ExternalMirrors
/
users-formula
spogulis no https://github.com/saltstack-formulas/users-formula
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 1
Kods Problēmas 0 Laidieni 13 Vikivietne Aktivitāte
Saltstack Official Users Formula
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
374 Revīzijas
3 Atzari
Koks: 60ee61dd66
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '60ee61dd66'
${ noResults }
users-formula/pillar.example

199 rindas
5.7KB
Neapstrādāts Vainot Vēsture 

  1. # -*- coding: utf-8 -*-

  2. # vim: ft=yaml

  3. ---

  4. users-formula:

  5.   use_vim_formula: true

  6.   lookup:  # override the defauls in map.jinja

  7.     root_group: root

  8. 

  9. # group initialization

  10. groups:

  11.   foo:

  12.     state: present

  13.     gid: 1500

  14.     system: false

  15.   badguys:

  16.     absent: true

  17.   niceguys:

  18.     gid: 4242

  19.     system: false

  20.     addusers: root

  21.     delusers: toor

  22.   ssl-cert:

  23.     system: true

  24.     members:

  25.       - www-data

  26.       - openldap

  27. 

  28. users:

  29.   ## Minimal required pillar values

  30.   auser:

  31.     fullname: A User

  32. 

  33.   ## Full list of pillar values

  34.   buser:

  35.     fullname: B User

  36.     password: $6$w.............

  37.     enforce_password: true

  38.     # WARNING: If 'empty_password' is set to true, the 'password' statement

  39.     # will be ignored by enabling password-less login for the user.

  40.     empty_password: false

  41.     hash_password: false

  42.     system: false

  43.     home: /custom/buser

  44.     homedir_owner: buser

  45.     homedir_group: primarygroup

  46.     user_dir_mode: 750

  47.     createhome: true

  48.     roomnumber: "A-1"

  49.     workphone: "(555) 555-5555"

  50.     homephone: "(555) 555-5551"

  51.     manage_vimrc: false

  52.     allow_gid_change: false

  53.     manage_bashrc: false

  54.     manage_profile: false

  55.     expire: 16426

  56.     # Disables user management except sudo rules.

  57.     # Useful for setting sudo rules for system accounts created by package instalation

  58.     sudoonly: false

  59.     sudouser: true

  60.     # sudo_rules doesn't need the username as a prefix for the rule

  61.     # this is added automatically by the formula.

  62.     # ----------------------------------------------------------------------

  63.     # In case your sudo_rules have a colon please have in mind to not leave

  64.     # spaces around it. For example:

  65.     # ALL=(ALL) NOPASSWD: ALL    <--- THIS WILL NOT WORK (Besides syntax is ok)

  66.     # ALL=(ALL) NOPASSWD:ALL     <--- THIS WILL WORK

  67.     sudo_rules:

  68.       - ALL=(root) /usr/bin/find

  69.       - ALL=(otheruser) /usr/bin/script.sh

  70.     sudo_defaults:

  71.       - '!requiretty'

  72.     # enable polkitadmin to make user an AdminIdentity for polkit

  73.     polkitadmin: true

  74.     shell: /bin/bash

  75.     remove_groups: false

  76.     prime_group:

  77.       name: primarygroup

  78.       gid: 1501

  79.     groups:

  80.       - users

  81.     optional_groups:

  82.       - some_groups_that_might

  83.       - not_exist_on_all_minions

  84.     ssh_key_type: rsa

  85.     ssh_keys:

  86.       # You can inline the private keys ...

