users-formula/pillar.example

140 lines
4.0 KiB
Plaintext
Raw Normal View History

users-formula:
lookup: # override the defauls in map.jinja
root_group: root
2013-07-28 00:53:23 +02:00
users:
## Minimal required pillar values
2013-07-28 00:53:23 +02:00
auser:
fullname: A User
## Full list of pillar values
buser:
fullname: B User
2014-04-25 04:51:11 +02:00
password: $6$w.............
enforce_password: True
# WARNING: If 'empty_password' is set to True, the 'password' statement
# will be ignored by enabling password-less login for the user.
empty_password: False
2016-12-01 16:59:51 +01:00
hash_password: False
system: False
2014-03-30 20:31:47 +02:00
home: /custom/buser
2016-06-13 17:22:09 +02:00
homedir_owner: buser
homedir_group: primarygroup
user_dir_mode: 750
createhome: True
roomnumber: "A-1"
workphone: "(555) 555-5555"
homephone: "(555) 555-5551"
manage_vimrc: False
manage_bashrc: False
2015-08-09 18:59:51 +02:00
manage_profile: False
2014-12-22 14:22:46 +01:00
expire: 16426
sudouser: True
# sudo_rules doesn't need the username as a prefix for the rule
# this is added automatically by the formula.
# ----------------------------------------------------------------------
# In case your sudo_rules have a colon please have in mind to not leave
# spaces around it. For example:
# ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
# ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
2014-12-22 14:22:46 +01:00
sudo_rules:
2014-03-30 22:31:20 +02:00
- ALL=(root) /usr/bin/find
- ALL=(otheruser) /usr/bin/script.sh
sudo_defaults:
- '!requiretty'
shell: /bin/bash
remove_groups: False
prime_group:
name: primarygroup
gid: 500
groups:
- users
optional_groups:
- some_groups_that_might
- not_exist_on_all_minions
ssh_key_type: rsa
# You can inline the private keys ...
ssh_keys:
privkey: PRIVATEKEY
pubkey: PUBLICKEY
# ... or you can pull them from a different pillar,
# for example one called "ssh_keys":
ssh_keys_pillar:
id_rsa: "ssh_keys"
another_key_pair: "ssh_keys"
2013-07-28 00:53:23 +02:00
ssh_auth:
2014-02-14 15:33:03 +01:00
- PUBLICKEY
ssh_auth.absent:
- PUBLICKEY_TO_BE_REMOVED
# Generates an authorized_keys file for the user
# with the given keys
ssh_auth_file:
- PUBLICKEY
# ... or you can pull them from a different pillar similar to ssh_keys_pillar
ssh_auth_pillar:
id_rsa: "ssh_keys"
# If you prefer to keep public keys as files rather
# than inline in pillar, this works.
ssh_auth_sources:
- salt://keys/buser.id_rsa.pub
ssh_auth_sources.absent:
- salt://keys/deleteduser.id_rsa.pub # PUBLICKEY_FILE_TO_BE_REMOVED
# Manage the ~/.ssh/config file
ssh_known_hosts:
importanthost:
fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
ssh_known_hosts.absent:
- notimportanthost
ssh_config:
all:
hostname: "*"
options:
- "StrictHostKeyChecking no"
- "UserKnownHostsFile=/dev/null"
importanthost:
hostname: "needcheck.example.com"
options:
- "StrictHostKeyChecking yes"
# Using gitconfig without Git installed will result in an error
# https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:
# This state module now requires git 1.6.5 (released 10 October 2009) or newer.
gitconfig:
user.name: B User
user.email: buser@example.com
"url.https://.insteadOf": "git://"
2015-07-01 18:15:31 +02:00
google_2fa: True
google_auth:
ssh: |
SOMEGAUTHHASHVAL
" RESETTING_TIME_SKEW 46956472+2 46991595-2
" RATE_LIMIT 3 30 1415800560
" DISALLOW_REUSE 47193352
" TOTP_AUTH
11111111
22222222
33333333
44444444
55555555
uid: 1001
user_files:
enabled: True
# 'source' allows you to define an arbitrary directory to sync, useful to use for default files.
# should be a salt fileserver path either with or without 'salt://'
# if not present, it defaults to 'salt://users/files/user/<username>
source: users/files/default
## Absent user
cuser:
absent: True
purge: True
force: True
## Old syntax of absent_users still supported
absent_users:
- donald
- bad_guy