diff --git a/users/googleauth.sls b/users/googleauth.sls index 55260f6..7342132 100644 --- a/users/googleauth.sls +++ b/users/googleauth.sls @@ -1,15 +1,15 @@ # vim: sts=2 ts=2 sw=2 et ai {% from "users/map.jinja" import users with context %} -googleauth-package: +users_googleauth-package: pkg.installed: - name: {{ users.googleauth_package }} - require: - file: {{ users.googleauth_dir }} -{{ users.googleauth_dir }}: - file: - - directory +users_{{ users.googleauth_dir }}: + file.directory: + - name: {{ users.googleauth_dir }} - user: root - group: {{ users.root_group }} - mode: 600 diff --git a/users/init.sls b/users/init.sls index ec9915f..9326b26 100644 --- a/users/init.sls +++ b/users/init.sls @@ -38,13 +38,13 @@ include: {%- endif %} {% for group in user.get('groups', []) %} -{{ name }}_{{ group }}_group: +users_{{ name }}_{{ group }}_group: group: - name: {{ group }} - present {% endfor %} -{{ name }}_user: +users_{{ name }}_user: {% if user.get('createhome', True) %} file.directory: - name: {{ home }} @@ -98,7 +98,7 @@ include: - group: {{ group }} {% endfor %} -user_keydir_{{ name }}: +users_user_keydir_{{ name }}: file.directory: - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh - user: {{ name }} @@ -114,7 +114,7 @@ user_keydir_{{ name }}: {% if 'ssh_keys' in user %} {% set key_type = 'id_' + user.get('ssh_key_type', 'rsa') %} -user_{{ name }}_private_key: +users_user_{{ name }}_private_key: file.managed: - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }} - user: {{ name }} @@ -123,11 +123,11 @@ user_{{ name }}_private_key: - show_diff: False - contents_pillar: users:{{ name }}:ssh_keys:privkey - require: - - user: {{ name }}_user + - user: users_{{ name }}_user {% for group in user.get('groups', []) %} - - group: {{ name }}_{{ group }}_group + - group: users_{{ name }}_{{ group }}_group {% endfor %} -user_{{ name }}_public_key: +users_user_{{ name }}_public_key: file.managed: - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_type }}.pub - user: {{ name }} @@ -136,15 +136,16 @@ user_{{ name }}_public_key: - show_diff: False - contents_pillar: users:{{ name }}:ssh_keys:pubkey - require: - - user: {{ name }}_user + - user: users_{{ name }}_user {% for group in user.get('groups', []) %} - - group: {{ name }}_{{ group }}_group + - group: users_{{ name }}_{{ group }}_group {% endfor %} {% endif %} {% if 'ssh_auth_file' in user %} -{{ home }}/.ssh/authorized_keys: +users_authorized_keys_{{ name }}: file.managed: + - name: {{ home }}/.ssh/authorized_keys - user: {{ name }} - group: {{ name }} - mode: 600 @@ -156,25 +157,25 @@ user_{{ name }}_public_key: {% if 'ssh_auth' in user %} {% for auth in user['ssh_auth'] %} -ssh_auth_{{ name }}_{{ loop.index0 }}: +users_ssh_auth_{{ name }}_{{ loop.index0 }}: ssh_auth.present: - user: {{ name }} - name: {{ auth }} - require: - - file: {{ name }}_user - - user: {{ name }}_user + - file: users_{{ name }}_user + - user: users_{{ name }}_user {% endfor %} {% endif %} {% if 'ssh_keys_pillar' in user %} {% for key_name, pillar_name in user['ssh_keys_pillar'].iteritems() %} -ssh_keys_files_{{ name }}_{{ key_name }}_pub: +users_ssh_keys_files_{{ name }}_{{ key_name }}_pub: file.managed: - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name }}.pub - contents: | {{ pillar[pillar_name][key_name]['pubkey'] }} -ssh_keys_files_{{ name }}_{{ key_name }}_priv: +users_ssh_keys_files_{{ name }}_{{ key_name }}_priv: file.managed: - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/{{ key_name }} @@ -185,31 +186,31 @@ ssh_keys_files_{{ name }}_{{ key_name }}_priv: {% if 'ssh_auth_sources' in user %} {% for pubkey_file in user['ssh_auth_sources'] %} -ssh_auth_source_{{ name }}_{{ loop.index0 }}: +users_ssh_auth_source_{{ name }}_{{ loop.index0 }}: ssh_auth.present: - user: {{ name }} - source: {{ pubkey_file }} - require: - - file: {{ name }}_user - - user: {{ name }}_user + - file: users_{{ name }}_user + - user: users_{{ name }}_user {% endfor %} {% endif %} {% if 'ssh_auth.absent' in user %} {% for auth in