add restic env, firewall

users/files/bashrc.jinja

@@ -73,7 +73,14 @@ if [ $(id -u) -gt 0 ]; then
     alias fab='sudo fab'
 fi
 
+if test -d ~/.local/bin; then
+  PATH="${PATH}:~/.local/bin"
+fi
+
 alias random='< /dev/urandom tr -dc A-Za-z0-9 | head -c${1:-32};echo'
 
-# https://git.keiran.us/config-mgmt/puppet/raw/commit/09158fc579f5ee2c00f395971d8c986e3ec08788/modules/keir/files/bash/bashrc
+{% if bashrc_user is defined and bashrc_user == 'root' and 'restic' in pillar %}
+export RESTIC_REPOSITORY={{ salt.pillar.get('restic:repo') }}
+export RESTIC_PASSWORD={{ salt.pillar.get('restic:pass') }}
+{% endif %}
 

users/init.sls

@@ -19,10 +19,13 @@
 {% if salt.pillar.get('manage_root_bashrc', False) %}
 /root/.bashrc:
   file.managed:
-    - source: 'salt://users/files/bashrc'
+    - source: 'salt://users/files/bashrc.jinja'
+    - template: jinja
     - user: root
     - group: root
-    - mode: 0644
+    - mode: 0640
+    - context:
+      bashrc_user: root
 {% endif %}
 
 #/root/.ssh/config:
@@ -35,6 +38,12 @@
 #    - require:
 #      - file: /root/.ssh
 
+{% for group in salt.pillar.get('sys_groups') %}
+{{ group }}:
+  group.present:
+    - system: True
+{% endfor %}
+
 {% for user, data in salt.pillar.get('users', {}).items() %}
 
 {{ user }}_user:
@@ -51,10 +60,11 @@
 {% if data.get('manage_bashrc', False) %}
 /home/{{ user }}/.bashrc:
   file.managed:
-    - source: 'salt://users/files/bashrc'
+    - source: 'salt://users/files/bashrc.jinja'
+    - template: jinja
     - user: {{ user }}
     - group: {{ user }}
-    - mode: 0644
+    - mode: 0640
     - require:
       - user: {{ user }}_user
 {% endif %}