salt
/
users-formula
rozštěpen z ExternalMirrors/users-formula
Sledovat 1
Oblíbit 0
Rozštěpit 0
Zdrojový kód Vydání 0 Aktivita
Saltstack Official Users Formula
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
185 Revize
2 Větve
Strom: 6e3c771b52
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „6e3c771b52“
${ noResults }
users-formula/pillar.example

122 lines
3.4KB
Surový Blame Historie 

  1. users:

  2.   ## Minimal required pillar values

  3.   auser:

  4.     fullname: A User

  5. 

  6.   ## Full list of pillar values

  7.   buser:

  8.     fullname: B User

  9.     password: $6$w.............

  10.     enforce_password: True

  11.     # WARNING: If 'empty_password' is set to True, the 'password' statement

  12.     # will be ignored by enabling password-less login for the user.

  13.     empty_password: False

  14.     home: /custom/buser

  15.     createhome: True

  16.     roomnumber: "A-1"

  17.     workphone: "(555) 555-5555"

  18.     homephone: "(555) 555-5551"

  19.     manage_vimrc: False

  20.     manage_bashrc: False

  21.     manage_profile: False

  22.     expire: 16426

  23.     sudouser: True

  24.     # sudo_rules doesn't need the username as a prefix for the rule

  25.     # this is added automatically by the formula.

  26.     # ----------------------------------------------------------------------

  27.     # In case your sudo_rules have a colon please have in mind to not leave

  28.     # spaces around it. For example:

  29.     # ALL=(ALL) NOPASSWD: ALL    <--- THIS WILL NOT WORK (Besides syntax is ok)

  30.     # ALL=(ALL) NOPASSWD:ALL     <--- THIS WILL WORK

  31.     sudo_rules:

  32.       - ALL=(root) /usr/bin/find

  33.       - ALL=(otheruser) /usr/bin/script.sh

  34.     sudo_defaults:

  35.       - '!requiretty'

  36.     shell: /bin/bash

  37.     prime_group:

  38.       name: primarygroup

  39.       gid: 500

  40.     groups:

  41.       - users

  42.     ssh_key_type: rsa

  43.     # You can inline the private keys ...

  44.     ssh_keys:

  45.       privkey: PRIVATEKEY

  46.       pubkey: PUBLICKEY

  47.     # ... or you can pull them from a different pillar,

  48.     # for example one called "ssh_keys":

  49.     ssh_keys_pillar:

  50.       id_rsa: "ssh_keys"

  51.       another_key_pair: "ssh_keys"

  52.     ssh_auth:

  53.       - PUBLICKEY

  54.     ssh_auth.absent:

  55.       - PUBLICKEY_TO_BE_REMOVED

  56.     # Generates an authorized_keys file for the user

  57.     # with the given keys

  58.     ssh_auth_file:

  59.       - PUBLICKEY

  60.     # ... or you can pull them from a different pillar similar to ssh_keys_pillar

  61.     ssh_auth_pillar:

  62.       id_rsa: "ssh_keys"

  63.     # If you prefer to keep public keys as files rather

  64.     # than inline in pillar, this works.

  65.     ssh_auth_sources:

  66.       - salt://keys/buser.id_rsa.pub

  67.     # Manage the ~/.ssh/config file

  68.     ssh_known_hosts:

  69.       importanthost:

  70.         fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48

  71.     ssh_known_hosts.absent:

  72.       - notimportanthost

  73.     ssh_config:

  74.       all:

  75.         hostname: "*"

  76.         options:

  77.           - "StrictHostKeyChecking no"

  78.           - "UserKnownHostsFile=/dev/null"

  79.       importanthost:

  80.         hostname: "needcheck.example.com"

  81.         options:

  82.           - "StrictHostKeyChecking yes"

  83. 

  84.     gitconfig:

  85.       user.name: B User

  86.       user.email: buser@example.com

  87.       url."https://".insteadOf: "git://"

  88. 

  89.     google_2fa: True

  90.     google_auth:

  91.       ssh: |

  92.         SOMEGAUTHHASHVAL

  93.         " RESETTING_TIME_SKEW 46956472+2 46991595-2

  94.         " RATE_LIMIT 3 30 1415800560

  95.         " DISALLOW_REUSE 47193352

  96.         " TOTP_AUTH

  97.         11111111

  98.         22222222

  99.         33333333

  100.         44444444

  101.         55555555

  102.     uid: 1001

  103. 

  104.     user_files:

  105.       enabled: True

  106.       # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.

  107.       # should be a salt fileserver path either with or without 'salt://'

  108.       # if not present, it defaults to 'salt://users/files/user/<username>

  109.       source: users/files/default

  110. 

  111.   ## Absent user

  112.   cuser:

  113.     absent: True

  114.     purge: True

  115.     force: True

  116. 

  117. 

  118. ## Old syntax of absent_users still supported

  119. absent_users:

  120.   - donald

  121.   - bad_guy