ExternalMirrors
/
users-formula
mirror of https://github.com/saltstack-formulas/users-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 13 Wiki Activity
Saltstack Official Users Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
314 Commits
3 Branches
Tree: fd25c3e4a4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fd25c3e4a4'
${ noResults }
users-formula/pillar.example

pillar.example 5.2KB
Raw Normal View History

(Re-)enable pillar users-formula:lookup
7 years ago
Dont force vim-formula on users
6 years ago
(Re-)enable pillar users-formula:lookup
7 years ago
Add example data to pillar.
11 years ago
New format of user.absent support introduced. Old format still supported.
10 years ago
Add example data to pillar.
11 years ago
New format of user.absent support introduced. Old format still supported.
10 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
11 years ago
New format of user.absent support introduced. Old format still supported.
10 years ago
Allow state to update the gid
6 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
11 years ago
Update pillar.example
10 years ago
Adding support for the enforce_password option. This will allow users change their passwords after the initial setting in Salt.
9 years ago
Adds 'empty_password' statement for states.user.present
9 years ago
Add support for hash_password
8 years ago
Add missing keys in pillar.example (found in init.sls)
9 years ago
Add home to pillar.example
10 years ago
add pillar data
8 years ago
Add missing keys in pillar.example (found in init.sls)
9 years ago
Add 'createhome' option for 'user.present' state
10 years ago
Added ability to specify room number, home phone, and work phone as per https://docs.saltstack.com/en/develop/ref/states/all/salt.states.user.html
9 years ago
Enable/disable bashrc/vimrc per user Made both states configurable per user in pillar data Had to drop extend, for this otherwise the extend would be empty if manage is False
9 years ago
Allow state to update the gid
6 years ago
Enable/disable bashrc/vimrc per user Made both states configurable per user in pillar data Had to drop extend, for this otherwise the extend would be empty if manage is False
9 years ago
Add support for .profile file
9 years ago
Add support for setting user expire
10 years ago
Added short docs for options
6 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
11 years ago
Add sudo_rules syntax examples for rules with colons
9 years ago
Add support for setting user expire
10 years ago
Fix incorrect sudo_rules example
10 years ago
possibility to define user-specific Defaults
9 years ago
fixing example for sudo defaults for specific user
9 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
11 years ago
Add missing keys in pillar.example (found in init.sls)
9 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
11 years ago
yaml mistype had the prime group and ssh keys values as another dict. fixed.
11 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
11 years ago
Add example pillar data for optional_groups
8 years ago
Add and support ssh_key_type attribute to allow for dsa ssh key pairs
11 years ago
Add pulling keys from other pillar. Example pillar: ssh_keys: id_rsa: privkey: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY----- pubkey: | ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
9 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
11 years ago
yaml mistype had the prime group and ssh keys values as another dict. fixed.
11 years ago
Fix docs
6 years ago
adjust file permissions of public ssh-keys
7 years ago
provide pillar example
7 years ago
Add pulling keys from other pillar. Example pillar: ssh_keys: id_rsa: privkey: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY----- pubkey: | ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
9 years ago
Add example data to pillar.
11 years ago
Fix ssh_auth.names in example pillar
11 years ago
added option to remove ssh public keys from auth (ssh_auth.absent)
10 years ago
Add 'ssh_auth_file' pillar key to generate an authorized_keys file from given ssh public keys.
10 years ago
Added ability to provide pillar path for ssh_auth.
9 years ago
Added option to source ssh public keys from files.
9 years ago
Add support for ssh_auth_sources.absent Fixes: 150
7 years ago
Add ~/.ssh/config management This adds the ability to manage the ~/.ssh/config file for users.
9 years ago
Add possibility to manage ssh's known_hosts file.
9 years ago
Add pillar examples for ssh_known_hosts config.
6 years ago
Add possibility to manage ssh's known_hosts file.
9 years ago
Add pillar examples for ssh_known_hosts config.
6 years ago
Add possibility to manage ssh's known_hosts file.
9 years ago
Add ~/.ssh/config management This adds the ability to manage the ~/.ssh/config file for users.
9 years ago
Added option to source ssh public keys from files.
9 years ago
Resolve `git.config` error where minion does not have Git installed #115
8 years ago
Add possibility to manage the user's global git configuration.
9 years ago
fix gitconfig url insteadOf example Previous example would result in quote escaping problem
8 years ago
Add possibility to manage the user's global git configuration.
9 years ago
Add possibility to remove user's git config keys
8 years ago
readd 2fa pam enforcement
9 years ago
google auth example pillar config add; forgotten gauth state file add
10 years ago
Added short docs for options
6 years ago
update pillar.example to include uid in an attempt to save others from digging into the source (to confirm this detail)
9 years ago
Update pillar.example Quick example of absent users
11 years ago
Added feature to allow syncing arbitrary sets of files per user.
9 years ago
Add 'template' support to 'user_files' (#159) * Add support for 'template' in 'user_files' * Fix-up wrong nesting level for template value * Small quality improvement for push upstream. * Consistency improvement for variable name
7 years ago
Add ability to specify mode for files and symlinks in user_files
7 years ago
[users/users_files] add exclude_pat to user files (closes #178)
6 years ago
Added feature to allow syncing arbitrary sets of files per user.
9 years ago
New format of user.absent support introduced. Old format still supported.
10 years ago
Update pillar.example Quick example of absent users
11 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171 
  1. users-formula:

