blob: 7a0c98b187f561ec99286a325718838644da0ef2 [file] [log] [blame]
{%- from "linux/map.jinja" import system with context %}
{%- if system.enabled %}
include:
- linux.system.group
{%- for name, user in system.user.items() %}
{%- if user.enabled %}
{%- set requires = [] %}
{%- for group in user.get('groups', []) %}
{%- if group in system.get('group', {}).keys() %}
{%- do requires.append({'group': 'system_group_'+group}) %}
{%- endif %}
{%- endfor %}
{%- if user.gid is not defined %}
system_group_{{ name }}:
group.present:
- name: {{ name }}
- require_in:
- user: system_user_{{ name }}
{%- endif %}
system_user_{{ name }}:
user.present:
- name: {{ name }}
- home: {{ user.home }}
{% if user.get('password') == False %}
- enforce_password: false
{% elif user.get('password') == None %}
- enforce_password: true
- password: '*'
{% elif user.get('password') %}
- enforce_password: true
- password: {{ user.password }}
- hash_password: {{ user.get('hash_password', False) }}
{% endif %}
- gid_from_name: true
{%- if user.groups is defined %}
- groups: {{ user.groups }}
{%- endif %}
{%- if user.system is defined and user.system %}
- system: True
- shell: {{ user.get('shell', '/bin/false') }}
{%- else %}
- shell: {{ user.get('shell', '/bin/bash') }}
{%- endif %}
{%- if user.uid is defined and user.uid %}
- uid: {{ user.uid }}
{%- endif %}
- require: {{ requires|yaml }}
system_user_home_{{ user.home }}:
file.directory:
- name: {{ user.home }}
- user: {{ name }}
- mode: {{ user.get('home_dir_mode', 700) }}
- makedirs: true
- require:
- user: system_user_{{ name }}
{%- if user.get('sudo', False) %}
/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
file.managed:
- source: salt://linux/files/sudoer
- template: jinja
- user: root
- group: root
- mode: 440
- defaults:
user_name: {{ name }}
- require:
- user: system_user_{{ name }}
- check_cmd: /usr/sbin/visudo -c -f
{%- else %}
/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
file.absent
{%- endif %}
{%- else %}
system_user_{{ name }}:
user.absent:
- name: {{ name }}
system_user_home_{{ user.home }}:
file.absent:
- name: {{ user.home }}
/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
file.absent
{%- endif %}
{%- endfor %}
{%- endif %}