750',
-    $password = 'absent',
-    $password_crypted = true
+  $ensure = present,
+  $managehome = false,
+  $uid = 'absent',
+  $gid = 'uid',
+  $homedir = 'absent',
+  $homedir_mode = '0750',
+  $password = 'absent',
+  $password_crypted = true
 ) {
-    require user::groups::sftponly
-    user::managed{"${name}":
-        ensure => $ensure,
-        uid => $uid,
-        gid => $gid,
-        name_comment => "SFTP-only_user_${name}",
-        groups => [ 'sftponly' ],
-        managehome => $managehome,
-        homedir => $homedir,
-        homedir_mode => $homedir_mode,
-        shell => $operatingsystem ? {
-            debian => '/usr/sbin/nologin',
-            ubuntu => '/usr/sbin/nologin',
-            default => '/sbin/nologin'
-        },
-        password => $password,
-        password_crypted => $password_crypted;
-    }
+  require user::groups::sftponly
+  user::managed{$name:
+    ensure => $ensure,
+    uid => $uid,
+    gid => $gid,
+    name_comment => "SFTP-only_user_${name}",
+    groups => [ 'sftponly' ],
+    managehome => $managehome,
+    homedir => $homedir,
+    homedir_mode => $homedir_mode,
+    shell => $::operatingsystem ? {
+      debian => '/usr/sbin/nologin',
+      ubuntu => '/usr/sbin/nologin',
+      default => '/sbin/nologin'
+    },
+    password => $password,
+    password_crypted => $password_crypted;
+  }
 }