2013-06-19 21:53:46 +02:00
|
|
|
include:
|
|
|
|
- users.sudo
|
|
|
|
|
|
|
|
{% for name, user in pillar.get('users', {}).items() %}
|
|
|
|
{% if user == None %}
|
|
|
|
{% set user = {} %}
|
|
|
|
{% endif %}
|
|
|
|
{% set home = user.get('home', "/home/%s" % name) %}
|
|
|
|
|
|
|
|
{% for group in user.get('groups', []) %}
|
|
|
|
{{ group }}_group:
|
|
|
|
group:
|
|
|
|
- name: {{ group }}
|
|
|
|
- present
|
|
|
|
{% endfor %}
|
|
|
|
|
|
|
|
{{ name }}_user:
|
|
|
|
file.directory:
|
|
|
|
- name: {{ home }}
|
|
|
|
- user: {{ name }}
|
|
|
|
- group: {{ name }}
|
|
|
|
- mode: 0755
|
|
|
|
- require:
|
|
|
|
- user: {{ name }}
|
|
|
|
- group: {{ name }}
|
|
|
|
group.present:
|
|
|
|
- name: {{ name }}
|
2013-11-14 17:13:45 +01:00
|
|
|
{% if 'uid' in user -%}
|
2013-10-28 21:39:55 +01:00
|
|
|
- gid: {{ user['uid'] }}
|
2013-11-14 17:13:45 +01:00
|
|
|
{% endif %}
|
2013-06-19 21:53:46 +02:00
|
|
|
user.present:
|
|
|
|
- name: {{ name }}
|
|
|
|
- home: {{ home }}
|
2013-09-04 21:30:32 +02:00
|
|
|
- shell: {{ user.get('shell', '/bin/bash') }}
|
2013-06-19 21:53:46 +02:00
|
|
|
{% if 'uid' in user -%}
|
|
|
|
- uid: {{ user['uid'] }}
|
|
|
|
{% endif %}
|
|
|
|
- gid_from_name: True
|
|
|
|
{% if 'fullname' in user %}
|
|
|
|
- fullname: {{ user['fullname'] }}
|
|
|
|
{% endif %}
|
|
|
|
- groups:
|
|
|
|
- {{ name }}
|
|
|
|
{% for group in user.get('groups', []) %}
|
2013-08-08 13:42:55 +02:00
|
|
|
- {{ group }}
|
2013-06-19 21:53:46 +02:00
|
|
|
{% endfor %}
|
|
|
|
- require:
|
2013-08-08 13:42:55 +02:00
|
|
|
- group: {{ name }}
|
2013-06-19 21:53:46 +02:00
|
|
|
{% for group in user.get('groups', []) %}
|
2013-08-08 13:42:55 +02:00
|
|
|
- group: {{ group }}
|
2013-06-19 21:53:46 +02:00
|
|
|
{% endfor %}
|
|
|
|
|
|
|
|
user_keydir_{{ name }}:
|
|
|
|
file.directory:
|
|
|
|
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh
|
|
|
|
- user: {{ name }}
|
|
|
|
- group: {{ name }}
|
|
|
|
- makedirs: True
|
|
|
|
- mode: 744
|
|
|
|
- require:
|
|
|
|
- user: {{ name }}
|
|
|
|
- group: {{ name }}
|
|
|
|
{% for group in user.get('groups', []) %}
|
|
|
|
- group: {{ group }}
|
|
|
|
{% endfor %}
|
|
|
|
|
|
|
|
{% if 'privkey' in user %}
|
|
|
|
user_{{ name }}_private_key:
|
|
|
|
file.managed:
|
|
|
|
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa
|
|
|
|
- user: {{ name }}
|
|
|
|
- group: {{ name }}
|
|
|
|
- mode: 600
|
|
|
|
- source: salt://keys/{{ user['privkey'] }}
|
|
|
|
- require:
|
|
|
|
- user: {{ name }}_user
|
|
|
|
{% for group in user.get('groups', []) %}
|
|
|
|
- group: {{ group }}_group
|
|
|
|
{% endfor %}
|
|
|
|
user_{{ name }}_public_key:
|
|
|
|
file.managed:
|
|
|
|
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa.pub
|
|
|
|
- user: {{ name }}
|
|
|
|
- group: {{ name }}
|
|
|
|
- mode: 644
|
|
|
|
- source: salt://keys/{{ user['privkey'] }}.pub
|
|
|
|
- require:
|
|
|
|
- user: {{ name }}_user
|
|
|
|
{% for group in user.get('groups', []) %}
|
|
|
|
- group: {{ group }}_group
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
|
|
|
|
{% if 'ssh_auth' in user %}
|
|
|
|
{% for auth in user['ssh_auth'] %}
|
|
|
|
ssh_auth_{{ name }}_{{ loop.index0 }}:
|
|
|
|
ssh_auth.present:
|
|
|
|
- user: {{ name }}
|
|
|
|
- name: {{ auth }}
|
|
|
|
- require:
|
|
|
|
- file: {{ name }}_user
|
|
|
|
- user: {{ name }}_user
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
|
2013-10-28 21:39:55 +01:00
|
|
|
{% if 'sudouser' in user and user['sudouser'] %}
|
|
|
|
sudoer-{{ name }}:
|
|
|
|
file.managed:
|
|
|
|
- name: /etc/sudoers.d/{{ name }}
|
|
|
|
- user: root
|
|
|
|
- group: root
|
|
|
|
- mode: '0440'
|
|
|
|
/etc/sudoers.d/{{ name }}:
|
|
|
|
file.append:
|
|
|
|
- text:
|
|
|
|
- "{{ name }} ALL=(ALL) NOPASSWD: ALL"
|
|
|
|
- require:
|
|
|
|
- file: sudoer-defaults
|
|
|
|
- file: sudoer-{{ name }}
|
|
|
|
{% else %}
|
|
|
|
/etc/sudoers.d/{{ name }}:
|
|
|
|
file.absent:
|
|
|
|
- name: /etc/sudoers.d/{{ name }}
|
2013-06-19 21:53:46 +02:00
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
{% endfor %}
|
|
|
|
|
|
|
|
{% for user in pillar.get('absent_users', []) %}
|
|
|
|
{{ user }}:
|
|
|
|
user.absent
|
2013-10-28 21:39:55 +01:00
|
|
|
/etc/sudoers.d/{{ user }}:
|
|
|
|
file.absent:
|
|
|
|
- name: /etc/sudoers.d/{{ user }}
|
2013-06-19 21:53:46 +02:00
|
|
|
{% endfor %}
|