diff options
author | Jesse Luehrs <doy@tozt.net> | 2018-11-18 05:10:46 -0500 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2018-11-18 05:10:46 -0500 |
commit | 2a0b1d8dd5b26bbcbcd51b0218b80064df01ed8e (patch) | |
tree | 62e07786d736ce252d49a82c81a0df4e25eb4fee /modules | |
parent | f5580a320d84d861c9869ad28fecb21a40d35265 (diff) | |
download | puppet-tozt-2a0b1d8dd5b26bbcbcd51b0218b80064df01ed8e.tar.gz puppet-tozt-2a0b1d8dd5b26bbcbcd51b0218b80064df01ed8e.zip |
need to add duplicati's shell to /etc/shells
Diffstat (limited to 'modules')
-rw-r--r-- | modules/partofme/manifests/backups.pp | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/modules/partofme/manifests/backups.pp b/modules/partofme/manifests/backups.pp index b93495f..4b665e7 100644 --- a/modules/partofme/manifests/backups.pp +++ b/modules/partofme/manifests/backups.pp @@ -4,13 +4,29 @@ class partofme::backups { syncthing::user { $default_user: } + file { '/usr/local/bin/sftp-only': + content => 'exec false', + mode => '0755'; + } + user { 'duplicati': home => '/media/persistent/duplicati', password => secret::value('passwd/duplicati'), - require => Package::Makepkg['duplicati-latest']; + shell => '/usr/local/bin/sftp-only', + require => [ + Package::Makepkg['duplicati-latest'], + File['/usr/local/bin/sftp-only'], + ]; } sshd::configsection { 'duplicati': source => 'puppet:///modules/partofme/sshd_config.duplicati'; } + + exec { 'allow sftp logins for duplicati': + provider => 'shell', + command => 'echo /usr/local/bin/sftp-only >> /etc/shells', + unless => 'grep -qF /usr/local/bin/sftp-only /etc/shells', + require => File['/usr/local/bin/sftp-only']; + } } |