aboutsummaryrefslogtreecommitdiffstats
path: root/modules/buildsystem/manifests/sshuser.pp
blob: 5cad97ad7f55ef6c7446490ee70252ad47a38f5f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# $groups: array of secondary groups (only local groups, no ldap)
define buildsystem::sshuser($homedir, $comment = undef, $groups = []) {
    group { $name: }

    user { $name:
        comment    => $comment,
        managehome => true,
        home       => $homedir,
        gid        => $name,
        groups     => $groups,
        shell      => '/bin/bash',
        notify     => Exec["unlock ${name}"],
        require    => Group[$title],
    }

    # set password to * to unlock the account but forbid login through login
    exec { "unlock ${name}":
        command     => "usermod -p '*' ${name}",
        refreshonly => true,
    }

    file { $homedir:
        ensure  => directory,
        owner   => $name,
        group   => $name,
        require => User[$name],
    }

    file { "${homedir}/.ssh":
        ensure  => directory,
        mode    => '0600',
        owner   => $name,
        group   => $name,
        require => File[$homedir],
    }
}