#748200 - Pastie

Theme:
# 2009 - Joe McDonagh - Joseph.E.McDonagh@gmail.com
#
# These are the definitions for IT and regular ssh users. Note if you
# want an ssh_user to be in multiple groups, pass the groups parameter
# with a comma-separated list like:
#
#   groups => "ssh_users,second_group,third",
#
# Admins have their shell hardcoded at the moment. If you'd like something
# else, just open it after you log in, or edit your .bashrc (Also served from
# puppet).
#
# You can find the actual user resources in user.pp.
#
# NOTE: This define also creates a nagios contact for users of the admin
# defined type. Keep this in mind.

import '*'

class accounts {
   include users, groups

   define admin (
                 $cell_number,
                 $cell_provider,
                 $comment = "$name",
                 $ensure_d = "present",
                 $gid,
                 $sshpubkey,
                 $sshpubkey_comment,
                 $uid  
                ) {
      $ensure   = extlookup("user_${name}", "$ensure_d")
      $username = $name

      # Exports a nagios contact for admins
      @@nagios_contact {
         "$sshpubkey_comment":
            alias                         => "$comment",
            contact_name                  => "$name",
            email                         => "${cell_number}@${cell_provider}",
            ensure                        => "$ensure",
            host_notification_commands    => "notify-host-by-email",
            host_notification_options     => "d,r",
            host_notification_period      => "24x7",
            notify                        => Exec["nagios-reload"],
            require                       => File["/etc/nagios3/nagios.puppet.d/contacts.cfg"],
            service_notification_commands => "notify-service-by-email",
            service_notification_options  => "w,c,r",
            service_notification_period   => "24x7",
            target                        => "/etc/nagios3/nagios.puppet.d/contacts.cfg",
      }

      file {
         "/home/$username/.bashrc":
            group   => "$username",
            mode    => "640",
            owner   => "$username",
            path    => $kernel ? {
                          Linux   => "/home/$username/.bashrc",
                          OpenBSD => "/home/$username/.profile"
                       },
            require => User["$username"],
            source  => "puppet://$server/accounts/$username.bashrc";
         [ "/home/$username/working", "/home/$username/scratch",
           "/home/$username/img",     "/home/$username/rrd" ]:
            ensure  => "directory",
            group   => "$username",
            mode    => "640",
            owner   => "$username",
            require => User["$username"];
      }

      group { 
         "$username":
            ensure => "$ensure",
            gid    => "$gid",
      }

      ssh_authorized_key {
         "${sshpubkey_comment}":
            ensure  => "$ensure",
            key     => "$sshpubkey",
            require => User["$username"],
            target  => "/home/${username}/.ssh/authorized_keys2",
            type    => "rsa",
            user    => "$username",
      }

      user { 
         "$username":
            comment    => "$comment",
            ensure     => "$ensure",
            gid        => "$gid",
            groups     => "infrastructure",
            home       => "/home/$username",
            managehome => "true",
            password   => "*",
            require    => [ Group["$username"], Group["infrastructure"] ],
            shell      => $kernel ? { 
                             Linux   => "/bin/bash",
                             OpenBSD => "/usr/local/bin/bash"
                          },
            uid        => "$uid",
      }
   }

   define ssh_user (
                    $comment   = "User",
                    $ensure_d  = "present",
                    $gid,
                    $groups    = "ssh_users", 
                    $shell     = "/bin/bash",
                    $sshpubkey,
                    $sshpubkey_comment,
                    $uid
                   ) {
      $ensure   = extlookup("user_${name}", "$ensure_d")
      $username = $name

      group { 
         "$username":
            ensure => "$ensure",
            gid    => "$gid",
      }

      ssh_authorized_key {
         "${sshpubkey_comment}":
            ensure  => "$ensure",
            key     => "$sshpubkey",
            require => User["$username"],
            target  => "/home/${username}/.ssh/authorized_keys2",
            type    => "rsa",
            user    => "$username",
      }

      user { 
         "$username":
            ensure     => "$ensure",
            uid        => "$uid",
            gid        => "$gid",
            comment    => "$comment",
            home       => "/home/$username",
            shell      => "$shell",
            groups     => "$groups",
            password   => "*",
            managehome => "true",
            require    => [ Group["$username"], Group["ssh_users"] ]
      }
   }
}