forked from saltstack-formulas/users-formula
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pillar.example
133 lines (126 loc) · 3.84 KB
/
pillar.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
users:
## Minimal required pillar values
auser:
fullname: A User
## Full list of pillar values
buser:
fullname: B User
password: $6$w.............
enforce_password: True
# WARNING: If 'empty_password' is set to True, the 'password' statement
# will be ignored by enabling password-less login for the user.
empty_password: False
hash_password: False
system: False
home: /custom/buser
homedir_owner: buser
homedir_group: primarygroup
user_dir_mode: 750
createhome: True
roomnumber: "A-1"
workphone: "(555) 555-5555"
homephone: "(555) 555-5551"
manage_vimrc: False
manage_bashrc: False
manage_profile: False
expire: 16426
sudouser: True
# sudo_rules doesn't need the username as a prefix for the rule
# this is added automatically by the formula.
# ----------------------------------------------------------------------
# In case your sudo_rules have a colon please have in mind to not leave
# spaces around it. For example:
# ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
# ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
sudo_rules:
- ALL=(root) /usr/bin/find
- ALL=(otheruser) /usr/bin/script.sh
sudo_defaults:
- '!requiretty'
shell: /bin/bash
remove_groups: False
prime_group:
name: primarygroup
gid: 500
groups:
- users
optional_groups:
- some_groups_that_might
- not_exist_on_all_minions
ssh_key_type: rsa
# You can inline the private keys ...
ssh_keys:
privkey: PRIVATEKEY
pubkey: PUBLICKEY
# ... or you can pull them from a different pillar,
# for example one called "ssh_keys":
ssh_keys_pillar:
id_rsa: "ssh_keys"
another_key_pair: "ssh_keys"
ssh_auth:
- PUBLICKEY
ssh_auth.absent:
- PUBLICKEY_TO_BE_REMOVED
# Generates an authorized_keys file for the user
# with the given keys
ssh_auth_file:
- PUBLICKEY
# ... or you can pull them from a different pillar similar to ssh_keys_pillar
ssh_auth_pillar:
id_rsa: "ssh_keys"
# If you prefer to keep public keys as files rather
# than inline in pillar, this works.
ssh_auth_sources:
- salt://keys/buser.id_rsa.pub
# Manage the ~/.ssh/config file
ssh_known_hosts:
importanthost:
fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
ssh_known_hosts.absent:
- notimportanthost
ssh_config:
all:
hostname: "*"
options:
- "StrictHostKeyChecking no"
- "UserKnownHostsFile=/dev/null"
importanthost:
hostname: "needcheck.example.com"
options:
- "StrictHostKeyChecking yes"
# Using gitconfig without Git installed will result in an error
# https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:
# This state module now requires git 1.6.5 (released 10 October 2009) or newer.
gitconfig:
user.name: B User
user.email: [email protected]
"url.https://.insteadOf": "git://"
google_2fa: True
google_auth:
ssh: |
SOMEGAUTHHASHVAL
" RESETTING_TIME_SKEW 46956472+2 46991595-2
" RATE_LIMIT 3 30 1415800560
" DISALLOW_REUSE 47193352
" TOTP_AUTH
11111111
22222222
33333333
44444444
55555555
uid: 1001
user_files:
enabled: True
# 'source' allows you to define an arbitrary directory to sync, useful to use for default files.
# should be a salt fileserver path either with or without 'salt://'
# if not present, it defaults to 'salt://users/files/user/<username>
source: users/files/default
## Absent user
cuser:
absent: True
purge: True
force: True
## Old syntax of absent_users still supported
absent_users:
- donald
- bad_guy