/admins.sls

## admins.sls
users:
## Full list of pillar values
  dnasar:
    fullname: Devin Nasar
    # password:
    enforce_password: False
    # WARNING: If 'empty_password' is set to True, the 'password' statement
    # will be ignored by enabling password-less login for the user.
    empty_password: True
    system: False
    home: /custom/dnasar
    user_dir_mode: 750
    createhome: True
    # roomnumber: "A-1"
    # workphone: "(555) 555-5555"
    # homephone: "(555) 555-5551"
    # manage_vimrc: False
    # manage_bashrc: False
    # manage_profile: False
    # expire: 16426
    # sudouser: True
    # sudo_rules doesn't need the username as a prefix for the rule
    # this is added automatically by the formula.
    # ----------------------------------------------------------------------
    # In case your sudo_rules have a colon please have in mind to not leave
    # spaces around it. For example:
    # ALL=(ALL) NOPASSWD: ALL    <--- THIS WILL NOT WORK (Besides syntax is ok)
    # ALL=(ALL) NOPASSWD:ALL     <--- THIS WILL WORK
    # sudo_rules:
    #   - ALL=(root) /usr/bin/find
    #   - ALL=(otheruser) /usr/bin/script.sh
    # sudo_defaults:
      # - '!requiretty'
    shell: /bin/bash
    remove_groups: False
    # DN - I don't really understand the idea of 'prime groups'
    # prime_group:
    #   name: otadmin
    #   gid: 4000
    groups:
      - otadmin
      # optional_groups:
      # - some_groups_that_might
      # - not_exist_on_all_minions
    ssh_key_type: rsa
    # You can inline the private keys ...
    # ssh_keys:
      # privkey: PRIVATEKEY
      # pubkey: PUBLICKEY
    # ... or you can pull them from a different pillar,
    # for example one called "ssh_keys":
    # ssh_keys_pillar:
      # id_rsa: "ssh_keys"
      # another_key_pair: "ssh_keys"
    # ssh_auth:
      # - PUBLICKEY
    # ssh_auth.absent:
      # - PUBLICKEY_TO_BE_REMOVED
    # Generates an authorized_keys file for the user
    # with the given keys
    # ssh_auth_file:
      # - PUBLICKEY
    # ... or you can pull them from a different pillar similar to ssh_keys_pillar
    # ssh_auth_pillar:
      # id_rsa: "ssh_keys"
    # If you prefer to keep public keys as files rather
    # than inline in pillar, this works.
    ssh_auth_sources:
      - salt://public_keys/dnasar_OTWS0049.id_rsa.pub
      - salt://public_keys/dnasar_OTMD0016.id_rsa.pub
    # Manage the ~/.ssh/config file
    ssh_known_hosts:
      # importanthost:
      #   fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
    ssh_known_hosts.absent:
      # - notimportanthost
    # DN - Wow! this will generate our config files for us. WOOT!
    ssh_config:
      all:
        hostname: "*"
        options:
          - "StrictHostKeyChecking no"
          - "UserKnownHostsFile=/dev/null"
      importanthost:
        hostname: "needcheck.example.com"
        options:
          - "StrictHostKeyChecking yes"

    # Using gitconfig without Git installed will result in an error
    # https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:
    # This state module now requires git 1.6.5 (released 10 October 2009) or newer.
    # gitconfig:
    #   user.name: B User
    #   user.email: buser@example.com
    #   url."https://".insteadOf: "git://"

    # google_2fa: True
    # google_auth:
    #   ssh: |
    #     SOMEGAUTHHASHVAL
    #     " RESETTING_TIME_SKEW 46956472+2 46991595-2
    #     " RATE_LIMIT 3 30 1415800560
    #     " DISALLOW_REUSE 47193352
    #     " TOTP_AUTH
    #     11111111
    #     22222222
    #     33333333
    #     44444444
    #     55555555
    # uid: 1001

    user_files:
      enabled: True
      # 'source' allows you to define an arbitrary directory to sync, useful to use for default files.
      # should be a salt fileserver path either with or without 'salt://'
      # if not present, it defaults to 'salt://users/files/user/<username>
      source: salt://users/files/dnasar

