Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'simp-dconf', '0.5.0'Learn more about managing modules with a PuppetfileDocumentation
Table of Contents
Description
dconf is a Puppet module that installs and manages dconf and associated system settings.
This is a SIMP module
This module is a component of the System Integrity Management Platform a compliance-management framework built on Puppet.
If you find any issues, they may be submitted to our bug tracker.
This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:
- When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
- If used independently, all SIMP-managed security subsystems are disabled by default and must be explicitly opted into by administrators. See simp_options for more detail.
Setup
To use the module with, just include the class:
include 'dconf'
Usage
Configuring custom rules
You can configure custom dconf settings using the dconf::settings
defined type.
Any settings that are configured using this code will automatically be locked
to prevent users from modifying them!
Using puppet
dconf::settings { 'automount_lockdowns':
settings_hash => {
'org/gnome/desktop/media-handling' => {
'automount' => { 'value' => false, 'lock' => false } # allow users to change this one
'automount-open' => { 'value' => false }
}
}
}
Using hiera
---
dconf::user_settings:
settings_hash:
org/gnome/desktop/media-handling:
automount:
value: false
lock: false # allow users to change this one
automount-open:
value: false
Configuring custom profiles
You can set up a custom dconf profile as follows:
Using puppet
dconf::profile { 'my_profile':
entries => {
'user' => {
'type' => 'user',
'order' => 1
},
'system' => {
'type' => 'system',
'order' => 10
}
}
Globally With hiera
---
dconf::user_profile:
my_user:
type: user
order: 0
my_system:
type: system
order: 10
Reference
See the API documentation or run puppet strings for full
details.
Limitations
SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux and compatible distributions, such as CentOS.
Please see the metadata.json file for the most up-to-date
list of supported operating systems, Puppet versions, and module dependencies.
Development
Please read our Contribution Guide
Reference
Table of Contents
Classes
Public Classes
dconf: Manage 'dconf' and associated entries
Private Classes
dconf::install: Install the dconf packages
Defined types
dconf::profile: Updates adconfprofile entry to/etc/dconf/profile/$namedconf::settings: Add a dconf rule to the profile of your choice This adds a configuration file to the /etc/dconf/db/.d directory. The dconf database
Data types
Dconf::DBSettings: Valid dconf database settingsDconf::SettingsHash: Valid individual dconf settings
Classes
dconf
Manage 'dconf' and associated entries
Parameters
The following parameters are available in the dconf class:
user_profileuser_settingspackage_ensureuse_user_profile_defaultsuser_profile_defaults_nameuser_profile_targetuse_user_settings_defaultsuser_settings_defaults_nametidyauthselect
user_profile
Data type: Dconf::DBSettings
The contents of the default user profile that will be added
@see data/common.yaml
user_settings
Data type: Optional[Dconf::SettingsHash]
Custom user settings that can be provided via Hiera globally
Default value: undef
package_ensure
Data type: Simplib::PackageEnsure
The version of dconf to install
- Accepts any valid
ensureparameter value for thepackageresource
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
use_user_profile_defaults
Data type: Boolean
Add the default user_profile settings to the system
Default value: true
user_profile_defaults_name
Data type: String[1]
The name that should be used for the custom dconf::profile in
user_profile
Default value: 'Defaults'
user_profile_target
Data type: String[1]
The name of the profile that should be targeted for the defaults
Default value: 'user'
use_user_settings_defaults
Data type: Boolean
Enable creation of custom dconf::settings based on the user_settings Hash
Default value: $use_user_profile_defaults
user_settings_defaults_name
Data type: String[1]
The name that should be used for the custom 'dconf::settings' as well as the target profile for those settings
Default value: $user_profile_defaults_name
tidy
Data type: Boolean
If set to true, any files in the profile directory that aren't managed by puppet will be purged
Default value: true
authselect
Data type: Boolean
Default value: simplib::lookup('simp_options::authselect', { 'default_value' => false })
Defined types
dconf::profile
Updates a dconf profile entry to /etc/dconf/profile/$name
- See also
- man
- 7 dconf
- man
Parameters
The following parameters are available in the dconf::profile defined type:
name
A globally unique name for the entry
entries
Data type: Dconf::DBSettings
One or entries in the following Hash format:
@example Profile Hierarchy Hash 'user': # Name of the database 'type': 'user' # DB Type 'order': 0 # Priority order (optional, defaults to 15)
- The suggested default hierarchy used by the module data is as follows:
- User DB => 0
- SIMP DB => 10
- System DB => Between 11 and 39
- Distro DB => 40
target
Data type: String[1]
The target directory within which to create the profile
Default value: $name
base_dir
Data type: Stdlib::AbsolutePath
The base directory that will hold the resulting file
Default value: '/etc/dconf/profile'
dconf::settings
Add a dconf rule to the profile of your choice
This adds a configuration file to the /etc/dconf/db/.d directory. The dconf database is updated when any rule is added. You can also elect to lock a value so that general users cannot change it.
