Saltstack Official Users Formula
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.

94 lines
2.4KB

  1. users:
  2. ## Minimal required pillar values
  3. auser:
  4. fullname: A User
  5. ## Full list of pillar values
  6. buser:
  7. fullname: B User
  8. password: $6$w.............
  9. enforce_password: True
  10. home: /custom/buser
  11. createhome: True
  12. manage_vimrc: False
  13. manage_bashrc: False
  14. expire: 16426
  15. sudouser: True
  16. # sudo_rules doesn't need the username as a prefix for the rule
  17. # this is added automatically by the formula.
  18. # ----------------------------------------------------------------------
  19. # In case your sudo_rules have a colon please have in mind to not leave
  20. # spaces around it. For example:
  21. # ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
  22. # ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
  23. sudo_rules:
  24. - ALL=(root) /usr/bin/find
  25. - ALL=(otheruser) /usr/bin/script.sh
  26. sudo_defaults:
  27. - '!requiretty'
  28. shell: /bin/bash
  29. prime_group:
  30. name: primarygroup
  31. gid: 500
  32. groups:
  33. - users
  34. ssh_key_type: rsa
  35. # You can inline the private keys ...
  36. ssh_keys:
  37. privkey: PRIVATEKEY
  38. pubkey: PUBLICKEY
  39. # ... or you can pull them from a different pillar,
  40. # for example one called "ssh_keys":
  41. ssh_keys_pillar:
  42. id_rsa: "ssh_keys"
  43. another_key_pair: "ssh_keys"
  44. ssh_auth:
  45. - PUBLICKEY
  46. ssh_auth.absent:
  47. - PUBLICKEY_TO_BE_REMOVED
  48. # Generates an authorized_keys file for the user
  49. # with the given keys
  50. ssh_auth_file:
  51. - PUBLICKEY
  52. # If you prefer to keep public keys as files rather
  53. # than inline in pillar, this works.
  54. ssh_auth_sources:
  55. - salt://keys/buser.id_rsa.pub
  56. # Manage the ~/.ssh/config file
  57. ssh_config:
  58. all:
  59. hostname: "*"
  60. options:
  61. - "StrictHostKeyChecking no"
  62. - "UserKnownHostsFile=/dev/null"
  63. importanthost:
  64. hostname: "needcheck.example.com"
  65. options:
  66. - "StrictHostKeyChecking yes"
  67. google_2fa: True
  68. google_auth:
  69. ssh: |
  70. SOMEGAUTHHASHVAL
  71. " RESETTING_TIME_SKEW 46956472+2 46991595-2
  72. " RATE_LIMIT 3 30 1415800560
  73. " DISALLOW_REUSE 47193352
  74. " TOTP_AUTH
  75. 11111111
  76. 22222222
  77. 33333333
  78. 44444444
  79. 55555555
  80. ## Absent user
  81. cuser:
  82. absent: True
  83. purge: True
  84. force: True
  85. ## Old syntax of absent_users still supported
  86. absent_users:
  87. - donald
  88. - bad_guy