  87.       # privkey: PRIVATEKEY

  88.       # pubkey: PUBLICKEY

  89.       # or you can provide path to key on Salt fileserver

  90.       privkey: salt://path_to_PRIVATEKEY

  91.       pubkey: salt://path_to_PUBLICKEY

  92.       # you can provide multiple keys, the keyname is taken as filename

  93.       # make sure your public keys suffix is .pub

  94.       foobar: PRIVATEKEY

  95.       foobar.pub: PUBLICKEY

  96.     # ... or you can pull them from a different pillar,

  97.     # for example one called "ssh_keys":

  98.     ssh_keys_pillar:

  99.       id_rsa: "ssh_keys"

  100.       another_key_pair: "ssh_keys"

  101.     ssh_auth:

  102.       - PUBLICKEY

  103.     ssh_auth.absent:

  104.       - PUBLICKEY_TO_BE_REMOVED

  105.     # Generates an authorized_keys file for the user

  106.     # with the given keys

  107.     ssh_auth_file:

  108.       - PUBLICKEY

  109.     # ... or you can pull them from a different pillar similar to ssh_keys_pillar

  110.     ssh_auth_pillar:

  111.       id_rsa: "ssh_keys"

  112.     # If you prefer to keep public keys as files rather

  113.     # than inline in pillar, this works.

  114.     ssh_auth_sources:

  115.       - salt://keys/buser.id_rsa.pub

  116.     ssh_auth_sources.absent:

  117.       - salt://keys/deleteduser.id_rsa.pub  # PUBLICKEY_FILE_TO_BE_REMOVED

  118.     # Manage the ~/.ssh/config file

  119.     ssh_known_hosts:

  120.       importanthost:

  121.         port: 22

  122.         fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48

  123.         key: PUBLICKEY

  124.         enc: ssh-rsa

  125.         hash_known_hosts: true

  126.         timeout: 5

  127.         fingerprint_hash_type: sha256

  128.     ssh_known_hosts.absent:

  129.       - notimportanthost

  130.     ssh_config:

  131.       all:

  132.         hostname: "*"

  133.         options:

  134.           - "StrictHostKeyChecking no"

  135.           - "UserKnownHostsFile=/dev/null"

  136.       importanthost:

  137.         hostname: "needcheck.example.com"

  138.         options:

  139.           - "StrictHostKeyChecking yes"

  140. 

  141.     # Using gitconfig without Git installed will result in an error

  142.     # https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:

  143.     # This state module now requires git 1.6.5 (released 10 October 2009) or newer.

  144.     gitconfig:

  145.       user.name: B User

  146.       user.email: buser@example.com

  147.       "url.https://.insteadOf": "git://"

  148. 

  149.     gitconfig.absent:

  150.       - push.default

  151.       - color\..+

  152. 

  153.     google_2fa: true

  154.     google_auth:

  155.       sshd: |

  156.         SOMEGAUTHHASHVAL

  157.         " RESETTING_TIME_SKEW 46956472+2 46991595-2

  158.         " RATE_LIMIT 3 30 1415800560

  159.         " DISALLOW_REUSE 47193352

  160.         " TOTP_AUTH

  161.         11111111

  162.         22222222

  163.         33333333

  164.         44444444

  165.         55555555

  166.     # unique: true allows user to have non unique uid

  167.     unique: false

  168.     uid: 1001

  169. 

  170.     user_files:

  171.       enabled: true

  172.       # 'source' allows you to define an arbitrary directory to sync,

  173.       # useful to use for default files.

  174.       # should be a salt fileserver path either with or without 'salt://'

  175.       # if not present, it defaults to 'salt://users/files/user/<username>

  176.       source: users/files

  177.       # template: jinja

  178.       # You can specify octal mode for files and symlinks that will be copied.

  179.       # Since version 2016.11.0 it's possible to use 'keep' for file_mode,

  180.       # to preserve file original mode, thus you can save execution bit for example.

  181.       file_mode: keep

  182.       # You can specify octal mode for directories as well.

  183.       # This won't work on Windows minions

  184.       # dir_mode: 775

  185.       sym_mode: 640

  186.       exclude_pat: "*.gitignore"

  187. 

  188.   ## Absent user

  189.   cuser:

  190.     absent: true

  191.     purge: true

  192.     force: true

  193. 

  194. 

  195. ## Old syntax of absent_users still supported

  196. absent_users:

  197.   - donald

  198.   - bad_guy