|
|
|
|
|
|
|
|
- workphone: {{ user['workphone'] }} |
|
|
- workphone: {{ user['workphone'] }} |
|
|
{% endif %} |
|
|
{% endif %} |
|
|
{% if 'homephone' in user %} |
|
|
{% if 'homephone' in user %} |
|
|
- homephone: {{ user['workphone'] }} |
|
|
|
|
|
|
|
|
- homephone: {{ user['homephone'] }} |
|
|
{% endif %} |
|
|
{% endif %} |
|
|
{% if not user.get('createhome', True) %} |
|
|
{% if not user.get('createhome', True) %} |
|
|
- createhome: False |
|
|
- createhome: False |
|
|
{% endif %} |
|
|
{% endif %} |
|
|
|
|
|
{% if not user.get('unique', True) %} |
|
|
|
|
|
- unique: False |
|
|
|
|
|
{% endif %} |
|
|
{% if 'expire' in user -%} |
|
|
{% if 'expire' in user -%} |
|
|
{% if grains['kernel'].endswith('BSD') and |
|
|
{% if grains['kernel'].endswith('BSD') and |
|
|
user['expire'] < 157766400 %} |
|
|
user['expire'] < 157766400 %} |
|
|
|
|
|
|
|
|
{% endif %} |
|
|
{% endif %} |
|
|
|
|
|
|
|
|
{% if 'ssh_keys' in user %} |
|
|
{% if 'ssh_keys' in user %} |
|
|
{% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %} |
|
|
|
|
|
users_user_{{ name }}_private_key: |
|
|
|
|
|
file.managed: |
|
|
|
|
|
- name: {{ home }}/.ssh/{{ key_type }} |
|
|
|
|
|
- user: {{ name }} |
|
|
|
|
|
- group: {{ user_group }} |
|
|
|
|
|
- mode: 600 |
|
|
|
|
|
- show_diff: False |
|
|
|
|
|
- contents_pillar: users:{{ name }}:ssh_keys:privkey |
|
|
|
|
|
- require: |
|
|
|
|
|
- user: users_{{ name }}_user |
|
|
|
|
|
{% for group in user.get('groups', []) %} |
|
|
|
|
|
- group: users_{{ name }}_{{ group }}_group |
|
|
|
|
|
{% endfor %} |
|
|
|
|
|
users_user_{{ name }}_public_key: |
|
|
|
|
|
|
|
|
{% for _key in user.ssh_keys.keys() %} |
|
|
|
|
|
{% if _key == 'privkey' %} |
|
|
|
|
|
{% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') %} |
|
|
|
|
|
{% elif _key == 'pubkey' %} |
|
|
|
|
|
{% set key_name = 'id_' + user.get('ssh_key_type', 'rsa') + '.pub' %} |
|
|
|
|
|
{% else %} |
|
|
|
|
|
{% set key_name = _key %} |
|
|
|
|
|
{% endif %} |
|
|
|
|
|
users_{{ name }}_{{ key_name }}_key: |
|
|
file.managed: |
|
|
file.managed: |
|
|
- name: {{ home }}/.ssh/{{ key_type }}.pub |
|
|
|
|
|
|
|
|
- name: {{ home }}/.ssh/{{ key_name }} |
|
|
- user: {{ name }} |
|
|
- user: {{ name }} |
|
|
- group: {{ user_group }} |
|
|
- group: {{ user_group }} |
|
|
|
|
|
{% if key_name.endswith(".pub") %} |
|
|
- mode: 644 |
|
|
- mode: 644 |
|
|
|
|
|
{% else %} |
|
|
|
|
|
- mode: 600 |
|
|
|
|
|
{% endif %} |
|
|
- show_diff: False |
|
|
- show_diff: False |
|
|
- contents_pillar: users:{{ name }}:ssh_keys:pubkey |
|
|
|
|
|
|
|
|
- contents_pillar: users:{{ name }}:ssh_keys:{{ _key }} |
|
|
- require: |
|
|
- require: |
|
|
- user: users_{{ name }}_user |
|
|
- user: users_{{ name }}_user |
|
|
{% for group in user.get('groups', []) %} |
|
|
{% for group in user.get('groups', []) %} |
|
|
- group: users_{{ name }}_{{ group }}_group |
|
|
- group: users_{{ name }}_{{ group }}_group |
|
|
{% endfor %} |
|
|
{% endfor %} |
|
|
|
|
|
{% endfor %} |
|
|
{% endif %} |
|
|
{% endif %} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
{% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %} |
|
|
{% if 'ssh_auth_file' in user or 'ssh_auth_pillar' in user %} |
|
|
users_authorized_keys_{{ name }}: |
|
|
users_authorized_keys_{{ name }}: |
|
|
file.managed: |
|
|
file.managed: |
|
|
|
|
|
|
|
|
{{ auth }} |
|
|
{{ auth }} |
|
|
{% endfor -%} |
|
|
{% endfor -%} |
|
|
{% else %} |
|
|
{% else %} |
|
|
|
|
|
- contents: | |
|
|
{%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %} |
|
|
{%- for key_name, pillar_name in user['ssh_auth_pillar'].items() %} |
|
|
- contents_pillar: {{ pillar_name }}:{{ key_name }}:pubkey |
|
|
|
|
|
|
|
|
{{ salt['pillar.get'](pillar_name + ':' + key_name + ':pubkey', '') }} |
|
|
{%- endfor %} |
|
|
{%- endfor %} |
|
|
{% endif %} |
|
|
{% endif %} |
|
|
{% endif %} |
|
|
{% endif %} |
|
|
|
|
|
|
|
|
{% if 'gitconfig' in user %} |
|
|
{% if 'gitconfig' in user %} |
|
|
{% for key, value in user['gitconfig'].items() %} |
|
|
{% for key, value in user['gitconfig'].items() %} |
|
|
users_{{ name }}_user_gitconfig_{{ loop.index0 }}: |
|
|
users_{{ name }}_user_gitconfig_{{ loop.index0 }}: |
|
|
{% if grains['saltversioninfo'] >= (2015, 8, 0, 0) %} |
|
|
|
|
|
|
|
|
{% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %} |
|
|
git.config_set: |
|
|
git.config_set: |
|
|
{% else %} |
|
|
{% else %} |
|
|
git.config: |
|
|
git.config: |
|
|
|
|
|
|
|
|
- name: {{ key }} |
|
|
- name: {{ key }} |
|
|
- value: "{{ value }}" |
|
|
- value: "{{ value }}" |
|
|
- user: {{ name }} |
|
|
- user: {{ name }} |
|
|
{% if grains['saltversioninfo'] >= (2015, 8, 0, 0) %} |
|
|
|
|
|
|
|
|
{% if grains['saltversioninfo'] >= [2015, 8, 0, 0] %} |
|
|
- global: True |
|
|
- global: True |
|
|
{% else %} |
|
|
{% else %} |
|
|
- is_global: True |
|
|
- is_global: True |