redo user management; add /etc/hosts
This commit is contained in:
root
79
users/files/bashrc
Normal file
79
users/files/bashrc
Normal file
@@ -0,0 +1,79 @@
|
||||
|
||||
# If not running interactively, don't do anything
|
||||
case $- in
|
||||
*i*) ;;
|
||||
*) return;;
|
||||
esac
|
||||
|
||||
if [ -f /etc/bashrc ]; then
|
||||
. /etc/bashrc
|
||||
fi
|
||||
|
||||
# See bash(1) for more options
|
||||
export HISTCONTROL=ignoredups
|
||||
export HISTSIZE=2000000
|
||||
export HISTFILESIZE=2000000
|
||||
export HISTTIMEFORMAT="(%m/%d/%y) %T "
|
||||
export PROMPT_COMMAND='history -a'
|
||||
shopt -s histappend
|
||||
shopt -s checkwinsize
|
||||
|
||||
# make less more friendly for non-text input files, see lesspipe(1)
|
||||
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
|
||||
|
||||
# enable color support of ls and also add handy aliases
|
||||
if [ -x /usr/bin/dircolors ]; then
|
||||
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
|
||||
alias ls='ls --color=auto'
|
||||
#alias dir='dir --color=auto'
|
||||
#alias vdir='vdir --color=auto'
|
||||
|
||||
alias grep='grep --color=auto'
|
||||
alias fgrep='fgrep --color=auto'
|
||||
alias egrep='egrep --color=auto'
|
||||
fi
|
||||
|
||||
# some more ls aliases
|
||||
alias ll='ls -alF'
|
||||
alias la='ls -A'
|
||||
alias l='ls -CF'
|
||||
alias rm='rm -i'
|
||||
alias cp='cp -i'
|
||||
alias mv='mv -i'
|
||||
alias vi='vim'
|
||||
|
||||
export EDITOR='vim'
|
||||
export VISUAL='vim'
|
||||
|
||||
# enable programmable completion features (you don't need to enable
|
||||
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
|
||||
# sources /etc/bash.bashrc).
|
||||
if ! shopt -oq posix; then
|
||||
if [ -f /usr/share/bash-completion/bash_completion ]; then
|
||||
. /usr/share/bash-completion/bash_completion
|
||||
elif [ -f /etc/bash_completion ]; then
|
||||
. /etc/bash_completion
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then # color support
|
||||
PS1="[\[\e[1;33;1m\]\$(awk '{print \$1}' /proc/loadavg)\[\e[0m\]/\[\e[1;34;1m\]\$(grep -c '^processor' /proc/cpuinfo)\[\e[0m\]][\[\e[1;31;1m\]\u\[\e[0m\]@\[\e[1;32;32m\]\h\[\e[39;1m\] \w\[\e[0m\]]$ "
|
||||
else
|
||||
PS1="[\$(awk {'print \$1'} /proc/loadavg)/\$(grep -c '^processor' /proc/cpuinfo)][\u@\h \w]$ "
|
||||
fi
|
||||
|
||||
if which apt-get >/dev/null 2>&1; then
|
||||
alias update="sudo apt-get update && sudo apt-get -y upgrade"
|
||||
else
|
||||
alias update="yum clean all && yum -y update"
|
||||
fi
|
||||
|
||||
if [ $(id -u) -gt 0 ]; then
|
||||
alias puppet='sudo puppet'
|
||||
alias fab='sudo fab'
|
||||
fi
|
||||
|
||||
alias random='< /dev/urandom tr -dc A-Za-z0-9 | head -c${1:-32};echo'
|
||||
|
||||
# https://git.keiran.us/config-mgmt/puppet/raw/commit/09158fc579f5ee2c00f395971d8c986e3ec08788/modules/keir/files/bash/bashrc
|
||||
|
||||
95
users/init.sls
Normal file
95
users/init.sls
Normal file
@@ -0,0 +1,95 @@
|
||||
|
||||
{% if salt.pillar.get('root_authorized_keys', None) is not none %}
|
||||
/root/.ssh:
|
||||
file.directory:
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 700
|
||||
|
||||
/root/.ssh/authorized_keys:
|
||||
file.managed:
|
||||
- contents_pillar: root_authorized_keys
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 400
|
||||
- require:
|
||||
- file: /root/.ssh
|
||||
{% endif %}
|
||||
|
||||
{% if salt.pillar.get('manage_root_bashrc', False) %}
|
||||
/root/.bashrc:
|
||||
file.managed:
|
||||
- source: 'salt://users/files/bashrc'
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 0644
|
||||
{% endif %}
|
||||
|
||||
#/root/.ssh/config:
|
||||
# file.managed:
|
||||
# - source: 'salt://ssh/files/ssh_config.jinja'
|
||||
# - template: jinja
|
||||
# - user: root
|
||||
# - group: root
|
||||
# - mode: 400
|
||||
# - require:
|
||||
# - file: /root/.ssh
|
||||
|
||||
{% for user, data in salt.pillar.get('users', {}).items() %}
|
||||
|
||||
{{ user }}_user:
|
||||
user.present:
|
||||
- name: {{ user }}
|
||||
- shell: {{ data.get('shell', '/bin/bash')|yaml_encode }}
|
||||
{% if 'groups' in data %}
|
||||
- groups:
|
||||
{% for group in data['groups'] %}
|
||||
- {{ group|yaml_encode }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if data.get('manage_bashrc', False) %}
|
||||
/home/{{ user }}/.bashrc:
|
||||
file.managed:
|
||||
- source: 'salt://users/files/bashrc'
|
||||
- user: {{ user }}
|
||||
- group: {{ user }}
|
||||
- mode: 0644
|
||||
- require:
|
||||
- user: {{ user }}_user
|
||||
{% endif %}
|
||||
|
||||
{% if 'authorized_keys' in data or 'ssh_config' in data %}
|
||||
/home/{{ user }}/.ssh:
|
||||
file.directory:
|
||||
- user: {{ user }}
|
||||
- group: {{ user }}
|
||||
- mode: 0700
|
||||
- require:
|
||||
- user: {{ user }}_user
|
||||
{% endif %}
|
||||
|
||||
{% if 'authorized_keys' in data %}
|
||||
/home/{{ user }}/.ssh/authorized_keys:
|
||||
file.managed:
|
||||
- contents_pillar: users:{{ user }}:authorized_keys
|
||||
- user: {{ user }}
|
||||
- group: {{ user }}
|
||||
- mode: 0400
|
||||
- require:
|
||||
- file: /home/{{ user }}/.ssh
|
||||
{% endif %}
|
||||
|
||||
{% if 'ssh_config' in data %}
|
||||
/home/{{ user }}/.ssh/config:
|
||||
file.managed:
|
||||
- contents_pillar: users:{{ user }}:ssh_config
|
||||
- user: {{ user }}
|
||||
- group: {{ user }}
|
||||
- mode: 0400
|
||||
- require:
|
||||
- file: /home/{{ user }}/.ssh
|
||||
{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
|
||||
Reference in New Issue
Block a user