config-mgmt/salt-states
0
0
Fork 0
Code Releases Activity

redo user management; add /etc/hosts

Browse Source
This commit is contained in:
root
2020-05-15 00:07:44 -04:00
parent 3aae5c63e3
commit 318b98e75e
10 changed files with 116 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
common/packages.sls
View File

@@ -6,3 +6,6 @@
{% for package in common['packages'] %} {% for package in common['packages'] %}
- {{ package|yaml_encode }} - {{ package|yaml_encode }}
{% endfor %} {% endfor %}
{% for package in salt.pillar.get('packages', []) %}
- {{ package|yaml_encode }}
{% endfor %}

5
net/files/hosts.jinja Normal file
View File

@@ -0,0 +1,5 @@
127.0.0.1 localhost
::1 localhost
{% for ipaddr, names in salt.pillar.get('lan_hosts', {}).items() -%}
{{ ipaddr }} {{ names }}
{% endfor -%}

9
net/init.sls Normal file
View File

@@ -0,0 +1,9 @@
/etc/hosts:
file.managed:
- source: 'salt://net/files/hosts.jinja'
- template: jinja
- user: root
- group: root
- mode: 0644

3
salt/files/minion.jinja
View File

@@ -1,5 +1,4 @@
master: kpi.keiran.us master: 192.168.1.9
pillar_raise_on_missing: True
state_output: changes state_output: changes
log_level: error log_level: error
grains_cache: True grains_cache: True

6
ssh/files/authorized_keys.jinja
View File

@@ -1,6 +0,0 @@
# Managed by Salt
{% set comments = pillar['global_authorized_keys'].keys()|sort -%}
{% for comment in comments -%}
{% set keydata = pillar['global_authorized_keys'][comment] -%}
{{keydata}} {{comment}}
{% endfor -%}

11
ssh/files/ssh_config.jinja
View File

@@ -1,11 +0,0 @@
# Managed by salt
{% set hosts = pillar['ssh_config'].keys()|sort -%}
{% for host in hosts -%}
{% set config = pillar['ssh_config'][host] %}
Host {{host}}
{%- set keys = config.keys()|sort %}
{%- for key in keys %}
{%- set val = config[key] %}
{{key}} {{val -}}
{% endfor %}
{% endfor -%}

73
ssh/init.sls
View File

@@ -1,73 +0,0 @@
/root/.ssh:
file.directory:
- user: root
- group: root
- mode: 700
/root/.ssh/authorized_keys:
file.managed:
- source: 'salt://ssh/files/authorized_keys.jinja'
- template: jinja
- user: root
- group: root
- mode: 400
- require:
- file: /root/.ssh
/root/.bashrc:
file.managed:
- source: 'salt://ssh/files/bashrc.jinja'
- template: jinja
- user: root
- group: root
- mode: 644
/root/.ssh/config:
file.managed:
- source: 'salt://ssh/files/ssh_config.jinja'
- template: jinja
- user: root
- group: root
- mode: 400
- require:
- file: /root/.ssh
{% for user in salt.pillar.get('users', []) | union(salt.pillar.get('ssh_config_users', [])) %}
/home/{{user}}/.ssh:
file.directory:
- user: {{user}}
- group: {{user}}
- mode: 700
{% endfor %}
{% for user in salt.pillar.get('ssh_config_users', []) %}
/home/{{user}}/.ssh/config:
file.managed:
- source: 'salt://ssh/files/ssh_config.jinja'
- template: jinja
- user: {{user}}
- group: {{user}}
- mode: 400
- require:
- file: /home/{{user}}/.ssh
{% endfor %}
{% for user in salt.pillar.get('users', []) %}
/home/{{user}}/.ssh/authorized_keys:
file.managed:
- source: 'salt://ssh/files/authorized_keys.jinja'
- template: jinja
- user: {{user}}
- group: {{user}}
- mode: 400
- require:
- file: /home/{{user}}/.ssh
{% endfor %}

4
top.sls
View File

@@ -1,8 +1,10 @@
{{saltenv}}: {{saltenv}}:
'*': '*':
- common - common
- ssh - users
- salt.minion - salt.minion
'*.keiran.us':
- net
'vps47492.inmotionhosting.com': 'vps47492.inmotionhosting.com':
- gitea - gitea
'kpi.keiran.us': 'kpi.keiran.us':

0
ssh/files/bashrc.jinja → users/files/bashrc
View File

95
users/init.sls Normal file
View File

@@ -0,0 +1,95 @@
{% if salt.pillar.get('root_authorized_keys', None) is not none %}
/root/.ssh:
file.directory:
- user: root
- group: root
- mode: 700
/root/.ssh/authorized_keys:
file.managed:
- contents_pillar: root_authorized_keys
- user: root
- group: root
- mode: 400
- require:
- file: /root/.ssh
{% endif %}
{% if salt.pillar.get('manage_root_bashrc', False) %}
/root/.bashrc:
file.managed:
- source: 'salt://users/files/bashrc'
- user: root
- group: root
- mode: 0644
{% endif %}
#/root/.ssh/config:
# file.managed:
# - source: 'salt://ssh/files/ssh_config.jinja'
# - template: jinja
# - user: root
# - group: root
# - mode: 400
# - require:
# - file: /root/.ssh
{% for user, data in salt.pillar.get('users', {}).items() %}
{{ user }}_user:
user.present:
- name: {{ user }}
- shell: {{ data.get('shell', '/bin/bash')|yaml_encode }}
{% if 'groups' in data %}
- groups:
{% for group in data['groups'] %}
- {{ group|yaml_encode }}
{% endfor %}
{% endif %}
{% if data.get('manage_bashrc', False) %}
/home/{{ user }}/.bashrc:
file.managed:
- source: 'salt://users/files/bashrc'
- user: {{ user }}
- group: {{ user }}
- mode: 0644
- require:
- user: {{ user }}_user
{% endif %}
{% if 'authorized_keys' in data or 'ssh_config' in data %}
/home/{{ user }}/.ssh:
file.directory:
- user: {{ user }}
- group: {{ user }}
- mode: 0700
- require:
- user: {{ user }}_user
{% endif %}
{% if 'authorized_keys' in data %}
/home/{{ user }}/.ssh/authorized_keys:
file.managed:
- contents_pillar: users:{{ user }}:authorized_keys
- user: {{ user }}
- group: {{ user }}
- mode: 0400
- require:
- file: /home/{{ user }}/.ssh
{% endif %}
{% if 'ssh_config' in data %}
/home/{{ user }}/.ssh/config:
file.managed:
- contents_pillar: users:{{ user }}:ssh_config
- user: {{ user }}
- group: {{ user }}
- mode: 0400
- require:
- file: /home/{{ user }}/.ssh
{% endif %}
{% endfor %}