From c69e8c487e06087aca00424c1c95d7111aafc337 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 30 Jun 2024 22:41:32 +1000 Subject: [PATCH] feat: create glauth module - manage config directories, config file - manage systemd service and socket - manage users, service accounts and groups - manage defaults for users, services and groups - manage packages for role --- modules/glauth/manifests/config.pp | 155 +++++++++++++++++++ modules/glauth/manifests/init.pp | 64 ++++++++ modules/glauth/manifests/install.pp | 45 ++++++ modules/glauth/manifests/obj/group.pp | 17 ++ modules/glauth/manifests/obj/service.pp | 21 +++ modules/glauth/manifests/obj/user.pp | 39 +++++ modules/glauth/manifests/params.pp | 58 +++++++ modules/glauth/manifests/service.pp | 40 +++++ modules/glauth/templates/api.epp | 10 ++ modules/glauth/templates/backend.epp | 10 ++ modules/glauth/templates/behaviors.epp | 11 ++ modules/glauth/templates/general.epp | 7 + modules/glauth/templates/ldap.epp | 9 ++ modules/glauth/templates/ldaps.epp | 8 + modules/glauth/templates/obj/group.epp | 5 + modules/glauth/templates/obj/service.epp | 7 + modules/glauth/templates/obj/user.epp | 14 ++ modules/glauth/templates/systemd.service.epp | 14 ++ modules/glauth/templates/systemd.socket.epp | 11 ++ 19 files changed, 545 insertions(+) create mode 100644 modules/glauth/manifests/config.pp create mode 100644 modules/glauth/manifests/init.pp create mode 100644 modules/glauth/manifests/install.pp create mode 100644 modules/glauth/manifests/obj/group.pp create mode 100644 modules/glauth/manifests/obj/service.pp create mode 100644 modules/glauth/manifests/obj/user.pp create mode 100644 modules/glauth/manifests/params.pp create mode 100644 modules/glauth/manifests/service.pp create mode 100644 modules/glauth/templates/api.epp create mode 100644 modules/glauth/templates/backend.epp create mode 100644 modules/glauth/templates/behaviors.epp create mode 100644 modules/glauth/templates/general.epp create mode 100644 modules/glauth/templates/ldap.epp create mode 100644 modules/glauth/templates/ldaps.epp create mode 100644 modules/glauth/templates/obj/group.epp create mode 100644 modules/glauth/templates/obj/service.epp create mode 100644 modules/glauth/templates/obj/user.epp create mode 100644 modules/glauth/templates/systemd.service.epp create mode 100644 modules/glauth/templates/systemd.socket.epp diff --git a/modules/glauth/manifests/config.pp b/modules/glauth/manifests/config.pp new file mode 100644 index 0000000..e2c252b --- /dev/null +++ b/modules/glauth/manifests/config.pp @@ -0,0 +1,155 @@ +# configure glauth +class glauth::config ( + Boolean $debug = $glauth::debug, + Boolean $syslog = $glauth::syslog, + Boolean $structuredlog = $glauth::structuredlog, + Boolean $watchconfig = $glauth::watchconfig, + + Boolean $ldap_enabled = $glauth::ldap_enabled, + Stdlib::IP::Address $ldap_address = $glauth::ldap_address, + Stdlib::Port $ldap_port = $glauth::ldap_port, + Boolean $ldap_tls = $glauth::ldap_tls, + Stdlib::Absolutepath $ldap_tlscertpath = $glauth::ldap_tlscertpath, + Stdlib::Absolutepath $ldap_tlskeypath = $glauth::ldap_tlskeypath, + + Boolean $ldaps_enabled = $glauth::ldaps_enabled, + Stdlib::IP::Address $ldaps_address = $glauth::ldaps_address, + Stdlib::Port $ldaps_port = $glauth::ldaps_port, + Stdlib::Absolutepath $ldaps_cert = $glauth::ldaps_cert, + Stdlib::Absolutepath $ldaps_key = $glauth::ldaps_key, + + String $backend_datastore = $glauth::backend_datastore, + String $backend_basedn = $glauth::backend_basedn, + String $backend_nameformat = $glauth::backend_nameformat, + String $backend_groupformat = $glauth::backend_groupformat, + Boolean $backend_anonymousdse = $glauth::backend_anonymousdse, + String $backend_sshkeyattr = $glauth::backend_sshkeyattr, + + Boolean $behaviors_ignorecapabilities = $glauth::behaviors_ignorecapabilities, + Boolean $behaviors_limitfailedbinds = $glauth::behaviors_limitfailedbinds, + Integer $behaviors_numberoffailedbinds = $glauth::behaviors_numberoffailedbinds, + Integer $behaviors_periodoffailedbinds = $glauth::behaviors_periodoffailedbinds, + Integer $behaviors_blockfailedbindsfor = $glauth::behaviors_blockfailedbindsfor, + Integer $behaviors_prunesourcetableevery = $glauth::behaviors_prunesourcetableevery, + Integer $behaviors_prunesourcesolderthan = $glauth::behaviors_prunesourcesolderthan, + + Boolean $api_enabled = $glauth::api_enabled, + Boolean $api_internals = $glauth::api_internals, + Boolean $api_tls = $glauth::api_tls, + Stdlib::IP::Address $api_address = $glauth::api_address, + Stdlib::Port $api_port = $glauth::api_port, + Stdlib::Absolutepath $api_cert = $glauth::api_cert, + Stdlib::Absolutepath $api_key = $glauth::api_key, + + String $user = $glauth::user, + String $group = $glauth::group, + Stdlib::Absolutepath $bin_dir = $glauth::bin_dir, + Stdlib::Absolutepath $bin_path = $glauth::bin_path, + Stdlib::Absolutepath $config_dir = $glauth::config_dir, + Stdlib::Absolutepath $config_path = $glauth::config_path, + Boolean $manage_defaults = $glauth::manage_defaults, +) { + + mkdir::p {$config_dir:} + file { [ $config_dir ]: + ensure => directory, + owner => $user, + group => $group, + } + + concat { $config_path: + owner => $user, + group => $group, + mode => '0644', + require => File[$config_dir], + } + + if $manage_defaults { + Glauth::Obj::User { + config_path => $config_path, + } + Glauth::Obj::Service { + config_path => $config_path, + } + Glauth::Obj::Group { + config_path => $config_path, + } + } + + concat::fragment { 'glauth_general': + target => $config_path, + content => epp('glauth/general.epp', { + 'debug' => $debug, + 'syslog' => $syslog, + 'structuredlog' => $structuredlog, + 'watchconfig' => $watchconfig, + }), + order => 10, + } + + concat::fragment { 'glauth_ldap': + target => $config_path, + content => epp('glauth/ldap.epp', { + 'ldap_enabled' => $ldap_enabled, + 'ldap_address' => $ldap_address, + 'ldap_port' => $ldap_port, + 'ldap_tls' => $ldap_tls, + 'ldap_tlscertpath' => $ldap_tlscertpath, + 'ldap_tlskeypath' => $ldap_tlskeypath, + }), + order => 20, + } + + concat::fragment { 'glauth_ldaps': + target => $config_path, + content => epp('glauth/ldaps.epp', { + 'ldaps_enabled' => $ldaps_enabled, + 'ldaps_address' => $ldaps_address, + 'ldaps_port' => $ldaps_port, + 'ldaps_cert' => $ldaps_cert, + 'ldaps_key' => $ldaps_key, + }), + order => 30, + } + + concat::fragment { 'glauth_backend': + target => $config_path, + content => epp('glauth/backend.epp', { + 'backend_datastore' => $backend_datastore, + 'backend_basedn' => $backend_basedn, + 'backend_nameformat' => $backend_nameformat, + 'backend_groupformat' => $backend_groupformat, + 'backend_anonymousdse' => $backend_anonymousdse, + 'backend_sshkeyattr' => $backend_sshkeyattr, + }), + order => 40, + } + + concat::fragment { 'glauth_behaviors': + target => $config_path, + content => epp('glauth/behaviors.epp', { + 