cdenneen/accounts::user.pp

## accounts::user.pp
define accounts::user(
  $ensure=present,
  $gid=undef,
  $groups=[],
  $password=undef,
  $sshkeys=[],
  $managehome=true,
  $allowdupe=false,
  $uid,
  $shell = $kernel ? {
    'SunOS' => '/usr/bin/bash',
    default => '/bin/bash',
  },
  $name){
    $homedir = $kernel ? {
      'SunOS' => '/export/home',
      default => '/home',
    }
    $username = $title
    if $ensure == absent and $username == 'root' {
      fail('Will not delete root user')
    }
    if $gid == undef {
      if $ensure == present {
        group { $username:
          ensure => present,
          gid    => $uid,
        }
      }
      $gid_real = $username
    } else {
      $gid_real = $gid
    }
    File { owner => $username, group => $gid_real, mode => '0600' }
    if $username == 'root' {
      $homedir = '/root'
    }
    user { $username:
      ensure      => $ensure,
      uid         => $uid,
      gid         => $gid_real,
      comment     => "$name",
      groups      => $groups,
      shell       => $shell,
      home        => "${homedir}/${username}",
      require     => $ensure ? {
        'present' => Group[$gid_real],
        default   => undef,
      },
      allowdupe   => $allowdupe,
      managehome  => $managehome,
      password    => "${password}" ? { false => undef, default => $password },
      membership  => inclusive,
    }
    $home = "${homedir}/${username}"
    case $ensure {
      present: {
        file { $home:
          ensure => directory
        }
        if ! empty($sshkeys) {
          file { "${home}/.ssh":
            ensure => directory;
          }
         file { "${home}/.ssh/authorized_keys":
           content => inline_template('<%= @sshkeys.join("\n") + "\n" %>'),
           ensure  => present,
         }
        }
      }
      absent: {
        file { $home:
          ensure  => $ensure,
          force   => true,
          recurse => true,
        }
      }
      default: {
        fail('Options are present or absent')
      }
    }
  }

## common.yaml
---
accounts_users:
  user1:
    name:     'User 1'
    uid:      '4001'
    shell:    '/bin/bash'
  user2:
    name:     'User 2'
    uid:      '4002'
    shell:    '/bin/zsh'
  user3:
    name:     'User 2'
    uid:      '4003'
    shell:    '/bin/bash'

## site::base.pp
class site::base {
  if ($osfamily != windows) {
        include site::users
        Accounts::User <| tag == 'nix_admins' |>
        Accounts::User <| tag == 'users' |>
  }
}

## site::groups.pp
class site::groups {
  # Shared groups

  Group { ensure => present, }
  group {'developer':
    gid => '3003',
  }
  group {'sudonopw':
    gid => '3002',
  }
  group {'sudo':
    gid => '3001',
  }
  group {'admin':
    gid => '3000',
  }
}

## site::users.pp
class site::users {
  # Declare dependency on shared groups
  include site::groups

  # Setting resource defaults for all accounts:
  Accounts::User {
     shell     => '/bin/bash',
  }

  # Declaring accounts
  @accounts::user {
    'chris':
      name     => 'Chris',
      uid      => 1000,
      shell    => '/bin/zsh',
      groups   => ['admin', 'sudonopw'],
      sshkeys   => [
                     'ssh-rsa key1-hash chris@macbookpro',
                     'ssh-rsa key2-hash chris@imac',
                  ],
      tag      => 'nix_admins'
  }
  @accounts::user {
    'Test':
      name     => 'Test User',
      uid      => 11111,
      tag      => 'users'
  }
}
	define accounts::user(
	$ensure=present,
	$gid=undef,
	$groups=[],
	$password=undef,
	$sshkeys=[],
	$managehome=true,
	$allowdupe=false,
	$uid,
	$shell = $kernel ? {
	'SunOS' => '/usr/bin/bash',
	default => '/bin/bash',
	},
	$name){
	$homedir = $kernel ? {
	'SunOS' => '/export/home',
	default => '/home',
	}
	$username = $title
	if $ensure == absent and $username == 'root' {
	fail('Will not delete root user')
	}
	if $gid == undef {
	if $ensure == present {
	group { $username:
	ensure => present,
	gid => $uid,
	}
	}
	$gid_real = $username
	} else {
	$gid_real = $gid
	}
	File { owner => $username, group => $gid_real, mode => '0600' }
	if $username == 'root' {
	$homedir = '/root'
	}
	user { $username:
	ensure => $ensure,
	uid => $uid,
	gid => $gid_real,
	comment => "$name",
	groups => $groups,
	shell => $shell,
	home => "${homedir}/${username}",
	require => $ensure ? {
	'present' => Group[$gid_real],
	default => undef,
	},
	allowdupe => $allowdupe,
	managehome => $managehome,
	password => "${password}" ? { false => undef, default => $password },
	membership => inclusive,
	}
	$home = "${homedir}/${username}"
	case $ensure {
	present: {
	file { $home:
	ensure => directory
	}
	if ! empty($sshkeys) {
	file { "${home}/.ssh":
	ensure => directory;
	}
	file { "${home}/.ssh/authorized_keys":
	content => inline_template('<%= @sshkeys.join("\n") + "\n" %>'),
	ensure => present,
	}
	}
	}
	absent: {
	file { $home:
	ensure => $ensure,
	force => true,
	recurse => true,
	}
	}
	default: {
	fail('Options are present or absent')
	}
	}
	}
	---
	accounts_users:
	user1:
	name: 'User 1'
	uid: '4001'
	shell: '/bin/bash'
	user2:
	name: 'User 2'
	uid: '4002'
	shell: '/bin/zsh'
	user3:
	name: 'User 2'
	uid: '4003'
	shell: '/bin/bash'
	class site::base {
	if ($osfamily != windows) {
	include site::users
	Accounts::User <\| tag == 'nix_admins' \|>
	Accounts::User <\| tag == 'users' \|>
	}
	}
	class site::groups {
	# Shared groups

	Group { ensure => present, }
	group {'developer':
	gid => '3003',
	}
	group {'sudonopw':
	gid => '3002',
	}
	group {'sudo':
	gid => '3001',
	}
	group {'admin':
	gid => '3000',
	}
	}
	class site::users {
	# Declare dependency on shared groups
	include site::groups

	# Setting resource defaults for all accounts:
	Accounts::User {
	shell => '/bin/bash',
	}

	# Declaring accounts
	@accounts::user {
	'chris':
	name => 'Chris',
	uid => 1000,
	shell => '/bin/zsh',
	groups => ['admin', 'sudonopw'],
	sshkeys => [
	'ssh-rsa key1-hash chris@macbookpro',
	'ssh-rsa key2-hash chris@imac',
	],
	tag => 'nix_admins'
	}
	@accounts::user {
	'Test':
	name => 'Test User',
	uid => 11111,
	tag => 'users'
	}
	}