summaryrefslogtreecommitdiffstats
path: root/manifests/reprepro/snapshots/base.pp
blob: 33e46f43fd486fc1962f755ed62b4021b8c2c74b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# Resources that are shared between tails::reprepro::snapshots::* classes.
define tails::reprepro::snapshots::base (
  Stdlib::Absolutepath $homedir,
  Stdlib::Absolutepath $repositories_dir,
  String $user,
  Enum['present', 'absent'] $ensure = present,
) {

  ### Sanity checks

  assert_private()

  if !defined(Class['::reprepro']) {
    fail('Depends on the reprepro class')
  }

  ### Resources

  $directory_ensure = $ensure ? {
    absent  => absent,
    default => directory,
  }

  user { $user:
    ensure   => $ensure,
    home     => $homedir,
    gid      => $user,
    password => '*',
    comment  => 'Tails snapshots of APT repositories',
    require  => Group[$user],
  }

  group { $user:
    ensure => $ensure,
  }

  file { $homedir:
    ensure => $directory_ensure,
    owner  => $user,
    group  => $user,
    mode   => '0751',
  }

  file { $repositories_dir:
    ensure => $directory_ensure,
    owner  => $user,
    group  => $user,
    mode   => '0755',
  }

  file { "${repositories_dir}/robots.txt":
    ensure  => $ensure,
    owner   => $user,
    group   => $user,
    mode    => '0644',
    content => "User-agent: *\nDisallow: /\n",
  }

  # reprepro::repository manages the permissions of its own $homedir/.gnupg
  # (that is, a subdirectory of our $homedir), but not those of ~/.gnupg
  file { "${homedir}/.gnupg":
    ensure => $directory_ensure,
    owner  => $user,
    group  => $user,
    mode   => '0700',
  }

}