From f3ffd319f63a6dd9591f6f18f52e6c50902e3ed5 Mon Sep 17 00:00:00 2001 From: Julien Cristau Date: Thu, 5 Jul 2018 12:31:21 +0200 Subject: [PATCH] More users for salsa (RT#7316) --- modules/salsa/manifests/init.pp | 39 +++++++++++++++++++++++++++++++ modules/salsa/manifests/params.pp | 8 ++++++- modules/sudo/files/sudoers | 3 +++ 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/modules/salsa/manifests/init.pp b/modules/salsa/manifests/init.pp index a2d20630a..73821cc68 100644 --- a/modules/salsa/manifests/init.pp +++ b/modules/salsa/manifests/init.pp @@ -21,6 +21,26 @@ class salsa inherits salsa::params { owner => $salsa::user, group => $salsa::group, } + file { "/home/${salsa::registry_user}": + ensure => link, + target => $salsa::registry_user_home, + } + file { $salsa::registry_user_home: + ensure => directory, + mode => '0755', + owner => $salsa::registry_user, + group => $salsa::registry_user, + } + file { "/home/${salsa::signup_user}": + ensure => link, + target => $salsa::signup_user_home, + } + file { $salsa::signup_user_home: + ensure => directory, + mode => '0755', + owner => $salsa::signup_user, + group => $salsa::signup_user, + } file { "/home/${salsa::webhook_user}": ensure => link, target => $salsa::webhook_user_home, @@ -31,6 +51,16 @@ class salsa inherits salsa::params { owner => $salsa::webhook_user, group => $salsa::webhook_user, } + file { "/home/${salsa::pages_user}": + ensure => link, + target => $salsa::pages_user_home, + } + file { $salsa::pages_user_home: + ensure => directory, + mode => '0755', + owner => $salsa::pages_user, + group => $salsa::pages_user, + } file { "${salsa::home}/.credentials.yaml": @@ -66,9 +96,18 @@ class salsa inherits salsa::params { file { "/var/lib/systemd/linger/${salsa::user}": ensure => present, } + file { "/var/lib/systemd/linger/${salsa::registry_user}": + ensure => present, + } + file { "/var/lib/systemd/linger/${salsa::signup_user}": + ensure => present, + } file { "/var/lib/systemd/linger/${salsa::webhook_user}": ensure => present, } + file { "/var/lib/systemd/linger/${salsa::pages_user}": + ensure => present, + } file { "/etc/ssh/userkeys/${salsa::user}": ensure => link, target => "${salsa::home}/.ssh/authorized_keys", diff --git a/modules/salsa/manifests/params.pp b/modules/salsa/manifests/params.pp index 05e287d39..114cf2f3e 100644 --- a/modules/salsa/manifests/params.pp +++ b/modules/salsa/manifests/params.pp @@ -5,8 +5,14 @@ class salsa::params { $user = "git" $group = "git" $home = "/srv/${servicename}" + $registry_user = "salsa-registry" + $registry_user_home = "/srv/registry.${servicename}" + $signup_user = "salsa-signup" + $signup_user_home = "/srv/signup.${servicename}" $webhook_user = "salsa-webhook" - $webhook_user_home = "${home}/home-webhook" + $webhook_user_home = "/srv/webhook.${servicename}" + $pages_user = "salsa-pages" + $pages_user_home = "/srv/pages.debian.net" $db_name = "salsa" $db_role = "salsa" diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers index 2bac30c89..ba18bf421 100644 --- a/modules/sudo/files/sudoers +++ b/modules/sudo/files/sudoers @@ -135,7 +135,10 @@ nagios storace=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg %gitdoadm ALL=(gitdoadm) ALL # the git user also exists on adayevskaya where it's a different service.. %gitdoadm godard=(git) ALL +%gitdoadm godard=(salsa-registry) ALL +%gitdoadm godard=(salsa-signup) ALL %gitdoadm godard=(salsa-webhook) ALL +%gitdoadm godard=(salsa-pages) ALL %keyring ALL=(keyring) ALL %jenkins-adm ALL=(jenkins-adm) ALL %lintian ALL=(lintian) ALL -- 2.20.1