Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- formulas/accounts/users.sls:
- {% import '_grains/map.jinja' as grain %}
- {% from 'accounts/map.jinja' import accounts with context %}
- {% for username, details in accounts.get('users', {}).items() %}
- {% if (details.get('components') is not none and grain.component in details.get('components')) or (details.get('environments') is not none and grain.env in details.get('environments')) or (details.get('environments') is not none and 'all' in details.get('environments')) %}
- {{ username }}:
- {% if details.get('enabled') == True %}
- group.present:
- - name: {{ username }}
- - gid: {{ details.get('uid') }}
- user.present:
- - fullname: {{ details.get('fullname') }}
- - name: {{ username }}
- - shell: {{ details.get('shell','/bin/bash') }}
- - home: /home/{{ username }}
- - uid: {{ details.get('uid') }}
- - gid: {{ details.get('uid') }}
- {% if 'groups' in details or details.get('sudo') == True %}
- - groups:
- {% for group in details.get('groups', []) %}
- - {{ group }}
- {% endfor %}
- {% if details.get('sudo') == True %}
- - {{ accounts.sudo.group }}
- {% endif %}
- {% endif %}
- {% if 'pubkey' in details %}
- file.directory:
- - name: /home/{{ username }}/.ssh
- - user: {{ username }}
- - group: {{ username }}
- - mode: 0700
- {% endif %}
- {% if 'pubkey' in details %}
- {{ username }}_authorized_keys_file:
- file.managed:
- - name: /home/{{ username }}/.ssh/authorized_keys
- - user: {{ username }}
- - group: {{ username }}
- - contents: "{{ details.get('pubkey') }}"
- - mode: 0600
- {% endif %}
- {% else %}
- user.absent:
- - name: {{ username }}
- {% endif %}
- {% endif %}
- {% endfor %}
- pillars/accounts/init.sls:
- accounts:
- groups:
- admin:
- gid: 200
- dashboards:
- gid: 303
- dev:
- gid: 301
- users:
- jsmith:
- fullname: John Smith
- shell: /bin/bash
- uid: 1000
- groups:
- - admin
- pubkey: ssh-rsa <ssh public key> jsmith@acme.com
- sudo: True
- enabled: True
- environments:
- - all
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement