From 82908ff094e1e9973d64664fe82e62deccb58a23 Mon Sep 17 00:00:00 2001
From: Ossi Salmi <osalmi@iki.fi>
Date: Tue, 10 Feb 2015 12:38:12 +0200
Subject: [PATCH] abusesa: Add user and datadir for passivedns

---
 abusesa/manifests/passivedns.pp | 41 ++++++++++++++++++++++++++++++++-
 user/manifests/init.pp          | 15 ++++++++++++
 2 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/abusesa/manifests/passivedns.pp b/abusesa/manifests/passivedns.pp
index 664900f..c9edb8c 100644
--- a/abusesa/manifests/passivedns.pp
+++ b/abusesa/manifests/passivedns.pp
@@ -1,6 +1,8 @@
 # Install abusesa-passivedns.
 #
-class abusesa::passivedns {
+class abusesa::passivedns(
+  $datadir='/var/lib/passivedns',
+) {
 
   if ! $abusesa_passivedns_package {
     if $::abusesa_passivedns_package_latest {
@@ -10,6 +12,43 @@ class abusesa::passivedns {
     }
   }
 
+  include user::system
+  realize(User['passdns'], Group['passdns'])
+
+  exec { 'usermod-abusesa-passivedns':
+    path    => '/bin:/usr/bin:/sbin:/usr/sbin',
+    command => 'usermod -a -G passdns abusesa',
+    unless  => 'id -n -G abusesa | grep \'\bpassdns\b\'',
+    require => [
+      User['abusesa'],
+      Group['passdns'],
+    ],
+  }
+
+  if $datadir != '/var/lib/passivedns' {
+    file { '/var/lib/passivedns':
+      ensure  => link,
+      target  => $datadir,
+      require => File[$datadir],
+    }
+  }
+
+  file { $datadir:
+    ensure  => directory,
+    mode    => '2770',
+    owner   => 'passdns',
+    group   => 'passdns',
+    require => User['passdns'],
+  }
+
+  file { '/var/lib/passivedns/.profile':
+    ensure  => present,
+    mode    => '0600',
+    owner   => 'passdns',
+    group   => 'passdns',
+    content => "umask 007\n",
+  }
+
   file { '/usr/local/src/abusesa-passivedns.tar.gz':
     ensure => present,
     mode   => '0644',
diff --git a/user/manifests/init.pp b/user/manifests/init.pp
index f582450..954d5e8 100644
--- a/user/manifests/init.pp
+++ b/user/manifests/init.pp
@@ -365,6 +365,21 @@ class user::system {
         require => Group["opencoll"],
     }
 
+    # PassiveDNS
+    @group { "passdns":
+        ensure => present,
+        gid    => 825,
+    }
+    @user { "passdns":
+        ensure  => present,
+        uid     => 825,
+        gid     => 825,
+        comment => "Service PassiveDNS",
+        home    => "/var/lib/passivedns",
+        shell   => "/sbin/nologin",
+        require => Group["passdns"],
+    }
+
 }