6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
# File 'manifests/pki/user.pp', line 6
class cfweb::pki::user {
assert_private()
$user = $cfweb::pki::ssh_user
$home_dir = "/home/${user}"
group { $user:
ensure => present,
}
-> user { $user:
ensure => present,
home => $home_dir,
gid => $user,
groups => [
'ssh_access',
$cfweb::acme_challenge_group
],
managehome => true,
shell => '/bin/bash',
purge_ssh_keys => true,
system => true,
}
cfauth::sudoentry { $user:
command => "/bin/systemctl reload ${cfweb::web_service}.service",
}
# Own key
#---
cfsystem::clusterssh { "cfweb:${cfweb::cluster}":
namespace => 'cfweb',
cluster => $cfweb::cluster,
user => $user,
is_primary => !$cfweb::is_secondary,
key_type => $cfweb::pki::ssh_key_type,
key_bits => $cfweb::pki::ssh_key_bits,
peer_ipset => $cfweb::cluster_ipset,
}
}
|