'ignorecapabilities' => $behaviors_ignorecapabilities, + 'limitfailedbinds' => $behaviors_limitfailedbinds, + 'numberoffailedbinds' => $behaviors_numberoffailedbinds, + 'periodoffailedbinds' => $behaviors_periodoffailedbinds, + 'blockfailedbindsfor' => $behaviors_blockfailedbindsfor, + 'prunesourcetableevery' => $behaviors_prunesourcetableevery, + 'prunesourcesolderthan' => $behaviors_prunesourcesolderthan, + }), + order => 50, + } + + concat::fragment { 'glauth_api': + target => $config_path, + content => epp('glauth/api.epp', { + 'api_enabled' => $api_enabled, + 'api_internals' => $api_internals, + 'api_tls' => $api_tls, + 'api_address' => $api_address, + 'api_port' => $api_port, + 'api_cert' => $api_cert, + 'api_key' => $api_key, + }), + order => 60, + } +} diff --git a/modules/glauth/manifests/init.pp b/modules/glauth/manifests/init.pp new file mode 100644 index 0000000..f99f9e8 --- /dev/null +++ b/modules/glauth/manifests/init.pp @@ -0,0 +1,64 @@ +# glauth inititalisation class +class glauth ( + Boolean $debug = $glauth::params::debug, + Boolean $syslog = $glauth::params::syslog, + Boolean $structuredlog = $glauth::params::structuredlog, + Boolean $watchconfig = $glauth::params::watchconfig, + Array $packages = $glauth::params::packages, + + Boolean $ldap_enabled = $glauth::params::ldap_enabled, + Stdlib::IP::Address $ldap_address = $glauth::params::ldap_address, + Stdlib::Port $ldap_port = $glauth::params::ldap_port, + Boolean $ldap_tls = $glauth::params::ldap_tls, + Stdlib::Absolutepath $ldap_tlscertpath = $glauth::params::ldap_tlscertpath, + Stdlib::Absolutepath $ldap_tlskeypath = $glauth::params::ldap_tlskeypath, + + Boolean $ldaps_enabled = $glauth::params::ldaps_enabled, + Stdlib::IP::Address $ldaps_address = $glauth::params::ldaps_address, + Stdlib::Port $ldaps_port = $glauth::params::ldaps_port, + Stdlib::Absolutepath $ldaps_cert = $glauth::params::ldaps_cert, + Stdlib::Absolutepath $ldaps_key = $glauth::params::ldaps_key, + + String $backend_datastore = $glauth::params::backend_datastore, + String $backend_basedn = $glauth::params::backend_basedn, + String $backend_nameformat = $glauth::params::backend_nameformat, + String $backend_groupformat = $glauth::params::backend_groupformat, + Boolean $backend_anonymousdse = $glauth::params::backend_anonymousdse, + String $backend_sshkeyattr = $glauth::params::backend_sshkeyattr, + + Boolean $behaviors_ignorecapabilities = $glauth::params::behaviors_ignorecapabilities, + Boolean $behaviors_limitfailedbinds = $glauth::params::behaviors_limitfailedbinds, + Integer $behaviors_numberoffailedbinds = $glauth::params::behaviors_numberoffailedbinds, + Integer $behaviors_periodoffailedbinds = $glauth::params::behaviors_periodoffailedbinds, + Integer $behaviors_blockfailedbindsfor = $glauth::params::behaviors_blockfailedbindsfor, + Integer $behaviors_prunesourcetableevery = $glauth::params::behaviors_prunesourcetableevery, + Integer $behaviors_prunesourcesolderthan = $glauth::params::behaviors_prunesourcesolderthan, + + Boolean $api_enabled = $glauth::params::api_enabled, + Boolean $api_internals = $glauth::params::api_internals, + Boolean $api_tls = $glauth::params::api_tls, + Stdlib::IP::Address $api_address = $glauth::params::api_address, + Stdlib::Port $api_port = $glauth::params::api_port, + Stdlib::Absolutepath $api_cert = $glauth::params::api_cert, + Stdlib::Absolutepath $api_key = $glauth::params::api_key, + + String $user = $glauth::params::user, + String $group = $glauth::params::group, + Stdlib::Absolutepath $bin_dir = $glauth::params::bin_dir, + Stdlib::Absolutepath $bin_path = $glauth::params::bin_path, + Stdlib::Absolutepath $config_dir = $glauth::params::config_dir, + Stdlib::Absolutepath $config_path = $glauth::params::config_path, + Boolean $service_enable = $glauth::params::service_enable, + String $service_name = $glauth::params::service_name, + String $download_version = $glauth::params::download_version, + String $download_url = $glauth::params::download_url, + Boolean $manage_defaults = $glauth::params::manage_defaults, + +) inherits glauth::params { + + include glauth::install + include glauth::config + include glauth::service + + Class['glauth::install'] -> Class['glauth::config'] -> Class['glauth::service'] +} diff --git a/modules/glauth/manifests/install.pp b/modules/glauth/manifests/install.pp new file mode 100644 index 0000000..624fc87 --- /dev/null +++ b/modules/glauth/manifests/install.pp @@ -0,0 +1,45 @@ +# install the glauth directories and binary +class glauth::install ( + String $user = $glauth::user, + String $group = $glauth::group, + Stdlib::Absolutepath $bin_dir = $glauth::bin_dir, + Stdlib::Absolutepath $bin_path = $glauth::bin_path, + Stdlib::Absolutepath $config_dir = $glauth::config_path, + Stdlib::Absolutepath $config_path = $glauth::config_path, + String $download_url = $glauth::download_url, + Array $packages = $glauth::packages, +){ + user { $user: + ensure => present, + system => true, + gid => $group, + require => Group[$group], + } + + group { $group: + ensure => present, + system => true, + } + + ensure_resources('package', $packages => {ensure => 'present'}) + + archive { 'glauth': + ensure => present, + url => $download_url, + extract => false, + path => $bin_path, + creates => $bin_path, + cleanup => false, + extract_path => $bin_dir, + user => 'root', + group => 'root', + } + + file{ $bin_path: + ensure => file, + owner => 'root', + group => 'root', + mode => '0755', + require => Archive['glauth'], + } +} diff --git a/modules/glauth/manifests/obj/group.pp b/modules/glauth/manifests/obj/group.pp new file mode 100644 index 0000000..45e29bc --- /dev/null +++ b/modules/glauth/manifests/obj/group.pp @@ -0,0 +1,17 @@ +# define a group object +define glauth::obj::group ( + String $group_name, + Integer $gidnumber, + Stdlib::Absolutepath $config_path, + Optional[Array[Integer]] $includegroups = [], +) { + concat::fragment { "glauth_group_${group_name}": + target => $config_path, + content => epp('glauth/obj/group.epp', { + 'name' => $group_name, + 'gidnumber' => $gidnumber, + 'includegroups' => $includegroups, + }), + order => '90', + } +} diff --git a/modules/glauth/manifests/obj/service.pp b/modules/glauth/manifests/obj/service.pp new file mode 100644 index 0000000..53e53ef --- /dev/null +++ b/modules/glauth/manifests/obj/service.pp @@ -0,0 +1,21 @@ +# define a service object +define glauth::obj::service ( + String $service_name, + String $mail, + Integer $uidnumber, + Integer $primarygroup, + String $passsha256, + Stdlib::Absolutepath $config_path, +) { + concat::fragment { "glauth_service_${service_name}": + target => $config_path, + content => epp('glauth/obj/service.epp', { + 'name' => $service_name, + 'mail' => $mail, + 'uidnumber' => $uidnumber, + 'primarygroup' => $primarygroup, + 'passsha256' => $passsha256, + }), + order => '80', + } +} diff --git a/modules/glauth/manifests/obj/user.pp