From d37de77ba212f5d94b696ab23b4e26cf1e713aa2 Mon Sep 17 00:00:00 2001
From: Alexander Weidinger <aw@sz9i.net>
Date: Tue, 4 Jul 2017 22:05:56 +0200
Subject: [PATCH] Copied docs from commit to pillar.example

---
 pillar.example | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/pillar.example b/pillar.example
index 4352198..4aa3b2e 100644
--- a/pillar.example
+++ b/pillar.example
@@ -57,6 +57,38 @@ sshd_config:
         X11Forwarding: no
         AllowTcpForwarding: no
         ForceCommand: internal-sftp
+    # Supports complex compound matches in Match criteria. For example, be able
+    # to match against multiple Users for a given Match, or be able to match
+    # against address ranges. Or Groups. Or any combination thereof.
+    #
+    # Support for matching users can take one of several different appearances
+    # in pillar data:
+    match_1:
+      type:
+        User: one_user
+      options:
+        ChrootDirectory: /ex/%u
+    match_2:
+      type:
+        User:
+          - jim
+          - bob
+          - sally
+      options:
+        ChrootDirectory: /ex/%u
+    # Note the syntax of match_3. By using empty dicts for each user, we can
+    # leverage Salt's pillar mergine. If we use simple lists, we cannot do
+    # this; Salt can't merge simple lists, because it doesn't know what order
+    # they ought to be in.
+    match_3:
+      type:
+        User:
+          jim: ~
+          bob: ~
+          sally: ~
+      options:
+        ChrootDirectory: /ex/%u
+
   # Check `man sshd_config` for supported KexAlgorithms, Ciphers and MACs first.
   # You can specify KexAlgorithms, Ciphers and MACs as both key or a list.
   # The configuration given in the example below is based on: