Saltstack Official Linux Formula

135 lines
3.1KB

  1. {%- from "linux/map.jinja" import system with context %}
  2. {%- if system.enabled %}
  3. include:
  4. - linux.system.group
  5. {%- for name, user in system.user.items() %}
  6. {%- if user.enabled %}
  7. {%- set requires = [] %}
  8. {%- for group in user.get('groups', []) %}
  9. {%- if group in system.get('group', {}).keys() %}
  10. {%- do requires.append({'group': 'system_group_'+group}) %}
  11. {%- endif %}
  12. {%- endfor %}
  13. {%- if user.gid is not defined %}
  14. system_group_{{ name }}:
  15. group.present:
  16. - name: {{ name }}
  17. - require_in:
  18. - user: system_user_{{ name }}
  19. {%- endif %}
  20. {%- if user.get('makedirs') %}
  21. system_user_home_parentdir_{{ user.home }}:
  22. file.directory:
  23. - name: {{ user.home | path_join("..") }}
  24. - makedirs: true
  25. - require_in:
  26. - user: system_user_{{ name }}
  27. {%- endif %}
  28. system_user_{{ name }}:
  29. user.present:
  30. - name: {{ name }}
  31. - home: {{ user.home }}
  32. {% if user.get('password') == False %}
  33. - enforce_password: false
  34. {% elif user.get('password') == None %}
  35. - enforce_password: true
  36. - password: '*'
  37. {% elif user.get('password') %}
  38. - enforce_password: true
  39. - password: {{ user.password }}
  40. - hash_password: {{ user.get('hash_password', False) }}
  41. {% endif %}
  42. {%- if user.gid is defined and user.gid %}
  43. - gid: {{ user.gid }}
  44. {%- else %}
  45. - gid_from_name: true
  46. {%- endif %}
  47. {%- if user.groups is defined %}
  48. - groups: {{ user.groups }}
  49. {%- endif %}
  50. {%- if user.system is defined and user.system %}
  51. - system: True
  52. - shell: {{ user.get('shell', '/bin/false') }}
  53. {%- else %}
  54. - shell: {{ user.get('shell', '/bin/bash') }}
  55. {%- endif %}
  56. {%- if user.uid is defined and user.uid %}
  57. - uid: {{ user.uid }}
  58. {%- endif %}
  59. {%- if user.unique is defined %}
  60. - unique: {{ user.unique }}
  61. {%- endif %}
  62. {%- if user.maxdays is defined %}
  63. - maxdays: {{ user.maxdays }}
  64. {%- endif %}
  65. {%- if user.mindays is defined %}
  66. - mindays: {{ user.mindays }}
  67. {%- endif %}
  68. {%- if user.warndays is defined %}
  69. - warndays: {{ user.warndays }}
  70. {%- endif %}
  71. {%- if user.inactdays is defined %}
  72. - inactdays: {{ user.inactdays }}
  73. {%- endif %}
  74. - require: {{ requires|yaml }}
  75. {%- if user.allow_uid_change is defined and user.allow_uid_change %}
  76. - allow_uid_change: true
  77. {%- endif %}
  78. system_user_home_{{ user.home }}:
  79. file.directory:
  80. - name: {{ user.home }}
  81. - user: {{ name }}
  82. - mode: {{ user.get('home_dir_mode', 700) }}
  83. - makedirs: true
  84. - require:
  85. - user: system_user_{{ name }}
  86. {%- if user.get('sudo', False) %}
  87. /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
  88. file.managed:
  89. - source: salt://linux/files/sudoer
  90. - template: jinja
  91. - user: root
  92. - group: root
  93. - mode: 440
  94. - defaults:
  95. user_name: {{ name }}
  96. - require:
  97. - user: system_user_{{ name }}
  98. - check_cmd: /usr/sbin/visudo -c -f
  99. {%- else %}
  100. /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
  101. file.absent
  102. {%- endif %}
  103. {%- else %}
  104. system_user_{{ name }}:
  105. user.absent:
  106. - name: {{ name }}
  107. system_user_home_{{ user.home }}:
  108. file.absent:
  109. - name: {{ user.home }}
  110. /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
  111. file.absent
  112. {%- endif %}
  113. {%- endfor %}
  114. {%- endif %}