cleanup user access

GanttStart: 2022-06-02

Right now user information is spread over tails_private manifests and hiera. This should all be moved to hiera eyaml, so we don't have privacy-sensitive information in cleartext (bringing us one step closer to being able to publish our complete puppet code).

On top of that, I'd like to refactor the provisioning of users and their group assignments to a RBAC model. This would mean we assign users access roles in hiera. Puppet profiles can then provision users based on the applicable access role, instead of assigning individual users to individual machines (for instance we'd have a sysadmin role and the base profile provisions users for everyone with the sysadmin role and grants them root access).

This requires figuring out what roles to define and where members of these roles should have access. These are the ones I propose, based on the current situation:

• sysadmin: should have root access everywhere;
• im-admin: should have a shell account on im servers with group membership of prosody and prosody_admin;
• mirrorteam: should have access to mirrors.git repository on our primary dns server
• weblate-admin: should have a shell account on weblate servers with group membership of weblate and weblate_admin;
• ft-committer: should have a ssh access to the reprepro account on apt, a shell account on jenkins master servers, root access to isotesters, a shell account on rsync with group membership of rsync_tails, and their openpgp key added to the reprepro uploaders;
• ft: should have a shell account on bittorrent and be part of the debian-transmission group there, have a shell account on misc, and have ssh access to the reprepro-time-based-snapshots user on apt servers;
• survey-admin: should have a shell account on limesurvey servers with group membership of limesurvey and limesurvey_admin;
• accounting: should have ssh access to bitcoin user on bitcoin servers;
• misc: should have a shell account on misc/shellservers (unsure if this is still needed?)