redo users and ssh

2023-12-22 18:57:01 -05:00
parent ee23c2db53
commit a07114ed85
13 changed files with 109 additions and 99 deletions
--- a/_grains/lsusb.py
+++ b/_grains/lsusb.py
@@ -1,9 +1,15 @@
 import re
 from subprocess import check_output

+log = logging.getLogger(__name__)
+
 def main():
    dev_re = re.compile(r"Bus\s+(\d+)\s+Device\s+(\d+):\s+ID\s(\w+:\w+)\s(.+)$")
-    lsusb = check_output("lsusb", encoding='UTF-8')
+    try:
+        lsusb = check_output("lsusb", encoding='UTF-8')
+    except OSError as exc:
+        log.error(exc)
+        return {}
    devices = []
    corsair_aio = None
    for line in lsusb.splitlines():
--- a/salt/init.sls
+++ b/salt/init.sls
@@ -9,7 +9,4 @@ include:
 {% else %}
  {{ raise("Unsupported grains.os") }}
 {% endif %}
-
-saltutil.sync_all:
-  saltutil.sync_all:
-    - refresh: True
+  - salt.modules
--- a/salt/modules.sls
+++ b/salt/modules.sls
@@ -0,0 +1,7 @@
+saltutil.sync_all:
+  saltutil.sync_all:
+    - refresh: True
+
+{# required for the lsusb grain #}
+usbutils:
+  pkg.installed: []
--- a/screen/files/screenrc
+++ b/screen/files/screenrc
@@ -0,0 +1,4 @@
+vbell off
+termcapinfo xterm ti@:te@
+hardstatus alwayslastline
+hardstatus string '%{= kG}[ %{G}%H %{g} ][%= %{=kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B}%Y-%m-%d %{W}%c %{g}]'
--- a/screen/init.sls
+++ b/screen/init.sls
@@ -0,0 +1 @@
+# TODO
--- a/ssh/files/authorized_keys.jinja
+++ b/ssh/files/authorized_keys.jinja
@@ -0,0 +1,5 @@
+# Managed by Saltstack
+{% from "ssh/map.jinja" import ssh_users with context -%}
+{% for comment, key in ssh_users[user]['authorized_keys'].items() -%}
+{{ key }} {{ comment }}
+{% endfor -%}
--- a/ssh/files/ssh_hosts.jinja
+++ b/ssh/files/ssh_hosts.jinja
@@ -0,0 +1,8 @@
+# Managed by Saltstack
+{%- from "ssh/map.jinja" import ssh_users with context %}
+{%- for host, config in ssh_users[user]['ssh_hosts'].items() %}
+Host {{ host }}
+{%-   for key, val in config.items() %}
+  {{ key }} {{ val }}
+{%-   endfor %}
+{%- endfor %}
--- a/ssh/init.sls
+++ b/ssh/init.sls
@@ -0,0 +1,46 @@
+{% from "ssh/map.jinja" import ssh_users with context %}
+
+{% for user, confs in ssh_users.items() %}
+  {% set homedir = salt.user.info(user).get('home', None) %}
+  {% if homedir is none %}
+
+{{ "~%s/.ssh" | format(user) }}:
+  test.fail_without_changes:
+    - name: {{ "No homedir for %s - if they were created in this run, run this state again" | format(user) }}
+
+  {% else %}
+
+{{ homedir }}/.ssh:
+  file.directory:
+    - user: {{ user }}
+    - group: {{ user }}
+    - mode: 700
+    {% if 'authorized_keys' in confs %}
+{{ homedir }}/.ssh/authorized_keys:
+  file.managed:
+    - template: jinja
+    - source: salt://ssh/files/authorized_keys.jinja
+    - user: {{ user }}
+    - group: {{ user }}
+    - mode: 400
+    - context:
+        user: {{ user }}
+    - require:
+      - file: {{ homedir }}/.ssh
+    {% endif %}
+    {% if 'ssh_hosts' in confs %}
+{{ homedir }}/.ssh/config:
+  file.managed:
+    - source: 'salt://ssh/files/ssh_hosts.jinja'
+    - template: jinja
+    - user: {{ user }}
+    - group: {{ user }}
+    - mode: 0400
+    - context:
+      user: {{ user }}
+    - require:
+      - file: {{ homedir }}/.ssh
+    {% endif %}
+
+  {% endif %}
+{% endfor %}
--- a/ssh/map.jinja
+++ b/ssh/map.jinja
@@ -0,0 +1,20 @@
+{% set restic_repo = salt.pillar.get('restic:client:environ:RESTIC_REPOSITORY', '') %}
+
+{% if restic_repo.startswith('sftp:') %}
+  {% set default = {
+    "root": {
+      "ssh_hosts": {
+        restic_repo.split(':')[1]: {
+          'HostName': 'kpi.keiran.us',
+          'User': restic_repo.split(':')[1],
+          'Port': 9022,
+          'IdentityFile': '/root/.ssh/id_rsa',
+        }
+      }
+    }
+  } %}
+{% else %}
+  {% set default = {} %}
+{% endif %}
+
+{% set ssh_users = salt.pillar.get('ssh:users', default, merge=True) %}
--- a/top.sls
+++ b/top.sls
@@ -1,10 +1,11 @@
 {{ saltenv }}:
  '*':
    - salt
+    - users
+    - ssh
    - cron
    - vim
    - packages
-    - users
 {% if salt.pillar.get('restic:client', None) is not none
   or salt.pillar.get('restic:server', None) is not none %}
    - restic
--- a/users/files/authorized_keys.jinja
+++ b/users/files/authorized_keys.jinja
@@ -1,4 +0,0 @@
-# Managed by Saltstack
-{% for comment, key in salt.pillar.get('authorized_keys')[user].items() -%}
-{{ key }} {{ comment }}
-{% endfor -%}
--- a/users/files/ssh_hosts.jinja
+++ b/users/files/ssh_hosts.jinja
@@ -1,15 +0,0 @@
-# Managed by Saltstack
-{%- for host, config in salt.pillar.get('ssh_hosts', {}).get(user, {}).items() %}
-Host {{ host }}
-{%-   for key, val in config.items() %}
-  {{ key }} {{ val }}
-{%-   endfor %}
-{%- endfor %}
-{%- if salt.pillar.get('restic:client:environ:RESTIC_REPOSITORY', '').startswith('sftp:') %}
-{% set user=salt.pillar.get('restic:client:environ:RESTIC_REPOSITORY').split(':')[1] %}
-Host {{ user }}
-  HostName kpi.keiran.us
-  User {{ user }}
-  Port 9022
-  IdentityFile /root/.ssh/id_rsa
-{%- endif %}
--- a/users/init.sls
+++ b/users/init.sls
@@ -1,29 +1,4 @@

