config-mgmt/salt-states
0
0
Fork 0
Code Releases Activity

redo users and ssh

Browse Source
This commit is contained in:
Keiran Snowden
2023-12-22 18:57:01 -05:00
parent ee23c2db53
commit a07114ed85
13 changed files with 109 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
_grains/lsusb.py
View File

@@ -1,9 +1,15 @@
import re import re
from subprocess import check_output from subprocess import check_output
log = logging.getLogger(__name__)
def main(): def main():
dev_re = re.compile(r"Bus\s+(\d+)\s+Device\s+(\d+):\s+ID\s(\w+:\w+)\s(.+)$") dev_re = re.compile(r"Bus\s+(\d+)\s+Device\s+(\d+):\s+ID\s(\w+:\w+)\s(.+)$")
try:
lsusb = check_output("lsusb", encoding='UTF-8') lsusb = check_output("lsusb", encoding='UTF-8')
except OSError as exc:
log.error(exc)
return {}
devices = [] devices = []
corsair_aio = None corsair_aio = None
for line in lsusb.splitlines(): for line in lsusb.splitlines():

5
salt/init.sls
View File

@@ -9,7 +9,4 @@ include:
{% else %} {% else %}
{{ raise("Unsupported grains.os") }} {{ raise("Unsupported grains.os") }}
{% endif %} {% endif %}
- salt.modules
saltutil.sync_all:
saltutil.sync_all:
- refresh: True

7
salt/modules.sls Normal file
View File

@@ -0,0 +1,7 @@
saltutil.sync_all:
saltutil.sync_all:
- refresh: True
{# required for the lsusb grain #}
usbutils:
pkg.installed: []

4
screen/files/screenrc Normal file
View File

@@ -0,0 +1,4 @@
vbell off
termcapinfo xterm ti@:te@
hardstatus alwayslastline
hardstatus string '%{= kG}[ %{G}%H %{g} ][%= %{=kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B}%Y-%m-%d %{W}%c %{g}]'

1
screen/init.sls Normal file
View File

@@ -0,0 +1 @@
# TODO

5
ssh/files/authorized_keys.jinja Normal file
View File

@@ -0,0 +1,5 @@
# Managed by Saltstack
{% from "ssh/map.jinja" import ssh_users with context -%}
{% for comment, key in ssh_users[user]['authorized_keys'].items() -%}
{{ key }} {{ comment }}
{% endfor -%}

8
ssh/files/ssh_hosts.jinja Normal file
View File

@@ -0,0 +1,8 @@
# Managed by Saltstack
{%- from "ssh/map.jinja" import ssh_users with context %}
{%- for host, config in ssh_users[user]['ssh_hosts'].items() %}
Host {{ host }}
{%- for key, val in config.items() %}
{{ key }} {{ val }}
{%- endfor %}
{%- endfor %}

46
ssh/init.sls Normal file
View File

@@ -0,0 +1,46 @@
{% from "ssh/map.jinja" import ssh_users with context %}
{% for user, confs in ssh_users.items() %}
{% set homedir = salt.user.info(user).get('home', None) %}
{% if homedir is none %}
{{ "~%s/.ssh" | format(user) }}:
test.fail_without_changes:
- name: {{ "No homedir for %s - if they were created in this run, run this state again" | format(user) }}
{% else %}
{{ homedir }}/.ssh:
file.directory:
- user: {{ user }}
- group: {{ user }}
- mode: 700
{% if 'authorized_keys' in confs %}
{{ homedir }}/.ssh/authorized_keys:
file.managed:
- template: jinja
- source: salt://ssh/files/authorized_keys.jinja
- user: {{ user }}
- group: {{ user }}
- mode: 400
- context:
user: {{ user }}
- require:
- file: {{ homedir }}/.ssh
{% endif %}
{% if 'ssh_hosts' in confs %}
{{ homedir }}/.ssh/config:
file.managed:
- source: 'salt://ssh/files/ssh_hosts.jinja'
- template: jinja
- user: {{ user }}
- group: {{ user }}
- mode: 0400
- context:
user: {{ user }}
- require:
- file: {{ homedir }}/.ssh
{% endif %}
{% endif %}
{% endfor %}

20
ssh/map.jinja Normal file
View File

@@ -0,0 +1,20 @@
{% set restic_repo = salt.pillar.get('restic:client:environ:RESTIC_REPOSITORY', '') %}
{% if restic_repo.startswith('sftp:') %}
{% set default = {
"root": {
"ssh_hosts": {
restic_repo.split(':')[1]: {
'HostName': 'kpi.keiran.us',
'User': restic_repo.split(':')[1],
'Port': 9022,
'IdentityFile': '/root/.ssh/id_rsa',
}
}
}
} %}
{% else %}
{% set default = {} %}
{% endif %}
{% set ssh_users = salt.pillar.get('ssh:users', default, merge=True) %}