b/modules/glauth/manifests/obj/user.pp new file mode 100644 index 0000000..dd48131 --- /dev/null +++ b/modules/glauth/manifests/obj/user.pp @@ -0,0 +1,39 @@ +# define a user object +define glauth::obj::user ( + String $user_name, + String $mail, + Integer $uidnumber, + Integer $primarygroup, + String $passsha256, + Stdlib::Absolutepath $config_path, + String $givenname = '', + String $sn = '', + String $loginshell = '', + String $homedir = '', + Optional[Array[String]] $sshkeys = [], + Optional[Array[String]] $passappsha256 = [], + Optional[Array[Integer]] $othergroups = [], +) { + $formatted_othergroups = $othergroups.empty ? { + true => '[]', + false => "[${othergroups.join(', ')}]", + } + concat::fragment { "glauth_user_${user_name}": + target => $config_path, + content => epp('glauth/obj/user.epp', { + 'name' => $user_name, + 'givenname' => $givenname, + 'sn' => $sn, + 'mail' => $mail, + 'uidnumber' => $uidnumber, + 'primarygroup' => $primarygroup, + 'loginshell' => $loginshell, + 'homedir' => $homedir, + 'passsha256' => $passsha256, + 'sshkeys' => $sshkeys, + 'passappsha256' => $passappsha256, + 'othergroups' => $formatted_othergroups, + }), + order => '70', + } +} diff --git a/modules/glauth/manifests/params.pp b/modules/glauth/manifests/params.pp new file mode 100644 index 0000000..6bee395 --- /dev/null +++ b/modules/glauth/manifests/params.pp @@ -0,0 +1,58 @@ +# params class for glauth +class glauth::params ( + Boolean $debug = true, + Boolean $syslog = true, + Boolean $structuredlog = true, + Boolean $watchconfig = true, + Array $packages = [ + 'openldap-clients', + ], + + Boolean $ldap_enabled = true, + Stdlib::IP::Address $ldap_address = '0.0.0.0', + Stdlib::Port $ldap_port = 389, + Boolean $ldap_tls = false, + Stdlib::Absolutepath $ldap_tlscertpath = '/etc/glauth/glauth.crt', + Stdlib::Absolutepath $ldap_tlskeypath = '/etc/glauth/glauth.key', + + Boolean $ldaps_enabled = false, + Stdlib::IP::Address $ldaps_address = '0.0.0.0', + Stdlib::Port $ldaps_port = 636, + Stdlib::Absolutepath $ldaps_cert = '/etc/glauth/glauth.crt', + Stdlib::Absolutepath $ldaps_key = '/etc/glauth/glauth.key', + + String $backend_datastore = 'config', + String $backend_basedn = 'dc=main,dc=unkin,dc=net', + String $backend_nameformat = 'cn', + String $backend_groupformat = 'ou', + Boolean $backend_anonymousdse = true, + String $backend_sshkeyattr = 'sshPublicKey', + + Boolean $behaviors_ignorecapabilities = true, + Boolean $behaviors_limitfailedbinds = true, + Integer $behaviors_numberoffailedbinds = 3, + Integer $behaviors_periodoffailedbinds = 10, + Integer $behaviors_blockfailedbindsfor = 60, + Integer $behaviors_prunesourcetableevery = 600, + Integer $behaviors_prunesourcesolderthan = 600, + + Boolean $api_enabled = true, + Boolean $api_internals = true, + Boolean $api_tls = true, + Stdlib::IP::Address $api_address = '0.0.0.0', + Stdlib::Port $api_port = 5555, + Stdlib::Absolutepath $api_cert = '/etc/glauth/cert.pem', + Stdlib::Absolutepath $api_key = '/etc/glauth/key.pem', + + String $user = 'glauth', + String $group = 'glauth', + Stdlib::Absolutepath $bin_dir = '/usr/local/bin', + Stdlib::Absolutepath $bin_path = "${bin_dir}/glauth", + Stdlib::Absolutepath $config_dir = '/etc/glauth', + Stdlib::Absolutepath $config_path = "${config_dir}/glauth.conf", + Boolean $service_enable = true, + String $service_name = 'glauth', + String $download_version = '2.3.2', + String $download_url = "https://git.query.consul/api/packages/unkinben/generic/glauth/${download_version}/glauth-linux-amd64", + Boolean $manage_defaults = true, +){} diff --git a/modules/glauth/manifests/service.pp b/modules/glauth/manifests/service.pp new file mode 100644 index 0000000..3a4215d --- /dev/null +++ b/modules/glauth/manifests/service.pp @@ -0,0 +1,40 @@ +# manage the glauth service/socket +class glauth::service ( + $service_enable = $glauth::service_enable, + $service_name = $glauth::service_name, + $user = $glauth::user, + $group = $glauth::group, + $config_path = $glauth::config_path, + $bin_path = $glauth::bin_path, + $ldap_port = $glauth::ldap_port, + $ldaps_port = $glauth::ldaps_port, + $api_port = $glauth::api_port, +){ + if $service_enable { + include ::systemd + + systemd::unit_file { "${service_name}.service": + content => epp('glauth/systemd.service.epp', { + 'bin_path' => $bin_path, + 'config_path' => $config_path, + 'user' => $user, + 'group' => $group, + 'service_name' => $service_name, + }), + enable => true, + active => true, + subscribe => Concat[$config_path], + # should also subscribe to tls certs + } + #systemd::unit_file { "${service_name}.socket": + # content => epp('glauth/systemd.socket.epp', { + # 'ldap_port' => $ldap_port, + # 'ldaps_port' => $ldaps_port, + # 'api_port' => $api_port, + #}), + # enable => true, + # active => true, + # subscribe => Concat[$config_path], + #} + } +} diff --git a/modules/glauth/templates/api.epp b/modules/glauth/templates/api.epp new file mode 100644 index 0000000..388a0ee --- /dev/null +++ b/modules/glauth/templates/api.epp @@ -0,0 +1,10 @@ +################# +# API configuration. +[api] + enabled = <%= $api_enabled %> + internals = <%= $api_internals %> + tls = <%= $api_tls %> + listen = "<%= $api_address %>:<%= $api_port %>" + cert = "<%= $api_cert %>" + key = "<%= $api_key %>" + diff --git a/modules/glauth/templates/backend.epp b/modules/glauth/templates/backend.epp new file mode 100644 index 0000000..10f3634 --- /dev/null +++ b/modules/glauth/templates/backend.epp @@ -0,0 +1,10 @@ +################# +# The backend section controls the data store. +[backend] + datastore = "<%= $backend_datastore %>" + baseDN = "<%= $backend_basedn %>" + nameformat = "<%= $backend_nameformat %>" + groupformat = "<%= $backend_groupformat %>" + anonymousdse = <%= $backend_anonymousdse %> + sshkeyattr = "<%= $backend_sshkeyattr %>" + diff --git a/modules/glauth/templates/behaviors.epp b/modules/glauth/templates/behaviors.epp new file mode 100644 index 0000000..217c933 --- /dev/null +++ b/modules/glauth/templates/behaviors.epp @@ -0,0 +1,11 @@ +################# +# Behaviors configuration. +[behaviors] + IgnoreCapabilities = <%= $ignorecapabilities %> + LimitFailedBinds = <%= $limitfailedbinds %> + NumberOfFailedBinds = <%= $numberoffailedbinds %> + PeriodOfFailedBinds = <%= $periodoffailedbinds %> + BlockFailedBindsFor = <%= $blockfailedbindsfor %> + PruneSourceTableEvery = <%= $prunesourcetableevery %> + PruneSourcesOlderThan = <%= $prunesourcesolderthan %> + diff --git a/modules/glauth/templates/general.epp b/modules/glauth/templates/general.epp new file mode 100644 index 0000000..a2541ef --- /dev/null +++ b/modules/glauth/templates/general.epp @@ -0,0 +1,7 @@ +################# +# General configuration. +debug = <%= $debug %> +syslog = <%= $syslog %> +structuredlog = <%= $structuredlog %> +watchconfig = <%= $watchconfig %> + diff --git a/modules/glauth/templates/ldap.epp