Parameters
The following parameters are available in the dconf::settings defined type:
settings_hash
Data type: Dconf::SettingsHash
A Hash to define the settings to be generated. You can set whether to lock each setting like in the exmaple
@example { 'org/gnome/desktop/media-handling' => { 'automount' => { 'value' => false, 'lock' => false }, 'automount-open' => { 'value' => false } } }
Default value: {}
profile
Data type: Optional[String[1]]
The dconf profile where you want to place the key/value.
Default value: undef
ensure
Data type: Enum['present','absent']
Ensure the entire settings Hash is present or absent
Default value: 'present'
base_dir
Data type: Stdlib::AbsolutePath
The database base directory. This probably shouldn't be changed.
Default value: '/etc/dconf/db'
Data types
Dconf::DBSettings
Valid dconf database settings
Alias of
Hash[String[1], Struct[{
'type' => Enum['user', 'system', 'service', 'file'], # The type of database
'order' => Optional[Integer[1]] # The order of the entry in the list
}]]
Dconf::SettingsHash
Valid individual dconf settings
Alias of
Hash[String[1], Hash[
String[1],
Struct[{
'value' => NotUndef,
'lock' => Optional[Boolean]
}]
]]
- Mon Oct 23 2023 Steven Pritchard steve@sicura.us - 0.5.0
- [puppetsync] Add EL9 support
- Wed Oct 11 2023 Steven Pritchard steve@sicura.us - 0.4.0
- [puppetsync] Updates for Puppet 8
- These updates may include the following:
- Update Gemfile
- Add support for Puppet 8
- Drop support for Puppet 6
- Update module dependencies
- These updates may include the following:
- Mon Jun 12 2023 Chris Tessmer chris.tessmer@onyxpoint.com - 0.3.0
- Add RockyLinux 8 support
- Mon Jun 05 2023 Chris Tessmer chris.tessmer@onyxpoint.com - 0.2.4
- Added authselect parameter
- Tue May 16 2023 Mike Riddle mike@sicura.us - 0.2.3
- Added support for authselect
- Added the tidy option to give the users an option to not purge unmanaged files
- Sat Jul 30 2022 Joshua Hoblitt joshua@hoblitt.com - 0.2.2
- Add support for Alma and Rocky Linux
- Sun Feb 13 2022 Trevor Vaughan trevor@sicura.us - 0.2.1
- Add support for Amazon Linux 2
- Tue Jun 15 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 0.2.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
- Tue Jul 14 2020 Trevor Vaughan tvaughan@onyxpoint.com - 0.1.0
- Add EL8 support
- Fixed the README
- Added REFERENCE.md
- Allow users to set custom settings via Hiera
- Fix
ensure = absentindconf::settings
- Fri Aug 02 2019 Robert Vincent pillarsdotnet@gmail.com - 0.1.0
- Remove Puppet 4.x support
- Add Puppet 6.x support
- Add puppetlabs/stdlib 6.x support
- Thu Mar 07 2019 Liz Nemsick lnemsick.simp@gmail.com - 0.0.3
- Update the upper bound of stdlib to < 6.0.0
- Update a URL in the README.md
- Wed Jan 02 2019 Trevor Vaughan tvaughan@onyxpoint.com - 0.0.3
- Fix issue with duplicate resources when creating multiple
dconf::settingsresources under the same namespace.
- Mon Nov 05 2018 Liz Nemsick lnemsick-simp@gmail.com - 0.0.2
- Update to Hiera 5
- Fri Jun 01 2018 Trevor Vaughan tvaughan@onyxpoint.com - 0.0.1
- Initial Release
Dependencies
- simp/simplib (>= 4.9.0 < 5.0.0)
- simp/simp_options (>= 1.6.1 < 2.0.0)
- puppetlabs/stdlib (>= 8.0.0 < 10.0.0)
pupmod-simp-dconf - A Puppet Module for managing DConf
--
Per Section 105 of the Copyright Act of 1976, these works are not entitled to
domestic copyright protection under US Federal law.
The US Government retains the right to pursue copyright protections outside of
the United States.
The United States Government has unlimited rights in this software and all
derivatives thereof, pursuant to the contracts under which it was developed and
the License under which it falls.
---
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.