Puppet Class: authdns::account

Defined in:
modules/authdns/manifests/account.pp

Overview

Class authdns::account

Sets up user, group, sudo SSH keys & git-shell commands for authdns



4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# File 'modules/authdns/manifests/account.pp', line 4

class authdns::account {
    $user  = 'authdns'
    $group = 'authdns'
    $home  = '/srv/authdns'

    user { $user:
        ensure     => present,
        gid        => $group,
        home       => $home,
        system     => true,
        managehome => true,
        shell      => '/usr/bin/git-shell',
        require    => Package['git'],
    }
    group { $group:
        ensure     => 'present',
    }

    sudo::user { $user:
        privileges => ['ALL=NOPASSWD: /usr/local/sbin/authdns-local-update'],
    }

    file { "${home}/.ssh":
        ensure  => 'directory',
        owner   => $user,
        group   => $group,
        mode    => '0700',
        require => [ User[$user], Group[$group] ],
    }
    file { "${home}/.ssh/id_ed25519":
        ensure    => 'present',
        owner     => $user,
        group     => $group,
        mode      => '0400',
        content   => secret('authdns/id_ed25519'),
        show_diff => false,
    }
    file { "${home}/.ssh/id_ed25519.pub":
        ensure    => 'present',
        owner     => $user,
        group     => $group,
        mode      => '0400',
        content   => secret('authdns/id_ed25519.pub'),
        show_diff => false,
    }
    ssh::userkey { $user:
        content => secret('authdns/id_ed25519.pub'),
    }

    file { "${home}/git-shell-commands":
        ensure  => 'directory',
        owner   => $user,
        group   => $group,
        require => [ User[$user], Group[$group] ],
    }
    file { "${home}/git-shell-commands/authdns-local-update":
        ensure  => 'present',
        owner   => $user,
        group   => $group,
        mode    => '0550',
        content => "#!/bin/sh\nexec /usr/bin/sudo authdns-local-update \$@\n",
        require => [ User[$user], Group[$group] ],
    }
}