  ## Absent user
  ctierney:
    absent: True
    purge: True
    force: True


  ## Old syntax of absent_users still supported
  # absent_users:
  # - donald
  # - bad_guy
	users:
	## Full list of pillar values
	dnasar:
	fullname: Devin Nasar
	# password:
	enforce_password: False
	# WARNING: If 'empty_password' is set to True, the 'password' statement
	# will be ignored by enabling password-less login for the user.
	empty_password: True
	system: False
	home: /custom/dnasar
	user_dir_mode: 750
	createhome: True
	# roomnumber: "A-1"
	# workphone: "(555) 555-5555"
	# homephone: "(555) 555-5551"
	# manage_vimrc: False
	# manage_bashrc: False
	# manage_profile: False
	# expire: 16426
	# sudouser: True
	# sudo_rules doesn't need the username as a prefix for the rule
	# this is added automatically by the formula.
	# ----------------------------------------------------------------------
	# In case your sudo_rules have a colon please have in mind to not leave
	# spaces around it. For example:
	# ALL=(ALL) NOPASSWD: ALL <--- THIS WILL NOT WORK (Besides syntax is ok)
	# ALL=(ALL) NOPASSWD:ALL <--- THIS WILL WORK
	# sudo_rules:
	# - ALL=(root) /usr/bin/find
	# - ALL=(otheruser) /usr/bin/script.sh
	# sudo_defaults:
	# - '!requiretty'
	shell: /bin/bash
	remove_groups: False
	# DN - I don't really understand the idea of 'prime groups'
	# prime_group:
	# name: otadmin
	# gid: 4000
	groups:
	- otadmin
	# optional_groups:
	# - some_groups_that_might
	# - not_exist_on_all_minions
	ssh_key_type: rsa
	# You can inline the private keys ...
	# ssh_keys:
	# privkey: PRIVATEKEY
	# pubkey: PUBLICKEY
	# ... or you can pull them from a different pillar,
	# for example one called "ssh_keys":
	# ssh_keys_pillar:
	# id_rsa: "ssh_keys"
	# another_key_pair: "ssh_keys"
	# ssh_auth:
	# - PUBLICKEY
	# ssh_auth.absent:
	# - PUBLICKEY_TO_BE_REMOVED
	# Generates an authorized_keys file for the user
	# with the given keys
	# ssh_auth_file:
	# - PUBLICKEY
	# ... or you can pull them from a different pillar similar to ssh_keys_pillar
	# ssh_auth_pillar:
	# id_rsa: "ssh_keys"
	# If you prefer to keep public keys as files rather
	# than inline in pillar, this works.
	ssh_auth_sources:
	- salt://public_keys/dnasar_OTWS0049.id_rsa.pub
	- salt://public_keys/dnasar_OTMD0016.id_rsa.pub
	# Manage the ~/.ssh/config file
	ssh_known_hosts:
	# importanthost:
	# fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
	ssh_known_hosts.absent:
	# - notimportanthost
	# DN - Wow! this will generate our config files for us. WOOT!
	ssh_config:
	all:
	hostname: "*"
	options:
	- "StrictHostKeyChecking no"
	- "UserKnownHostsFile=/dev/null"
	importanthost:
	hostname: "needcheck.example.com"
	options:
	- "StrictHostKeyChecking yes"

	# Using gitconfig without Git installed will result in an error
	# https://docs.saltstack.com/en/latest/ref/states/all/salt.states.git.html:
	# This state module now requires git 1.6.5 (released 10 October 2009) or newer.
	# gitconfig:
	# user.name: B User
	# user.email: buser@example.com
	# url."https://".insteadOf: "git://"

	# google_2fa: True
	# google_auth:
	# ssh: \|
	# SOMEGAUTHHASHVAL
	# " RESETTING_TIME_SKEW 46956472+2 46991595-2
	# " RATE_LIMIT 3 30 1415800560
	# " DISALLOW_REUSE 47193352
	# " TOTP_AUTH
	# 11111111
	# 22222222
	# 33333333
	# 44444444
	# 55555555
	# uid: 1001

	user_files:
	enabled: True
	# 'source' allows you to define an arbitrary directory to sync, useful to use for default files.
	# should be a salt fileserver path either with or without 'salt://'
	# if not present, it defaults to 'salt://users/files/user/<username>
	source: salt://users/files/dnasar

	## Absent user
	ctierney:
	absent: True
	purge: True
	force: True


	## Old syntax of absent_users still supported
	# absent_users:
	# - donald
	# - bad_guy