Defined Type: systemd::sysuser
- Defined in:
- modules/systemd/manifests/sysuser.pp
Summary
This define creates a system user using systemd-sysusers. This allocates the next available UID and creates a "foo" system user with the home set to /root and nologin as the shell. See the sysusers.d manpage for the full syntax.Overview
systemd::sysuser { 'foo':
usertype => 'user',
'foo daemon',
}
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 |
# File 'modules/systemd/manifests/sysuser.pp', line 21
define systemd::sysuser (
Wmflib::Ensure $ensure = present,
String $username = $title,
Systemd::Sysuser::Usertype $usertype = 'user',
Systemd::Sysuser::Id $id = '-',
Boolean $allow_login = false,
Array[String] $additional_groups = [],
Optional[String[1]] $description = undef,
Optional[Stdlib::Unixpath] $home_dir = undef,
Optional[Stdlib::Unixpath] $shell = undef,
) {
$id_type = $id ? {
'-' => 'default',
Integer => 'integer',
Stdlib::Unixpath => 'path',
Pattern[/\A\d+:\d+\z/] => 'uid:gid',
Pattern[/\A\d+-\d+\z/] => 'range',
Pattern[/\A\d+:[\w-]+\z/] => 'uid:groupname',
Pattern[/\A\-:[\w-]+\z/] => 'uid:groupname',
Pattern[/\A[\w-]+\z/] => 'groupname',
}
if $usertype != 'user' and ($description or $home_dir or $shell or (!empty($additional_groups)) ) {
fail("usertype: ${usertype} does not support \$description, \$home_dir, \$shell or \$additional_groups")
}
if $usertype == 'user' and $id_type in ['groupname', 'range'] {
fail("usertype: ${usertype} does not support ${id_type} id's")
}
if $usertype == 'group' and $id_type in ['groupname', 'range', 'uid:gid', 'uid:groupname'] {
fail("usertype: ${usertype} does not support ${id_type} id's")
}
if $usertype == 'modify' and !($id_type in ['groupname', 'default', 'range']) {
fail("usertype: ${usertype} does not support ${id_type} id's")
}
if $usertype == 'range' and !($id_type in ['range', 'default']) {
fail("usertype: ${usertype} does not support ${id_type} id's")
}
$_usertype = $usertype ? {
'group' => 'g',
'modify' => 'm',
'range' => 'r',
default => 'u',
}
$gecos = $description ? {
undef => '-',
default => "\"${description}\"",
}
$_home_dir = pick($home_dir, '-')
$_shell = pick($shell, '-')
$line = "${_usertype}\t${username}\t${id}\t${gecos}\t${_home_dir}\t${_shell}\n"
include systemd
file { "/etc/sysusers.d/${title.regsubst('[\W_/]', '-', 'G')}.conf":
ensure => stdlib::ensure($ensure, 'file'),
content => $line,
owner => 'root',
group => 'root',
mode => '0444',
require => File['/etc/sysusers.d'],
notify => Exec['Refresh sysusers'],
}
if $usertype == 'group' and $id_type == 'integer' {
group { $username:
ensure => $ensure,
gid => $id,
system => true,
}
}
if $usertype == 'user' and (!($id_type in ['default', 'path']) or $home_dir or $shell or !$additional_groups.empty) {
case $id {
Integer: {
$uid = $id
$gid = undef
}
# this captures both uid:gid and uid:groupname
Pattern[/\A\d+:[\w-]+\z/]: {
$data = $id.split(':')
$uid = $data[0]
$gid = $data[1]
}
Pattern[/\A\-:[\w-]+\z/]: {
$uid = undef
$gid = $id.split(':')[1]
}
default: {
$uid = undef
$gid = undef
}
}
# only manage the group if we got an int gid
if $gid =~ Pattern[/\A\d+\z/] {
group { $username:
ensure => $ensure,
gid => $gid,
system => true,
}
}
$password = $allow_login.bool2str('*', '!')
user { $username:
ensure => $ensure,
gid => $gid,
home => $home_dir,
shell => $shell,
system => true,
uid => $uid,
password => $password,
groups => $additional_groups,
# Ensure sysuser creates the user
# we use the user resource to update things like the homedir and shell
require => Exec['Refresh sysusers'],
}
}
}
|