keith/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Multiple user config changes

Browse source 
Starting to make the system operable without using root.

Changes to groups, sudo, some file permissions.
Places all the user key config into users.pp
This commit is contained in:
Keith Whyte 2023-03-18 22:40:41 +01:00
parent 306bb24792
commit 51760b1bcf
8 changed files with 75 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

19
modules/rhizo_base/manifests/freeswitch.pp
View file

@ -243,25 +243,6 @@ class rhizo_base::freeswitch::common {
mode => '0750'
}
# SSH Deploy key and config for gitlab
file { '/root/.ssh/bsc_dev':
ensure => present,
mode => '0600',
content => hiera('rhizo::bsc_dev_deploy_key'),
}
file { '/root/.ssh/config':
ensure => present,
source => 'puppet:///modules/rhizo_base/ssh/config',
}
sshkey { 'dev_host_key':
name => 'dev.rhizomatica.org',
ensure => present,
key => hiera('rhizo::dev_host_key'),
type => 'ssh-rsa',
}
vcsrepo { '/usr/share/freeswitch/sounds/rccn':
schedule => 'always',
ensure => latest,

19
modules/rhizo_base/manifests/init.pp
View file

@ -267,7 +267,7 @@ schedule { 'never':
ensure => present,
content => template('rhizo_base/vars.sh.erb'),
owner => 'root',
group => 'rhizomatica'
group => 'operator'
}
file { '/home/rhizomatica/bin/pg_backup_rotated.sh':
@ -583,12 +583,6 @@ schedule { 'never':
mode => '0750'
}
file { '/root/.ssh/bts_key':
ensure => present,
mode => '0600',
content => hiera('rhizo::bts_key'),
}
file { '/var/log/rccn':
ensure => link,
target => '/var/rhizomatica/rccn/log',
@ -613,10 +607,6 @@ schedule { 'never':
require => Vcsrepo['/var/rhizomatica'],
}
file { '/root/.ssh':
ensure => directory
}
#Python modules
class { 'python':
version => 'system',
@ -719,4 +709,11 @@ schedule { 'never':
ensure => 'running'
}
sshkey { 'dev_host_key':
name => 'dev.rhizomatica.org',
ensure => present,
key => hiera('rhizo::dev_host_key'),
type => 'ssh-rsa',
}
}

65
modules/rhizo_base/manifests/users.pp
View file

@ -16,11 +16,13 @@ class rhizo_base::users {
$pgsql_pwd = $rhizo_base::pgsql_pwd
user { 'rhizomatica':
ensure => present,
gid => 'rhizomatica',
home => '/home/rhizomatica',
password => Sensitive($password_hash),
uid => '1000',
ensure => present,
gid => 'rhizomatica',
groups => ['sudo', 'dip', 'plugdev', 'netdev', 'operator'],
membership => inclusive,
home => '/home/rhizomatica',
password => Sensitive($password_hash),
uid => '1000',
purge_ssh_keys => true
}
@ -60,6 +62,19 @@ class rhizo_base::users {
mode => '0600'
}
file { '/home/tic/.ssh/config':
content => template('rhizo_base/ssh_user_config.erb'),
owner => 'tic',
group => 'tic',
mode => '0600'
}
file { '/home/osmocom/.ssh/config':
content => template('rhizo_base/ssh_user_config.erb'),
owner => 'osmocom',
mode => '0600'
}
file { '/home/tic/.bash_aliases':
content => template('rhizo_base/bash_aliases.erb'),
owner => 'tic',
@ -67,4 +82,42 @@ class rhizo_base::users {
mode => '0640'
}
}
file { '/root/.ssh':
ensure => directory
}
file { '/root/.ssh/bts_key':
ensure => present,
mode => '0600',
content => hiera('rhizo::bts_key'),
}
file { '/home/tic/.ssh/bts_key':
ensure => present,
mode => '0600',
owner => 'tic',
group => 'tic',
content => hiera('rhizo::bts_key'),
}
file { '/home/osmocom/.ssh/bts_key':
ensure => present,
mode => '0600',
owner => 'osmocom',
content => hiera('rhizo::bts_key'),
}
# SSH Deploy key and config for gitlab
file { '/root/.ssh/bsc_dev':
ensure => present,
mode => '0600',
content => hiera('rhizo::bsc_dev_deploy_key'),
}
file { '/root/.ssh/config':
ensure => present,
source => 'puppet:///modules/rhizo_base/ssh/config',
}
}