Saltstack Official Users Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

pillar.example 3.9KB

10 jaren geleden
8 jaren geleden
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135
  1. users:
  2. ## Minimal required pillar values
  3. auser:
  4. fullname: A User
  5. ## Full list of pillar values
  6. buser:
  7. fullname: B User
  8. password: $6$w.............
  9. enforce_password: True
  10. # WARNING: If 'empty_password' is set to True, the 'password' statement
  11. # will be ignored by enabling password-less login for the user.
  12. empty_password: False
  13. hash_password: False
  14. system: False
  15. home: /custom/buser
  16. homedir_owner: buser
  17. homedir_group: primarygroup
  18. user_dir_mode: 750
  19. createhome: True
  20. roomnumber: "A-1"
  21. workphone: "(555) 555-5555"
  22. homephone: "(555) 555-5551"
  23. manage_vimrc: False
  24. manage_bashrc: False
  25. manage_profile: False
  26. expire: 16426
  27. sudouser: True
  28. # sudo_rules doesn't need the username as a prefix for the rule
  29. # this is added automatically by the formula.
  30. # ----------------------------------------------------------------------
  31. # In case your sudo_rules have a colon please have in mind to not leave
  32. # spaces around it. For example:
  33. # ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
  34. # ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
  35. sudo_rules:
  36. - ALL=(root) /usr/bin/find
  37. - ALL=(otheruser) /usr/bin/script.sh
  38. sudo_defaults:
  39. - '!requiretty'
  40. shell: /bin/bash
  41. remove_groups: False
  42. prime_group:
  43. name: primarygroup
  44. gid: 500
  45. groups:
  46. - users
  47. optional_groups:
  48. - some_groups_that_might
  49. - not_exist_on_all_minions
  50. ssh_key_type: rsa
  51. # You can inline the private keys ...
  52. ssh_keys:
  53. privkey: PRIVATEKEY
  54. pubkey: PUBLICKEY
  55. # ... or you can pull them from a different pillar,
  56. # for example one called "ssh_keys":
  57. ssh_keys_pillar:
  58. id_rsa: "ssh_keys"
  59. another_key_pair: "ssh_keys"
  60. ssh_auth:
  61. - PUBLICKEY
  62. ssh_auth.absent:
  63. - PUBLICKEY_TO_BE_REMOVED
  64. # Generates an authorized_keys file for the user
  65. # with the given keys
  66. ssh_auth_file:
  67. - PUBLICKEY
  68. # ... or you can pull them from a different pillar similar to ssh_keys_pillar
  69. ssh_auth_pillar:
  70. id_rsa: "ssh_keys"
  71. # If you prefer to keep public keys as files rather
  72. # than inline in pillar, this works.
  73. ssh_auth_sources:
  74. - salt://keys/buser.id_rsa.pub
  75. ssh_auth_sources.absent:
  76. - salt://keys/deleteduser.id_rsa.pub # PUBLICKEY_FILE_TO_BE_REMOVED
  77. # Manage the ~/.ssh/config file
  78. ssh_known_hosts:
  79. importanthost:
  80. fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
  81. ssh_known_hosts.absent:
  82. - notimportanthost
  83. ssh_config:
  84. all:
  85. hostname: "*"
  86. options:
  87. - "StrictHostKeyChecking no"
  88. - "UserKnownHostsFile=/dev/null"
  89. importanthost:
  90. hostname: "needcheck.example.com"
  91. options:
  92. - "StrictHostKeyChecking yes"
  93. # Using gitconfig without Git installed will result in an error
  94. # https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:
  95. # This state module now requires git 1.6.5 (released 10 October 2009) or newer.
  96. gitconfig:
  97. user.name: B User
  98. user.email: buser@example.com
  99. "url.https://.insteadOf": "git://"
  100. google_2fa: True
  101. google_auth:
  102. ssh: |
  103. SOMEGAUTHHASHVAL
  104. " RESETTING_TIME_SKEW 46956472+2 46991595-2
  105. " RATE_LIMIT 3 30 1415800560
  106. " DISALLOW_REUSE 47193352
  107. " TOTP_AUTH
  108. 11111111
  109. 22222222
  110. 33333333
  111. 44444444
  112. 55555555
  113. uid: 1001
  114. user_files:
  115. enabled: True
  116. # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.
  117. # should be a salt fileserver path either with or without 'salt://'
  118. # if not present, it defaults to 'salt://users/files/user/<username>
  119. source: users/files/default
  120. ## Absent user
  121. cuser:
  122. absent: True
  123. purge: True
  124. force: True
  125. ## Old syntax of absent_users still supported
  126. absent_users:
  127. - donald
  128. - bad_guy