Saltstack Official Linux Formula

95 lines
2.0KB

  1. {%- from "linux/map.jinja" import system with context %}
  2. {%- if system.enabled %}
  3. include:
  4. - linux.system.group
  5. {%- for name, user in system.user.items() %}
  6. {%- if user.enabled %}
  7. {%- set requires = [] %}
  8. {%- for group in user.get('groups', []) %}
  9. {%- if group in system.get('group', {}).keys() %}
  10. {%- do requires.append({'group': 'system_group_'+group}) %}
  11. {%- endif %}
  12. {%- endfor %}
  13. system_user_{{ name }}:
  14. user.present:
  15. - name: {{ name }}
  16. - home: {{ user.home }}
  17. {% if user.get('password') == False %}
  18. - enforce_password: false
  19. {% elif user.get('password') == None %}
  20. - enforce_password: true
  21. - password: '*'
  22. {% elif user.get('password') %}
  23. - enforce_password: true
  24. - password: {{ user.password }}
  25. - hash_password: {{ user.get('hash_password', False) }}
  26. {% endif %}
  27. - gid_from_name: true
  28. {%- if user.groups is defined %}
  29. - groups: {{ user.groups }}
  30. {%- endif %}
  31. {%- if user.system is defined and user.system %}
  32. - system: True
  33. {%- else %}
  34. - shell: {{ user.get('shell', '/bin/bash') }}
  35. {%- endif %}
  36. {%- if user.uid is defined and user.uid %}
  37. - uid: {{ user.uid }}
  38. {%- endif %}
  39. - require: {{ requires|yaml }}
  40. system_user_home_{{ user.home }}:
  41. file.directory:
  42. - name: {{ user.home }}
  43. - user: {{ name }}
  44. - mode: 700
  45. - makedirs: true
  46. - require:
  47. - user: system_user_{{ name }}
  48. {%- if user.get('sudo', False) %}
  49. /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
  50. file.managed:
  51. - source: salt://linux/files/sudoer
  52. - template: jinja
  53. - user: root
  54. - group: root
  55. - mode: 440
  56. - defaults:
  57. user_name: {{ name }}
  58. - require:
  59. - user: system_user_{{ name }}
  60. - check_cmd: /usr/sbin/visudo -c -f
  61. {%- else %}
  62. /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
  63. file.absent
  64. {%- endif %}
  65. {%- else %}
  66. system_user_{{ name }}:
  67. user.absent:
  68. - name: {{ name }}
  69. system_user_home_{{ user.home }}:
  70. file.absent:
  71. - name: {{ user.home }}
  72. /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
  73. file.absent
  74. {%- endif %}
  75. {%- endfor %}
  76. {%- endif %}