-{% for user in salt.pillar.get('authorized_keys').keys() %}
-  {% set home = '' if user == 'root' else '/home' %}
-
-  {% if user != 'root' %}
-{{ home }}/{{ user }}/.ssh:
-  file.directory:
-    - user: {{ user }}
-    - group: {{ user }}
-    - mode: 700
-  {% endif %}
-
-{{ home }}/{{ user }}/.ssh/authorized_keys:
-  file.managed:
-    - template: jinja
-    - source: salt://users/files/authorized_keys.jinja
-    - user: {{ user }}
-    - group: {{ user }}
-    - mode: 400
-    - context:
-        user: {{ user }}
-    - require:
-      - file: {{ home }}/{{ user }}/.ssh
-
-{% endfor %}
-
 {% if salt.pillar.get('manage_root_bashrc', False) %}
 /root/.bashrc:
  file.managed:
@@ -36,46 +11,19 @@
      bashrc_user: root
 {% endif %}

-/root/.ssh:
-  file.directory:
-    - user: root
-    - group: root
-    - mode: 700
-
-{% if salt.pillar.get("ssh_hosts:root", None) is not none or salt.pillar.get('restic:client:environ:RESTIC_REPOSITORY', '').startswith('sftp:') %}
-/root/.ssh/config:
-  file.managed:
-    - source: 'salt://users/files/ssh_hosts.jinja'
-    - template: jinja
-    - user: root
-    - group: root
-    - mode: 400
-    - context:
-      user: root
-    - require:
-      - file: /root/.ssh
-{% endif %}
-
-{% for group in salt.pillar.get('sys_groups') %}
-{{ group }}:
-  group.present:
-    - system: True
-{% endfor %}
-
-{% for user, data in salt.pillar.get('users', {}).items() %}
+{% for user, config in salt.pillar.get('users', {}).items() %}

 {{ user }}_user:
  user.present:
    - name: {{ user }}
-    - shell: {{ data.get('shell', '/bin/bash')|yaml_encode }}
-{% if 'groups' in data %}
-    - groups:
-{%   for group in data['groups'] %}
-      - {{ group|yaml_encode }}
-{%   endfor %}
-{% endif %}
+    - shell: {{ config.get('shell', '/bin/bash') | yaml_encode }}
+  {% for key, val in config.items() %}
+    {% if key not in ('shell', 'manage_bashrc') %}
+    - {{ key }}: {{ val | tojson }}
+    {% endif %}
+  {% endfor %}

-{% if data.get('manage_bashrc', False) %}
+{% if config.get('manage_bashrc', False) %}
 /home/{{ user }}/.bashrc:
  file.managed:
    - source: 'salt://users/files/bashrc.jinja'
@@ -89,19 +37,5 @@
      - user: {{ user }}_user
 {% endif %}

-{% if salt.pillar.get('ssh_hosts', {}).get(user, None) is not none %}
-/home/{{ user }}/.ssh/config:
-  file.managed:
-    - source: 'salt://users/files/ssh_hosts.jinja'
-    - template: jinja
-    - user: {{ user }}
-    - group: {{ user }}
-    - mode: 0400
-    - context:
-      user: keiran
-    - require:
-      - file: /home/{{ user }}/.ssh
-{% endif %}
-
 {% endfor %}