up2date
This commit is contained in:
Keiran Snowden
@@ -1,3 +1,5 @@
|
||||
include:
|
||||
- nginx
|
||||
|
||||
icinga_packages:
|
||||
pkg.installed:
|
||||
|
||||
@@ -1,25 +1,25 @@
|
||||
include:
|
||||
- salt.update
|
||||
|
||||
/lib/systemd/system/salt-minion.service:
|
||||
file.managed:
|
||||
- source: salt://salt/files/salt-minion.service
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 644
|
||||
#/lib/systemd/system/salt-minion.service:
|
||||
# file.managed:
|
||||
# - source: salt://salt/files/salt-minion.service
|
||||
# - user: root
|
||||
# - group: root
|
||||
# - mode: 644
|
||||
|
||||
systemd reload for salt-minion:
|
||||
module.run:
|
||||
- name: service.systemctl_reload
|
||||
- onchanges:
|
||||
- file: /lib/systemd/system/salt-minion.service
|
||||
#systemd reload for salt-minion:
|
||||
# module.run:
|
||||
# - name: service.systemctl_reload
|
||||
# - onchanges:
|
||||
# - file: /lib/systemd/system/salt-minion.service
|
||||
|
||||
salt-minion:
|
||||
service.running:
|
||||
- enable: true
|
||||
- require:
|
||||
- file: /lib/systemd/system/salt-minion.service
|
||||
- module: systemd reload for salt-minion
|
||||
#salt-minion:
|
||||
# service.running:
|
||||
# - enable: true
|
||||
# - require:
|
||||
# - file: /lib/systemd/system/salt-minion.service
|
||||
# - module: systemd reload for salt-minion
|
||||
|
||||
/etc/salt/minion:
|
||||
file.managed:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
salt:
|
||||
pip.installed:
|
||||
- user: root
|
||||
- upgrade: true
|
||||
#salt:
|
||||
# pip.installed:
|
||||
# - user: root
|
||||
# - upgrade: true
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#
|
||||
# Managed by Salt
|
||||
#
|
||||
# TODO: this could use file.serialize
|
||||
# run testparm -s after making changes to validate them
|
||||
|
||||
[global]
|
||||
@@ -10,27 +10,37 @@
|
||||
logging = file
|
||||
panic action = /usr/share/samba/panic-action %d
|
||||
server role = standalone server
|
||||
obey pam restrictions = yes
|
||||
obey pam restrictions = no
|
||||
unix password sync = no
|
||||
map to guest = bad user
|
||||
usershare max shares = 0
|
||||
encrypt passwords = yes
|
||||
smb encrypt = required
|
||||
create mask = 0775
|
||||
directory mask = 0775
|
||||
force user = {{ pillar.samba.force_user }}
|
||||
force group = {{ pillar.samba.force_group }}
|
||||
vfs object = recycle
|
||||
recycle:repository = /mnt/keir/recycle/%U
|
||||
recycle:touch = Yes
|
||||
recycle:keeptree = Yes
|
||||
recycle:versions = Yes
|
||||
recycle:noversions = *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP
|
||||
recycle:exclude = *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP
|
||||
recycle:excludedir = /recycle,/tmp,/temp,/TMP,/TEMP
|
||||
|
||||
{% if salt.pillar.get('samba:enable_homes', false) %}
|
||||
[homes]
|
||||
comment = Home Directories
|
||||
browseable = no
|
||||
read only = yes
|
||||
create mask = 0700
|
||||
directory mask = 0700
|
||||
valid users = %S
|
||||
{% endif %}
|
||||
|
||||
{% for name, conf in salt.pillar.get('samba:shares', {}).items() %}
|
||||
[{{ name }}]
|
||||
path = {{ conf['path'] }}
|
||||
valid users = {{ conf['users'] }}
|
||||
read only = {{ conf['readonly'] }}
|
||||
{%- for key, val in conf.items() %}
|
||||
{{ key }} = {{ val }}
|
||||
{%- endfor %}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
3
users/files/authorized_keys.jinja
Normal file
3
users/files/authorized_keys.jinja
Normal file
@@ -0,0 +1,3 @@
|
||||
{% for comment, key in salt.pillar.get('authorized_keys')[user].items() -%}
|
||||
{{ key }} {{ comment }}
|
||||
{% endfor -%}
|
||||
@@ -1,20 +1,26 @@
|
||||
|
||||
{% if salt.pillar.get('root_authorized_keys', None) is not none %}
|
||||
/root/.ssh:
|
||||
{% for user in salt.pillar.get('authorized_keys').keys() %}
|
||||
{% set home = '' if user == 'root' else '/home' %}
|
||||
|
||||
{{ home }}/{{ user }}/.ssh:
|
||||
file.directory:
|
||||
- user: root
|
||||
- group: root
|
||||
- user: {{ user }}
|
||||
- group: {{ user }}
|
||||
- mode: 700
|
||||
|
||||
/root/.ssh/authorized_keys:
|
||||
{{ home }}/{{ user }}/.ssh/authorized_keys:
|
||||
file.managed:
|
||||
- contents_pillar: root_authorized_keys
|
||||
- user: root
|
||||
- group: root
|
||||
- template: jinja
|
||||
- source: salt://users/files/authorized_keys.jinja
|
||||
- user: {{ user }}
|
||||
- group: {{ user }}
|
||||
- mode: 400
|
||||
- context:
|
||||
user: {{ user }}
|
||||
- require:
|
||||
- file: /root/.ssh
|
||||
{% endif %}
|
||||
- file: {{ home }}/{{ user }}/.ssh
|
||||
|
||||
{% endfor %}
|
||||
|
||||
{% if salt.pillar.get('manage_root_bashrc', False) %}
|
||||
/root/.bashrc:
|
||||
@@ -71,27 +77,6 @@
|
||||
- user: {{ user }}_user
|
||||
{% endif %}
|
||||
|
||||
{% if 'authorized_keys' in data or 'ssh_config' in data %}
|
||||
/home/{{ user }}/.ssh:
|
||||
file.directory:
|
||||
- user: {{ user }}
|
||||
- group: {{ user }}
|
||||
- mode: 0700
|
||||
- require:
|
||||
- user: {{ user }}_user
|
||||
{% endif %}
|
||||
|
||||
{% if 'authorized_keys' in data %}
|
||||
/home/{{ user }}/.ssh/authorized_keys:
|
||||
file.managed:
|
||||
- contents_pillar: users:{{ user }}:authorized_keys
|
||||
- user: {{ user }}
|
||||
- group: {{ user }}
|
||||
- mode: 0400
|
||||
- require:
|
||||
- file: /home/{{ user }}/.ssh
|
||||
{% endif %}
|
||||
|
||||
{% if 'ssh_config' in data %}
|
||||
/home/{{ user }}/.ssh/config:
|
||||
file.managed:
|
||||
|
||||
Reference in New Issue
Block a user