projects / mirror / dsa-puppet.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4c457f6)
More users for salsa (RT#7316)
authorJulien Cristau <jcristau@debian.org>
Thu, 5 Jul 2018 10:31:21 +0000 (12:31 +0200)
committerJulien Cristau <jcristau@debian.org>
Thu, 5 Jul 2018 10:31:21 +0000 (12:31 +0200)
modules/salsa/manifests/init.pp patch | blob | history
modules/salsa/manifests/params.pp patch | blob | history
modules/sudo/files/sudoers patch | blob | history

diff --git a/modules/salsa/manifests/init.pp b/modules/salsa/manifests/init.pp
index a2d2063..73821cc 100644 (file)
--- a/modules/salsa/manifests/init.pp
+++ b/modules/salsa/manifests/init.pp
@@ -21,6 +21,26 @@ class salsa inherits salsa::params {
                owner  => $salsa::user,
                group  => $salsa::group,
        }
+       file { "/home/${salsa::registry_user}":
+               ensure => link,
+               target => $salsa::registry_user_home,
+       }
+       file { $salsa::registry_user_home:
+               ensure => directory,
+               mode   => '0755',
+               owner  => $salsa::registry_user,
+               group  => $salsa::registry_user,
+       }
+       file { "/home/${salsa::signup_user}":
+               ensure => link,
+               target => $salsa::signup_user_home,
+       }
+       file { $salsa::signup_user_home:
+               ensure => directory,
+               mode   => '0755',
+               owner  => $salsa::signup_user,
+               group  => $salsa::signup_user,
+       }
        file { "/home/${salsa::webhook_user}":
                ensure => link,
                target => $salsa::webhook_user_home,
@@ -31,6 +51,16 @@ class salsa inherits salsa::params {
                owner  => $salsa::webhook_user,
                group  => $salsa::webhook_user,
        }
+       file { "/home/${salsa::pages_user}":
+               ensure => link,
+               target => $salsa::pages_user_home,
+       }
+       file { $salsa::pages_user_home:
+               ensure => directory,
+               mode   => '0755',
+               owner  => $salsa::pages_user,
+               group  => $salsa::pages_user,
+       }
 
 
        file { "${salsa::home}/.credentials.yaml":
@@ -66,9 +96,18 @@ class salsa inherits salsa::params {
        file { "/var/lib/systemd/linger/${salsa::user}":
                ensure => present,
        }
+       file { "/var/lib/systemd/linger/${salsa::registry_user}":
+               ensure => present,
+       }
+       file { "/var/lib/systemd/linger/${salsa::signup_user}":
+               ensure => present,
+       }
        file { "/var/lib/systemd/linger/${salsa::webhook_user}":
                ensure => present,
        }
+       file { "/var/lib/systemd/linger/${salsa::pages_user}":
+               ensure => present,
+       }
        file { "/etc/ssh/userkeys/${salsa::user}":
                ensure => link,
                target => "${salsa::home}/.ssh/authorized_keys",
diff --git a/modules/salsa/manifests/params.pp b/modules/salsa/manifests/params.pp
index 05e287d..114cf2f 100644 (file)
--- a/modules/salsa/manifests/params.pp
+++ b/modules/salsa/manifests/params.pp
@@ -5,8 +5,14 @@ class salsa::params {
        $user = "git"
        $group = "git"
        $home = "/srv/${servicename}"
+       $registry_user = "salsa-registry"
+       $registry_user_home = "/srv/registry.${servicename}"
+       $signup_user = "salsa-signup"
+       $signup_user_home = "/srv/signup.${servicename}"
        $webhook_user = "salsa-webhook"
-       $webhook_user_home = "${home}/home-webhook"
+       $webhook_user_home = "/srv/webhook.${servicename}"
+       $pages_user = "salsa-pages"
+       $pages_user_home = "/srv/pages.debian.net"
 
        $db_name = "salsa"
        $db_role = "salsa"
diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 2bac30c..ba18bf4 100644 (file)
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -135,7 +135,10 @@ nagios             storace=(debbackup)     NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg
 %gitdoadm      ALL=(gitdoadm)  ALL
 # the git user also exists on adayevskaya where it's a different service..
 %gitdoadm      godard=(git)            ALL
+%gitdoadm      godard=(salsa-registry) ALL
+%gitdoadm      godard=(salsa-signup)   ALL
 %gitdoadm      godard=(salsa-webhook)  ALL
+%gitdoadm      godard=(salsa-pages)    ALL
 %keyring       ALL=(keyring)   ALL
 %jenkins-adm   ALL=(jenkins-adm)       ALL
 %lintian       ALL=(lintian)   ALL
Unnamed repository; edit this file 'description' to name the repository.