|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 |
- users:
- ## Minimal required pillar values
- auser:
- fullname: A User
-
- ## Full list of pillar values
- buser:
- fullname: B User
- password: $6$w.............
- enforce_password: True
- # WARNING: If 'empty_password' is set to True, the 'password' statement
- # will be ignored by enabling password-less login for the user.
- empty_password: False
- hash_password: False
- system: False
- home: /custom/buser
- homedir_owner: buser
- homedir_group: primarygroup
- user_dir_mode: 750
- createhome: True
- roomnumber: "A-1"
- workphone: "(555) 555-5555"
- homephone: "(555) 555-5551"
- manage_vimrc: False
- manage_bashrc: False
- manage_profile: False
- expire: 16426
- sudouser: True
- # sudo_rules doesn't need the username as a prefix for the rule
- # this is added automatically by the formula.
- # ----------------------------------------------------------------------
- # In case your sudo_rules have a colon please have in mind to not leave
- # spaces around it. For example:
- # ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
- # ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
- sudo_rules:
- - ALL=(root) /usr/bin/find
- - ALL=(otheruser) /usr/bin/script.sh
- sudo_defaults:
- - '!requiretty'
- # enable polkitadmin to make user an AdminIdentity for polkit
- polkitadmin: True
- shell: /bin/bash
- remove_groups: False
- prime_group:
- name: primarygroup
- gid: 500
- groups:
- - users
- optional_groups:
- - some_groups_that_might
- - not_exist_on_all_minions
- ssh_key_type: rsa
- # You can inline the private keys ...
- ssh_keys:
- privkey: PRIVATEKEY
- pubkey: PUBLICKEY
- # ... or you can pull them from a different pillar,
- # for example one called "ssh_keys":
- ssh_keys_pillar:
- id_rsa: "ssh_keys"
- another_key_pair: "ssh_keys"
- ssh_auth:
- - PUBLICKEY
- ssh_auth.absent:
- - PUBLICKEY_TO_BE_REMOVED
- # Generates an authorized_keys file for the user
- # with the given keys
- ssh_auth_file:
- - PUBLICKEY
- # ... or you can pull them from a different pillar similar to ssh_keys_pillar
- ssh_auth_pillar:
- id_rsa: "ssh_keys"
- # If you prefer to keep public keys as files rather
- # than inline in pillar, this works.
- ssh_auth_sources:
- - salt://keys/buser.id_rsa.pub
- # Manage the ~/.ssh/config file
- ssh_known_hosts:
- importanthost:
- fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
- ssh_known_hosts.absent:
- - notimportanthost
- ssh_config:
- all:
- hostname: "*"
- options:
- - "StrictHostKeyChecking no"
- - "UserKnownHostsFile=/dev/null"
- importanthost:
- hostname: "needcheck.example.com"
- options:
- - "StrictHostKeyChecking yes"
-
- # Using gitconfig without Git installed will result in an error
- # https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:
- # This state module now requires git 1.6.5 (released 10 October 2009) or newer.
- gitconfig:
- user.name: B User
- user.email: buser@example.com
- url."https://".insteadOf: "git://"
-
- google_2fa: True
- google_auth:
- ssh: |
- SOMEGAUTHHASHVAL
- " RESETTING_TIME_SKEW 46956472+2 46991595-2
- " RATE_LIMIT 3 30 1415800560
- " DISALLOW_REUSE 47193352
- " TOTP_AUTH
- 11111111
- 22222222
- 33333333
- 44444444
- 55555555
- uid: 1001
-
- user_files:
- enabled: True
- # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.
- # should be a salt fileserver path either with or without 'salt://'
- # if not present, it defaults to 'salt://users/files/user/<username>
- source: users/files/default
-
- ## Absent user
- cuser:
- absent: True
- purge: True
- force: True
-
-
- ## Old syntax of absent_users still supported
- absent_users:
- - donald
- - bad_guy
|