3
top.sls
View File

@@ -1,10 +1,11 @@
{{ saltenv }}: {{ saltenv }}:
'*': '*':
- salt - salt
- users
- ssh
- cron - cron
- vim - vim
- packages - packages
- users
{% if salt.pillar.get('restic:client', None) is not none {% if salt.pillar.get('restic:client', None) is not none
or salt.pillar.get('restic:server', None) is not none %} or salt.pillar.get('restic:server', None) is not none %}
- restic - restic

4
users/files/authorized_keys.jinja
View File

@@ -1,4 +0,0 @@
# Managed by Saltstack
{% for comment, key in salt.pillar.get('authorized_keys')[user].items() -%}
{{ key }} {{ comment }}
{% endfor -%}

15
users/files/ssh_hosts.jinja
View File

@@ -1,15 +0,0 @@
# Managed by Saltstack
{%- for host, config in salt.pillar.get('ssh_hosts', {}).get(user, {}).items() %}
Host {{ host }}
{%- for key, val in config.items() %}
{{ key }} {{ val }}
{%- endfor %}
{%- endfor %}
{%- if salt.pillar.get('restic:client:environ:RESTIC_REPOSITORY', '').startswith('sftp:') %}
{% set user=salt.pillar.get('restic:client:environ:RESTIC_REPOSITORY').split(':')[1] %}
Host {{ user }}
HostName kpi.keiran.us
User {{ user }}
Port 9022
IdentityFile /root/.ssh/id_rsa
{%- endif %}

82
users/init.sls
View File

@@ -1,29 +1,4 @@
{% for user in salt.pillar.get('authorized_keys').keys() %}
{% set home = '' if user == 'root' else '/home' %}
{% if user != 'root' %}
{{ home }}/{{ user }}/.ssh:
file.directory:
- user: {{ user }}
- group: {{ user }}
- mode: 700
{% endif %}
{{ home }}/{{ user }}/.ssh/authorized_keys:
file.managed:
- template: jinja
- source: salt://users/files/authorized_keys.jinja
- user: {{ user }}
- group: {{ user }}
- mode: 400
- context:
user: {{ user }}
- require:
- file: {{ home }}/{{ user }}/.ssh
{% endfor %}
{% if salt.pillar.get('manage_root_bashrc', False) %} {% if salt.pillar.get('manage_root_bashrc', False) %}
/root/.bashrc: /root/.bashrc:
file.managed: file.managed:
@@ -36,46 +11,19 @@
bashrc_user: root bashrc_user: root
{% endif %} {% endif %}
/root/.ssh: {% for user, config in salt.pillar.get('users', {}).items() %}
file.directory:
- user: root
- group: root
- mode: 700
{% if salt.pillar.get("ssh_hosts:root", None) is not none or salt.pillar.get('restic:client:environ:RESTIC_REPOSITORY', '').startswith('sftp:') %}
/root/.ssh/config:
file.managed:
- source: 'salt://users/files/ssh_hosts.jinja'
- template: jinja
- user: root
- group: root
- mode: 400
- context:
user: root
- require:
- file: /root/.ssh
{% endif %}
{% for group in salt.pillar.get('sys_groups') %}
{{ group }}:
group.present:
- system: True
{% endfor %}
{% for user, data in salt.pillar.get('users', {}).items() %}
{{ user }}_user: {{ user }}_user:
user.present: user.present:
- name: {{ user }} - name: {{ user }}
- shell: {{ data.get('shell', '/bin/bash')|yaml_encode }} - shell: {{ config.get('shell', '/bin/bash') | yaml_encode }}
{% if 'groups' in data %} {% for key, val in config.items() %}
- groups: {% if key not in ('shell', 'manage_bashrc') %}
{% for group in data['groups'] %} - {{ key }}: {{ val | tojson }}
- {{ group|yaml_encode }} {% endif %}
{% endfor %} {% endfor %}
{% endif %}
{% if data.get('manage_bashrc', False) %} {% if config.get('manage_bashrc', False) %}
/home/{{ user }}/.bashrc: /home/{{ user }}/.bashrc:
file.managed: file.managed:
- source: 'salt://users/files/bashrc.jinja' - source: 'salt://users/files/bashrc.jinja'
@@ -89,19 +37,5 @@
- user: {{ user }}_user - user: {{ user }}_user
{% endif %} {% endif %}
{% if salt.pillar.get('ssh_hosts', {}).get(user, None) is not none %}
/home/{{ user }}/.ssh/config:
file.managed:
- source: 'salt://users/files/ssh_hosts.jinja'
- template: jinja
- user: {{ user }}
- group: {{ user }}
- mode: 0400
- context:
user: keiran
- require:
- file: /home/{{ user }}/.ssh
{% endif %}
{% endfor %} {% endfor %}