  2.   use_vim_formula: True

  3.   lookup:  # override the defauls in map.jinja

  4.     root_group: root

  5. 

  6. users:

  7.   ## Minimal required pillar values

  8.   auser:

  9.     fullname: A User

  10. 

  11.   ## Full list of pillar values

  12.   allow_gid_change: False

  13.   buser:

  14.     fullname: B User

  15.     password: $6$w.............

  16.     enforce_password: True

  17.     # WARNING: If 'empty_password' is set to True, the 'password' statement

  18.     # will be ignored by enabling password-less login for the user.

  19.     empty_password: False

  20.     hash_password: False

  21.     system: False

  22.     home: /custom/buser

  23.     homedir_owner: buser

  24.     homedir_group: primarygroup

  25.     user_dir_mode: 750

  26.     createhome: True

  27.     roomnumber: "A-1"

  28.     workphone: "(555) 555-5555"

  29.     homephone: "(555) 555-5551"

  30.     manage_vimrc: False

  31.     allow_gid_change: True

  32.     manage_bashrc: False

  33.     manage_profile: False

  34.     expire: 16426

  35.     # Disables user management except sudo rules.

  36.     # Useful for setting sudo rules for system accounts created by package instalation

  37.     sudoonly: False

  38.     sudouser: True

  39.     # sudo_rules doesn't need the username as a prefix for the rule

  40.     # this is added automatically by the formula.

  41.     # ----------------------------------------------------------------------

  42.     # In case your sudo_rules have a colon please have in mind to not leave

  43.     # spaces around it. For example:

  44.     # ALL=(ALL) NOPASSWD: ALL    <--- THIS WILL NOT WORK (Besides syntax is ok)

  45.     # ALL=(ALL) NOPASSWD:ALL     <--- THIS WILL WORK

  46.     sudo_rules:

  47.       - ALL=(root) /usr/bin/find

  48.       - ALL=(otheruser) /usr/bin/script.sh

  49.     sudo_defaults:

  50.       - '!requiretty'

  51.     shell: /bin/bash

  52.     remove_groups: False

  53.     prime_group:

  54.       name: primarygroup

  55.       gid: 500

  56.     groups:

  57.       - users

  58.     optional_groups:

  59.       - some_groups_that_might

  60.       - not_exist_on_all_minions

  61.     ssh_key_type: rsa

  62.     # You can inline the private keys ...

