users-formula/test/salt/pillar/default.sls

204 lines
5.8 KiB
Plaintext
Raw Permalink Normal View History

# -*- coding: utf-8 -*-
# vim: ft=yaml
---
users-formula:
lookup: # override the defauls in map.jinja
root_group: root
# group initialization
groups:
foo:
state: present
gid: 1500
system: false
badguys:
absent: true
niceguys:
gid: 4242
system: false
addusers:
- root
delusers:
- toor
ssl-cert:
system: true
members:
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash users-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") ./users/defaults.yaml 4:1 warning missing document start "---" (document-start) 5:20 warning truthy value should be one of [false, true] (truthy) 8:21 warning truthy value should be one of [false, true] (truthy) 9:15 warning truthy value should be one of [false, true] (truthy) 10:1 error too many blank lines (1 > 0) (empty-lines) pillar.example 5:20 warning truthy value should be one of [false, true] (truthy) 14:13 warning truthy value should be one of [false, true] (truthy) 16:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 23:13 warning truthy value should be one of [false, true] (truthy) 25:5 error wrong indentation: expected 6 but found 4 (indentation) 37:23 warning truthy value should be one of [false, true] (truthy) 40:21 warning truthy value should be one of [false, true] (truthy) 41:20 warning truthy value should be one of [false, true] (truthy) 42:13 warning truthy value should be one of [false, true] (truthy) 47:17 warning truthy value should be one of [false, true] (truthy) 51:19 warning truthy value should be one of [false, true] (truthy) 52:23 warning truthy value should be one of [false, true] (truthy) 53:20 warning truthy value should be one of [false, true] (truthy) 54:21 warning truthy value should be one of [false, true] (truthy) 58:15 warning truthy value should be one of [false, true] (truthy) 59:15 warning truthy value should be one of [false, true] (truthy) 73:18 warning truthy value should be one of [false, true] (truthy) 75:20 warning truthy value should be one of [false, true] (truthy) 90:7 error duplication of key "privkey" in mapping (key-duplicates) 91:7 error duplication of key "pubkey" in mapping (key-duplicates) 117:44 warning too few spaces before comment (comments) 125:27 warning truthy value should be one of [false, true] (truthy) 153:17 warning truthy value should be one of [false, true] (truthy) 167:13 warning truthy value should be one of [false, true] (truthy) 171:16 warning truthy value should be one of [false, true] (truthy) 172:89 error line too long (102 > 88 characters) (line-length) 177:89 error line too long (102 > 88 characters) (line-length) 178:89 error line too long (100 > 88 characters) (line-length) 181:89 error line too long (94 > 88 characters) (line-length) 188:13 warning truthy value should be one of [false, true] (truthy) 189:12 warning truthy value should be one of [false, true] (truthy) 190:12 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 25:89 error line too long (91 > 88 characters) (line-length) 175:89 error line too long (102 > 88 characters) (line-length) 180:89 error line too long (102 > 88 characters) (line-length) 181:89 error line too long (100 > 88 characters) (line-length) 184:89 error line too long (94 > 88 characters) (line-length) ```
2019-08-07 18:37:06 +02:00
# *TODO*: run groups after all users created and then use `auser` and
# `buser` instead
- root
- sshd
# - bin
# - daemon
users:
## Minimal required pillar values
auser:
fullname: A User
## Full list of pillar values
buser:
fullname: B User
password: $6$w.............
enforce_password: true
# WARNING: If 'empty_password' is set to true, the 'password' statement
# will be ignored by enabling password-less login for the user.
empty_password: false
hash_password: false
system: false
home: /custom/buser
homedir_owner: buser
homedir_group: primarygroup
user_dir_mode: 750
createhome: true
roomnumber: "A-1"
workphone: "(555) 555-5555"
homephone: "(555) 555-5551"
