users-formula/pillar.example

users:
  ## Minimal required pillar values
  auser:
    fullname: A User

  ## Full list of pillar values
  buser:
    fullname: B User
    password: $6$w.............
    enforce_password: True
    # WARNING: If 'empty_password' is set to True, the 'password' statement
    # will be ignored by enabling password-less login for the user.
    empty_password: False
    home: /custom/buser
    createhome: True
    roomnumber: "A-1"
    workphone: "(555) 555-5555"
    homephone: "(555) 555-5551"
    manage_vimrc: False
    manage_bashrc: False
    manage_profile: False
    expire: 16426
    sudouser: True
    # sudo_rules doesn't need the username as a prefix for the rule
    # this is added automatically by the formula.
    # ----------------------------------------------------------------------
    # In case your sudo_rules have a colon please have in mind to not leave
    # spaces around it. For example:
    # ALL=(ALL) NOPASSWD: ALL    <--- THIS WILL NOT WORK (Besides syntax is ok)
    # ALL=(ALL) NOPASSWD:ALL     <--- THIS WILL WORK
    sudo_rules:
      - ALL=(root) /usr/bin/find
      - ALL=(otheruser) /usr/bin/script.sh
    sudo_defaults:
      - '!requiretty'
    shell: /bin/bash
    prime_group:
      name: primarygroup
      gid: 500
    groups:
      - users
    ssh_key_type: rsa
    # You can inline the private keys ...
    ssh_keys:
      privkey: PRIVATEKEY
      pubkey: PUBLICKEY
    # ... or you can pull them from a different pillar,
    # for example one called "ssh_keys":
    ssh_keys_pillar:
      id_rsa: "ssh_keys"
      another_key_pair: "ssh_keys"
    ssh_auth:
      - PUBLICKEY
    ssh_auth.absent:
      - PUBLICKEY_TO_BE_REMOVED
    # Generates an authorized_keys file for the user
    # with the given keys
    ssh_auth_file:
      - PUBLICKEY
    # ... or you can pull them from a different pillar similar to ssh_keys_pillar
    ssh_auth_pillar:
      id_rsa: "ssh_keys"
    # If you prefer to keep public keys as files rather
    # than inline in pillar, this works.
    ssh_auth_sources:
      - salt://keys/buser.id_rsa.pub
    # Manage the ~/.ssh/config file
    ssh_known_hosts:
      importanthost:
        fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
    ssh_known_hosts.absent:
      - notimportanthost
    ssh_config:
      all:
        hostname: "*"
        options:
          - "StrictHostKeyChecking no"
          - "UserKnownHostsFile=/dev/null"
      importanthost:
        hostname: "needcheck.example.com"
        options:
          - "StrictHostKeyChecking yes"

    gitconfig:
      user.name: B User
      user.email: buser@example.com
      url."https://".insteadOf: "git://"

    google_2fa: True
    google_auth:
      ssh: |
        SOMEGAUTHHASHVAL
        " RESETTING_TIME_SKEW 46956472+2 46991595-2
        " RATE_LIMIT 3 30 1415800560
        " DISALLOW_REUSE 47193352
        " TOTP_AUTH
        11111111
        22222222
        33333333
        44444444
        55555555
    uid: 1001

    user_files:
      enabled: True
      # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.
      # should be a salt fileserver path either with or without 'salt://'
      # if not present, it defaults to 'salt://users/files/user/<username>
      source: users/files/default

