{% set user_pillars = salt.pillar.get('users',['unix']) %}{% for user, user_da

1. {% set user_pillars = salt.pillar.get('users',['unix']) %}
2.  
3. {% for user, user_data in user_pillars.items() %}
4.  
5. {% if 'account_type' in user_data %}
6.  
7. {% if user_data.account_type == 'ldap' %}
8.  
9. {% set derived_group = 'users' %}
10. {% set derived_gid = 100 %}
11.  
12. {% endif %} # ldap
13.  
14. {% else %}
15.  
16. {% set derived_group = user_data.name %}
17. {% set derived_gid = user_data.gid %}
18.  
19. user_{{user_data.name}}:
20.  
21. {% if 'gid' in user_data %}
22.  
23. group.present:
24. - name: {{user_data.name}}
25. - gid: {{user_data.gid}}
26.  
27. {% endif %} # gid
28.  
29. user.present:
30. - name: {{user_data.name}}
31. - fullname: {{user_data.fullname}}
32. {% if 'shadow' in user_data %}
33. - password: {{user_data.shadow}}
34. {% endif %}
35. {% if 'shell' in user_data %}
36. - shell: {{user_data.shell}}
37. {% endif %}
38. - uid: {{user_data.uid}}
39. - gid: {{derived_gid}}
40.  
41. {% if 'gid' in user_data %}
42. - require:
43. - group: user_{{user_data.name}}
44. {% endif %} # gid
45.  
46. {% endif %} # account_type
47.  
48. {% if 'groups' in user_data %}
49. {% for group in user_data.groups %}
50.  
51. auth_group_{{group}}_{{user_data.name}}:
52. group.present:
53. - name: {{group}}
54. - require:
55. - service: sssd
56. - file: /etc/nsswitch.conf
57. - addusers:
58. - {{ user_data.name }}
59.  
60. {% endfor %} # groups
61. {% endif %} # groups
62.  
63. user_{{user_data.name}}_homedir:
64. file.directory:
65. - name: /home/{{user_data.name}}
66. - user: {{user_data.name}}
67. - group: {{derived_group}}
68. - mode: 0751
69. - makedirs: true
70. - require:
71. - service: sssd
72. - file: /etc/nsswitch.conf
73.  
74. user_{{user_data.name}}_sshdir:
75. file.directory:
76. - name: /home/{{user_data.name}}/.ssh
77. - user: {{user_data.name}}
78. - group: {{derived_group}}
79. - mode: 0700
80. - require:
81. - service: sssd
82. - file: /etc/nsswitch.conf
83.  
84. {% if 'email' in user_data %}
85.  
86. user_{{user_data.name}}_forward:
87. file.append:
88. - name: /home/{{user_data.name}}/.forward
89. - text: {{user_data.email}}
90. - require:
91. - service: sssd
92. - file: /etc/nsswitch.conf
93.  
94. {% endif %} # email
95.  
96. {% if 'authkey' in user_data %}
97.  
98. user_{{user_data.name}}_authkeys:
99. ssh_auth.present:
100. - user: {{user_data.name}}
101. - name: {{user_data.authkey}}
102. - require:
103. - service: sssd
104. - file: /etc/nsswitch.conf
105.  
106. {% endif %} # authkey
107.  
108. {% if 'sshpub' in user_data %}
109.  
110. user_{{user_data.name}}_sshpub:
111. file.managed:
112. - name: /home/{{user_data.name}}/.ssh/id_rsa.pub
113. - user: {{user_data.name}}
114. - group: {{derived_group}}
115. - mode: 0600
116. - contents_pillar: users:{{user}}:sshpub
117. - require:
118. - service: sssd
119. - file: /etc/nsswitch.conf
120.  
121. {% endif %} # sshpub
122.  
123. {% if 'sshpriv' in user_data %}
124.  
125. user_{{user_data.name}}_sshpriv:
126. file.managed:
127. - name: /home/{{user_data.name}}/.ssh/id_rsa
128. - user: {{user_data.name}}
129. - group: {{derived_group}}
130. - mode: 0600
131. - contents_pillar: users:{{user}}:sshpriv
132. - require:
133. - service: sssd
134. - file: /etc/nsswitch.conf
135.  
136. {% endif %} # sshpriv
137.  
138. {% endfor %}