6c1486ea92
There is a builtin type for adding authorized_keys. We started using it for the restricted access for the puppet triggering key, and it seems to make sense to be consistent across the board. Change-Id: I76ffb0136c58c05fa7c8abb793cb8e3b03cb5f6c
49 lines
976 B
Puppet
49 lines
976 B
Puppet
# usage
|
|
#
|
|
# user::virtual::localuser['username']
|
|
|
|
define user::virtual::localuser(
|
|
$realname,
|
|
$groups = [ 'sudo', 'admin', ],
|
|
$sshkeys = '',
|
|
$shell = '/bin/bash',
|
|
$home = "/home/${title}",
|
|
$managehome = true
|
|
) {
|
|
|
|
group { $title:
|
|
ensure => present,
|
|
}
|
|
|
|
user { $title:
|
|
ensure => present,
|
|
comment => $realname,
|
|
gid => $title,
|
|
groups => $groups,
|
|
home => $home,
|
|
managehome => $managehome,
|
|
membership => 'minimum',
|
|
shell => $shell,
|
|
require => Group[$title],
|
|
}
|
|
|
|
file { "${title}_sshdir":
|
|
ensure => directory,
|
|
name => "${home}/.ssh",
|
|
owner => $title,
|
|
group => $title,
|
|
mode => '0700',
|
|
require => User[$title],
|
|
}
|
|
|
|
ssh_authorized_key { "${title}_keys":
|
|
ensure => present,
|
|
key => $sshkeys,
|
|
user => $title,
|
|
type => 'ssh-rsa',
|
|
require => File["${title}_sshdir"],
|
|
}
|
|
}
|
|
|
|
# vim:sw=2:ts=2:expandtab:textwidth=79
|