need to add duplicati's shell to /etc/shells

author: Jesse Luehrs <doy@tozt.net> 2018-11-18 05:10:46 -0500
committer: Jesse Luehrs <doy@tozt.net> 2018-11-18 05:10:46 -0500
commit: 2a0b1d8dd5b26bbcbcd51b0218b80064df01ed8e (patch)
tree: 62e07786d736ce252d49a82c81a0df4e25eb4fee /modules
parent: f5580a320d84d861c9869ad28fecb21a40d35265 (diff)
download: puppet-tozt-2a0b1d8dd5b26bbcbcd51b0218b80064df01ed8e.tar.gz
puppet-tozt-2a0b1d8dd5b26bbcbcd51b0218b80064df01ed8e.zip
1 files changed, 17 insertions, 1 deletions
diff --git a/modules/partofme/manifests/backups.pp b/modules/partofme/manifests/backups.pp
index b93495f..4b665e7 100644
--- a/modules/partofme/manifests/backups.pp
+++ b/modules/partofme/manifests/backups.pp
@@ -4,13 +4,29 @@ class partofme::backups {
   syncthing::user { $default_user:
   }
 
+  file { '/usr/local/bin/sftp-only':
+    content => 'exec false',
+    mode => '0755';
+  }
+
   user { 'duplicati':
     home => '/media/persistent/duplicati',
     password => secret::value('passwd/duplicati'),
-    require => Package::Makepkg['duplicati-latest'];
+    shell => '/usr/local/bin/sftp-only',
+    require => [
+      Package::Makepkg['duplicati-latest'],
+      File['/usr/local/bin/sftp-only'],
+    ];
   }
 
   sshd::configsection { 'duplicati':
     source => 'puppet:///modules/partofme/sshd_config.duplicati';
   }
+
+  exec { 'allow sftp logins for duplicati':
+    provider => 'shell',
+    command => 'echo /usr/local/bin/sftp-only >> /etc/shells',
+    unless => 'grep -qF /usr/local/bin/sftp-only /etc/shells',
+    require => File['/usr/local/bin/sftp-only'];
+  }
 }
author	Jesse Luehrs <doy@tozt.net>	2018-11-18 05:10:46 -0500
committer	Jesse Luehrs <doy@tozt.net>	2018-11-18 05:10:46 -0500
commit	2a0b1d8dd5b26bbcbcd51b0218b80064df01ed8e (patch)
tree	62e07786d736ce252d49a82c81a0df4e25eb4fee /modules
parent	f5580a320d84d861c9869ad28fecb21a40d35265 (diff)
download	puppet-tozt-2a0b1d8dd5b26bbcbcd51b0218b80064df01ed8e.tar.gz puppet-tozt-2a0b1d8dd5b26bbcbcd51b0218b80064df01ed8e.zip