user['ssh_auth.absent'] %} -ssh_auth_delete_{{ name }}_{{ loop.index0 }}: +users_ssh_auth_delete_{{ name }}_{{ loop.index0 }}: ssh_auth.absent: - user: {{ name }} - name: {{ auth }} - require: - - file: {{ name }}_user - - user: {{ name }}_user + - file: users_{{ name }}_user + - user: users_{{ name }}_user {% endfor %} {% endif %} {% if 'sudouser' in user and user['sudouser'] %} -sudoer-{{ name }}: +users_sudoer-{{ name }}: file.managed: - name: {{ users.sudoers_dir }}/{{ name }} - user: root @@ -227,7 +228,7 @@ sudoer-{{ name }}: # Specify the rule via an env var to avoid shell quoting issues. - rule: "{{ name }} {{ rule }}" - require_in: - - file: {{ users.sudoers_dir }}/{{ name }} + - file: users_{{ users.sudoers_dir }}/{{ name }} {% endfor %} {% endif %} {% if 'sudo_defaults' in user %} @@ -241,12 +242,13 @@ sudoer-{{ name }}: # Specify the rule via an env var to avoid shell quoting issues. - rule: "Defaults:{{ name }} {{ entry }}" - require_in: - - file: {{ users.sudoers_dir }}/{{ name }} + - file: users_{{ users.sudoers_dir }}/{{ name }} {% endfor %} {% endif %} -{{ users.sudoers_dir }}/{{ name }}: +users_{{ users.sudoers_dir }}/{{ name }}: file.managed: + - name: {{ users.sudoers_dir }}/{{ name }} - contents: | {%- if 'sudo_defaults' in user %} {%- for entry in user['sudo_defaults'] %} @@ -259,18 +261,18 @@ sudoer-{{ name }}: {%- endfor %} {%- endif %} - require: - - file: sudoer-defaults - - file: sudoer-{{ name }} + - file: users_sudoer-defaults + - file: users_sudoer-{{ name }} {% endif %} {% else %} -{{ users.sudoers_dir }}/{{ name }}: +users_{{ users.sudoers_dir }}/{{ name }}: file.absent: - name: {{ users.sudoers_dir }}/{{ name }} {% endif %} {%- if 'google_auth' in user %} {%- for svc in user['google_auth'] %} -googleauth-{{ svc }}-{{ name }}: +users_googleauth-{{ svc }}-{{ name }}: file.managed: - replace: false - name: {{ users.googleauth_dir }}/{{ name }}_{{ svc }} @@ -279,16 +281,17 @@ googleauth-{{ svc }}-{{ name }}: - group: {{ users.root_group }} - mode: 600 - require: - - pkg: googleauth-package + - pkg: users_googleauth-package {%- endfor %} {%- endif %} {% endfor %} {% for name, user in pillar.get('users', {}).items() if user.absent is defined and user.absent %} -{{ name }}: +users_absent_user_{{ name }}: {% if 'purge' in user or 'force' in user %} user.absent: + - name: {{ name }} {% if 'purge' in user %} - purge: {{ user['purge'] }} {% endif %} @@ -296,23 +299,25 @@ googleauth-{{ svc }}-{{ name }}: - force: {{ user['force'] }} {% endif %} {% else %} - user.absent + user.absent: + - name: {{ name }} {% endif -%} -{{ users.sudoers_dir }}/{{ name }}: +users_{{ users.sudoers_dir }}/{{ name }}: file.absent: - name: {{ users.sudoers_dir }}/{{ name }} {% endfor %} {% for user in pillar.get('absent_users', []) %} -{{ user }}: +users_absent_user_2_{{ user }}: user.absent -{{ users.sudoers_dir }}/{{ user }}: +users_2_{{ users.sudoers_dir }}/{{ user }}: file.absent: - name: {{ users.sudoers_dir }}/{{ user }} {% endfor %} {% for group in pillar.get('absent_groups', []) %} -{{ group }}: - group.absent +users_absent_group_{{ group }}: + group.absent: + - name: {{ group }} {% endfor %} diff --git a/users/sudo.sls b/users/sudo.sls index 5d852c9..2953ad2 100644 --- a/users/sudo.sls +++ b/users/sudo.sls @@ -2,31 +2,31 @@ {% from "users/map.jinja" import users with context %} # Ensure availability of bash -bash-package: +users_bash-package: pkg.installed: - name: {{ users.bash_package }} -sudo-group: +users_sudo-group: group.present: - name: sudo - system: True -sudo-package: +users_sudo-package: pkg.installed: - name: {{ users.sudo_package }} - require: - - group: sudo-group + - group: users_sudo-group - file: {{ users.sudoers_dir }} -{{ users.sudoers_dir }}: - file: - - directory +users_{{ users.sudoers_dir }}: + file.directory: + - name: {{ users.sudoers_dir }} -sudoer-defaults: +users_sudoer-defaults: file.append: - name: {{ users.sudoers_file }} - require: - - pkg: sudo-package + - pkg: users_sudo-package - text: - Defaults env_reset - Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"