aboutsummaryrefslogtreecommitdiffstats
path: root/modules/buildsystem/manifests/sshuser.pp
diff options
context:
space:
mode:
Diffstat (limited to 'modules/buildsystem/manifests/sshuser.pp')
-rw-r--r--modules/buildsystem/manifests/sshuser.pp36
1 files changed, 36 insertions, 0 deletions
diff --git a/modules/buildsystem/manifests/sshuser.pp b/modules/buildsystem/manifests/sshuser.pp
new file mode 100644
index 00000000..0a1cd176
--- /dev/null
+++ b/modules/buildsystem/manifests/sshuser.pp
@@ -0,0 +1,36 @@
+# $groups: array of secondary groups (only local groups, no ldap)
+define buildsystem::sshuser($homedir, $comment, $groups = []) {
+ group { $name: }
+
+ user { $name:
+ comment => $comment,
+ managehome => true,
+ home => $homedir,
+ gid => $name,
+ groups => $groups,
+ shell => '/bin/bash',
+ notify => Exec["unlock $name"],
+ require => Group[$title],
+ }
+
+ # set password to * to unlock the account but forbid login through login
+ exec { "unlock $name":
+ command => "usermod -p '*' $name",
+ refreshonly => true,
+ }
+
+ file { $homedir:
+ ensure => directory,
+ owner => $name,
+ group => $name,
+ require => User[$name],
+ }
+
+ file { "$homedir/.ssh":
+ ensure => directory,
+ mode => '0600',
+ owner => $name,
+ group => $name,
+ require => File[$homedir],
+ }
+}
generated by cgit v1.2.1 (git 2.21.0) at 2024-11-01 22:12:42 +0000