1 |
class gnupg { |
2 |
class client { |
3 |
package { ["gnupg","rng-utils"]: |
4 |
ensure => present, |
5 |
} |
6 |
|
7 |
file { ["/etc/gnupg", "/etc/gnupg/batches"]: |
8 |
ensure => directory, |
9 |
} |
10 |
|
11 |
file { "/etc/gnupg/keys": |
12 |
ensure => directory, |
13 |
mode => 600, |
14 |
owner => root, |
15 |
group => root |
16 |
} |
17 |
|
18 |
file { "/usr/local/bin/create_gnupg_keys.sh": |
19 |
ensure => present, |
20 |
owner => root, |
21 |
group => root, |
22 |
mode => 755, |
23 |
content => template('gnupg/create_gnupg_keys.sh') |
24 |
} |
25 |
} |
26 |
|
27 |
# debian recommend SHA2, with 4096 |
28 |
# http://wiki.debian.org/Keysigning |
29 |
# as they are heavy users of gpg, I will tend |
30 |
# to follow them |
31 |
# however, for testing purpose, 4096 is too strong, |
32 |
# this empty the entropy of my vm |
33 |
define keys( $email, |
34 |
$key_name, |
35 |
$key_type = 'RSA', |
36 |
$key_length = '1024', |
37 |
$expire_date = '1m', |
38 |
$login = 'signbot', |
39 |
$batchdir = '/var/lib/signbot/batches', |
40 |
$keydir = '/var/lib/signbot/keys', |
41 |
) { |
42 |
|
43 |
include gnupg::client |
44 |
file { "$name.batch": |
45 |
ensure => present, |
46 |
path => "$batchdir/$name.batch", |
47 |
content => template("gnupg/batch") |
48 |
} |
49 |
|
50 |
file { "$keydir": |
51 |
ensure => directory, |
52 |
owner => $login, |
53 |
mode => 700, |
54 |
} |
55 |
|
56 |
exec { "/usr/local/bin/create_gnupg_keys.sh $batchdir/$name.batch $keydir $batchdir/$name.done": |
57 |
user => $login, |
58 |
creates => "$batchdir/$name.done", |
59 |
require => [File["$keydir"], File["$batchdir/$name.batch", Package["rng-utils"]]], |
60 |
} |
61 |
} |
62 |
} |