Saltstack Official Linux Formula

63 lines
1.4KB

  1. {%- from "linux/map.jinja" import system with context %}
  2. {%- if system.at.enabled is defined and system.at.enabled %}
  3. at_packages:
  4. pkg.installed:
  5. - names: {{ system.at.pkgs }}
  6. at_services:
  7. service.running:
  8. - enable: true
  9. - names: {{ system.at.services }}
  10. - require:
  11. - pkg: at_packages
  12. {%- if grains.get('noservices') %}
  13. - onlyif: /bin/false
  14. {%- endif %}
  15. {%- set allow_users = [] %}
  16. {%- for user_name, user_params in system.at.get('user', {}).items() %}
  17. {%- set user_enabled = user_params.get('enabled', false) and
  18. system.get('user', {}).get(
  19. user_name, {'enabled': true}).get('enabled', true) %}
  20. {%- if user_enabled %}
  21. {%- do allow_users.append(user_name) %}
  22. {%- endif %}
  23. {%- endfor %}
  24. etc_at_allow:
  25. {%- if allow_users %}
  26. file.managed:
  27. - name: /etc/at.allow
  28. - template: jinja
  29. - source: salt://linux/files/cron_users.jinja
  30. - user: root
  31. - group: daemon
  32. - mode: 0640
  33. - defaults:
  34. users: {{ allow_users | yaml }}
  35. - require:
  36. - cron_packages
  37. {%- else %}
  38. file.absent:
  39. - name: /etc/at.allow
  40. {%- endif %}
  41. {#
  42. /etc/at.deny should be absent to comply with
  43. CIS 5.1.8 Ensure at/cron is restricted to authorized users
  44. #}
  45. etc_at_deny:
  46. file.absent:
  47. - name: /etc/at.deny
  48. {%- else %}
  49. fake_linux_system_at:
  50. test.nop:
  51. - comment: Fake state to satisfy 'require sls:linux.system.at'
  52. {%- endif %}