  63.     ssh_keys:

  64.       privkey: PRIVATEKEY

  65.       pubkey: PUBLICKEY

  66.       # or you can provide path to key on Salt fileserver

  67.       privkey: salt://path_to_PRIVATEKEY

  68.       pubkey: salt://path_to_PUBLICKEY

  69.       # you can provide multiple keys, the keyname is taken as filename

  70.       # make sure your public keys suffix is .pub

  71.       foobar: PRIVATEKEY

  72.       foobar.pub: PUBLICKEY

  73.     # ... or you can pull them from a different pillar,

  74.     # for example one called "ssh_keys":

  75.     ssh_keys_pillar:

  76.       id_rsa: "ssh_keys"

  77.       another_key_pair: "ssh_keys"

  78.     ssh_auth:

  79.       - PUBLICKEY

  80.     ssh_auth.absent:

  81.       - PUBLICKEY_TO_BE_REMOVED

  82.     # Generates an authorized_keys file for the user

  83.     # with the given keys

  84.     ssh_auth_file:

  85.       - PUBLICKEY

  86.     # ... or you can pull them from a different pillar similar to ssh_keys_pillar

  87.     ssh_auth_pillar:

  88.       id_rsa: "ssh_keys"

  89.     # If you prefer to keep public keys as files rather

  90.     # than inline in pillar, this works.

  91.     ssh_auth_sources:

  92.       - salt://keys/buser.id_rsa.pub

  93.     ssh_auth_sources.absent:

  94.       - salt://keys/deleteduser.id_rsa.pub # PUBLICKEY_FILE_TO_BE_REMOVED

  95.     # Manage the ~/.ssh/config file

  96.     ssh_known_hosts:

  97.       importanthost:

  98.         port: 22

  99.         fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48

  100.         key: PUBLICKEY

  101.         enc: ssh-rsa

  102.         hash_known_hosts: True

  103.         timeout: 5

  104.         fingerprint_hash_type: sha256

  105.     ssh_known_hosts.absent:

  106.       - notimportanthost

  107.     ssh_config:

  108.       all:

  109.         hostname: "*"

  110.         options:

  111.           - "StrictHostKeyChecking no"

  112.           - "UserKnownHostsFile=/dev/null"

  113.       importanthost:

  114.         hostname: "needcheck.example.com"

  115.         options:

  116.           - "StrictHostKeyChecking yes"

  117. 

  118.     # Using gitconfig without Git installed will result in an error

  119.     # https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:

  120.     # This state module now requires git 1.6.5 (released 10 October 2009) or newer.

  121.     gitconfig:

  122.       user.name: B User

  123.       user.email: buser@example.com

  124.       "url.https://.insteadOf": "git://"

  125. 

  126.     gitconfig.absent:

  127.       - push.default

  128.       - color\..+

  129. 

  130.     google_2fa: True

  131.     google_auth:

  132.       ssh: |

  133.         SOMEGAUTHHASHVAL

  134.         " RESETTING_TIME_SKEW 46956472+2 46991595-2

  135.         " RATE_LIMIT 3 30 1415800560

  136.         " DISALLOW_REUSE 47193352

  137.         " TOTP_AUTH

  138.         11111111

  139.         22222222

  140.         33333333

  141.         44444444

  142.         55555555

  143.     # unique: True allows user to have non unique uid

  144.     unique: False

  145.     uid: 1001

  146. 

  147.     user_files:

  148.       enabled: True

  149.       # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.

  150.       # should be a salt fileserver path either with or without 'salt://'

  151.       # if not present, it defaults to 'salt://users/files/user/<username>

  152.       source: users/files/default

  153.       template: jinja

  154.       # You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0

  155.       # it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save

  156.       # execution bit for example.

  157.       file_mode: keep

  158.       sym_mode: 640

  159.       exclude_pat: "*.gitignore"

  160. 

  161.   ## Absent user

  162.   cuser:

  163.     absent: True

  164.     purge: True

  165.     force: True

  166. 

  167. 

  168. ## Old syntax of absent_users still supported

  169. absent_users:

  170.   - donald

  171.   - bad_guy