mirror of
https://github.com/saltstack-formulas/users-formula.git
synced 2024-11-30 21:45:43 +01:00
Modified Private Keys and Sudoers
Changed Private keys to have content within pillar rather than the salt file repository. Changes sudoers entry to get values from pillar rather than assuming all sudo users want root.
This commit is contained in:
parent
8785bc76af
commit
ebe5198f9d
@ -76,14 +76,14 @@ user_keydir_{{ name }}:
|
|||||||
- group: {{ group }}
|
- group: {{ group }}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
{% if 'privkey' in user %}
|
{% if 'ssh_keys' in user %}
|
||||||
user_{{ name }}_private_key:
|
user_{{ name }}_private_key:
|
||||||
file.managed:
|
file.managed:
|
||||||
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa
|
- name: {{ user.get('home', '/home/{0}'.format(name)) }}/.ssh/id_rsa
|
||||||
- user: {{ name }}
|
- user: {{ name }}
|
||||||
- group: {{ user_group }}
|
- group: {{ user_group }}
|
||||||
- mode: 600
|
- mode: 600
|
||||||
- source: salt://keys/{{ user['privkey'] }}
|
- contents: {{ user['ssh_keys']['privkey'] }}
|
||||||
- require:
|
- require:
|
||||||
- user: {{ name }}_user
|
- user: {{ name }}_user
|
||||||
{% for group in user.get('groups', []) %}
|
{% for group in user.get('groups', []) %}
|
||||||
@ -95,7 +95,7 @@ user_{{ name }}_public_key:
|
|||||||
- user: {{ name }}
|
- user: {{ name }}
|
||||||
- group: {{ name }}
|
- group: {{ name }}
|
||||||
- mode: 644
|
- mode: 644
|
||||||
- source: salt://keys/{{ user['privkey'] }}.pub
|
- contents: {{ user['ssh_keys']['pubkey'] }}
|
||||||
- require:
|
- require:
|
||||||
- user: {{ name }}_user
|
- user: {{ name }}_user
|
||||||
{% for group in user.get('groups', []) %}
|
{% for group in user.get('groups', []) %}
|
||||||
@ -127,7 +127,9 @@ sudoer-{{ name }}:
|
|||||||
/etc/sudoers.d/{{ name }}:
|
/etc/sudoers.d/{{ name }}:
|
||||||
file.append:
|
file.append:
|
||||||
- text:
|
- text:
|
||||||
- "{{ name }} ALL=(ALL) NOPASSWD: ALL"
|
{% for rule in user.get('sudo_rules', []) %}
|
||||||
|
- {{ rule }}
|
||||||
|
{% endfor %}
|
||||||
- require:
|
- require:
|
||||||
- file: sudoer-defaults
|
- file: sudoer-defaults
|
||||||
- file: sudoer-{{ name }}
|
- file: sudoer-{{ name }}
|
||||||
|
Loading…
Reference in New Issue
Block a user