redo users and ssh
This commit is contained in:
5
ssh/files/authorized_keys.jinja
Normal file
5
ssh/files/authorized_keys.jinja
Normal file
@@ -0,0 +1,5 @@
|
||||
# Managed by Saltstack
|
||||
{% from "ssh/map.jinja" import ssh_users with context -%}
|
||||
{% for comment, key in ssh_users[user]['authorized_keys'].items() -%}
|
||||
{{ key }} {{ comment }}
|
||||
{% endfor -%}
|
||||
8
ssh/files/ssh_hosts.jinja
Normal file
8
ssh/files/ssh_hosts.jinja
Normal file
@@ -0,0 +1,8 @@
|
||||
# Managed by Saltstack
|
||||
{%- from "ssh/map.jinja" import ssh_users with context %}
|
||||
{%- for host, config in ssh_users[user]['ssh_hosts'].items() %}
|
||||
Host {{ host }}
|
||||
{%- for key, val in config.items() %}
|
||||
{{ key }} {{ val }}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
46
ssh/init.sls
Normal file
46
ssh/init.sls
Normal file
@@ -0,0 +1,46 @@
|
||||
{% from "ssh/map.jinja" import ssh_users with context %}
|
||||
|
||||
{% for user, confs in ssh_users.items() %}
|
||||
{% set homedir = salt.user.info(user).get('home', None) %}
|
||||
{% if homedir is none %}
|
||||
|
||||
{{ "~%s/.ssh" | format(user) }}:
|
||||
test.fail_without_changes:
|
||||
- name: {{ "No homedir for %s - if they were created in this run, run this state again" | format(user) }}
|
||||
|
||||
{% else %}
|
||||
|
||||
{{ homedir }}/.ssh:
|
||||
file.directory:
|
||||
- user: {{ user }}
|
||||
- group: {{ user }}
|
||||
- mode: 700
|
||||
{% if 'authorized_keys' in confs %}
|
||||
{{ homedir }}/.ssh/authorized_keys:
|
||||
file.managed:
|
||||
- template: jinja
|
||||
- source: salt://ssh/files/authorized_keys.jinja
|
||||
- user: {{ user }}
|
||||
- group: {{ user }}
|
||||
- mode: 400
|
||||
- context:
|
||||
user: {{ user }}
|
||||
- require:
|
||||
- file: {{ homedir }}/.ssh
|
||||
{% endif %}
|
||||
{% if 'ssh_hosts' in confs %}
|
||||
{{ homedir }}/.ssh/config:
|
||||
file.managed:
|
||||
- source: 'salt://ssh/files/ssh_hosts.jinja'
|
||||
- template: jinja
|
||||
- user: {{ user }}
|
||||
- group: {{ user }}
|
||||
- mode: 0400
|
||||
- context:
|
||||
user: {{ user }}
|
||||
- require:
|
||||
- file: {{ homedir }}/.ssh
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
20
ssh/map.jinja
Normal file
20
ssh/map.jinja
Normal file
@@ -0,0 +1,20 @@
|
||||
{% set restic_repo = salt.pillar.get('restic:client:environ:RESTIC_REPOSITORY', '') %}
|
||||
|
||||
{% if restic_repo.startswith('sftp:') %}
|
||||
{% set default = {
|
||||
"root": {
|
||||
"ssh_hosts": {
|
||||
restic_repo.split(':')[1]: {
|
||||
'HostName': 'kpi.keiran.us',
|
||||
'User': restic_repo.split(':')[1],
|
||||
'Port': 9022,
|
||||
'IdentityFile': '/root/.ssh/id_rsa',
|
||||
}
|
||||
}
|
||||
}
|
||||
} %}
|
||||
{% else %}
|
||||
{% set default = {} %}
|
||||
{% endif %}
|
||||
|
||||
{% set ssh_users = salt.pillar.get('ssh:users', default, merge=True) %}
|
||||
Reference in New Issue
Block a user