- users:
- ## Minimal required pillar values
- auser:
- fullname: A User
-
- ## Full list of pillar values
- buser:
- fullname: B User
- password: $6$w.............
- enforce_password: True
- home: /custom/buser
- createhome: True
- manage_vimrc: False
- manage_bashrc: False
- manage_profile: False
- expire: 16426
- sudouser: True
- # sudo_rules doesn't need the username as a prefix for the rule
- # this is added automatically by the formula.
- # ----------------------------------------------------------------------
- # In case your sudo_rules have a colon please have in mind to not leave
- # spaces around it. For example:
- # ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
- # ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
- sudo_rules:
- - ALL=(root) /usr/bin/find
- - ALL=(otheruser) /usr/bin/script.sh
- sudo_defaults:
- - '!requiretty'
- shell: /bin/bash
- prime_group:
- name: primarygroup
- gid: 500
- groups:
- - users
- ssh_key_type: rsa
- # You can inline the private keys ...
- ssh_keys:
- privkey: PRIVATEKEY
- pubkey: PUBLICKEY
- # ... or you can pull them from a different pillar,
- # for example one called "ssh_keys":
- ssh_keys_pillar:
- id_rsa: "ssh_keys"
- another_key_pair: "ssh_keys"
- ssh_auth:
- - PUBLICKEY
- ssh_auth.absent:
- - PUBLICKEY_TO_BE_REMOVED
- # Generates an authorized_keys file for the user
- # with the given keys
- ssh_auth_file:
- - PUBLICKEY
- # ... or you can pull them from a different pillar similar to ssh_keys_pillar
- ssh_auth_pillar:
- id_rsa: "ssh_keys"
- # If you prefer to keep public keys as files rather
- # than inline in pillar, this works.
- ssh_auth_sources:
- - salt://keys/buser.id_rsa.pub
- # Manage the ~/.ssh/config file
- ssh_config:
- all:
- hostname: "*"
- options:
- - "StrictHostKeyChecking no"
- - "UserKnownHostsFile=/dev/null"
- importanthost:
- hostname: "needcheck.example.com"
- options:
- - "StrictHostKeyChecking yes"
-
- google_2fa: True
- google_auth:
- ssh: |
- SOMEGAUTHHASHVAL
- " RESETTING_TIME_SKEW 46956472+2 46991595-2
- " RATE_LIMIT 3 30 1415800560
- " DISALLOW_REUSE 47193352
- " TOTP_AUTH
- 11111111
- 22222222
- 33333333
- 44444444
- 55555555
-
- user_files:
- enabled: True
- # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.
- # should be a salt fileserver path either with or without 'salt://'
- # if not present, it defaults to 'salt://users/files/user/<username>
- source: users/files/default
-
- ## Absent user
- cuser:
- absent: True
- purge: True
- force: True
-
-
- ## Old syntax of absent_users still supported
- absent_users:
- - donald
- - bad_guy
|