diff options
| author | Jesse Luehrs <doy@tozt.net> | 2019-10-23 04:49:50 -0400 |
|---|---|---|
| committer | Jesse Luehrs <doy@tozt.net> | 2019-10-23 04:49:50 -0400 |
| commit | 52589932693c8ae7cea35e08e5e17d0ceaa8a931 (patch) | |
| tree | 27117b7ff8bbb6f9fa78ef6d0d5c4a0114117e61 | |
| parent | 40eb37353ad6ef0b61dddcf92da1cba12a1f8b94 (diff) | |
| download | puppet-tozt-52589932693c8ae7cea35e08e5e17d0ceaa8a931.tar.gz puppet-tozt-52589932693c8ae7cea35e08e5e17d0ceaa8a931.zip | |
run as the teleterm user
also unset HOME so that we fall back to /var/lib/teleterm
| -rw-r--r-- | modules/teleterm/files/teleterm.service | 2 | ||||
| -rw-r--r-- | modules/teleterm/manifests/init.pp | 12 | ||||
| -rw-r--r-- | modules/tozt/manifests/teleterm.pp | 10 | ||||
| -rw-r--r-- | modules/tozt/templates/teleterm.toml | 4 |
4 files changed, 25 insertions, 3 deletions
diff --git a/modules/teleterm/files/teleterm.service b/modules/teleterm/files/teleterm.service index 395da76..dad7c42 100644 --- a/modules/teleterm/files/teleterm.service +++ b/modules/teleterm/files/teleterm.service @@ -3,7 +3,7 @@ Description = runs teleterm After=network.target [Service] -ExecStart=/usr/bin/tt server +ExecStart=/usr/bin/env -u HOME /usr/bin/tt server Restart=always [Install] diff --git a/modules/teleterm/manifests/init.pp b/modules/teleterm/manifests/init.pp index f9c2303..9d4ce1d 100644 --- a/modules/teleterm/manifests/init.pp +++ b/modules/teleterm/manifests/init.pp @@ -1,6 +1,16 @@ class teleterm($source) { include systemd + group { "teleterm": + ensure => present; + } + user { "teleterm": + ensure => present, + gid => "teleterm", + system => true, + require => Group["teleterm"]; + } + package { "teleterm": ensure => installed, source => $source, @@ -19,6 +29,8 @@ class teleterm($source) { require => [ File["/etc/systemd/system/teleterm.service"], Exec["/usr/bin/systemctl daemon-reload"], + User["teleterm"], + Group["teleterm"], ]; } } diff --git a/modules/tozt/manifests/teleterm.pp b/modules/tozt/manifests/teleterm.pp index 71cf3e6..17e15b8 100644 --- a/modules/tozt/manifests/teleterm.pp +++ b/modules/tozt/manifests/teleterm.pp @@ -17,5 +17,15 @@ class tozt::teleterm { content => template("tozt/teleterm.toml"), require => File["/etc/teleterm"], notify => Service["teleterm"]; + "/var/lib/teleterm": + ensure => directory, + owner => "teleterm", + group => "teleterm", + mode => "0700", + require => [ + User["teleterm"], + Group["teleterm"], + ], + before => Service["teleterm"]; } } diff --git a/modules/tozt/templates/teleterm.toml b/modules/tozt/templates/teleterm.toml index 4524814..f651e52 100644 --- a/modules/tozt/templates/teleterm.toml +++ b/modules/tozt/templates/teleterm.toml @@ -2,8 +2,8 @@ listen_address = "0.0.0.0:4144" allowed_login_methods = ["recurse_center"] tls_identity_file = "/media/persistent/certbot/live/tozt.net/identity.pfx" -uid = "nobody" -gid = "nobody" +uid = "teleterm" +gid = "teleterm" [oauth.recurse_center] client_id = "<%= @client_id %>" |