ExternalMirrors
/
users-formula
镜像来自 https://github.com/saltstack-formulas/users-formula
關注 1
收藏 0
複製 1
程式碼 問題 0 版本發佈 13 Wiki 活動
Saltstack Official Users Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
326 提交
3 分支
目錄樹: d4f8cf955d
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 'd4f8cf955d'
${ noResults }
users-formula/pillar.example

193 line
5.4KB
原始文件 Blame 歷史記錄 

  1. users-formula:

  2.   use_vim_formula: True

  3.   lookup:  # override the defauls in map.jinja

  4.     root_group: root

  5. 

  6. # group initialization

  7. groups:

  8.   foo:

  9.     state: present

  10.     gid: 500

  11.     system: False

  12. 

  13. users:

  14.   ## Minimal required pillar values

  15.   auser:

  16.     fullname: A User

  17. 

  18.   ## Full list of pillar values

  19.   allow_gid_change: False

  20.   buser:

  21.     fullname: B User

  22.     password: $6$w.............

  23.     enforce_password: True

  24.     # WARNING: If 'empty_password' is set to True, the 'password' statement

  25.     # will be ignored by enabling password-less login for the user.

  26.     empty_password: False

  27.     hash_password: False

  28.     system: False

  29.     home: /custom/buser

  30.     homedir_owner: buser

  31.     homedir_group: primarygroup

  32.     user_dir_mode: 750

  33.     createhome: True

  34.     roomnumber: "A-1"

  35.     workphone: "(555) 555-5555"

  36.     homephone: "(555) 555-5551"

  37.     manage_vimrc: False

  38.     allow_gid_change: True

  39.     manage_bashrc: False

  40.     manage_profile: False

  41.     expire: 16426

  42.     # Disables user management except sudo rules.

  43.     # Useful for setting sudo rules for system accounts created by package instalation

  44.     sudoonly: False

  45.     sudouser: True

  46.     # sudo_rules doesn't need the username as a prefix for the rule

  47.     # this is added automatically by the formula.

  48.     # ----------------------------------------------------------------------

  49.     # In case your sudo_rules have a colon please have in mind to not leave

  50.     # spaces around it. For example:

  51.     # ALL=(ALL) NOPASSWD: ALL    <--- THIS WILL NOT WORK (Besides syntax is ok)

  52.     # ALL=(ALL) NOPASSWD:ALL     <--- THIS WILL WORK

  53.     sudo_rules:

  54.       - ALL=(root) /usr/bin/find

  55.       - ALL=(otheruser) /usr/bin/script.sh

  56.     sudo_defaults:

  57.       - '!requiretty'

  58.     shell: /bin/bash

  59.     remove_groups: False

  60.     prime_group:

  61.       name: primarygroup

  62.       gid: 500

  63.     groups:

  64.       - users

  65.     optional_groups:

  66.       - some_groups_that_might

  67.       - not_exist_on_all_minions

  68.     ssh_key_type: rsa

  69.     # You can inline the private keys ...

  70.     ssh_keys:

  71.       privkey: PRIVATEKEY

  72.       pubkey: PUBLICKEY

  73.       # or you can provide path to key on Salt fileserver

  74.       privkey: salt://path_to_PRIVATEKEY

  75.       pubkey: salt://path_to_PUBLICKEY

  76.       # you can provide multiple keys, the keyname is taken as filename

  77.       # make sure your public keys suffix is .pub

  78.       foobar: PRIVATEKEY

  79.       foobar.pub: PUBLICKEY

  80.     # ... or you can pull them from a different pillar,

  81.     # for example one called "ssh_keys":

  82.     ssh_keys_pillar:

  83.       id_rsa: "ssh_keys"

  84.       another_key_pair: "ssh_keys"

  85.     ssh_auth:

  86.       - PUBLICKEY

  87.     ssh_auth.absent:

  88.       - PUBLICKEY_TO_BE_REMOVED

  89.     # Generates an authorized_keys file for the user

  90.     # with the given keys

  91.     ssh_auth_file:

  92.       - PUBLICKEY

  93.     # ... or you can pull them from a different pillar similar to ssh_keys_pillar

  94.     ssh_auth_pillar:

  95.       id_rsa: "ssh_keys"

  96.     # If you prefer to keep public keys as files rather

  97.     # than inline in pillar, this works.

  98.     ssh_auth_sources:

  99.       - salt://keys/buser.id_rsa.pub

  100.     ssh_auth_sources.absent:

  101.       - salt://keys/deleteduser.id_rsa.pub # PUBLICKEY_FILE_TO_BE_REMOVED

  102.     # Manage the ~/.ssh/config file

  103.     ssh_known_hosts:

  104.       importanthost:

  105.         port: 22

  106.         fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48

  107.         key: PUBLICKEY

  108.         enc: ssh-rsa

  109.         hash_known_hosts: True

  110.         timeout: 5

  111.         fingerprint_hash_type: sha256

  112.     ssh_known_hosts.absent:

  113.       - notimportanthost

  114.     ssh_config:

  115.       all:

  116.         hostname: "*"

  117.         options:

  118.           - "StrictHostKeyChecking no"

  119.           - "UserKnownHostsFile=/dev/null"

  120.       importanthost:

  121.         hostname: "needcheck.example.com"

  122.         options:

  123.           - "StrictHostKeyChecking yes"

  124. 

  125.     # Using gitconfig without Git installed will result in an error

  126.     # https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:

  127.     # This state module now requires git 1.6.5 (released 10 October 2009) or newer.

  128.     gitconfig:

  129.       user.name: B User

  130.       user.email: buser@example.com

  131.       "url.https://.insteadOf": "git://"

  132. 

  133.     gitconfig.absent:

  134.       - push.default

  135.       - color\..+

  136. 

  137.     google_2fa: True

  138.     google_auth:

  139.       ssh: |

  140.         SOMEGAUTHHASHVAL

  141.         " RESETTING_TIME_SKEW 46956472+2 46991595-2

  142.         " RATE_LIMIT 3 30 1415800560

  143.         " DISALLOW_REUSE 47193352

  144.         " TOTP_AUTH

  145.         11111111

  146.         22222222

  147.         33333333

  148.         44444444

  149.         55555555

  150.     # unique: True allows user to have non unique uid

  151.     unique: False

  152.     uid: 1001

  153. 

  154.     user_files:

  155.       enabled: True

  156.       # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.

  157.       # should be a salt fileserver path either with or without 'salt://'

  158.       # if not present, it defaults to 'salt://users/files/user/<username>

  159.       source: users/files/default

  160.       template: jinja

  161.       # You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0

  162.       # it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save

  163.       # execution bit for example.

  164.       file_mode: keep

  165.       sym_mode: 640

  166.       exclude_pat: "*.gitignore"

  167. 

  168.   ## Absent user

  169.   cuser:

  170.     absent: True

  171.     purge: True

  172.     force: True

  173. 

  174. 

  175. ## Old syntax of absent_users still supported

  176. absent_users:

  177.   - donald

  178.   - bad_guy

  179. 

  180. groups:

  181.   badguys:

  182.     absent: True

  183.   niceguys:

  184.     gid: 4242

  185.     system: False

  186.     addusers: root

  187.     delusers: toor

  188.   ssl-cert:

  189.     system: True

  190.     members:

  191.     - www-data

  192.     - openldap