Browse Source

additons to set up ssh & gpg access

master
mel 4 months ago
parent
commit
2101ea5ace
Signed by: mel GPG Key ID: 9C4072F04A996990
  1. 66
      me/init.sls
  2. 5
      top.sls

66
me/init.sls

@ -10,5 +10,71 @@ initpkgs:
pkg.installed:
- pkgs:
- git
- gnupg
- pass
gitconfname:
git.config_set:
- name: user.name
- value: {{ grains['git']['user'] }}
- global: True
gitconfemail:
git.config_set:
- name: user.email
- value: {{ grains['git']['email'] }}
- global: True
gitconfsigningkey:
git.config_set:
- name: user.signingkey
- value: {{ grains['git']['signingkey'] }}
- global: True
gitconfgpgsign:
git.config_set:
- name: commit.gpgsign
- value: true
- global: True
sshknownhosts:
ssh_known_hosts:
- present
- name: git.disroot.org
- user: root
- fingerprint: 24:f4:e2:1f:88:ee:59:fd:41:03:a5:20:10:3a:27:48
- fingerprint_hash_type: md5
pubkey:
cmd.run:
- name: gpg --import {{ grains['gpg']['pubkey'] }} 1> /dev/null
- stateful: True
pubkeytrust:
cmd.run:
- name: echo -e "5\ny\n" | gpg --no-tty --command-fd 0 --edit-key {{ grains['git']['email'] }} trust quit
- stateful: True
sshd:
service.running:
- watch:
- file: sshdgpg
sshdgpg:
file.append:
- name: /etc/ssh/sshd_config
- text: StreamLocalBindUnlink yes
gpgagent:
file.managed:
- name: /root/.bashrc
- contents:
- GPG_TTY=$(tty)
- export GPG_TTY
clonepass:
git.cloned:
- name: git@git.disroot.org:me/pass.git
- target: /root/.password-store
- identity: /root/.ssh/{{ grains['git']['user'] }}

5
top.sls

@ -1,3 +1,4 @@
base:
'*':
- me
'roles:me':
- match: grain
- me.init

Loading…
Cancel
Save