manage_vimrc: false
allow_gid_change: false
manage_bashrc: false
manage_profile: false
expire: 16426
# Disables user management except sudo rules.
# Useful for setting sudo rules for system accounts created by package instalation
sudoonly: false
sudouser: true
# sudo_rules doesn't need the username as a prefix for the rule
# this is added automatically by the formula.
# ----------------------------------------------------------------------
# In case your sudo_rules have a colon please have in mind to not leave
# spaces around it. For example:
# ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
# ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
sudo_rules:
- ALL=(root) /usr/bin/find
- ALL=(otheruser) /usr/bin/script.sh
sudo_defaults:
- '!requiretty'
# enable polkitadmin to make user an AdminIdentity for polkit
polkitadmin: true
shell: /bin/bash
remove_groups: false
prime_group:
name: primarygroup
gid: 1501
groups:
- users
optional_groups:
- some_groups_that_might
- not_exist_on_all_minions
ssh_key_type: rsa
# # You can inline the private keys ...
# ssh_keys:
# privkey: PRIVATEKEY
# pubkey: PUBLICKEY
# # or you can provide path to key on Salt fileserver
# # privkey: salt://path_to_PRIVATEKEY
# # pubkey: salt://path_to_PUBLICKEY
# # you can provide multiple keys, the keyname is taken as filename
# # make sure your public keys suffix is .pub
# foobar: PRIVATEKEY
# foobar.pub: PUBLICKEY
# # ... or you can pull them from a different pillar,
# # for example one called "ssh_keys":
# ssh_keys_pillar:
# id_rsa: "ssh_keys"
# another_key_pair: "ssh_keys"
# ssh_auth:
# - PUBLICKEY
# ssh_auth.absent:
# - PUBLICKEY_TO_BE_REMOVED
# # Generates an authorized_keys file for the user
# # with the given keys
# ssh_auth_file:
# - PUBLICKEY
# # ... or you can pull them from a different pillar similar to ssh_keys_pillar
# ssh_auth_pillar:
# id_rsa: "ssh_keys"
# # If you prefer to keep public keys as files rather
# # than inline in pillar, this works.
# ssh_auth_sources:
# - salt://keys/buser.id_rsa.pub
# ssh_auth_sources.absent:
# - salt://keys/deleteduser.id_rsa.pub # PUBLICKEY_FILE_TO_BE_REMOVED
# Manage the ~/.ssh/config file
ssh_known_hosts:
importanthost:
port: 22
fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
key: PUBLICKEY
enc: ssh-rsa
hash_known_hosts: true
timeout: 5
fingerprint_hash_type: sha256
ssh_known_hosts.absent:
- notimportanthost
ssh_config:
all:
hostname: "*"
options:
- "StrictHostKeyChecking no"
- "UserKnownHostsFile=/dev/null"
importanthost:
hostname: "needcheck.example.com"
options:
- "StrictHostKeyChecking yes"
# Using gitconfig without Git installed will result in an error
# https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:
# This state module now requires git 1.6.5 (released 10 October 2009) or newer.
gitconfig:
user.name: B User
user.email: buser@example.com
"url.https://.insteadOf": "git://"
gitconfig.absent:
- push.default
- color\..+
google_2fa: true
google_auth:
sshd: |
SOMEGAUTHHASHVAL
" RESETTING_TIME_SKEW 46956472+2 46991595-2
" RATE_LIMIT 3 30 1415800560
" DISALLOW_REUSE 47193352
" TOTP_AUTH
11111111
22222222
33333333
44444444
55555555
# unique: true allows user to have non unique uid
unique: false
uid: 1001
user_files:
enabled: true
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash users-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") ./users/defaults.yaml 4:1 warning missing document start "---" (document-start) 5:20 warning truthy value should be one of [false, true] (truthy) 8:21 warning truthy value should be one of [false, true] (truthy) 9:15 warning truthy value should be one of [false, true] (truthy) 10:1 error too many blank lines (1 > 0) (empty-lines) pillar.example 5:20 warning truthy value should be one of [false, true] (truthy) 14:13 warning truthy value should be one of [false, true] (truthy) 16:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 23:13 warning truthy value should be one of [false, true] (truthy) 25:5 error wrong indentation: expected 6 but found 4 (indentation) 37:23 warning truthy value should be one of [false, true] (truthy) 40:21 warning truthy value should be one of [false, true] (truthy) 41:20 warning truthy value should be one of [false, true] (truthy) 42:13 warning truthy value should be one of [false, true] (truthy) 47:17 warning truthy value should be one of [false, true] (truthy) 51:19 warning truthy value should be one of [false, true] (truthy) 52:23 warning truthy value should be one of [false, true] (truthy) 53:20 warning truthy value should be one of [false, true] (truthy) 54:21 warning truthy value should be one of [false, true] (truthy) 58:15 warning truthy value should