password locking

HostProp.hs

@@ -24,7 +24,10 @@ getProperties "clam" =
 	, GitHome.installedFor "root"
 	, check (Ssh.hasAuthorizedKeys "root") $
 		Ssh.passwordAuthentication False
+	, check (Ssh.hasAuthorizedKeys "root") $
+		User.lockedPassword "root"
 	, User.nonsystem "joey"
+	, User.nuked "user"
 	, Apt.installed ["sudo"]
 	, fileHasContent "/etc/sudoers" ["joey ALL=(ALL:ALL) ALL"]
 	, GitHome.installedFor "joey"

Property/User.hs

@@ -17,5 +17,18 @@ nonsystem user = check (isNothing <$> homedir user) $ cmdProperty "adduser"
 	, Param user
 	]
 
+{- Removes user home directory!! Use with caution. -}
+nuked :: UserName -> Property
+nuked user = check (isJust <$> homedir user) $ cmdProperty "userdel"
+	[ Param "-r"
+	, Param user
+	]
+
+lockedPassword :: UserName -> Property
+lockedPassword user = cmdProperty "passwd"
+	[ Param "--lock"
+	, Param user
+	]
+
 homedir :: UserName -> IO (Maybe FilePath)
 homedir user = catchMaybeIO $ homeDirectory <$> getUserEntryForName user

TODO

@@ -3,3 +3,4 @@
   but only once despite many config changes being made to satisfy
   properties. onChange is a poor substitute.
 * Apt upgrade does not avoid apt-listchanges and debconf prompts.
+* I often seem to want to be able to combine Properties monadically.