/
config.pp
81 lines (74 loc) · 2.47 KB
/
config.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# Configures a Crypt client
class crypt::config {
$server_url = $crypt::server_url
$remove_plist = $crypt::remove_plist
$payload_organization = $crypt::payload_organization
$output_path = $crypt::output_path
$manage_profile = $crypt::manage_profile
$profile = {
'PayloadContent' => [
{
'PayloadContent' => {
'com.grahamgilbert.crypt' => {
'Forced' => [
{
'mcx_preference_settings' => {
'ServerURL' => $server_url,
'RemovePlist' => $remove_plist,
'OutputPath' => $output_path,
}
}
]
}
},
'PayloadEnabled' => true,
'PayloadIdentifier' => 'MCXToProfile.a8b8246c-493e-4cc8-940c-a6d729c25702.alacarte.customsettings.4e3aa31e-3a75-4f16-a00b-785dab770530', # lint:ignore:140chars
'PayloadType' => 'com.apple.ManagedClient.preferences',
'PayloadUUID' => '4e3aa31e-3a75-4f16-a00b-785dab770530',
'PayloadVersion' => 1
}
],
'PayloadDescription' => "Included custom settings:\ncom.grahamgilbert.crypt",
'PayloadDisplayName' => 'Settings for Crypt',
'PayloadIdentifier' => 'com.grahamgilbert.crypt',
'PayloadOrganization' => $payload_organization,
'PayloadRemovalDisallowed' => true,
'PayloadScope' => 'System',
'PayloadType' => 'Configuration',
'PayloadUUID' => 'a8b8246c-493e-4cc8-940c-a6d729c25702',
'PayloadVersion' => 1
}
if $manage_profile {
mac_profiles_handler::manage { 'com.grahamgilbert.crypt':
ensure => present,
file_source => plist($profile),
type => 'template',
}
}
if versioncmp($facts['os']['macosx']['version']['major'], '10.11') > 0 {
$insert_after = 'CryptoTokenKit:login'
} else {
$insert_after = 'MCXMechanism:login'
}
if $crypt::wait_for_user == false {
$manage_mechs = true
} elsif $crypt::wait_for_user == true and $facts['crypt_user_exists'] == true {
$manage_mechs = true
} else {
$manage_mechs = false
}
if $manage_mechs == true {
authpluginmech { 'Crypt:Check,privileged':
ensure => present,
insert_after => $insert_after
}
-> authpluginmech { 'Crypt:CryptGUI':
ensure => present,
insert_after => 'Crypt:Check,privileged'
}
-> authpluginmech { 'Crypt:Enablement,privileged':
ensure => present,
insert_after => 'Crypt:CryptGUI'
}
}
}