itamae/cookbooks/nginx/webadm.rb

42 lines
904 B
Ruby
Raw Normal View History

2019-03-03 08:50:49 +00:00
# Create a user for managing `nginx`:
user 'webadm' do
home '/home/webadm'
shell '/bin/bash'
password '$1$lzfGward$TODNAMe9S9v.BXqpCV0p60'
create_home true
end
# Deploy the `sudoers` file:
remote_file '/etc/sudoers.d/webadm' do
owner 'root'
group 'root'
mode '440'
end
# Create `.ssh` directory:
directory '/home/webadm/.ssh' do
owner 'webadm'
group 'webadm'
mode '700'
end
# Deploy `~/.ssh/.ssh/authorized_keys`:
encrypted_remote_file '/home/webadm/.ssh/authorized_keys' do
owner 'webadm'
group 'webadm'
mode '600'
source 'files/home/webadm/.ssh/authorized_keys'
password ENV['ITAMAE_PASSWORD']
end
# Deploy secret keys
2019-10-27 06:40:08 +00:00
%w( id_rsa.github id_rsa.chef ).each do |conf|
2019-03-03 08:50:49 +00:00
encrypted_remote_file "/home/webadm/.ssh/#{conf}" do
owner 'webadm'
group 'webadm'
mode '600'
source "files/home/webadm/.ssh/#{conf}"
password ENV['ITAMAE_PASSWORD']
end
end