-
Notifications
You must be signed in to change notification settings - Fork 28
/
user.rb
78 lines (72 loc) · 2.5 KB
/
user.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
dep 'dot files', :username, :github_user, :repo do
username.default!(shell('whoami'))
github_user.default('benhoskings')
repo.default('dot-files')
requires 'user exists'.with(:username => username), 'git', 'curl.bin', 'git-smart.gem'
met? {
"~#{username}/.dot-files/.git".p.exists?
}
meet {
shell %Q{curl -L "http://github.com/#{github_user}/#{repo}/raw/master/clone_and_link.sh" | bash}, :as => username
}
end
dep 'user setup for provisioning', :username, :key do
requires [
'user exists'.with(:username => username),
'passwordless ssh logins'.with(username, key),
'passwordless sudo'.with(username)
]
end
dep 'app user setup', :username, :key, :env do
env.default('production')
requires [
'user exists'.with(:username => username),
'user setup'.with(username, key), # Dot files, ssh keys, etc.
'app env vars set'.with(username, env), # Set RACK_ENV and friends.
'web repo'.with("~#{username}/current") # Configure ~/current to accept deploys.
]
end
dep 'user auth setup', :username, :password, :key do
requires 'user exists with password'.with(username, password)
requires 'passwordless ssh logins'.with(username, key)
end
dep 'user exists with password', :username, :password do
requires 'user exists'.with(:username => username)
on :linux do
met? { shell('sudo cat /etc/shadow')[/^#{username}:[^\*!]/] }
meet {
sudo %{echo "#{password}\n#{password}" | passwd #{username}}
}
end
end
dep 'user exists', :username, :home_dir_base do
home_dir_base.default(username['.'] ? '/srv/http' : '/home')
on :osx do
met? { !shell("dscl . -list /Users").split("\n").grep(username).empty? }
meet {
homedir = home_dir_base / username
{
'Password' => '*',
'UniqueID' => (501...1024).detect {|i| (Etc.getpwuid i rescue nil).nil? },
'PrimaryGroupID' => 'admin',
'RealName' => username,
'NFSHomeDirectory' => homedir,
'UserShell' => '/bin/bash'
}.each_pair {|k,v|
# /Users/... here is a dscl path, not a filesystem path.
sudo "dscl . -create #{'/Users' / username} #{k} '#{v}'"
}
sudo "mkdir -p '#{homedir}'"
sudo "chown #{username}:admin '#{homedir}'"
sudo "chmod 701 '#{homedir}'"
}
end
on :linux do
met? { '/etc/passwd'.p.grep(/^#{username}:/) }
meet {
sudo "mkdir -p #{home_dir_base}" and
sudo "useradd -m -s /bin/bash -b #{home_dir_base} -G admin #{username}" and
sudo "chmod 701 #{home_dir_base / username}"
}
end
end