From 34e6a9d0ab678ac69218a6be995b73c87e47b17c Mon Sep 17 00:00:00 2001 From: Hendrik Jäger Date: Mon, 9 May 2022 22:17:10 +0200 Subject: implement user scandirs --- manifests/config.pp | 6 ++++++ manifests/init.pp | 4 +++- manifests/user_scandir.pp | 32 ++++++++++++++++++++++++++++++++ templates/user_scandir/log/run.epp | 19 +++++++++++++++++++ templates/user_scandir/run.epp | 18 ++++++++++++++++++ 5 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 manifests/user_scandir.pp create mode 100644 templates/user_scandir/log/run.epp create mode 100644 templates/user_scandir/run.epp diff --git a/manifests/config.pp b/manifests/config.pp index 85a0831..3431ef8 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -13,4 +13,10 @@ class s6::config { mode => '0700', ; } + + $s6::scandir_users.each | $entry | { + s6::user_scandir { + $entry: ; + } + } } diff --git a/manifests/init.pp b/manifests/init.pp index 3141174..833fd8c 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,4 +1,6 @@ -class s6 { +class s6 ( + Optional[Array[String]] $scandir_users = [], +) { require 'execline' class { diff --git a/manifests/user_scandir.pp b/manifests/user_scandir.pp new file mode 100644 index 0000000..db62fc3 --- /dev/null +++ b/manifests/user_scandir.pp @@ -0,0 +1,32 @@ +define s6::user_scandir( + Optional[String] $homedir = undef, +) { + $scandir = '/etc/s6-scandir' + + file { + "${scandir}/user_scandir_${title}": + ensure => directory, + ; + "${scandir}/user_scandir_${title}/run": + ensure => present, + content => epp('s6/user_scandir/run.epp', { 'username' => $title } ), + mode => '0744', + ; + "${scandir}/user_scandir_${title}/log": + ensure => directory, + ; + "${scandir}/user_scandir_${title}/log/run": + ensure => present, + content => epp('s6/user_scandir/log/run.epp', { 'username' => $title } ), + mode => '0744', + ; + [ + '/var/log/s6/', + "/var/log/s6/user_scandir_${title}/", + "/var/log/s6/user_scandir_${title}/logs/", + ]: + ensure => directory, + ; + } +} + diff --git a/templates/user_scandir/log/run.epp b/templates/user_scandir/log/run.epp new file mode 100644 index 0000000..797688c --- /dev/null +++ b/templates/user_scandir/log/run.epp @@ -0,0 +1,19 @@ +<%- | + String $username, +| -%> +<% if versioncmp( $facts['os']['release']['major'], '10' ) >= 1 { -%> +#!/usr/bin/execlineb -P +<% } else { -%> +#!/usr/local/bin/execlineb -P +<% } -%> + +define SVUSER <%= $username %> +define SVLOGDIR /var/log/s6/user_scandir_${SVUSER}/logs/ + +fdmove -c 2 1 +s6-log + t + s1048576 + S2147483648 + !"mail -s \"user_sv log: ${SVUSER}\" -- root" + ${SVLOGDIR} diff --git a/templates/user_scandir/run.epp b/templates/user_scandir/run.epp new file mode 100644 index 0000000..8ef9d47 --- /dev/null +++ b/templates/user_scandir/run.epp @@ -0,0 +1,18 @@ +<% | + String $username, +| -%> +<% if versioncmp( $facts['os']['release']['major'], '10' ) >= 1 { -%> +#!/usr/bin/execlineb -P +<% } else { -%> +#!/usr/local/bin/execlineb -P +<% } -%> + +define USER <%= $username %> +backtick HOME { homeof ${USER} } +importas -n -u HOME HOME +define SVDIR ${HOME}/.s6-scandir + +fdmove -c 2 1 + +s6-setuidgid ${USER} +s6-svscan -c 20 ${SVDIR} -- cgit v1.2.3