Saltstack Official Users Formula

pillar.example 2.4KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
  1. users:
  2. ## Minimal required pillar values
  3. auser:
  4. fullname: A User
  5. ## Full list of pillar values
  6. buser:
  7. fullname: B User
  8. password: $6$w.............
  9. home: /custom/buser
  10. createhome: True
  11. manage_vimrc: False
  12. manage_bashrc: False
  13. expire: 16426
  14. sudouser: True
  15. # sudo_rules doesn't need the username as a prefix for the rule
  16. # this is added automatically by the formula.
  17. # ----------------------------------------------------------------------
  18. # In case your sudo_rules have a colon please have in mind to not leave
  19. # spaces around it. For example:
  20. # ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
  21. # ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
  22. sudo_rules:
  23. - ALL=(root) /usr/bin/find
  24. - ALL=(otheruser) /usr/bin/script.sh
  25. sudo_defaults:
  26. - '!requiretty'
  27. shell: /bin/bash
  28. prime_group:
  29. name: primarygroup
  30. gid: 500
  31. groups:
  32. - users
  33. ssh_key_type: rsa
  34. # You can inline the private keys ...
  35. ssh_keys:
  36. privkey: PRIVATEKEY
  37. pubkey: PUBLICKEY
  38. # ... or you can pull them from a different pillar,
  39. # for example one called "ssh_keys":
  40. ssh_keys_pillar:
  41. id_rsa: "ssh_keys"
  42. another_key_pair: "ssh_keys"
  43. ssh_auth:
  44. - PUBLICKEY
  45. ssh_auth.absent:
  46. - PUBLICKEY_TO_BE_REMOVED
  47. # Generates an authorized_keys file for the user
  48. # with the given keys
  49. ssh_auth_file:
  50. - PUBLICKEY
  51. # If you prefer to keep public keys as files rather
  52. # than inline in pillar, this works.
  53. ssh_auth_sources:
  54. - salt://keys/buser.id_rsa.pub
  55. # Manage the ~/.ssh/config file
  56. ssh_config:
  57. all:
  58. hostname: "*"
  59. options:
  60. - "StrictHostKeyChecking no"
  61. - "UserKnownHostsFile=/dev/null"
  62. importanthost:
  63. hostname: "needcheck.example.com"
  64. options:
  65. - "StrictHostKeyChecking yes"
  66. google_2fa: True
  67. google_auth:
  68. ssh: |
  69. SOMEGAUTHHASHVAL
  70. " RESETTING_TIME_SKEW 46956472+2 46991595-2
  71. " RATE_LIMIT 3 30 1415800560
  72. " DISALLOW_REUSE 47193352
  73. " TOTP_AUTH
  74. 11111111
  75. 22222222
  76. 33333333
  77. 44444444
  78. 55555555
  79. ## Absent user
  80. cuser:
  81. absent: True
  82. purge: True
  83. force: True
  84. ## Old syntax of absent_users still supported
  85. absent_users:
  86. - donald
  87. - bad_guy