split sshuser in a separate file. Clean various puppetlint

warning and errors, and use $name instead of $title for consistency
with the rest of the manifests ( but $title was perfectly correct too )

1 files changed, 36 insertions, 0 deletions

diff --git a/modules/buildsystem/manifests/sshuser.pp b/modules/buildsystem/manifests/sshuser.pp
new file mode 100644
index 00000000..0a1cd176
--- /dev/null
+++ b/modules/buildsystem/manifests/sshuser.pp
@@ -0,0 +1,36 @@
+# $groups: array of secondary groups (only local groups, no ldap)
+define buildsystem::sshuser($homedir, $comment, $groups = []) {
+    group { $name: }
+
+    user { $name:
+        comment    => $comment,
+        managehome => true,
+        home       => $homedir,
+        gid        => $name,
+        groups     => $groups,
+        shell      => '/bin/bash',
+        notify     => Exec["unlock $name"],
+        require    => Group[$title],
+    }
+
+    # set password to * to unlock the account but forbid login through login
+    exec { "unlock $name":
+        command     => "usermod -p '*' $name",
+        refreshonly => true,
+    }
+
+    file { $homedir:
+        ensure  => directory,
+        owner   => $name,
+        group   => $name,
+        require => User[$name],
+    }
+
+    file { "$homedir/.ssh":
+        ensure  => directory,
+        mode    => '0600',
+        owner   => $name,
+        group   => $name,
+        require => File[$homedir],
+    }
+}