users: ## Minimal required pillar values auser: fullname: A User ## Full list of pillar values buser: fullname: B User password: $6$w............. enforce_password: True # WARNING: If 'empty_password' is set to True, the 'password' statement # will be ignored by enabling password-less login for the user. empty_password: False hash_password: False system: False home: /custom/buser homedir_owner: buser homedir_group: primarygroup user_dir_mode: 750 createhome: True roomnumber: "A-1" workphone: "(555) 555-5555" homephone: "(555) 555-5551" manage_vimrc: False manage_bashrc: False manage_profile: False expire: 16426 sudouser: True # sudo_rules doesn't need the username as a prefix for the rule # this is added automatically by the formula. # ---------------------------------------------------------------------- # In case your sudo_rules have a colon please have in mind to not leave # spaces around it. For example: # ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok) # ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK sudo_rules: - ALL=(root) /usr/bin/find - ALL=(otheruser) /usr/bin/script.sh sudo_defaults: - '!requiretty' shell: /bin/bash remove_groups: False prime_group: name: primarygroup gid: 500 groups: - users optional_groups: - some_groups_that_might - not_exist_on_all_minions ssh_key_type: rsa # You can inline the private keys ... ssh_keys: privkey: PRIVATEKEY pubkey: PUBLICKEY # ... or you can pull them from a different pillar, # for example one called "ssh_keys": ssh_keys_pillar: id_rsa: "ssh_keys" another_key_pair: "ssh_keys" ssh_auth: - PUBLICKEY ssh_auth.absent: - PUBLICKEY_TO_BE_REMOVED # Generates an authorized_keys file for the user # with the given keys ssh_auth_file: - PUBLICKEY # ... or you can pull them from a different pillar similar to ssh_keys_pillar ssh_auth_pillar: id_rsa: "ssh_keys" # If you prefer to keep public keys as files rather # than inline in pillar, this works. ssh_auth_sources: - salt://keys/buser.id_rsa.pub # Manage the ~/.ssh/config file ssh_known_hosts: importanthost: fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48 ssh_known_hosts.absent: - notimportanthost ssh_config: all: hostname: "*" options: - "StrictHostKeyChecking no" - "UserKnownHostsFile=/dev/null" importanthost: hostname: "needcheck.example.com" options: - "StrictHostKeyChecking yes" # Using gitconfig without Git installed will result in an error # https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html: # This state module now requires git 1.6.5 (released 10 October 2009) or newer. gitconfig: user.name: B User user.email: buser@example.com url."https://".insteadOf: "git://" google_2fa: True google_auth: ssh: | SOMEGAUTHHASHVAL " RESETTING_TIME_SKEW 46956472+2 46991595-2 " RATE_LIMIT 3 30 1415800560 " DISALLOW_REUSE 47193352 " TOTP_AUTH 11111111 22222222 33333333 44444444 55555555 uid: 1001 user_files: enabled: True # 'source' allows you to define an arbitrary directory to sync, useful to use for default files. # should be a salt fileserver path either with or without 'salt://' # if not present, it defaults to 'salt://users/files/user/ source: users/files/default # You can specify octal mode for files and symlinks that will be copied. Since version 2016.11.0 # it's possible to use 'keep' for file_mode, to preserve file original mode, thus you can save # execution bit for example. file_mode: keep sym_mode: 640 ## Absent user cuser: absent: True purge: True force: True ## Old syntax of absent_users still supported absent_users: - donald - bad_guy