Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {%- from "linux/map.jinja" import system with context %}
- {%- if system.enabled %}
- {%- for user, args in system.get('user', {}).iteritems() %}
- {%- if user.enabled %}
- system_user_{{ user }}:
- user.present:
- - name: {{ user }}
- - fullname: {{ args.fullname }}
- - home: {{ args.home }}
- - uid: {{ args.uid }}
- - gid_from_name: true
- {%- if user.password is defined %}
- - password: {{ args.password }}
- - enforce_password: true
- {%-endif %}
- {%- if 'secondary_groups' in user %}
- - optional_groups:
- {%- for group in args['secondary_groups'] %}
- - {{ group }}
- {%- endfor %}
- {%- endif %}
- {%- if args.system is defined and args.system %}
- - system: True
- {%- else %}
- - shell: {{ user.get('shell', '/bin/bash') }}
- {%- endif %}
- # ----- Add public key if present in pillar -----
- {%- if 'public_key' in user %}
- system_user_{{ user }}_public_key:
- file.directory:
- - name: /etc/ssh/keys/{{ user }}
- - user: root
- - group: root
- - mode: '0755'
- - make_dirs: true
- - require:
- - user: {{ user }}
- - group: {{ user }}
- file.managed:
- - name: /etc/ssh/keys/{{ user }}/authorized_keys
- - user: root
- - group: root
- - mode: '0644'
- - contents_pillar: {{ args.public_key }}
- {% endif %}
- {%- if user.get('sudo', False) %}
- /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
- file.managed:
- - source: salt://linux/files/etc/sudoers.d/90-salt-user
- - template: jinja
- - user: root
- - group: root
- - mode: 440
- - defaults:
- user_name: {{ name }}
- - require:
- - user: system_user_{{ name }}
- {%- endif %}
- {%- else %}
- system_user_{{ name }}:
- user.absent:
- - name: {{ name }}
- system_user_home_{{ user.home }}:
- file.absent:
- - name: {{ user.home }}
- /etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
- file.absent
- system_user_{{ user }}_public_key:
- file.absent
- - name: /etc/ssh/keys/{{ user }}
- {%- endif %}
- {%- endfor %}
- {%- endif %}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement