Commit 6c380689 authored by Zen Fu's avatar Zen Fu
Browse files

Fix: ensure management of home dir where it's not managed elsewhere (sysadmin#17852)

parent 2e1ebeb5
Pipeline #2907 failed with stage
in 2 minutes and 26 seconds
......@@ -22,9 +22,10 @@ class tails::check_mirrors (
package { $needed_packages: ensure => present }
user { $user:
ensure => present,
home => $homedir,
system => true,
ensure => present,
home => $homedir,
managehome => true,
system => true,
}
postfix::mailalias { $user:
......@@ -68,7 +69,7 @@ class tails::check_mirrors (
revision => $repo_rev,
user => $user,
require => [
User[$user], File[$homedir], Sshkey[$repo_host],
User[$user], Sshkey[$repo_host],
Exec["SSH key pair for user ${user}"]
],
}
......
......@@ -7,10 +7,11 @@ class tails::meeting (
$script_path = '/usr/local/bin/meeting.py'
user { $user:
ensure => present,
home => $homedir,
system => true,
require => File['/usr/local/bin/meeting.py'],
ensure => present,
home => $homedir,
managehome => true,
system => true,
require => File['/usr/local/bin/meeting.py'],
}
file { $script_path:
......
......@@ -21,9 +21,10 @@ class tails::profile::rss2email (
ensure_packages(['rss2email', 'jq'])
user { $user:
ensure => present,
home => $homedir,
system => true,
ensure => present,
home => $homedir,
managehome => true,
system => true,
}
# initialize unless config file is already present
......
......@@ -27,8 +27,10 @@ class tails::rsync (
ensure_packages(['rsync'])
user { 'rsync_tails':
ensure => present,
system => true,
ensure => present,
system => true,
home => '/home/rsync_tails',
managehome => true,
}
file { [ $basedir, $secrets_dir ]:
......
......@@ -60,11 +60,12 @@ class tails::website (
}
user { $user:
ensure => $ensure,
home => $home_dir,
password => '*',
system => true,
require => Group[$user],
ensure => $ensure,
home => $home_dir,
managehome => true,
password => '*',
system => true,
require => Group[$user],
}
group { $user:
......@@ -204,6 +205,7 @@ class tails::website (
user { 'www-data':
ensure => present,
home => '/var/www',
managehome => true,
purge_ssh_keys => true,
system => true,
shell => '/usr/bin/rssh',
......@@ -212,10 +214,11 @@ class tails::website (
## and set up the authorized keys granting access to the logs
file { '/var/www/.ssh':
ensure => directory,
owner => 'www-data',
group => 'www-data',
mode => '0700',
ensure => directory,
owner => 'www-data',
group => 'www-data',
mode => '0700',
require => User['www-data'],
}
$logparsepeople.each | String $logparseperson | {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment