Saltstack Official Users Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

преди 11 години
преди 11 години
преди 10 години
преди 10 години
преди 10 години
преди 10 години
преди 10 години
преди 11 години
преди 11 години
преди 9 години
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
  1. users:
  2. ## Minimal required pillar values
  3. auser:
  4. fullname: A User
  5. ## Full list of pillar values
  6. buser:
  7. fullname: B User
  8. password: $6$w.............
  9. enforce_password: True
  10. home: /custom/buser
  11. createhome: True
  12. manage_vimrc: False
  13. manage_bashrc: False
  14. expire: 16426
  15. sudouser: True
  16. # sudo_rules doesn't need the username as a prefix for the rule
  17. # this is added automatically by the formula.
  18. # ----------------------------------------------------------------------
  19. # In case your sudo_rules have a colon please have in mind to not leave
  20. # spaces around it. For example:
  21. # ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
  22. # ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
  23. sudo_rules:
  24. - ALL=(root) /usr/bin/find
  25. - ALL=(otheruser) /usr/bin/script.sh
  26. sudo_defaults:
  27. - '!requiretty'
  28. shell: /bin/bash
  29. prime_group:
  30. name: primarygroup
  31. gid: 500
  32. groups:
  33. - users
  34. ssh_key_type: rsa
  35. # You can inline the private keys ...
  36. ssh_keys:
  37. privkey: PRIVATEKEY
  38. pubkey: PUBLICKEY
  39. # ... or you can pull them from a different pillar,
  40. # for example one called "ssh_keys":
  41. ssh_keys_pillar:
  42. id_rsa: "ssh_keys"
  43. another_key_pair: "ssh_keys"
  44. ssh_auth:
  45. - PUBLICKEY
  46. ssh_auth.absent:
  47. - PUBLICKEY_TO_BE_REMOVED
  48. # Generates an authorized_keys file for the user
  49. # with the given keys
  50. ssh_auth_file:
  51. - PUBLICKEY
  52. # If you prefer to keep public keys as files rather
  53. # than inline in pillar, this works.
  54. ssh_auth_sources:
  55. - salt://keys/buser.id_rsa.pub
  56. # Manage the ~/.ssh/config file
  57. ssh_config:
  58. all:
  59. hostname: "*"
  60. options:
  61. - "StrictHostKeyChecking no"
  62. - "UserKnownHostsFile=/dev/null"
  63. importanthost:
  64. hostname: "needcheck.example.com"
  65. options:
  66. - "StrictHostKeyChecking yes"
  67. google_2fa: True
  68. google_auth:
  69. ssh: |
  70. SOMEGAUTHHASHVAL
  71. " RESETTING_TIME_SKEW 46956472+2 46991595-2
  72. " RATE_LIMIT 3 30 1415800560
  73. " DISALLOW_REUSE 47193352
  74. " TOTP_AUTH
  75. 11111111
  76. 22222222
  77. 33333333
  78. 44444444
  79. 55555555
  80. ## Absent user
  81. cuser:
  82. absent: True
  83. purge: True
  84. force: True
  85. ## Old syntax of absent_users still supported
  86. absent_users:
  87. - donald
  88. - bad_guy