0
0
mirror of https://github.com/saltstack-formulas/users-formula.git synced 2024-11-30 21:45:43 +01:00

Modified Private Keys and Sudoers

Changed Private keys to have content within pillar rather than the salt
file repository.

Changes sudoers entry to get values from pillar rather than assuming
all sudo users want root.
This commit is contained in:
madflojo 2014-01-29 19:53:09 -07:00
parent 8785bc76af
commit ebe5198f9d

View File

@ -76,14 +76,14 @@ user_keydir_{{ name }}:
- group: {{ group }} - group: {{ group }}
{%- endfor %} {%- endfor %}
{% if 'privkey' in user %} {% if 'ssh_keys' in user %}
user_{{ name }}_private_key: user_{{ name }}_private_key:
file.managed: file.managed:
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa - name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa
- user: {{ name }} - user: {{ name }}
- group: {{ user_group }} - group: {{ user_group }}
- mode: 600 - mode: 600
- source: salt://keys/{{ user['privkey'] }} - contents: {{ user['ssh_keys']['privkey'] }}
- require: - require:
- user: {{ name }}_user - user: {{ name }}_user
{% for group in user.get('groups', []) %} {% for group in user.get('groups', []) %}
@ -95,7 +95,7 @@ user_{{ name }}_public_key:
- user: {{ name }} - user: {{ name }}
- group: {{ name }} - group: {{ name }}
- mode: 644 - mode: 644
- source: salt://keys/{{ user['privkey'] }}.pub - contents: {{ user['ssh_keys']['pubkey'] }}
- require: - require:
- user: {{ name }}_user - user: {{ name }}_user
{% for group in user.get('groups', []) %} {% for group in user.get('groups', []) %}
@ -127,7 +127,9 @@ sudoer-{{ name }}:
/etc/sudoers.d/{{ name }}: /etc/sudoers.d/{{ name }}:
file.append: file.append:
- text: - text:
- "{{ name }} ALL=(ALL) NOPASSWD: ALL" {% for rule in user.get('sudo_rules', []) %}
- {{ rule }}
{% endfor %}
- require: - require:
- file: sudoer-defaults - file: sudoer-defaults
- file: sudoer-{{ name }} - file: sudoer-{{ name }}