salt
/
users-formula
forked from ExternalMirrors/users-formula
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
Saltstack Official Users Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
293 Commits
2 Branches
Tree: 7ab8f2ed06
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7ab8f2ed06'
${ noResults }
users-formula/pillar.example

pillar.example 4.9KB
Raw Normal View History

(Re-)enable pillar users-formula:lookup
7 years ago
Dont force vim-formula on users
6 years ago
(Re-)enable pillar users-formula:lookup
7 years ago
Add example data to pillar.
11 years ago
New format of user.absent support introduced. Old format still supported.
10 years ago
Add example data to pillar.
11 years ago
New format of user.absent support introduced. Old format still supported.
10 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
10 years ago
New format of user.absent support introduced. Old format still supported.
10 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
10 years ago
Update pillar.example
10 years ago
Adding support for the enforce_password option. This will allow users change their passwords after the initial setting in Salt.
9 years ago
Adds 'empty_password' statement for states.user.present
9 years ago
Add support for hash_password
8 years ago
Add missing keys in pillar.example (found in init.sls)
9 years ago
Add home to pillar.example
10 years ago
add pillar data
8 years ago
Add missing keys in pillar.example (found in init.sls)
9 years ago
Add 'createhome' option for 'user.present' state
10 years ago
Added ability to specify room number, home phone, and work phone as per https://docs.saltstack.com/en/develop/ref/states/all/salt.states.user.html
9 years ago
Enable/disable bashrc/vimrc per user Made both states configurable per user in pillar data Had to drop extend, for this otherwise the extend would be empty if manage is False
9 years ago
Add support for .profile file
9 years ago
Add support for setting user expire
10 years ago
Added short docs for options
6 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
10 years ago
Add sudo_rules syntax examples for rules with colons
9 years ago
Add support for setting user expire
10 years ago
Fix incorrect sudo_rules example
10 years ago
possibility to define user-specific Defaults
9 years ago
fixing example for sudo defaults for specific user
9 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
10 years ago
Add missing keys in pillar.example (found in init.sls)
9 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
10 years ago
yaml mistype had the prime group and ssh keys values as another dict. fixed.
10 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
10 years ago
Add example pillar data for optional_groups
8 years ago
Add and support ssh_key_type attribute to allow for dsa ssh key pairs
10 years ago
Add pulling keys from other pillar. Example pillar: ssh_keys: id_rsa: privkey: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY----- pubkey: | ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
9 years ago
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values
10 years ago
yaml mistype had the prime group and ssh keys values as another dict. fixed.
10 years ago
Fix docs
6 years ago
adjust file permissions of public ssh-keys
7 years ago
provide pillar example
7 years ago
Add pulling keys from other pillar. Example pillar: ssh_keys: id_rsa: privkey: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY----- pubkey: | ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H....
9 years ago
Add example data to pillar.
11 years ago
Fix ssh_auth.names in example pillar
10 years ago
added option to remove ssh public keys from auth (ssh_auth.absent)
10 years ago
Add 'ssh_auth_file' pillar key to generate an authorized_keys file from given ssh public keys.
9 years ago
Added ability to provide pillar path for ssh_auth.
9 years ago
Added option to source ssh public keys from files.
9 years ago
Add support for ssh_auth_sources.absent Fixes: 150
7 years ago
Add ~/.ssh/config management This adds the ability to manage the ~/.ssh/config file for users.
9 years ago
Add possibility to manage ssh's known_hosts file.
9 years ago
Add ~/.ssh/config management This adds the ability to manage the ~/.ssh/config file for users.
9 years ago
Added option to source ssh public keys from files.
9 years ago
Resolve `git.config` error where minion does not have Git installed #115
8 years ago
Add possibility to manage the user's global git configuration.
9 years ago
fix gitconfig url insteadOf example Previous example would result in quote escaping problem
8 years ago
Add possibility to manage the user's global git configuration.
9 years ago
readd 2fa pam enforcement
9 years ago
google auth example pillar config add; forgotten gauth state file add
9 years ago
Added short docs for options
6 years ago
update pillar.example to include uid in an attempt to save others from digging into the source (to confirm this detail)
9 years ago
Update pillar.example Quick example of absent users
11 years ago
Added feature to allow syncing arbitrary sets of files per user.
9 years ago
Add 'template' support to 'user_files' (#159) * Add support for 'template' in 'user_files' * Fix-up wrong nesting level for template value * Small quality improvement for push upstream. * Consistency improvement for variable name
7 years ago
Add ability to specify mode for files and symlinks in user_files
7 years ago
[users/users_files] add exclude_pat to user files (closes #178)
6 years ago
Added feature to allow syncing arbitrary sets of files per user.
9 years ago
New format of user.absent support introduced. Old format still supported.
10 years ago
Update pillar.example Quick example of absent users
11 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159 
  1. users-formula:

  2.   use_vim_formula: True

  3.   lookup:  # override the defauls in map.jinja

  4.     root_group: root

  5. 

  6. users:

  7.   ## Minimal required pillar values

  8.   auser:

  9.     fullname: A User

  10. 

  11.   ## Full list of pillar values

  12.   buser:

  13.     fullname: B User

  14.     password: $6$w.............

  15.     enforce_password: True

  16.     # WARNING: If 'empty_password' is set to True, the 'password' statement

  17.     # will be ignored by enabling password-less login for the user.

