Puppet Class: profile::dns::auth::update::account

Defined in:
modules/profile/manifests/dns/auth/update/account.pp

Overview

SPDX-License-Identifier: Apache-2.0

Class profile::dns::auth::update::account

Sets up user, group, sudo SSH keys & git-shell commands for authdns-update

Parameters:

  • authdns_servers_ips (Hash[Stdlib::Fqdn, Stdlib::IP::Address::Nosubnet]) (defaults to: lookup('profile::dns::auth::authdns_servers_ips'))


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'modules/profile/manifests/dns/auth/update/account.pp', line 4

class profile::dns::auth::update::account (
    Hash[Stdlib::Fqdn, Stdlib::IP::Address::Nosubnet] $authdns_servers_ips = lookup('profile::dns::auth::authdns_servers_ips')
) {
    $user  = 'authdns'
    $group = 'authdns'
    $home  = '/srv/authdns'

    user { $user:
        ensure     => present,
        gid        => $group,
        home       => $home,
        system     => true,
        managehome => true,
        shell      => '/usr/bin/git-shell',
        require    => Package['git'],
    }
    group { $group:
        ensure     => 'present',
    }

    sudo::user { $user:
        privileges => ['ALL=NOPASSWD: /usr/local/sbin/authdns-local-update'],
    }

    file { "${home}/.ssh":
        ensure  => 'directory',
        owner   => $user,
        group   => $group,
        mode    => '0700',
        require => [ User[$user], Group[$group] ],
    }
    file { "${home}/.ssh/id_ed25519":
        ensure    => 'present',
        owner     => $user,
        group     => $group,
        mode      => '0400',
        content   => secret('authdns/id_ed25519'),
        show_diff => false,
    }
    file { "${home}/.ssh/id_ed25519.pub":
        ensure    => 'present',
        owner     => $user,
        group     => $group,
        mode      => '0400',
        content   => secret('authdns/id_ed25519.pub'),
        show_diff => false,
    }

    file { "${home}/.ssh/config":
        ensure  => present,
        owner   => $user,
        group   => $group,
        mode    => '0644',
        content => template('profile/dns/auth/authdns-ssh-config.erb'),
    }

    ssh::userkey { $user:
        content => secret('authdns/id_ed25519.pub'),
    }

    file { "${home}/git-shell-commands":
        ensure  => 'directory',
        owner   => $user,
        group   => $group,
        require => [ User[$user], Group[$group] ],
    }
    file { "${home}/git-shell-commands/authdns-local-update":
        ensure  => 'present',
        owner   => $user,
        group   => $group,
        mode    => '0550',
        content => "#!/bin/sh\nexec /usr/bin/sudo authdns-local-update \$@\n",
        require => [ User[$user], Group[$group] ],
    }
}