## All users of the following list will be created if not present#users-present:thorsten.kramm:firstname:Thorstenlastname:Krammsudo:Truemax.mustermann:firstname:Maxlastname:Mustermannsudo:False## Delete users#users-absent: - mausi
User per State ausrollen
/srv/salt/users/init.sls
sudo:pkg.installed: []## Iterate over all users-present from the pillar and create users if needed#{% for username,user in pillar['users-present'].items() %}{{ username }}-group:group.present: - name: {{ username }}{{ username }}:user.present: - fullname: {{ user['firstname'] }} {{ user['lastname'] }} - shell:/bin/bash - home:/home/{{ username }} - createhome:true - system:false - groups: - {{ username }} - require: - group: {{ username }}-group## Deploy the public SSH Key of the user#{{ username }}-key:ssh_auth.present: - user: {{ username }} - source: - salt://users/ssh-keys/{{ username }}.pub - salt://users/ssh-keys/null.pub - require: - user: {{ username }}## Create or remove sudo file#{% if user['sudo'] == True %}/etc/sudoers.d/{{ username|replace(".", "_") }}:file.managed: - contents: {{ username }} ALL=(ALL) NOPASSWD:ALL - mode:0440 - user:root - require: - pkg:sudo - user: {{ username }}{% else %}/etc/sudoers.d/{{ username|replace(".", "_") }}:file.absent: []{% endif %}{% endfor %}{% if pillar['users-absent'] is defined %}{% for absent_user in pillar['users-absent'] %}## Delete the user#{{ absent_user }}-absent:user.absent: - name: {{ absent_user }} - purge:True - force:True## Delete the sudoers entry#/etc/sudoers.d/{{ absent_user }}-absent:file.absent: - name:/etc/sudoers.d/{{ absent_user }}{% endfor %}{% endif %}
Beachten Sie {{ username|replace(".", "_") }}in Zeile 38. Sudo-Dateien dürfen keine Punkte im Dateinamen enthalten.
