# 2009 - Joe McDonagh - Joseph.E.McDonagh@gmail.com## These are the definiti

1. # 2009 - Joe McDonagh - Joseph.E.McDonagh@gmail.com
2. #
3. # These are the definitions for IT and regular ssh users. Note if you
4. # want an ssh_user to be in multiple groups, pass the groups parameter
5. # with a comma-separated list like:
6. #
7. # groups => "ssh_users,second_group,third",
8. #
9. # Admins have their shell hardcoded at the moment. If you'd like something
10. # else, just open it after you log in, or edit your .bashrc (Also served from
11. # puppet).
12. #
13. # You can find the actual user resources in user.pp.
14. #
15. # NOTE: This define also creates a nagios contact for users of the admin
16. # defined type. Keep this in mind.
17.  
18. import '*'
19.  
20. class accounts {
21. include users, groups
22.  
23. define admin (
24. $cell_number,
25. $cell_provider,
26. $comment = "$name",
27. $ensure_d = "present",
28. $gid,
29. $sshpubkey,
30. $sshpubkey_comment,
31. $uid
32. ) {
33. $ensure = extlookup("user_${name}", "$ensure_d")
34. $username = $name
35.  
36. # Exports a nagios contact for admins
37. @@nagios_contact {
38. "$sshpubkey_comment":
39. alias => "$comment",
40. contact_name => "$name",
41. email => "${cell_number}@${cell_provider}",
42. ensure => "$ensure",
43. host_notification_commands => "notify-host-by-email",
44. host_notification_options => "d,r",
45. host_notification_period => "24x7",
46. notify => Exec["nagios-reload"],
47. require => File["/etc/nagios3/nagios.puppet.d/contacts.cfg"],
48. service_notification_commands => "notify-service-by-email",
49. service_notification_options => "w,c,r",
50. service_notification_period => "24x7",
51. target => "/etc/nagios3/nagios.puppet.d/contacts.cfg",
52. }
53.  
54. file {
55. "/home/$username/.bashrc":
56. group => "$username",
57. mode => "640",
58. owner => "$username",
59. path => $kernel ? {
60. Linux => "/home/$username/.bashrc",
61. OpenBSD => "/home/$username/.profile"
62. },
63. require => User["$username"],
64. source => "puppet://$server/accounts/$username.bashrc";
65. [ "/home/$username/working", "/home/$username/scratch",
66. "/home/$username/img", "/home/$username/rrd" ]:
67. ensure => "directory",
68. group => "$username",
69. mode => "640",
70. owner => "$username",
71. require => User["$username"];
72. }
73.  
74. group {
75. "$username":
76. ensure => "$ensure",
77. gid => "$gid",
78. }
79.  
80. ssh_authorized_key {
81. "${sshpubkey_comment}":
82. ensure => "$ensure",
83. key => "$sshpubkey",
84. require => User["$username"],
85. target => "/home/${username}/.ssh/authorized_keys2",
86. type => "rsa",
87. user => "$username",
88. }
89.  
90. user {
91. "$username":
92. comment => "$comment",
93. ensure => "$ensure",
94. gid => "$gid",
95. groups => "infrastructure",
96. home => "/home/$username",
97. managehome => "true",
98. password => "*",
99. require => [ Group["$username"], Group["infrastructure"] ],
100. shell => $kernel ? {
101. Linux => "/bin/bash",
102. OpenBSD => "/usr/local/bin/bash"
103. },
104. uid => "$uid",
105. }
106. }
107.  
108. define ssh_user (
109. $comment = "User",
110. $ensure_d = "present",
111. $gid,
112. $groups = "ssh_users",
113. $shell = "/bin/bash",
114. $sshpubkey,
115. $sshpubkey_comment,
116. $uid
117. ) {
118. $ensure = extlookup("user_${name}", "$ensure_d")
119. $username = $name
120.  
121. group {
122. "$username":
123. ensure => "$ensure",
124. gid => "$gid",
125. }
126.  
127. ssh_authorized_key {
128. "${sshpubkey_comment}":
129. ensure => "$ensure",
130. key => "$sshpubkey",
131. require => User["$username"],
132. target => "/home/${username}/.ssh/authorized_keys2",
133. type => "rsa",
134. user => "$username",
135. }
136.  
137. user {
138. "$username":
139. ensure => "$ensure",
140. uid => "$uid",
141. gid => "$gid",
142. comment => "$comment",
143. home => "/home/$username",
144. shell => "$shell",
145. groups => "$groups",
146. password => "*",
147. managehome => "true",
148. require => [ Group["$username"], Group["ssh_users"] ]
149. }
150. }
151. }