  18.     empty_password: False

  19.     hash_password: False

  20.     system: False

  21.     home: /custom/buser

  22.     homedir_owner: buser

  23.     homedir_group: primarygroup

  24.     user_dir_mode: 750

  25.     createhome: True

  26.     roomnumber: "A-1"

  27.     workphone: "(555) 555-5555"

  28.     homephone: "(555) 555-5551"

  29.     manage_vimrc: False

  30.     manage_bashrc: False

  31.     manage_profile: False

  32.     expire: 16426

  33.     # Disables user management except sudo rules.

  34.     # Useful for setting sudo rules for system accounts created by package instalation

  35.     sudoonly: False

  36.     sudouser: True

  37.     # sudo_rules doesn't need the username as a prefix for the rule

  38.     # this is added automatically by the formula.

  39.     # ----------------------------------------------------------------------

  40.     # In case your sudo_rules have a colon please have in mind to not leave

  41.     # spaces around it. For example:

  42.     # ALL=(ALL) NOPASSWD: ALL    <--- THIS WILL NOT WORK (Besides syntax is ok)

  43.     # ALL=(ALL) NOPASSWD:ALL     <--- THIS WILL WORK

  44.     sudo_rules:

  45.       - ALL=(root) /usr/bin/find

  46.       - ALL=(otheruser) /usr/bin/script.sh

  47.     sudo_defaults:

  48.       - '!requiretty'

  49.     shell: /bin/bash

  50.     remove_groups: False

  51.     prime_group:

  52.       name: primarygroup

  53.       gid: 500

  54.     groups:

  55.       - users

  56.     optional_groups:

  57.       - some_groups_that_might

  58.       - not_exist_on_all_minions

  59.     ssh_key_type: rsa

  60.     # You can inline the private keys ...

  61.     ssh_keys:

  62.       privkey: PRIVATEKEY

  63.       pubkey: PUBLICKEY

  64.       # or you can provide path to key on Salt fileserver

  65.       privkey: salt://path_to_PRIVATEKEY

  66.       pubkey: salt://path_to_PUBLICKEY

  67.       # you can provide multiple keys, the keyname is taken as filename

  68.       # make sure your public keys suffix is .pub

  69.       foobar: PRIVATEKEY

  70.       foobar.pub: PUBLICKEY

  71.     # ... or you can pull them from a different pillar,

  72.     # for example one called "ssh_keys":

  73.     ssh_keys_pillar:

  74.       id_rsa: "ssh_keys"

  75.       another_key_pair: "ssh_keys"

  76.     ssh_auth:

  77.       - PUBLICKEY

  78.     ssh_auth.absent:

  79.       - PUBLICKEY_TO_BE_REMOVED

  80.     # Generates an authorized_keys file for the user

  81.     # with the given keys

  82.     ssh_auth_file:

  83.       - PUBLICKEY

  84.     # ... or you can pull them from a different pillar similar to ssh_keys_pillar

  85.     ssh_auth_pillar:

  86.       id_rsa: "ssh_keys"

  87.     # If you prefer to keep public keys as files rather

  88.     # than inline in pillar, this works.

  89.     ssh_auth_sources:

  90.       - salt://keys/buser.id_rsa.pub

  91.     ssh_auth_sources.absent:

  92.       - salt://keys/deleteduser.id_rsa.pub # PUBLICKEY_FILE_TO_BE_REMOVED

  93.     # Manage the ~/.ssh/config file

  94.     ssh_known_hosts:

  95.       importanthost:

  96.         fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48

  97.     ssh_known_hosts.absent:

  98.       - notimportanthost

  99.     ssh_config:

  100.       all:

  101.         hostname: "*"

  102.         options:

  103.           - "StrictHostKeyChecking no"

  104.           - "UserKnownHostsFile=/dev/null"

  105.       importanthost:

  106.         hostname: "needcheck.example.com"

  107.         options:

  108.           - "StrictHostKeyChecking yes"

  109. 

  110.     # Using gitconfig without Git installed will result in an error

  111.     # https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:

  112.     # This state module now requires git 1.6.5 (released 10 October 2009) or newer.

  113.     gitconfig:

  114.       user.name: B User

  115.       user.email: buser@example.com

  116.       "url.https://.insteadOf": "git://"

  117. 

  118.     google_2fa: True

  119.     google_auth:

  120.       ssh: |

  121.         SOMEGAUTHHASHVAL

  122.         " RESETTING_TIME_SKEW 46956472+2 46991595-2

  123.         " RATE_LIMIT 3 30 1415800560

  124.         " DISALLOW_REUSE 47193352

  125.         " TOTP_AUTH

  126.         11111111

  127.         22222222

  128.         33333333

  129.         44444444

  130.         55555555

  131.     # unique: True allows user to have non unique uid

  132.     unique: False

  133.     uid: 1001

  134. 

  135.     user_files:

  136.       enabled: True

  137.       # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.

  138.       # should be a salt fileserver path either with or without 'salt://'

  139.       # if not present, it defaults to 'salt://users/files/user/<username>

  140.       source: users/files/default

  141.       template: jinja

  142.       # You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0

  143.       # it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save

  144.       # execution bit for example.

  145.       file_mode: keep

  146.       sym_mode: 640

  147.       exclude_pat: "*.gitignore"

  148. 

  149.   ## Absent user

  150.   cuser:

  151.     absent: True

  152.     purge: True

  153.     force: True

  154. 

  155. 

  156. ## Old syntax of absent_users still supported

  157. absent_users:

  158.   - donald

  159.   - bad_guy