users: ## Minimal required pillar values auser: fullname: A User ## Full list of pillar values buser: fullname: B User password: $6$w............. enforce_password: True home: /custom/buser createhome: True manage_vimrc: False manage_bashrc: False manage_profile: False expire: 16426 sudouser: True # sudo_rules doesn't need the username as a prefix for the rule # this is added automatically by the formula. # ---------------------------------------------------------------------- # In case your sudo_rules have a colon please have in mind to not leave # spaces around it. For example: # ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok) # ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK sudo_rules: - ALL=(root) /usr/bin/find - ALL=(otheruser) /usr/bin/script.sh sudo_defaults: - '!requiretty' shell: /bin/bash prime_group: name: primarygroup gid: 500 groups: - users ssh_key_type: rsa # You can inline the private keys ... ssh_keys: privkey: PRIVATEKEY pubkey: PUBLICKEY # ... or you can pull them from a different pillar, # for example one called "ssh_keys": ssh_keys_pillar: id_rsa: "ssh_keys" another_key_pair: "ssh_keys" ssh_auth: - PUBLICKEY ssh_auth.absent: - PUBLICKEY_TO_BE_REMOVED # Generates an authorized_keys file for the user # with the given keys ssh_auth_file: - PUBLICKEY # ... or you can pull them from a different pillar similar to ssh_keys_pillar ssh_auth_pillar: id_rsa: "ssh_keys" # If you prefer to keep public keys as files rather # than inline in pillar, this works. ssh_auth_sources: - salt://keys/buser.id_rsa.pub # Manage the ~/.ssh/config file ssh_config: all: hostname: "*" options: - "StrictHostKeyChecking no" - "UserKnownHostsFile=/dev/null" importanthost: hostname: "needcheck.example.com" options: - "StrictHostKeyChecking yes" google_2fa: True google_auth: ssh: | SOMEGAUTHHASHVAL " RESETTING_TIME_SKEW 46956472+2 46991595-2 " RATE_LIMIT 3 30 1415800560 " DISALLOW_REUSE 47193352 " TOTP_AUTH 11111111 22222222 33333333 44444444 55555555 ## Absent user cuser: absent: True purge: True force: True ## Old syntax of absent_users still supported absent_users: - donald - bad_guy