Defined Type: systemd::sysuser

Defined in:
modules/systemd/manifests/sysuser.pp

Overview

systemd::sysuser { 'foo':

usertype => 'user',
'foo daemon',

}

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: present)
  • username (String) (defaults to: $title)
  • usertype (Systemd::Sysuser::Usertype) (defaults to: 'user')
  • id (Systemd::Sysuser::Id) (defaults to: '-')
  • allow_login (Boolean) (defaults to: false)
  • description (Optional[String[1]]) (defaults to: undef)
  • home_dir (Optional[Stdlib::Unixpath]) (defaults to: undef)
  • shell (Optional[Stdlib::Unixpath]) (defaults to: undef)


10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# File 'modules/systemd/manifests/sysuser.pp', line 10

define systemd::sysuser (
    Wmflib::Ensure             $ensure      = present,
    String                     $username    = $title,
    Systemd::Sysuser::Usertype $usertype    = 'user',
    Systemd::Sysuser::Id       $id          = '-',
    Boolean                    $allow_login = false,
    Optional[String[1]]        $description = undef,
    Optional[Stdlib::Unixpath] $home_dir    = undef,
    Optional[Stdlib::Unixpath] $shell       = undef,
) {
    $id_type = $id ? {
        '-'                       => 'default',
        Integer                   => 'integer',
        Stdlib::Unixpath          => 'path',
        Pattern[/\A\d+:\d+\z/]    => 'uid:gid',
        Pattern[/\A\d+-\d+\z/]    => 'range',
        Pattern[/\A\d+:[\w-]+\z/] => 'uid:groupname',
        Pattern[/\A[\w-]+\z/]     => 'groupname',
    }

    if $usertype != 'user' and ($description or $home_dir or $shell) {
        fail("usertype: ${usertype} does not support \$description, \$home_dir or \$shell")
    }
    if $usertype ==  'user' and $id_type in ['groupname', 'range'] {
        fail("usertype: ${usertype} does not support ${id_type} id's")
    }
    if $usertype ==  'group' and $id_type in ['groupname', 'range', 'uid:gid', 'uid:groupname'] {
        fail("usertype: ${usertype} does not support ${id_type} id's")
    }
    if $usertype ==  'modify' and !($id_type in ['groupname', 'default', 'range']) {
        fail("usertype: ${usertype} does not support ${id_type} id's")
    }
    if $usertype ==  'range' and !($id_type in ['range', 'default']) {
        fail("usertype: ${usertype} does not support ${id_type} id's")
    }
    $_usertype = $usertype ? {
        'group'  => 'g',
        'modify' => 'm',
        'range'  => 'r',
        default  => 'u',
    }
    $gecos    = $description ? {
        undef   => '-',
        default => "\"${description}\"",
    }
    $_home_dir = pick($home_dir, '-')
    $_shell    = pick($shell, '-')
    $line      = "${_usertype}\t${username}\t${id}\t${gecos}\t${_home_dir}\t${_shell}\n"
    include systemd
    file { "/etc/sysusers.d/${title.regsubst('[\W_/]', '-', 'G')}.conf":
        ensure  => stdlib::ensure($ensure, 'file'),
        content => $line,
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
        require => File['/etc/sysusers.d'],
        notify  => Exec['Refresh sysusers'],
    }
    if $usertype == 'group' and $id_type == 'integer' {
        group { $username:
            ensure => $ensure,
            gid    => $id,
            system => true,
        }
    }
    if $usertype == 'user' and (!($id_type in ['default', 'path']) or $home_dir or $shell) {
        case $id {
            Integer: {
                $uid = $id
                $gid = undef
            }
            # this captures both uid:gid and uid:groupname
            Pattern[/\A\d+:[\w-]+\z/]: {
                $data = $id.split(':')
                $uid = $data[0]
                $gid = $data[1]
            }
            default: {
                $uid = undef
                $gid = undef
            }
        }
        # only manage the group if we got an int gid
        if $gid =~ Pattern[/\A\d+\z/] {
            group { $username:
                ensure => $ensure,
                gid    => $gid,
                system => true,
            }
        }
        $password = $allow_login.bool2str('*', '!')

        user { $username:
            ensure   => $ensure,
            gid      => $gid,
            home     => $home_dir,
            shell    => $shell,
            system   => true,
            uid      => $uid,
            password => $password,
        }
    }
}