Benutzer zentral in Pillars verwalten
#
# All users of the following list will be created if not present
#
users_present:
thorsten.kramm:
firstname: Thorsten
lastname: Kramm
sudo: True
max.mustermann:
firstname: Max
lastname: Mustermann
sudo: False
#
# Delete users
#
users_absent:
- mausiLast updated
sudo:
pkg.installed: []
#
# Iterate over all users-present from the pillar and create users if needed
#
{% for username,user in pillar['users_present'].items() %}
{{ username }}-group:
group.present:
- name: {{ username }}
{{ username }}:
user.present:
- fullname: {{ user['firstname'] }} {{ user['lastname'] }}
- shell: /bin/bash
- home: /home/{{ username }}
- createhome: true
- system: false
- groups:
- {{ username }}
- require:
- group: {{ username }}-group
#
# Deploy the public SSH Key of the user
#
{{ username }}-key:
ssh_auth.present:
- user: {{ username }}
- source: salt://users/ssh-keys/{{ username }}.pub
- require:
- user: {{ username }}
#
# Create or remove sudo file
#
{% if user['sudo'] == True %}
/etc/sudoers.d/{{ username|replace(".", "_") }}:
file.managed:
- contents: {{ username }} ALL=(ALL) NOPASSWD:ALL
- mode: 0440
- user: root
- require:
- pkg: sudo
- user: {{ username }}
{% else %}
/etc/sudoers.d/{{ username|replace(".", "_") }}:
file.absent: []
{% endif %}
{% endfor %}
{% if pillar['users_absent'] is defined %}
{% for absent_user in pillar['users_absent'] %}
#
# Delete the user
#
{{ absent_user }}-absent:
user.absent:
- name: {{ absent_user }}
- purge: True
- force: True
#
# Delete the sudoers entry
#
/etc/sudoers.d/{{ absent_user }}-absent:
file.absent:
- name: /etc/sudoers.d/{{ absent_user }}
{% endfor %}
{% endif %}