be one of [false, true] (truthy) 59:15 warning truthy value should be one of [false, true] (truthy) 73:18 warning truthy value should be one of [false, true] (truthy) 75:20 warning truthy value should be one of [false, true] (truthy) 90:7 error duplication of key "privkey" in mapping (key-duplicates) 91:7 error duplication of key "pubkey" in mapping (key-duplicates) 117:44 warning too few spaces before comment (comments) 125:27 warning truthy value should be one of [false, true] (truthy) 153:17 warning truthy value should be one of [false, true] (truthy) 167:13 warning truthy value should be one of [false, true] (truthy) 171:16 warning truthy value should be one of [false, true] (truthy) 172:89 error line too long (102 > 88 characters) (line-length) 177:89 error line too long (102 > 88 characters) (line-length) 178:89 error line too long (100 > 88 characters) (line-length) 181:89 error line too long (94 > 88 characters) (line-length) 188:13 warning truthy value should be one of [false, true] (truthy) 189:12 warning truthy value should be one of [false, true] (truthy) 190:12 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 25:89 error line too long (91 > 88 characters) (line-length) 175:89 error line too long (102 > 88 characters) (line-length) 180:89 error line too long (102 > 88 characters) (line-length) 181:89 error line too long (100 > 88 characters) (line-length) 184:89 error line too long (94 > 88 characters) (line-length) ```
2019-08-07 18:37:06 +02:00
# 'source' allows you to define an arbitrary directory to sync,
# useful to use for default files.
# should be a salt fileserver path either with or without 'salt://'
# if not present, it defaults to 'salt://users/files/user/<username>
source: users/files
# template: jinja
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash users-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") ./users/defaults.yaml 4:1 warning missing document start "---" (document-start) 5:20 warning truthy value should be one of [false, true] (truthy) 8:21 warning truthy value should be one of [false, true] (truthy) 9:15 warning truthy value should be one of [false, true] (truthy) 10:1 error too many blank lines (1 > 0) (empty-lines) pillar.example 5:20 warning truthy value should be one of [false, true] (truthy) 14:13 warning truthy value should be one of [false, true] (truthy) 16:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 23:13 warning truthy value should be one of [false, true] (truthy) 25:5 error wrong indentation: expected 6 but found 4 (indentation) 37:23 warning truthy value should be one of [false, true] (truthy) 40:21 warning truthy value should be one of [false, true] (truthy) 41:20 warning truthy value should be one of [false, true] (truthy) 42:13 warning truthy value should be one of [false, true] (truthy) 47:17 warning truthy value should be one of [false, true] (truthy) 51:19 warning truthy value should be one of [false, true] (truthy) 52:23 warning truthy value should be one of [false, true] (truthy) 53:20 warning truthy value should be one of [false, true] (truthy) 54:21 warning truthy value should be one of [false, true] (truthy) 58:15 warning truthy value should be one of [false, true] (truthy) 59:15 warning truthy value should be one of [false, true] (truthy) 73:18 warning truthy value should be one of [false, true] (truthy) 75:20 warning truthy value should be one of [false, true] (truthy) 90:7 error duplication of key "privkey" in mapping (key-duplicates) 91:7 error duplication of key "pubkey" in mapping (key-duplicates) 117:44 warning too few spaces before comment (comments) 125:27 warning truthy value should be one of [false, true] (truthy) 153:17 warning truthy value should be one of [false, true] (truthy) 167:13 warning truthy value should be one of [false, true] (truthy) 171:16 warning truthy value should be one of [false, true] (truthy) 172:89 error line too long (102 > 88 characters) (line-length) 177:89 error line too long (102 > 88 characters) (line-length) 178:89 error line too long (100 > 88 characters) (line-length) 181:89 error line too long (94 > 88 characters) (line-length) 188:13 warning truthy value should be one of [false, true] (truthy) 189:12 warning truthy value should be one of [false, true] (truthy) 190:12 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 25:89 error line too long (91 > 88 characters) (line-length) 175:89 error line too long (102 > 88 characters) (line-length) 180:89 error line too long (102 > 88 characters) (line-length) 181:89 error line too long (100 > 88 characters) (line-length) 184:89 error line too long (94 > 88 characters) (line-length) ```
2019-08-07 18:37:06 +02:00
# You can specify octal mode for files and symlinks that will be copied.
# Since version 2016.11.0 it's possible to use 'keep' for file_mode,
# to preserve file original mode, thus you can save execution bit for example.
file_mode: keep
feat(yamllint): include for this repo and apply rules throughout * Semi-automated using `ssf-formula` (v0.5.0) * Fix errors shown below: ```bash users-formula$ $(grep "\- yamllint" .travis.yml | sed -e "s:^\s\+-\s\(.*\):\1:") ./users/defaults.yaml 4:1 warning missing document start "---" (document-start) 5:20 warning truthy value should be one of [false, true] (truthy) 8:21 warning truthy value should be one of [false, true] (truthy) 9:15 warning truthy value should be one of [false, true] (truthy) 10:1 error too many blank lines (1 > 0) (empty-lines) pillar.example 5:20 warning truthy value should be one of [false, true] (truthy) 14:13 warning truthy value should be one of [false, true] (truthy) 16:13 warning truthy value should be one of [false, true] (truthy) 19:13 warning truthy value should be one of [false, true] (truthy) 23:13 warning truthy value should be one of [false, true] (truthy) 25:5 error wrong indentation: expected 6 but found 4 (indentation) 37:23 warning truthy value should be one of [false, true] (truthy) 40:21 warning truthy value should be one of [false, true] (truthy) 41:20 warning truthy value should be one of [false, true] (truthy) 42:13 warning truthy value should be one of [false, true] (truthy) 47:17 warning truthy value should be one of [false, true] (truthy) 51:19 warning truthy value should be one of [false, true] (truthy) 52:23 warning truthy value should be one of [false, true] (truthy) 53:20 warning truthy value should be one of [false, true] (truthy) 54:21 warning truthy value should be one of [false, true] (truthy) 58:15 warning truthy value should be one of [false, true] (truthy) 59:15 warning truthy value should be one of [false, true] (truthy) 73:18 warning truthy value should be one of [false, true] (truthy) 75:20 warning truthy value should be one of [false, true] (truthy) 90:7 error duplication of key "privkey" in mapping (key-duplicates) 91:7 error duplication of key "pubkey" in mapping (key-duplicates) 117:44 warning too few spaces before comment (comments) 125:27 warning truthy value should be one of [false, true] (truthy) 153:17 warning truthy value should be one of [false, true] (truthy) 167:13 warning truthy value should be one of [false, true] (truthy) 171:16 warning truthy value should be one of [false, true] (truthy) 172:89 error line too long (102 > 88 characters) (line-length) 177:89 error line too long (102 > 88 characters) (line-length) 178:89 error line too long (100 > 88 characters) (line-length) 181:89 error line too long (94 > 88 characters) (line-length) 188:13 warning truthy value should be one of [false, true] (truthy) 189:12 warning truthy value should be one of [false, true] (truthy) 190:12 warning truthy value should be one of [false, true] (truthy) test/salt/pillar/default.sls 25:89 error line too long (91 > 88 characters) (line-length) 175:89 error line too long (102 > 88 characters) (line-length) 180:89 error line too long (102 > 88 characters) (line-length) 181:89 error line too long (100 > 88 characters) (line-length) 184:89 error line too long (94 > 88 characters) (line-length) ```
2019-08-07 18:37:06 +02:00
# You can specify octal mode for directories as well.
# This won't work on Windows minions
# dir_mode: 775
sym_mode: 640
exclude_pat: "*.gitignore"
## Absent user
cuser:
absent: true
purge: true
force: true
## Old syntax of absent_users still supported
absent_users:
- donald
- bad_guy