From 0e39303b6981cd5fa16c0201b7edd299b4584037 Mon Sep 17 00:00:00 2001
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Fri, 7 Jan 2022 17:28:05 +0100
Subject: modules: Add new module 'krb5hostkeytab'.

---
 .../production/modules/krb5hostkeytab/files             |  1 +
 .../production/modules/krb5hostkeytab/manifests/init.pp | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 120000 code/environments/production/modules/krb5hostkeytab/files
 create mode 100644 code/environments/production/modules/krb5hostkeytab/manifests/init.pp

(limited to 'code')

diff --git a/code/environments/production/modules/krb5hostkeytab/files b/code/environments/production/modules/krb5hostkeytab/files
new file mode 120000
index 0000000..113940b
--- /dev/null
+++ b/code/environments/production/modules/krb5hostkeytab/files
@@ -0,0 +1 @@
+/etc/debian-edu/host-keytabs
\ No newline at end of file
diff --git a/code/environments/production/modules/krb5hostkeytab/manifests/init.pp b/code/environments/production/modules/krb5hostkeytab/manifests/init.pp
new file mode 100644
index 0000000..e3165b1
--- /dev/null
+++ b/code/environments/production/modules/krb5hostkeytab/manifests/init.pp
@@ -0,0 +1,17 @@
+class krb5hostkeytab {
+
+	file { "/etc/krb5.keytab":
+		mode => "0600",
+		owner => 'root',
+		group => 'root',
+		source => "puppet:///modules/krb5hostkeytab/${trusted[certname]}.keytab",
+	}
+
+	service { 'rpc-gssd.service':
+		provider => systemd,
+		ensure => running,
+		enable => true,
+		subscribe => File['/etc/krb5.keytab'],
+	}
+
+}
-- 
cgit v1.2.3