bundlewrap/bundles/users/items.py

83 lines
2.2 KiB
Python
Raw Normal View History

from os.path import join, exists
2020-02-29 12:30:21 +00:00
directories = {}
users = {}
files = {}
groups = {}
2020-02-29 12:38:27 +00:00
users['root'] = {
'home': '/root',
'shell': '/bin/bash',
'password': repo.vault.human_password_for('root on {}'.format(node.name)),
}
files['/etc/bash.bashrc'] = {
'source': 'bashrc',
'content_type': 'mako',
}
files['/etc/tmux.conf'] = {
'source': 'tmux.conf',
'content_type': 'mako',
}
2020-04-11 10:26:02 +00:00
files['/etc/vim/vimrc.local'] = {
'source': 'vimrc',
}
2020-02-29 12:30:21 +00:00
for username, attrs in node.metadata['users'].items():
home = attrs.get('home', '/home/{}'.format(username))
if attrs.get('delete', False):
users[username] = {'delete': True}
files[home] = {'delete': True}
2020-02-29 12:30:21 +00:00
else:
user = users.setdefault(username, {})
user['home'] = home
2020-08-29 17:21:35 +00:00
user['shell'] = '/bin/bash'
user['password_hash'] = 'x'
2020-02-29 12:30:21 +00:00
2020-02-29 12:38:27 +00:00
if 'groups' in attrs:
user['groups'] = attrs['groups']
2020-02-29 12:30:21 +00:00
directories[home] = {
'owner': username,
'mode': attrs.get('home-mode', '0700'),
2020-02-29 12:30:21 +00:00
}
if 'ssh_pubkey' in attrs:
files[home + '/.ssh/authorized_keys'] = {
'content': "\n".join(attrs['ssh_pubkey']),
'owner': username,
'mode': '0600',
}
2020-08-29 17:21:35 +00:00
elif not attrs.get('do_not_remove_authorized_keys_from_home', False):
files[home + '/.ssh/authorized_keys'] = {'delete': True}
2020-08-29 17:21:35 +00:00
if exists(join(repo.path, 'data', 'users', 'files', 'tmux', '{}.conf'.format(username))):
files[home + '/.tmux.conf'] = {
'content_type': 'mako',
2020-08-29 17:21:35 +00:00
'source': 'tmux/{}.conf'.format(username),
}
else:
files[home + '/.tmux.conf'] = {
'delete': True,
}
files[home + '/.config/fish'] = {
'delete': True
}
if exists(join(repo.path, 'data', 'users', 'files', 'bash', '{}.bashrc'.format(username))):
files[home + '/.bashrc'] = {
'content_type': 'mako',
'source': 'bash/{}.bashrc'.format(username),
}
else:
files[home + '/.bashrc'] = {
'delete': True,
}