flipdot/static-pages-formula
23
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

create static sites/users from pillar

Browse source
This commit is contained in:
Malte 2024-11-10 20:15:43 +01:00
commit 463cd7d089
3 changed files with 65 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
pillar.example Normal file
View file

@ -0,0 +1,9 @@
static_pages:
- site: app1.example.com
- ssh_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZlJ1
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZlJ2
- site: app2.example.com
- ssh_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZlJ3
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZlJ4

50
static_pages/init.sls Normal file
View file

@ -0,0 +1,50 @@
sftp_only_group_present:
group.present:
- name: sftponly
www-data_group_present:
group.present:
- name: www-data
{% for page in salt['pillar.get']('static_pages', []) %}
{{ page.site }} user present:
user.present:
- name: {{ page.site }}
- home: /opt/static_pages/{{ page.site }}
- groups:
- sftponly
- www-data
- shell: /bin/false
set_homdirectory_perms_{{ page.site }}:
file.directory:
- name: /opt/static_pages/{{ page.site }}
- user: {{ page.site }}
- group: {{ page.site }}
- mode: 755
{{ page.site }} ssh public key present:
ssh_auth.present:
- user: {{ page.site }}
- config: '%h/.ssh/authorized_keys'
- names: {{ page.ssh_keys }}
{% endfor %}
sftp_only_config_present:
file.managed:
- name: /etc/ssh/sshd_config.d/sftp_only.conf
- source: salt://static_pages/sftp.config
- user: root
- group: root
- mode: 644
- template: jinja
project dir for static_pages:
file.directory:
- name: /opt/static_pages
- user: root
- group: root
- mode: 755

6
static_pages/sftp.config Normal file
View file

@ -0,0 +1,6 @@
Match group sftponly
ChrootDirectory /opt/static_pages
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
ForceCommand internal-sftp -d /%u