Saltstack Official Users Formula
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.

135 lines
3.9KB

  1. users:
  2. ## Minimal required pillar values
  3. auser:
  4. fullname: A User
  5. ## Full list of pillar values
  6. buser:
  7. fullname: B User
  8. password: $6$w.............
  9. enforce_password: True
  10. # WARNING: If 'empty_password' is set to True, the 'password' statement
  11. # will be ignored by enabling password-less login for the user.
  12. empty_password: False
  13. system: False
  14. home: /custom/buser
  15. user_dir_mode: 750
  16. createhome: True
  17. roomnumber: "A-1"
  18. workphone: "(555) 555-5555"
  19. homephone: "(555) 555-5551"
  20. manage_vimrc: False
  21. manage_bashrc: False
  22. manage_profile: False
  23. expire: 16426
  24. sudouser: True
  25. # sudo_rules doesn't need the username as a prefix for the rule
  26. # this is added automatically by the formula.
  27. # ----------------------------------------------------------------------
  28. # In case your sudo_rules have a colon please have in mind to not leave
  29. # spaces around it. For example:
  30. # ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
  31. # ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
  32. sudo_rules:
  33. - ALL=(root) /usr/bin/find
  34. - ALL=(otheruser) /usr/bin/script.sh
  35. sudo_defaults:
  36. - '!requiretty'
  37. shell: /bin/bash
  38. remove_groups: False
  39. prime_group:
  40. name: primarygroup
  41. gid: 500
  42. groups:
  43. - users
  44. optional_groups:
  45. - some_groups_that_might
  46. - not_exist_on_all_minions
  47. ssh_key_type: rsa
  48. # You can inline the private keys ...
  49. ssh_keys:
  50. privkey: PRIVATEKEY
  51. pubkey: PUBLICKEY
  52. # you can provide multiple keys, the keyname is taken as filename
  53. # make sure your public keys suffix is .pub
  54. foobar: PRIVATEKEY
  55. foobar.pub: PUBLICKEY
  56. # ... or you can pull them from a different pillar,
  57. # for example one called "ssh_keys":
  58. ssh_keys_pillar:
  59. id_rsa: "ssh_keys"
  60. another_key_pair: "ssh_keys"
  61. ssh_auth:
  62. - PUBLICKEY
  63. ssh_auth.absent:
  64. - PUBLICKEY_TO_BE_REMOVED
  65. # Generates an authorized_keys file for the user
  66. # with the given keys
  67. ssh_auth_file:
  68. - PUBLICKEY
  69. # ... or you can pull them from a different pillar similar to ssh_keys_pillar
  70. ssh_auth_pillar:
  71. id_rsa: "ssh_keys"
  72. # If you prefer to keep public keys as files rather
  73. # than inline in pillar, this works.
  74. ssh_auth_sources:
  75. - salt://keys/buser.id_rsa.pub
  76. # Manage the ~/.ssh/config file
  77. ssh_known_hosts:
  78. importanthost:
  79. fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
  80. ssh_known_hosts.absent:
  81. - notimportanthost
  82. ssh_config:
  83. all:
  84. hostname: "*"
  85. options:
  86. - "StrictHostKeyChecking no"
  87. - "UserKnownHostsFile=/dev/null"
  88. importanthost:
  89. hostname: "needcheck.example.com"
  90. options:
  91. - "StrictHostKeyChecking yes"
  92. # Using gitconfig without Git installed will result in an error
  93. # https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:
  94. # This state module now requires git 1.6.5 (released 10 October 2009) or newer.
  95. gitconfig:
  96. user.name: B User
  97. user.email: buser@example.com
  98. url."https://".insteadOf: "git://"
  99. google_2fa: True
  100. google_auth:
  101. ssh: |
  102. SOMEGAUTHHASHVAL
  103. " RESETTING_TIME_SKEW 46956472+2 46991595-2
  104. " RATE_LIMIT 3 30 1415800560
  105. " DISALLOW_REUSE 47193352
  106. " TOTP_AUTH
  107. 11111111
  108. 22222222
  109. 33333333
  110. 44444444
  111. 55555555
  112. uid: 1001
  113. user_files:
  114. enabled: True
  115. # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.
  116. # should be a salt fileserver path either with or without 'salt://'
  117. # if not present, it defaults to 'salt://users/files/user/<username>
  118. source: users/files/default
  119. ## Absent user
  120. cuser:
  121. absent: True
  122. purge: True
  123. force: True
  124. ## Old syntax of absent_users still supported
  125. absent_users:
  126. - donald
  127. - bad_guy