create static sites/users from pillar

2024-11-10 20:15:43 +01:00 · 2024-11-10 20:15:43 +01:00 · 463cd7d089
commit 463cd7d089
3 changed files with 65 additions and 0 deletions
--- a/pillar.example
+++ b/pillar.example
@ -0,0 +1,9 @@
+static_pages:
+  - site: app1.example.com
+    - ssh_keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZlJ1
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZlJ2
+  - site: app2.example.com
+    - ssh_keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZlJ3
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZlJ4
--- a/static_pages/init.sls
+++ b/static_pages/init.sls
@ -0,0 +1,50 @@
+sftp_only_group_present:
+  group.present:
+    - name: sftponly
+
+www-data_group_present:
+  group.present:
+    - name: www-data
+
+
+{% for page in salt['pillar.get']('static_pages', []) %}
+{{ page.site }} user present:
+  user.present:
+    - name: {{ page.site }}
+    - home: /opt/static_pages/{{ page.site }}
+    - groups:
+      - sftponly
+      - www-data
+    - shell: /bin/false
+
+set_homdirectory_perms_{{ page.site }}:
+  file.directory:
+    - name: /opt/static_pages/{{ page.site }}
+    - user: {{ page.site }}
+    - group: {{ page.site }}
+    - mode: 755
+
+
+{{ page.site }} ssh public key present:
+  ssh_auth.present:
+    - user: {{ page.site }}
+    - config: '%h/.ssh/authorized_keys'
+    - names: {{ page.ssh_keys }}
+
+{% endfor %}
+
+sftp_only_config_present:
+  file.managed:
+    - name: /etc/ssh/sshd_config.d/sftp_only.conf
+    - source: salt://static_pages/sftp.config
+    - user: root
+    - group: root
+    - mode: 644
+    - template: jinja
+
+project dir for static_pages:
+  file.directory:
+    - name: /opt/static_pages
+    - user: root
+    - group: root
+    - mode: 755
--- a/static_pages/sftp.config
+++ b/static_pages/sftp.config
@ -0,0 +1,6 @@
+Match group sftponly
+     ChrootDirectory /opt/static_pages
+     X11Forwarding no
+     AllowTcpForwarding no
+     AllowAgentForwarding no
+     ForceCommand internal-sftp -d /%u