Saltstack Official Users Formula

pillar.example 3.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120
  1. users:
  2. ## Minimal required pillar values
  3. auser:
  4. fullname: A User
  5. ## Full list of pillar values
  6. buser:
  7. fullname: B User
  8. password: $6$w.............
  9. enforce_password: True
  10. # WARNING: If 'empty_password' is set to True, the 'password' statement
  11. # will be ignored by enabling password-less login for the user.
  12. empty_password: False
  13. home: /custom/buser
  14. createhome: True
  15. roomnumber: "A-1"
  16. workphone: "(555) 555-5555"
  17. homephone: "(555) 555-5551"
  18. manage_vimrc: False
  19. manage_bashrc: False
  20. manage_profile: False
  21. expire: 16426
  22. sudouser: True
  23. # sudo_rules doesn't need the username as a prefix for the rule
  24. # this is added automatically by the formula.
  25. # ----------------------------------------------------------------------
  26. # In case your sudo_rules have a colon please have in mind to not leave
  27. # spaces around it. For example:
  28. # ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
  29. # ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
  30. sudo_rules:
  31. - ALL=(root) /usr/bin/find
  32. - ALL=(otheruser) /usr/bin/script.sh
  33. sudo_defaults:
  34. - '!requiretty'
  35. shell: /bin/bash
  36. prime_group:
  37. name: primarygroup
  38. gid: 500
  39. groups:
  40. - users
  41. ssh_key_type: rsa
  42. # You can inline the private keys ...
  43. ssh_keys:
  44. privkey: PRIVATEKEY
  45. pubkey: PUBLICKEY
  46. # ... or you can pull them from a different pillar,
  47. # for example one called "ssh_keys":
  48. ssh_keys_pillar:
  49. id_rsa: "ssh_keys"
  50. another_key_pair: "ssh_keys"
  51. ssh_auth:
  52. - PUBLICKEY
  53. ssh_auth.absent:
  54. - PUBLICKEY_TO_BE_REMOVED
  55. # Generates an authorized_keys file for the user
  56. # with the given keys
  57. ssh_auth_file:
  58. - PUBLICKEY
  59. # ... or you can pull them from a different pillar similar to ssh_keys_pillar
  60. ssh_auth_pillar:
  61. id_rsa: "ssh_keys"
  62. # If you prefer to keep public keys as files rather
  63. # than inline in pillar, this works.
  64. ssh_auth_sources:
  65. - salt://keys/buser.id_rsa.pub
  66. # Manage the ~/.ssh/config file
  67. ssh_known_hosts:
  68. importanthost:
  69. fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
  70. ssh_known_hosts.absent:
  71. - notimportanthost
  72. ssh_config:
  73. all:
  74. hostname: "*"
  75. options:
  76. - "StrictHostKeyChecking no"
  77. - "UserKnownHostsFile=/dev/null"
  78. importanthost:
  79. hostname: "needcheck.example.com"
  80. options:
  81. - "StrictHostKeyChecking yes"
  82. gitconfig:
  83. user.name: B User
  84. user.email: buser@example.com
  85. url."https://".insteadOf: "git://"
  86. google_2fa: True
  87. google_auth:
  88. ssh: |
  89. SOMEGAUTHHASHVAL
  90. " RESETTING_TIME_SKEW 46956472+2 46991595-2
  91. " RATE_LIMIT 3 30 1415800560
  92. " DISALLOW_REUSE 47193352
  93. " TOTP_AUTH
  94. 11111111
  95. 22222222
  96. 33333333
  97. 44444444
  98. 55555555
  99. user_files:
  100. enabled: True
  101. # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.
  102. # should be a salt fileserver path either with or without 'salt://'
  103. # if not present, it defaults to 'salt://users/files/user/<username>
  104. source: users/files/default
  105. ## Absent user
  106. cuser:
  107. absent: True
  108. purge: True
  109. force: True
  110. ## Old syntax of absent_users still supported
  111. absent_users:
  112. - donald
  113. - bad_guy