From 318b98e75e39cbec8d1459fa5f47e35e44085bd8 Mon Sep 17 00:00:00 2001
From: root <root@kpi.keiran.us>
Date: Fri, 15 May 2020 00:07:44 -0400
Subject: [PATCH] redo user management; add /etc/hosts

---
 common/packages.sls                          |  3 +
 net/files/hosts.jinja                        |  5 ++
 net/init.sls                                 |  9 ++
 salt/files/minion.jinja                      |  3 +-
 ssh/files/authorized_keys.jinja              |  6 --
 ssh/files/ssh_config.jinja                   | 11 ---
 ssh/init.sls                                 | 73 ---------------
 top.sls                                      |  4 +-
 ssh/files/bashrc.jinja => users/files/bashrc |  0
 users/init.sls                               | 95 ++++++++++++++++++++
 10 files changed, 116 insertions(+), 93 deletions(-)
 create mode 100644 net/files/hosts.jinja
 create mode 100644 net/init.sls
 delete mode 100644 ssh/files/authorized_keys.jinja
 delete mode 100644 ssh/files/ssh_config.jinja
 delete mode 100644 ssh/init.sls
 rename ssh/files/bashrc.jinja => users/files/bashrc (100%)
 create mode 100644 users/init.sls

diff --git a/common/packages.sls b/common/packages.sls
index 6224518..d8aafae 100644
--- a/common/packages.sls
+++ b/common/packages.sls
@@ -6,3 +6,6 @@
 {% for package in common['packages'] %}
       - {{ package|yaml_encode }}
 {% endfor %}
+{% for package in salt.pillar.get('packages', []) %}
+      - {{ package|yaml_encode }}
+{% endfor %}
diff --git a/net/files/hosts.jinja b/net/files/hosts.jinja
new file mode 100644
index 0000000..6d9c88b
--- /dev/null
+++ b/net/files/hosts.jinja
@@ -0,0 +1,5 @@
+127.0.0.1   localhost
+::1         localhost
+{% for ipaddr, names in salt.pillar.get('lan_hosts', {}).items() -%}
+{{ ipaddr }} {{ names }}
+{% endfor -%}
diff --git a/net/init.sls b/net/init.sls
new file mode 100644
index 0000000..38dc56c
--- /dev/null
+++ b/net/init.sls
@@ -0,0 +1,9 @@
+
+/etc/hosts:
+  file.managed:
+    - source: 'salt://net/files/hosts.jinja'
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: 0644
+
diff --git a/salt/files/minion.jinja b/salt/files/minion.jinja
index 1cc78db..6f567b3 100644
--- a/salt/files/minion.jinja
+++ b/salt/files/minion.jinja
@@ -1,5 +1,4 @@
-master: kpi.keiran.us
-pillar_raise_on_missing: True
+master: 192.168.1.9
 state_output: changes
 log_level: error
 grains_cache: True
diff --git a/ssh/files/authorized_keys.jinja b/ssh/files/authorized_keys.jinja
deleted file mode 100644
index 9506fcc..0000000
--- a/ssh/files/authorized_keys.jinja
+++ /dev/null
@@ -1,6 +0,0 @@
-# Managed by Salt
-{% set comments = pillar['global_authorized_keys'].keys()|sort -%}
-{% for comment in comments -%}
-{%   set keydata = pillar['global_authorized_keys'][comment] -%}
-{{keydata}} {{comment}}
-{% endfor -%}
diff --git a/ssh/files/ssh_config.jinja b/ssh/files/ssh_config.jinja
deleted file mode 100644
index ef0758d..0000000
--- a/ssh/files/ssh_config.jinja
+++ /dev/null
@@ -1,11 +0,0 @@
-# Managed by salt
-{% set hosts = pillar['ssh_config'].keys()|sort -%}
-{% for host in hosts -%}
-{%   set config = pillar['ssh_config'][host] %}
-Host {{host}}
-{%-  set keys = config.keys()|sort %}
-{%-  for key in keys %}
-{%-    set val = config[key] %}
-    {{key}} {{val -}}
-{%   endfor %}
-{% endfor -%}
diff --git a/ssh/init.sls b/ssh/init.sls
deleted file mode 100644
index 16bc7dd..0000000
--- a/ssh/init.sls
+++ /dev/null
@@ -1,73 +0,0 @@
-
-/root/.ssh:
-  file.directory:
-    - user: root
-    - group: root
-    - mode: 700
-
-/root/.ssh/authorized_keys:
-  file.managed:
-    - source: 'salt://ssh/files/authorized_keys.jinja'
-    - template: jinja
-    - user: root
-    - group: root
-    - mode: 400
-    - require:
-      - file: /root/.ssh
-
-/root/.bashrc:
-  file.managed:
-    - source: 'salt://ssh/files/bashrc.jinja'
-    - template: jinja
