Experiments part 12
authorAndreas Schiermeier <andreas@schiermeier.name>
Thu, 10 Dec 2015 00:58:23 +0000 (01:58 +0100)
committerAndreas Schiermeier <andreas@schiermeier.name>
Thu, 10 Dec 2015 00:58:23 +0000 (01:58 +0100)
.gitmodules
modules/concat [deleted submodule]
modules/pam [deleted submodule]
modules/stdlib [deleted submodule]
modules/system/files/etc/security/pam_mount.conf.xml [new file with mode: 0644]
modules/system/manifests/init.pp

index 99792e7..e69de29 100644 (file)
@@ -1,9 +0,0 @@
-[submodule "modules/pam"]
-       path = modules/pam
-       url = https://github.com/jlyheden/puppet-pam
-[submodule "modules/stdlib"]
-       path = modules/stdlib
-       url = https://github.com/puppetlabs/puppetlabs-stdlib
-[submodule "modules/concat"]
-       path = modules/concat
-       url = https://github.com/puppetlabs/puppetlabs-concat
diff --git a/modules/concat b/modules/concat
deleted file mode 160000 (submodule)
index ca98a14..0000000
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit ca98a145ca4374383dc33db7119fb0b5364e736f
diff --git a/modules/pam b/modules/pam
deleted file mode 160000 (submodule)
index 0c99b36..0000000
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 0c99b36148a5c2ff14f52b829a0bc79b2fabac37
diff --git a/modules/stdlib b/modules/stdlib
deleted file mode 160000 (submodule)
index 7a745de..0000000
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 7a745deec698b16a0702d00798dc30dd6c685312
diff --git a/modules/system/files/etc/security/pam_mount.conf.xml b/modules/system/files/etc/security/pam_mount.conf.xml
new file mode 100644 (file)
index 0000000..7df8ab9
--- /dev/null
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
+<!--
+       See pam_mount.conf(5) for a description.
+-->
+
+<pam_mount>
+
+               <!-- debug should come before everything else,
+               since this file is still processed in a single pass
+               from top-to-bottom -->
+
+<debug enable="0" />
+
+               <!-- Volume definitions -->
+
+
+               <!-- pam_mount parameters: General tunables -->
+
+<!--
+<luserconf name=".pam_mount.conf.xml" />
+-->
+
+<!-- Note that commenting out mntoptions will give you the defaults.
+     You will need to explicitly initialize it with the empty string
+     to reset the defaults to nothing. -->
+<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
+<!--
+<mntoptions deny="suid,dev" />
+<mntoptions allow="*" />
+<mntoptions deny="*" />
+-->
+<mntoptions require="nosuid,nodev" />
+
+<logout wait="0" hup="0" term="0" kill="0" />
+
+
+               <!-- pam_mount parameters: Volume-related -->
+
+<mkmountpoint enable="1" remove="true" />
+
+<volume user="guest" fstype="tmpfs" mountpoint="/tmp/tmpfs-%(USER)" options="size=10M,uid=%(USER),mode=0700" />
+<volume user="guest" fstype="unionfs" mountpoint="/home/guest" options="dirs=/tmp/tmpfs-%(USER):/etc/skel=ro:/home/guest=ro" />
+
+</pam_mount>
index b1a5a08..4c4beb4 100644 (file)
@@ -21,14 +21,24 @@ class system {
                'pv',
                'openssh-server',
                'locales-all',
+               'libpam-tmpdir',
+               'broadcom-sta-dkms',
        ]
   
        package { $packages:
                ensure => installed,
        }
 
-       include pam
-       include pam::mkhomedir
+       package { 'libpam-mount':
+               ensure => installed,
+       }
+
+       file { '/etc/security/pam_mount.conf.xml':
+               ensure => installed,
+               source => 'puppet:///modules/system/files/etc/security/pam_mount.conf.xml',
+               mode => 'a=r',
+               require => Package['libpam-mount'],
+       }
 
        package { 'chrony':
                ensure => installed,