|
- {%- from "linux/map.jinja" import system, at with context %}
-
- {%- if at.get('enabled', false) %}
-
- at_packages:
- pkg.installed:
- - names: {{ at.pkgs }}
-
- at_services:
- service.running:
- - enable: true
- - names: {{ at.services }}
- - require:
- - pkg: at_packages
- {%- if grains.get('noservices') %}
- - onlyif: /bin/false
- {%- endif %}
-
- {%- set allow_users = [] %}
- {%- for user_name, user_params in at.get('user', {}).items() %}
- {%- set user_enabled = user_params.get('enabled', false) and
- system.get('user', {}).get(
- user_name, {'enabled': true}).get('enabled', true) %}
- {%- if user_enabled %}
- {%- do allow_users.append(user_name) %}
- {%- endif %}
- {%- endfor %}
-
- etc_at_allow:
- {%- if allow_users %}
- file.managed:
- - name: /etc/at.allow
- - template: jinja
- - source: salt://linux/files/cron_users.jinja
- - user: root
- - group: daemon
- - mode: 0640
- - defaults:
- users: {{ allow_users | yaml }}
- - require:
- - cron_packages
- {%- else %}
- file.absent:
- - name: /etc/at.allow
- {%- endif %}
-
-
- {#
- /etc/at.deny should be absent to comply with
- CIS 5.1.8 Ensure at/cron is restricted to authorized users
- #}
- etc_at_deny:
- file.absent:
- - name: /etc/at.deny
-
- {%- else %}
-
- fake_linux_system_at:
- test.nop:
- - comment: Fake state to satisfy 'require sls:linux.system.at'
-
- {%- endif %}
|