  ## Absent user
  cuser:
    absent: True
    purge: True
    force: True


## Old syntax of absent_users still supported
absent_users:
  - donald
  - bad_guy
Add example data to pillar. 2013-07-28 00:53:23 +02:00			`users:`
New format of user.absent support introduced. Old format still supported. 2014-04-23 13:38:31 +02:00			`## Minimal required pillar values`
Add example data to pillar. 2013-07-28 00:53:23 +02:00			`auser:`
New format of user.absent support introduced. Old format still supported. 2014-04-23 13:38:31 +02:00			`fullname: A User`
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values 2014-01-30 03:46:54 +01:00
New format of user.absent support introduced. Old format still supported. 2014-04-23 13:38:31 +02:00			`## Full list of pillar values`
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values 2014-01-30 03:46:54 +01:00			`buser:`
			`fullname: B User`
Update pillar.example 2014-04-25 04:51:11 +02:00			`password: $6$w.............`
Adding support for the enforce_password option. This will allow users change their passwords after the initial setting in Salt. 2015-07-17 17:18:38 +02:00			`enforce_password: True`
Adds 'empty_password' statement for states.user.present 2015-09-27 16:20:45 +02:00			`# WARNING: If 'empty_password' is set to True, the 'password' statement`
			`# will be ignored by enabling password-less login for the user.`
			`empty_password: False`
Add home to pillar.example 2014-03-30 20:31:47 +02:00			`home: /custom/buser`
Add 'createhome' option for 'user.present' state 2014-09-07 07:23:06 +02:00			`createhome: True`
Added ability to specify room number, home phone, and work phone as per https://docs.saltstack.com/en/develop/ref/states/all/salt.states.user.html 2015-09-12 23:22:42 +02:00			`roomnumber: "A-1"`
			`workphone: "(555) 555-5555"`
			`homephone: "(555) 555-5551"`
Enable/disable bashrc/vimrc per user Made both states configurable per user in pillar data Had to drop extend, for this otherwise the extend would be empty if manage is False 2015-06-11 23:34:16 +02:00			`manage_vimrc: False`
			`manage_bashrc: False`
Add support for .profile file 2015-08-09 18:59:51 +02:00			`manage_profile: False`
Add support for setting user expire 2014-12-22 14:22:46 +01:00			`expire: 16426`
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values 2014-01-30 03:46:54 +01:00			`sudouser: True`
Add sudo_rules syntax examples for rules with colons 2015-07-04 14:30:50 +02:00			`# sudo_rules doesn't need the username as a prefix for the rule`
			`# this is added automatically by the formula.`
			`# ----------------------------------------------------------------------`
			`# In case your sudo_rules have a colon please have in mind to not leave`
			`# spaces around it. For example:`
			`# ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)`
			`# ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK`
Add support for setting user expire 2014-12-22 14:22:46 +01:00			`sudo_rules:`
Fix incorrect sudo_rules example 2014-03-30 22:31:20 +02:00			`- ALL=(root) /usr/bin/find`
			`- ALL=(otheruser) /usr/bin/script.sh`
possibility to define user-specific Defaults 2015-04-06 21:34:59 +02:00			`sudo_defaults:`
fixing example for sudo defaults for specific user 2015-04-11 14:14:36 +02:00			`- '!requiretty'`
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values 2014-01-30 03:46:54 +01:00			`shell: /bin/bash`
			`prime_group:`
yaml mistype had the prime group and ssh keys values as another dict. fixed. 2014-01-30 04:53:29 +01:00			`name: primarygroup`
			`gid: 500`
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values 2014-01-30 03:46:54 +01:00			`groups:`
			`- users`
Add and support ssh_key_type attribute to allow for dsa ssh key pairs 2014-01-31 20:44:41 +01:00			`ssh_key_type: rsa`
Add pulling keys from other pillar. Example pillar: ssh_keys: id_rsa: privkey: \| -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY----- pubkey: \| ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H.... 2015-05-01 17:48:28 +02:00			`# You can inline the private keys ...`
Revised Pillar Example Revising example pillar to add a minimal required values and a full list of available values 2014-01-30 03:46:54 +01:00			`ssh_keys:`
yaml mistype had the prime group and ssh keys values as another dict. fixed. 2014-01-30 04:53:29 +01:00			`privkey: PRIVATEKEY`
			`pubkey: PUBLICKEY`
Add pulling keys from other pillar. Example pillar: ssh_keys: id_rsa: privkey: \| -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2HcWUVBgh+vY U7sCwx/dH6+VvNwmCoqmNnP+8gTPKGl1vgAObJAnMT623dMXjVKwnEagZPRJIxDy B/HaAre9euNiY3LvIzBTWRSeMfT+rWvIKVBpvwlgGrfgz70m0pqxu+UyFbAGLin+ GpxzZAMaFpZw4sSbIlRuissXZj/sHpQb8p9M5IeO4Z3rjkCP1cxI -----END RSA PRIVATE KEY----- pubkey: \| ssh-rsa MIIEowIBAAKCAQEAoQiwO3JhBquPAalQF9qP1lLZNXVjYMIswrMe2H.... 2015-05-01 17:48:28 +02:00			`# ... or you can pull them from a different pillar,`
			`# for example one called "ssh_keys":`
			`ssh_keys_pillar:`
			`id_rsa: "ssh_keys"`
			`another_key_pair: "ssh_keys"`
Add example data to pillar. 2013-07-28 00:53:23 +02:00			`ssh_auth:`
Fix ssh_auth.names in example pillar 2014-02-14 15:33:03 +01:00			`- PUBLICKEY`
added option to remove ssh public keys from auth (ssh_auth.absent) 2014-08-03 01:40:27 +02:00			`ssh_auth.absent:`
			`- PUBLICKEY_TO_BE_REMOVED`
Add 'ssh_auth_file' pillar key to generate an authorized_keys file from given ssh public keys. 2015-02-12 23:09:56 +01:00			`# Generates an authorized_keys file for the user`
			`# with the given keys`
			`ssh_auth_file:`
			`- PUBLICKEY`
Added ability to provide pillar path for ssh_auth. 2015-08-21 12:17:49 +02:00			`# ... or you can pull them from a different pillar similar to ssh_keys_pillar`
			`ssh_auth_pillar:`
			`id_rsa: "ssh_keys"`
Added option to source ssh public keys from files. 2015-04-02 19:01:30 +02:00			`# If you prefer to keep public keys as files rather`
			`# than inline in pillar, this works.`
			`ssh_auth_sources:`
			`- salt://keys/buser.id_rsa.pub`
Add ~/.ssh/config management This adds the ability to manage the ~/.ssh/config file for users. 2015-05-15 21:47:40 +02:00			`# Manage the ~/.ssh/config file`
Add possibility to manage ssh's known_hosts file. 2015-08-27 16:31:14 +02:00			`ssh_known_hosts:`
			`importanthost:`
			`fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48`
			`ssh_known_hosts.absent:`
			`- notimportanthost`
Add ~/.ssh/config management This adds the ability to manage the ~/.ssh/config file for users. 2015-05-15 21:47:40 +02:00			`ssh_config:`
			`all:`
			`hostname: "*"`
			`options:`
			`- "StrictHostKeyChecking no"`
			`- "UserKnownHostsFile=/dev/null"`
			`importanthost:`
			`hostname: "needcheck.example.com"`
			`options:`
			`- "StrictHostKeyChecking yes"`
Added option to source ssh public keys from files. 2015-04-02 19:01:30 +02:00
Add possibility to manage the user's global git configuration. 2015-09-11 10:40:14 +02:00			`gitconfig:`
			`user.name: B User`
			`user.email: buser@example.com`
			`url."https://".insteadOf: "git://"`

