aes_sw.pp

# @summary
#   Describe what this class do!
#
#   Detailed summary info if suitable
#
class aes::aes_sw {
  $examadm_user = examadm
  $examadm_group = $examadm_user
  $examadm_home = "/home/${examadm_user}"

  package {
    [
      'a2ps',
      'cronie',
      'java-11-openjdk-devel',
    ]:
      ensure  => installed,
  }

  user { 'examadm' :
    ensure     => present,
    managehome => false,
    membership => inclusive,
    system     => true,
    shell      => '/bin/bash',
  }

  file { $examadm_home:
    ensure => directory,
    mode   => '0755',
    owner  => $examadm_user,
    group  => $examadm_group,
  }

  file { "${examadm_home}/.ssh":
    ensure => directory,
    mode   => '0700',
    owner  => $examadm_user,
    group  => $examadm_group,
  }

  # lint:ignore:140chars
  file { "${examadm_home}/.ssh/authorized_keys":
    ensure  => file,
    mode    => '0600',
    owner   => $examadm_user,
    group   => $examadm_group,
    # lint:ignore:strict_indent heredoc failing...
    content => @(SSHPUBKEY),
      command="/home/examadm/tal-cli/source/scripts/tal-export.py --format ics --lookback 90 --lookahead 180",no-pty,no-user-rc,no-port-forwarding,no-agent-forwarding,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJW4LP0av20r7lPXNgsftF9oaAXK41AvHyuHwybciZC/QBfTcmYif83563cTg0OzR/p+OSobiDM0odaaFYtP/8xbuVRz87X5bGYm2m8yHHqPxobHkT5g/faMkl9Fef+Al4EsT5tiaYMOhG2lj8XRYuwAb7qjoz3FFbs8TEPE7Sv+4BUCCH94taCuNYLXSxN1EXvw7VW6Ld5QXRFP53l2QUeTqE9oSii3BVrXlqqrLvNV/7nwdwyse4uhff4QrM9o4oc9FaQr8PLlPGxdlbSfIQJMVzHGpeDu0WLw+NqtLO1hsdlvQm7GrT/v8N7GJNKlsvhwnwUuMhTrB0yPMbbub1 klaar36@upp
      command="/home/examadm/tal-cli/source/scripts/tal-export.py --written --format ics --lookback 90 --lookahead 180",no-pty,no-user-rc,no-port-forwarding,no-agent-forwarding,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZ8aEAXw0tRcYrk1aqldepuC6tmdUYZuM270QdDF79o tal written exams to ics
    | SSHPUBKEY
    # lint:endignore:strict_indent
  }
  # lint:endignore:140chars

  file { '/etc/systemd/system/aes_login.service':
    ensure  => file,
    owner   => root,
    group   => root,
    mode    => '0644',
    # lint:ignore:strict_indent heredoc failing...
    content => @(LOGINSERVICE),
    [Unit]
    Description=AES Login server
    After=network.target

    [Service]
    Type=simple
    User=examadm
    WorkingDirectory=/home/examadm/Version-3.1/exam
    ExecStart=/usr/bin/python3 /home/examadm/Version-3.1/pub/bin/examiner/find_pnr_and_otp_from_liuid.py

    [Install]
    WantedBy=multi-user.target
    | LOGINSERVICE
    # lint:endignore:strict_indent
  }

  # todo: logrotate
  service { 'aes_login' :
    ensure => 'running',
    enable => true,
  }

  file { '/etc/systemd/system/aes_ms.service':
    ensure  => file,
    owner   => root,
    group   => root,
    mode    => '0644',
    # lint:ignore:strict_indent heredoc failing...
    content => @(MSSERVICE),
    [Unit]
    Description=AES Exam server
    After=network.target

    [Service]
    Type=simple
    User=examadm
    WorkingDirectory=/home/examadm/Version-3.1
    ExecStart=/usr/bin/java -Xmx512M -jar /home/examadm/Version-3.1/pub/bin/examiner/ms.jar /home/examadm/Version-3.1

    [Install]
    WantedBy=multi-user.target
    | MSSERVICE
    # lint:endignore:strict_indent
  }

  file { '/etc/cron.daily/aes_ms':
    ensure  => file,
    owner   => root,
    group   => root,
    mode    => '0700',
    # lint:ignore:strict_indent heredoc failing...
    content => @(MSCRON),
    #!/bin/sh
    /usr/bin/systemctl restart aes_ms
    | MSCRON
    # lint:endignore:strict_indent
  }

  file { '/etc/cron.daily/aes_login':
    ensure  => file,
    owner   => root,
    group   => root,
    mode    => '0700',
    # lint:ignore:strict_indent heredoc failing...
    content => @(MSCRON),
    #!/bin/sh
    /usr/bin/systemctl restart aes_login
    | MSCRON
    # lint:endignore:strict_indent
  }

  # todo: logrotate
  service { 'aes_ms' :
    ensure => 'running',
    enable => true,
  }

  exec { 'script-repo-updated':
    command => "/opt/utils/update_repo.sh ${examadm_home}/scripts https://oauth2:iAyewr9Jq5E-tnsVrmbj@gitlab.liu.se/examadm/scripts.git master",
    cwd     => $examadm_home,
    user    => $examadm_user,
    group   => $examadm_group,
  }

  schedule { 'everyday':
    period => daily,
    range  => '01:00 - 04:00',
  }
}