b/modules/glauth/templates/ldap.epp new file mode 100644 index 0000000..3a16c44 --- /dev/null +++ b/modules/glauth/templates/ldap.epp @@ -0,0 +1,9 @@ +################# +# Server configuration. +[ldap] + enabled = <%= $ldap_enabled %> + listen = "<%= $ldap_address %>:<%= $ldap_port %>" + tls = <%= $ldap_tls %> + tlsCertPath = "<%= $ldap_tlscertpath %>" + tlsKeyPath = "<%= $ldap_tlskeypath %>" + diff --git a/modules/glauth/templates/ldaps.epp b/modules/glauth/templates/ldaps.epp new file mode 100644 index 0000000..fc2f552 --- /dev/null +++ b/modules/glauth/templates/ldaps.epp @@ -0,0 +1,8 @@ +################# +# Server configuration. +[ldaps] + enabled = <%= $ldaps_enabled %> + listen = "<%= $ldaps_address %>:<%= $ldaps_port %>" + cert = "<%= $ldaps_cert %>" + key = "<%= $ldaps_key %>" + diff --git a/modules/glauth/templates/obj/group.epp b/modules/glauth/templates/obj/group.epp new file mode 100644 index 0000000..c037cd7 --- /dev/null +++ b/modules/glauth/templates/obj/group.epp @@ -0,0 +1,5 @@ +[[groups]] + name = "<%= $name %>" + gidnumber = <%= $gidnumber %> + <% if $includegroups.length > 0 { %>includegroups = [<% $includegroups.each |Integer $group| { %><%= $group %>, <% } %>]<% } %> + diff --git a/modules/glauth/templates/obj/service.epp b/modules/glauth/templates/obj/service.epp new file mode 100644 index 0000000..b063ce7 --- /dev/null +++ b/modules/glauth/templates/obj/service.epp @@ -0,0 +1,7 @@ +[[users]] + name = "<%= $name %>" + mail = "<%= $mail %>" + uidnumber = <%= $uidnumber %> + primarygroup = <%= $primarygroup %> + passsha256 = "<%= $passsha256 %>" + diff --git a/modules/glauth/templates/obj/user.epp b/modules/glauth/templates/obj/user.epp new file mode 100644 index 0000000..4f62916 --- /dev/null +++ b/modules/glauth/templates/obj/user.epp @@ -0,0 +1,14 @@ +[[users]] + name = "<%= $name %>" + <% if $givenname != '' { %>givenname = "<%= $givenname %>"<% } %> + <% if $sn != '' { %>sn = "<%= $sn %>"<% } %> + mail = "<%= $mail %>" + uidnumber = <%= $uidnumber %> + primarygroup = <%= $primarygroup %> + <% if $loginshell != '' { %>loginShell = "<%= $loginshell %>"<% } %> + <% if $homedir != '' { %>homeDir = "<%= $homedir %>"<% } %> + passsha256 = "<%= $passsha256 %>" + <% if $sshkeys.length > 0 { %>sshkeys = [<% $sshkeys.each |String $key| { %>"<%= $key %>", <% } %>]<% } %> + <% if $passappsha256.length > 0 { %>passappsha256 = [<% $passappsha256.each |String $pass| { %>"<%= $pass %>", <% } %>]<% } %> + othergroups = <%= $othergroups %> + diff --git a/modules/glauth/templates/systemd.service.epp b/modules/glauth/templates/systemd.service.epp new file mode 100644 index 0000000..a90d304 --- /dev/null +++ b/modules/glauth/templates/systemd.service.epp @@ -0,0 +1,14 @@ +[Unit] +Description=GLAuth Service +After=network.target + +[Service] +User=<%= $user %> +Group=<%= $group %> +ExecStart=<%= $bin_path %> -c <%= $config_path %> +Restart=always +AmbientCapabilities=CAP_NET_BIND_SERVICE + +[Install] +WantedBy=multi-user.target +Also=<%= $service_name %>.socket diff --git a/modules/glauth/templates/systemd.socket.epp b/modules/glauth/templates/systemd.socket.epp new file mode 100644 index 0000000..5c0ab64 --- /dev/null +++ b/modules/glauth/templates/systemd.socket.epp @@ -0,0 +1,11 @@ +[Unit] +Description=GLAuth Socket + +[Socket] +ListenStream=<%= $ldap_port %> +ListenStream=<%= $ldaps_port %> +ListenStream=<%= $api_port %> +NoDelay=true + +[Install] +WantedBy=sockets.target