-    - user: root
-    - group: root
-    - mode: 644
-
-/root/.ssh/config:
-  file.managed:
-    - source: 'salt://ssh/files/ssh_config.jinja'
-    - template: jinja
-    - user: root
-    - group: root
-    - mode: 400
-    - require:
-      - file: /root/.ssh
-
-{% for user in salt.pillar.get('users', []) | union(salt.pillar.get('ssh_config_users', [])) %}
-
-/home/{{user}}/.ssh:
-  file.directory:
-    - user: {{user}}
-    - group: {{user}}
-    - mode: 700
-
-{% endfor %}
-
-{% for user in salt.pillar.get('ssh_config_users', []) %}
-
-/home/{{user}}/.ssh/config:
-  file.managed:
-    - source: 'salt://ssh/files/ssh_config.jinja'
-    - template: jinja
-    - user: {{user}}
-    - group: {{user}}
-    - mode: 400
-    - require:
-      - file: /home/{{user}}/.ssh
-
-{% endfor %}
-
-{% for user in salt.pillar.get('users', []) %}
-
-/home/{{user}}/.ssh/authorized_keys:
-  file.managed:
-    - source: 'salt://ssh/files/authorized_keys.jinja'
-    - template: jinja
-    - user: {{user}}
-    - group: {{user}}
-    - mode: 400
-    - require:
-      - file: /home/{{user}}/.ssh
-
-{% endfor %}
-
diff --git a/top.sls b/top.sls
index f008682..ae8abea 100644
--- a/top.sls
+++ b/top.sls
@@ -1,8 +1,10 @@
 {{saltenv}}:
   '*':
     - common
-    - ssh
+    - users
     - salt.minion
+  '*.keiran.us':
+    - net
   'vps47492.inmotionhosting.com':
     - gitea
   'kpi.keiran.us':
diff --git a/ssh/files/bashrc.jinja b/users/files/bashrc
similarity index 100%
rename from ssh/files/bashrc.jinja
rename to users/files/bashrc
diff --git a/users/init.sls b/users/init.sls
new file mode 100644
index 0000000..3fbe698
--- /dev/null
+++ b/users/init.sls
@@ -0,0 +1,95 @@
+
+{% if salt.pillar.get('root_authorized_keys', None) is not none %}
+/root/.ssh:
+  file.directory:
+    - user: root
+    - group: root
+    - mode: 700
+
+/root/.ssh/authorized_keys:
+  file.managed:
+    - contents_pillar: root_authorized_keys
+    - user: root
+    - group: root
+    - mode: 400
+    - require:
+      - file: /root/.ssh
+{% endif %}
+
+{% if salt.pillar.get('manage_root_bashrc', False) %}
+/root/.bashrc:
+  file.managed:
+    - source: 'salt://users/files/bashrc'
+    - user: root
+    - group: root
+    - mode: 0644
+{% endif %}
+
+#/root/.ssh/config:
+#  file.managed:
+#    - source: 'salt://ssh/files/ssh_config.jinja'
+#    - template: jinja
+#    - user: root
+#    - group: root
+#    - mode: 400
+#    - require:
+#      - file: /root/.ssh
+
+{% for user, data in salt.pillar.get('users', {}).items() %}
+
+{{ user }}_user:
+  user.present:
+    - name: {{ user }}
+    - shell: {{ data.get('shell', '/bin/bash')|yaml_encode }}
+{% if 'groups' in data %}
+    - groups:
+{%   for group in data['groups'] %}
+      - {{ group|yaml_encode }}
+{%   endfor %}
+{% endif %}
+
+{% if data.get('manage_bashrc', False) %}
+/home/{{ user }}/.bashrc:
+  file.managed:
+    - source: 'salt://users/files/bashrc'
+    - user: {{ user }}
+    - group: {{ user }}
+    - mode: 0644
+    - require:
+      - user: {{ user }}_user
+{% endif %}
+
+{% if 'authorized_keys' in data or 'ssh_config' in data %}
+/home/{{ user }}/.ssh:
+  file.directory:
+    - user: {{ user }}
+    - group: {{ user }}
+    - mode: 0700
+    - require:
+      - user: {{ user }}_user
+{% endif %}
+
+{% if 'authorized_keys' in data %}
+/home/{{ user }}/.ssh/authorized_keys:
+  file.managed:
+    - contents_pillar: users:{{ user }}:authorized_keys
+    - user: {{ user }}
+    - group: {{ user }}
+    - mode: 0400
+    - require:
+      - file: /home/{{ user }}/.ssh
+{% endif %}
+
+{% if 'ssh_config' in data %}
+/home/{{ user }}/.ssh/config:
+  file.managed:
+    - contents_pillar: users:{{ user }}:ssh_config
+    - user: {{ user }}
+    - group: {{ user }}
+    - mode: 0400
+    - require:
+      - file: /home/{{ user }}/.ssh
+{% endif %}
+
+{% endfor %}
+