config-mgmt/salt-states
0
0
Fork 0
Code Releases Activity

up2date

Browse Source
This commit is contained in:
Keiran Snowden
2023-01-20 02:01:05 -05:00
parent cc9a369e24
commit 4817a8a7bd
6 changed files with 59 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
icinga2/init.sls
View File

@@ -1,3 +1,5 @@
include:
- nginx
icinga_packages: icinga_packages:
pkg.installed: pkg.installed:

34
salt/minion.sls
View File

@@ -1,25 +1,25 @@
include: include:
- salt.update - salt.update
/lib/systemd/system/salt-minion.service: #/lib/systemd/system/salt-minion.service:
file.managed: # file.managed:
- source: salt://salt/files/salt-minion.service # - source: salt://salt/files/salt-minion.service
- user: root # - user: root
- group: root # - group: root
- mode: 644 # - mode: 644
systemd reload for salt-minion: #systemd reload for salt-minion:
module.run: # module.run:
- name: service.systemctl_reload # - name: service.systemctl_reload
- onchanges: # - onchanges:
- file: /lib/systemd/system/salt-minion.service # - file: /lib/systemd/system/salt-minion.service
salt-minion: #salt-minion:
service.running: # service.running:
- enable: true # - enable: true
- require: # - require:
- file: /lib/systemd/system/salt-minion.service # - file: /lib/systemd/system/salt-minion.service
- module: systemd reload for salt-minion # - module: systemd reload for salt-minion
/etc/salt/minion: /etc/salt/minion:
file.managed: file.managed:

8
salt/update.sls
View File

@@ -1,4 +1,4 @@
salt: #salt:
pip.installed: # pip.installed:
- user: root # - user: root
- upgrade: true # - upgrade: true

24
samba/files/smb.conf.jinja
View File

@@ -1,6 +1,6 @@
# #
# Managed by Salt # Managed by Salt
# # TODO: this could use file.serialize
# run testparm -s after making changes to validate them # run testparm -s after making changes to validate them
[global] [global]
@@ -10,27 +10,37 @@
logging = file logging = file
panic action = /usr/share/samba/panic-action %d panic action = /usr/share/samba/panic-action %d
server role = standalone server server role = standalone server
obey pam restrictions = yes obey pam restrictions = no
unix password sync = no unix password sync = no
map to guest = bad user map to guest = bad user
usershare max shares = 0 usershare max shares = 0
encrypt passwords = yes encrypt passwords = yes
smb encrypt = required smb encrypt = required
create mask = 0775
directory mask = 0775
force user = {{ pillar.samba.force_user }}
force group = {{ pillar.samba.force_group }}
vfs object = recycle
recycle:repository = /mnt/keir/recycle/%U
recycle:touch = Yes
recycle:keeptree = Yes
recycle:versions = Yes
recycle:noversions = *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP
recycle:exclude = *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP
recycle:excludedir = /recycle,/tmp,/temp,/TMP,/TEMP
{% if salt.pillar.get('samba:enable_homes', false) %} {% if salt.pillar.get('samba:enable_homes', false) %}
[homes] [homes]
comment = Home Directories comment = Home Directories
browseable = no browseable = no
read only = yes read only = yes
create mask = 0700
directory mask = 0700
valid users = %S valid users = %S
{% endif %} {% endif %}
{% for name, conf in salt.pillar.get('samba:shares', {}).items() %} {% for name, conf in salt.pillar.get('samba:shares', {}).items() %}
[{{ name }}] [{{ name }}]
path = {{ conf['path'] }} {%- for key, val in conf.items() %}
valid users = {{ conf['users'] }} {{ key }} = {{ val }}
read only = {{ conf['readonly'] }} {%- endfor %}
{% endfor %} {% endfor %}

3
users/files/authorized_keys.jinja Normal file
View File

@@ -0,0 +1,3 @@
{% for comment, key in salt.pillar.get('authorized_keys')[user].items() -%}
{{ key }} {{ comment }}
{% endfor -%}

47
users/init.sls
View File

@@ -1,20 +1,26 @@
{% if salt.pillar.get('root_authorized_keys', None) is not none %} {% for user in salt.pillar.get('authorized_keys').keys() %}
/root/.ssh: {% set home = '' if user == 'root' else '/home' %}
{{ home }}/{{ user }}/.ssh:
file.directory: file.directory:
- user: root - user: {{ user }}
- group: root - group: {{ user }}
- mode: 700 - mode: 700
/root/.ssh/authorized_keys: {{ home }}/{{ user }}/.ssh/authorized_keys:
file.managed: file.managed:
- contents_pillar: root_authorized_keys - template: jinja
- user: root - source: salt://users/files/authorized_keys.jinja
- group: root - user: {{ user }}
- group: {{ user }}
- mode: 400 - mode: 400
- context:
user: {{ user }}
- require: - require:
- file: /root/.ssh - file: {{ home }}/{{ user }}/.ssh
{% endif %}
{% endfor %}
{% if salt.pillar.get('manage_root_bashrc', False) %} {% if salt.pillar.get('manage_root_bashrc', False) %}
/root/.bashrc: /root/.bashrc:
@@ -71,27 +77,6 @@
- user: {{ user }}_user - user: {{ user }}_user
{% endif %} {% endif %}
{% if 'authorized_keys' in data or 'ssh_config' in data %}
/home/{{ user }}/.ssh:
file.directory:
- user: {{ user }}
- group: {{ user }}
- mode: 0700
- require:
- user: {{ user }}_user
{% endif %}
{% if 'authorized_keys' in data %}
/home/{{ user }}/.ssh/authorized_keys:
file.managed:
- contents_pillar: users:{{ user }}:authorized_keys
- user: {{ user }}
- group: {{ user }}
- mode: 0400
- require:
- file: /home/{{ user }}/.ssh
{% endif %}
{% if 'ssh_config' in data %} {% if 'ssh_config' in data %}
/home/{{ user }}/.ssh/config: /home/{{ user }}/.ssh/config:
file.managed: file.managed: