Saltstack Official Users Formula

121 line
2.8KB

  1. include:
  2. - users.sudo
  3. {% for name, user in pillar.get('users', {}).items() %}
  4. {% if user == None %}
  5. {% set user = {} %}
  6. {% endif %}
  7. {% set home = user.get('home', "/home/%s" % name) %}
  8. {% for group in user.get('groups', []) %}
  9. {{ group }}_group:
  10. group:
  11. - name: {{ group }}
  12. - present
  13. {% endfor %}
  14. {{ name }}_user:
  15. file.directory:
  16. - name: {{ home }}
  17. - user: {{ name }}
  18. - group: {{ name }}
  19. - mode: 0755
  20. - require:
  21. - user: {{ name }}
  22. - group: {{ name }}
  23. group.present:
  24. - name: {{ name }}
  25. user.present:
  26. - name: {{ name }}
  27. - home: {{ home }}
  28. - shell: {{ pillar.get('shell', '/bin/bash') }}
  29. {% if 'uid' in user -%}
  30. - uid: {{ user['uid'] }}
  31. {% endif %}
  32. - gid_from_name: True
  33. {% if 'fullname' in user %}
  34. - fullname: {{ user['fullname'] }}
  35. {% endif %}
  36. - groups:
  37. - {{ name }}
  38. {% for group in user.get('groups', []) %}
  39. - {{ group }}_group
  40. {% endfor %}
  41. - require:
  42. - group: {{ name }}_user
  43. {% for group in user.get('groups', []) %}
  44. - group: {{ group }}_group
  45. {% endfor %}
  46. user_keydir_{{ name }}:
  47. file.directory:
  48. - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh
  49. - user: {{ name }}
  50. - group: {{ name }}
  51. - makedirs: True
  52. - mode: 744
  53. - require:
  54. - user: {{ name }}
  55. - group: {{ name }}
  56. {% for group in user.get('groups', []) %}
  57. - group: {{ group }}
  58. {% endfor %}
  59. {% if 'privkey' in user %}
  60. user_{{ name }}_private_key:
  61. file.managed:
  62. - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa
  63. - user: {{ name }}
  64. - group: {{ name }}
  65. - mode: 600
  66. - source: salt://keys/{{ user['privkey'] }}
  67. - require:
  68. - user: {{ name }}_user
  69. {% for group in user.get('groups', []) %}
  70. - group: {{ group }}_group
  71. {% endfor %}
  72. user_{{ name }}_public_key:
  73. file.managed:
  74. - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa.pub
  75. - user: {{ name }}
  76. - group: {{ name }}
  77. - mode: 644
  78. - source: salt://keys/{{ user['privkey'] }}.pub
  79. - require:
  80. - user: {{ name }}_user
  81. {% for group in user.get('groups', []) %}
  82. - group: {{ group }}_group
  83. {% endfor %}
  84. {% endif %}
  85. {% if 'ssh_auth' in user %}
  86. {% for auth in user['ssh_auth'] %}
  87. ssh_auth_{{ name }}_{{ loop.index0 }}:
  88. ssh_auth.present:
  89. - user: {{ name }}
  90. - name: {{ auth }}
  91. - require:
  92. - file: {{ name }}_user
  93. - user: {{ name }}_user
  94. {% endfor %}
  95. {% endif %}
  96. {% if 'sudouser' in user %}
  97. sudoer-{{ name }}:
  98. file.append:
  99. - name: /etc/sudoers
  100. - text:
  101. - "{{ name }} ALL=(ALL) NOPASSWD: ALL"
  102. - require:
  103. - file: sudoer-defaults
  104. {% endif %}
  105. {% endfor %}
  106. {% for user in pillar.get('absent_users', []) %}
  107. {{ user }}:
  108. user.absent
  109. {% endfor %}