Saltstack Official Users Formula

118 lines
3.2KB

  1. users:
  2. ## Minimal required pillar values
  3. auser:
  4. fullname: A User
  5. ## Full list of pillar values
  6. buser:
  7. fullname: B User
  8. password: $6$w.............
  9. enforce_password: True
  10. home: /custom/buser
  11. createhome: True
  12. roomnumber: "A-1"
  13. workphone: "(555) 555-5555"
  14. homephone: "(555) 555-5551"
  15. manage_vimrc: False
  16. manage_bashrc: False
  17. manage_profile: False
  18. expire: 16426
  19. sudouser: True
  20. # sudo_rules doesn't need the username as a prefix for the rule
  21. # this is added automatically by the formula.
  22. # ----------------------------------------------------------------------
  23. # In case your sudo_rules have a colon please have in mind to not leave
  24. # spaces around it. For example:
  25. # ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
  26. # ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
  27. sudo_rules:
  28. - ALL=(root) /usr/bin/find
  29. - ALL=(otheruser) /usr/bin/script.sh
  30. sudo_defaults:
  31. - '!requiretty'
  32. shell: /bin/bash
  33. prime_group:
  34. name: primarygroup
  35. gid: 500
  36. groups:
  37. - users
  38. ssh_key_type: rsa
  39. # You can inline the private keys ...
  40. ssh_keys:
  41. privkey: PRIVATEKEY
  42. pubkey: PUBLICKEY
  43. # ... or you can pull them from a different pillar,
  44. # for example one called "ssh_keys":
  45. ssh_keys_pillar:
  46. id_rsa: "ssh_keys"
  47. another_key_pair: "ssh_keys"
  48. ssh_auth:
  49. - PUBLICKEY
  50. ssh_auth.absent:
  51. - PUBLICKEY_TO_BE_REMOVED
  52. # Generates an authorized_keys file for the user
  53. # with the given keys
  54. ssh_auth_file:
  55. - PUBLICKEY
  56. # ... or you can pull them from a different pillar similar to ssh_keys_pillar
  57. ssh_auth_pillar:
  58. id_rsa: "ssh_keys"
  59. # If you prefer to keep public keys as files rather
  60. # than inline in pillar, this works.
  61. ssh_auth_sources:
  62. - salt://keys/buser.id_rsa.pub
  63. # Manage the ~/.ssh/config file
  64. ssh_known_hosts:
  65. importanthost:
  66. fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
  67. ssh_known_hosts.absent:
  68. - notimportanthost
  69. ssh_config:
  70. all:
  71. hostname: "*"
  72. options:
  73. - "StrictHostKeyChecking no"
  74. - "UserKnownHostsFile=/dev/null"
  75. importanthost:
  76. hostname: "needcheck.example.com"
  77. options:
  78. - "StrictHostKeyChecking yes"
  79. gitconfig:
  80. user.name: B User
  81. user.email: buser@example.com
  82. url."https://".insteadOf: "git://"
  83. google_2fa: True
  84. google_auth:
  85. ssh: |
  86. SOMEGAUTHHASHVAL
  87. " RESETTING_TIME_SKEW 46956472+2 46991595-2
  88. " RATE_LIMIT 3 30 1415800560
  89. " DISALLOW_REUSE 47193352
  90. " TOTP_AUTH
  91. 11111111
  92. 22222222
  93. 33333333
  94. 44444444
  95. 55555555
  96. user_files:
  97. enabled: True
  98. # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.
  99. # should be a salt fileserver path either with or without 'salt://'
  100. # if not present, it defaults to 'salt://users/files/user/<username>
  101. source: users/files/default
  102. ## Absent user
  103. cuser:
  104. absent: True
  105. purge: True
  106. force: True
  107. ## Old syntax of absent_users still supported
  108. absent_users:
  109. - donald
  110. - bad_guy