106 lines
2.2 KiB
Plaintext
106 lines
2.2 KiB
Plaintext
|
|
{% if salt.pillar.get('root_authorized_keys', None) is not none %}
|
|
/root/.ssh:
|
|
file.directory:
|
|
- user: root
|
|
- group: root
|
|
- mode: 700
|
|
|
|
/root/.ssh/authorized_keys:
|
|
file.managed:
|
|
- contents_pillar: root_authorized_keys
|
|
- user: root
|
|
- group: root
|
|
- mode: 400
|
|
- require:
|
|
- file: /root/.ssh
|
|
{% endif %}
|
|
|
|
{% if salt.pillar.get('manage_root_bashrc', False) %}
|
|
/root/.bashrc:
|
|
file.managed:
|
|
- source: 'salt://users/files/bashrc.jinja'
|
|
- template: jinja
|
|
- user: root
|
|
- group: root
|
|
- mode: 0640
|
|
- context:
|
|
bashrc_user: root
|
|
{% endif %}
|
|
|
|
#/root/.ssh/config:
|
|
# file.managed:
|
|
# - source: 'salt://ssh/files/ssh_config.jinja'
|
|
# - template: jinja
|
|
# - user: root
|
|
# - group: root
|
|
# - mode: 400
|
|
# - require:
|
|
# - file: /root/.ssh
|
|
|
|
{% for group in salt.pillar.get('sys_groups') %}
|
|
{{ group }}:
|
|
group.present:
|
|
- system: True
|
|
{% endfor %}
|
|
|
|
{% for user, data in salt.pillar.get('users', {}).items() %}
|
|
|
|
{{ user }}_user:
|
|
user.present:
|
|
- name: {{ user }}
|
|
- shell: {{ data.get('shell', '/bin/bash')|yaml_encode }}
|
|
{% if 'groups' in data %}
|
|
- groups:
|
|
{% for group in data['groups'] %}
|
|
- {{ group|yaml_encode }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if data.get('manage_bashrc', False) %}
|
|
/home/{{ user }}/.bashrc:
|
|
file.managed:
|
|
- source: 'salt://users/files/bashrc.jinja'
|
|
- template: jinja
|
|
- user: {{ user }}
|
|
- group: {{ user }}
|
|
- mode: 0640
|
|
- require:
|
|
- user: {{ user }}_user
|
|
{% endif %}
|
|
|
|
{% if 'authorized_keys' in data or 'ssh_config' in data %}
|
|
/home/{{ user }}/.ssh:
|
|
file.directory:
|
|
- user: {{ user }}
|
|
- group: {{ user }}
|
|
- mode: 0700
|
|
- require:
|
|
- user: {{ user }}_user
|
|
{% endif %}
|
|
|
|
{% if 'authorized_keys' in data %}
|
|
/home/{{ user }}/.ssh/authorized_keys:
|
|
file.managed:
|
|
- contents_pillar: users:{{ user }}:authorized_keys
|
|
- user: {{ user }}
|
|
- group: {{ user }}
|
|
- mode: 0400
|
|
- require:
|
|
- file: /home/{{ user }}/.ssh
|
|
{% endif %}
|
|
|
|
{% if 'ssh_config' in data %}
|
|
/home/{{ user }}/.ssh/config:
|
|
file.managed:
|
|
- contents_pillar: users:{{ user }}:ssh_config
|
|
- user: {{ user }}
|
|
- group: {{ user }}
|
|
- mode: 0400
|
|
- require:
|
|
- file: /home/{{ user }}/.ssh
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|