ExternalMirrors
/
users-formula
огледало од https://github.com/saltstack-formulas/users-formula
Прати 1
Волим 0
Креирај огранак 1
Код Дискусије 0 Издања 13 Вики Activity
Saltstack Official Users Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
338 Комити
3 Гране
Дрво: 8d48adb3a2
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from '8d48adb3a2'
${ noResults }
users-formula/pillar.example

195 lines
5.5KB
Датотека Blame Историја 

  1. users-formula:

  2.   use_vim_formula: True

  3.   lookup:  # override the defauls in map.jinja

  4.     root_group: root

  5. 

  6. # group initialization

  7. groups:

  8.   foo:

  9.     state: present

  10.     gid: 500

  11.     system: False

  12. 

  13. users:

  14.   ## Minimal required pillar values

  15.   auser:

  16.     fullname: A User

  17. 

  18.   ## Full list of pillar values

  19.   allow_gid_change: False

  20.   buser:

  21.     fullname: B User

  22.     password: $6$w.............

  23.     enforce_password: True

  24.     # WARNING: If 'empty_password' is set to True, the 'password' statement

  25.     # will be ignored by enabling password-less login for the user.

  26.     empty_password: False

  27.     hash_password: False

  28.     system: False

  29.     home: /custom/buser

  30.     homedir_owner: buser

  31.     homedir_group: primarygroup

  32.     user_dir_mode: 750

  33.     createhome: True

  34.     roomnumber: "A-1"

  35.     workphone: "(555) 555-5555"

  36.     homephone: "(555) 555-5551"

  37.     manage_vimrc: False

  38.     allow_gid_change: True

  39.     manage_bashrc: False

  40.     manage_profile: False

  41.     expire: 16426

  42.     # Disables user management except sudo rules.

  43.     # Useful for setting sudo rules for system accounts created by package instalation

  44.     sudoonly: False

  45.     sudouser: True

  46.     # sudo_rules doesn't need the username as a prefix for the rule

  47.     # this is added automatically by the formula.

  48.     # ----------------------------------------------------------------------

  49.     # In case your sudo_rules have a colon please have in mind to not leave

  50.     # spaces around it. For example:

  51.     # ALL=(ALL) NOPASSWD: ALL    <--- THIS WILL NOT WORK (Besides syntax is ok)

  52.     # ALL=(ALL) NOPASSWD:ALL     <--- THIS WILL WORK

  53.     sudo_rules:

  54.       - ALL=(root) /usr/bin/find

  55.       - ALL=(otheruser) /usr/bin/script.sh

  56.     sudo_defaults:

  57.       - '!requiretty'

  58.     # enable polkitadmin to make user an AdminIdentity for polkit

  59.     polkitadmin: True

  60.     shell: /bin/bash

  61.     remove_groups: False

  62.     prime_group:

  63.       name: primarygroup

  64.       gid: 500

  65.     groups:

  66.       - users

  67.     optional_groups:

  68.       - some_groups_that_might

  69.       - not_exist_on_all_minions

  70.     ssh_key_type: rsa

  71.     # You can inline the private keys ...

  72.     ssh_keys:

  73.       privkey: PRIVATEKEY

  74.       pubkey: PUBLICKEY

  75.       # or you can provide path to key on Salt fileserver

  76.       privkey: salt://path_to_PRIVATEKEY

  77.       pubkey: salt://path_to_PUBLICKEY

  78.       # you can provide multiple keys, the keyname is taken as filename

  79.       # make sure your public keys suffix is .pub

  80.       foobar: PRIVATEKEY

  81.       foobar.pub: PUBLICKEY

  82.     # ... or you can pull them from a different pillar,

  83.     # for example one called "ssh_keys":

  84.     ssh_keys_pillar:

  85.       id_rsa: "ssh_keys"

  86.       another_key_pair: "ssh_keys"

  87.     ssh_auth:

  88.       - PUBLICKEY

  89.     ssh_auth.absent:

  90.       - PUBLICKEY_TO_BE_REMOVED

  91.     # Generates an authorized_keys file for the user

  92.     # with the given keys

  93.     ssh_auth_file:

  94.       - PUBLICKEY

  95.     # ... or you can pull them from a different pillar similar to ssh_keys_pillar

  96.     ssh_auth_pillar:

  97.       id_rsa: "ssh_keys"

  98.     # If you prefer to keep public keys as files rather

  99.     # than inline in pillar, this works.

  100.     ssh_auth_sources:

  101.       - salt://keys/buser.id_rsa.pub

  102.     ssh_auth_sources.absent:

  103.       - salt://keys/deleteduser.id_rsa.pub # PUBLICKEY_FILE_TO_BE_REMOVED

  104.     # Manage the ~/.ssh/config file

  105.     ssh_known_hosts:

  106.       importanthost:

  107.         port: 22

  108.         fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48

  109.         key: PUBLICKEY

  110.         enc: ssh-rsa

  111.         hash_known_hosts: True

  112.         timeout: 5

  113.         fingerprint_hash_type: sha256

  114.     ssh_known_hosts.absent:

  115.       - notimportanthost

  116.     ssh_config:

  117.       all:

  118.         hostname: "*"

  119.         options:

  120.           - "StrictHostKeyChecking no"

  121.           - "UserKnownHostsFile=/dev/null"

  122.       importanthost:

  123.         hostname: "needcheck.example.com"

  124.         options:

  125.           - "StrictHostKeyChecking yes"

  126. 

  127.     # Using gitconfig without Git installed will result in an error

  128.     # https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:

  129.     # This state module now requires git 1.6.5 (released 10 October 2009) or newer.

  130.     gitconfig:

  131.       user.name: B User

  132.       user.email: buser@example.com

  133.       "url.https://.insteadOf": "git://"

  134. 

  135.     gitconfig.absent:

  136.       - push.default

  137.       - color\..+

  138. 

  139.     google_2fa: True

  140.     google_auth:

  141.       ssh: |

  142.         SOMEGAUTHHASHVAL

  143.         " RESETTING_TIME_SKEW 46956472+2 46991595-2

  144.         " RATE_LIMIT 3 30 1415800560

  145.         " DISALLOW_REUSE 47193352

  146.         " TOTP_AUTH

  147.         11111111

  148.         22222222

  149.         33333333

  150.         44444444

  151.         55555555

  152.     # unique: True allows user to have non unique uid

  153.     unique: False

  154.     uid: 1001

  155. 

  156.     user_files:

  157.       enabled: True

  158.       # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.

  159.       # should be a salt fileserver path either with or without 'salt://'

  160.       # if not present, it defaults to 'salt://users/files/user/<username>

  161.       source: users/files/default

  162.       template: jinja

  163.       # You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0

  164.       # it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save

  165.       # execution bit for example.

  166.       file_mode: keep

  167.       sym_mode: 640

  168.       exclude_pat: "*.gitignore"

  169. 

  170.   ## Absent user

  171.   cuser:

  172.     absent: True

  173.     purge: True

  174.     force: True

  175. 

  176. 

  177. ## Old syntax of absent_users still supported

  178. absent_users:

  179.   - donald

  180.   - bad_guy

  181. 

  182. groups:

  183.   badguys:

  184.     absent: True

  185.   niceguys:

  186.     gid: 4242

  187.     system: False

  188.     addusers: root

  189.     delusers: toor

  190.   ssl-cert:

  191.     system: True

  192.     members:

  193.     - www-data

  194.     - openldap