readd 2fa pam enforcement 2015-07-01 18:15:31 +02:00			`google_2fa: True`
google auth example pillar config add; forgotten gauth state file add 2015-01-15 14:28:51 +01:00			`google_auth:`
			`ssh: \|`
			`SOMEGAUTHHASHVAL`
			`" RESETTING_TIME_SKEW 46956472+2 46991595-2`
			`" RATE_LIMIT 3 30 1415800560`
			`" DISALLOW_REUSE 47193352`
			`" TOTP_AUTH`
			`11111111`
			`22222222`
			`33333333`
			`44444444`
			`55555555`
update pillar.example to include uid in an attempt to save others from digging into the source (to confirm this detail) 2015-11-11 11:02:07 +01:00			`uid: 1001`
Update pillar.example Quick example of absent users 2013-08-08 18:08:01 +02:00
Added feature to allow syncing arbitrary sets of files per user. 2015-08-21 22:42:25 +02:00			`user_files:`
			`enabled: True`
			`# 'source' allows you to define an arbitrary directory to sync, useful to use for default files.`
			`# should be a salt fileserver path either with or without 'salt://'`
			`# if not present, it defaults to 'salt://users/files/user/<username>`
			`source: users/files/default`

New format of user.absent support introduced. Old format still supported. 2014-04-23 13:38:31 +02:00			`## Absent user`
			`cuser:`
			`absent: True`
			`purge: True`
			`force: True`


			`## Old syntax of absent_users still supported`
Update pillar.example Quick example of absent users 2013-08-08 18:08:01 +02:00			`absent_users:`
			`- donald`
			`- bad_guy`