aboutsummaryrefslogtreecommitdiffstats
path: root/opentofu/test-add-user-terraform.yaml
diff options
context:
space:
mode:
authorclyhtsuriva <aimeric@adjutor.xyz>2026-06-25 19:41:56 +0200
committerclyhtsuriva <aimeric@adjutor.xyz>2026-06-25 19:41:56 +0200
commite35b6d8d3859b5e5960ce49c1438aa5af2911433 (patch)
tree659bc3c9a89cbc68a0878f8901fc5835f24bb39c /opentofu/test-add-user-terraform.yaml
parent30c9dd5a2450011a04fb426b9b81b60989d1ce2f (diff)
downloadhomelab-iac-e35b6d8d3859b5e5960ce49c1438aa5af2911433.tar.gz
homelab-iac-e35b6d8d3859b5e5960ce49c1438aa5af2911433.tar.bz2
homelab-iac-e35b6d8d3859b5e5960ce49c1438aa5af2911433.zip
opentofu: starting to experiment with openstack
Diffstat (limited to 'opentofu/test-add-user-terraform.yaml')
-rw-r--r--opentofu/test-add-user-terraform.yaml140
1 files changed, 140 insertions, 0 deletions
diff --git a/opentofu/test-add-user-terraform.yaml b/opentofu/test-add-user-terraform.yaml
new file mode 100644
index 0000000..72d6e51
--- /dev/null
+++ b/opentofu/test-add-user-terraform.yaml
@@ -0,0 +1,140 @@
+#cloud-config
+# Add groups to the system
+# The following example adds the 'admingroup' group with members 'root' and 'sys'
+# and the empty group cloud-users.
+groups:
+ - admingroup: [root,sys]
+ - cloud-users
+
+# Add users to the system. Users are added after groups are added.
+# Note: Most of these configuration options will not be honored if the user
+# already exists. Following options are the exceptions and they are
+# applicable on already-existing users:
+# - 'plain_text_passwd', 'hashed_passwd', 'lock_passwd', 'sudo',
+# 'ssh_authorized_keys', 'ssh_redirect_user'.
+users:
+ - default
+ - name: foobar
+ gecos: Foo B. Bar
+ primary_group: foobar
+ groups: users
+ selinux_user: staff_u
+ expiredate: '2032-09-01'
+ ssh_import_id:
+ - lp:falcojr
+ - gh:TheRealFalcon
+ lock_passwd: false
+# passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
+ passwd: "toto"
+ - name: barfoo
+ gecos: Bar B. Foo
+ sudo: "ALL=(ALL) NOPASSWD:ALL"
+ groups: users, admin
+ ssh_import_id:
+ - lp:falcojr
+ - gh:TheRealFalcon
+ lock_passwd: true
+ - name: testuser
+ gecos: Mr. Test
+ homedir: /local/testdir
+ sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+ - name: cloudy
+ gecos: Magic Cloud App Daemon User
+ inactive: '5'
+ system: true
+ - name: fizzbuzz
+ shell: /bin/bash
+ - snapuser: joe@joeuser.io
+ - name: nosshlogins
+ ssh_redirect_user: true
+
+# Valid Values:
+# name: The user's login name
+# expiredate: Date on which the user's account will be disabled.
+# gecos: The user name's real name, i.e. "Bob B. Smith"
+# homedir: Optional. Set to the local path you want to use. Defaults to
+# /home/<username>
+# primary_group: define the primary group. Defaults to a new group created
+# named after the user.
+# groups: Optional. Additional groups to add the user to. Defaults to none
+# selinux_user: Optional. The SELinux user for the user's login, such as
+# "staff_u". When this is omitted the system will select the default
+# SELinux user.
+# lock_passwd: Defaults to true. Lock the password to disable password login
+# inactive: Number of days after password expires until account is disabled
+# passwd: The hash -- not the password itself -- of the password you want
+# to use for this user. You can generate a hash via:
+# mkpasswd --method=SHA-512 --rounds=4096
+# (the above command would create from stdin an SHA-512 password hash
+# with 4096 salt rounds)
+#
+# Please note: while the use of a hashed password is better than
+# plain text, the use of this feature is not ideal. Also,
+# using a high number of salting rounds will help, but it should
+# not be relied upon.
+#
+# To highlight this risk, running John the Ripper against the
+# example hash above, with a readily available wordlist, revealed
+# the true password in 12 seconds on a i7-2620QM.
+#
+# In other words, this feature is a potential security risk and is
+# provided for your convenience only. If you do not fully trust the
+# medium over which your cloud-config will be transmitted, then you
+# should not use this feature.
+#
+# no_create_home: When set to true, do not create home directory.
+# no_user_group: When set to true, do not create a group named after the user.
+# no_log_init: When set to true, do not initialize lastlog and faillog database.
+# ssh_import_id: Optional. Import SSH ids
+# ssh_authorized_keys: Optional. [list] Add keys to user's authorized keys file
+# An error will be raised if no_create_home or system is
+# also set.
+# ssh_redirect_user: Optional. [bool] Set true to block ssh logins for cloud
+# ssh public keys and emit a message redirecting logins to
+# use <default_username> instead. This option only disables cloud
+# provided public-keys. An error will be raised if ssh_authorized_keys
+# or ssh_import_id is provided for the same user.
+#
+# sudo: Defaults to none. Accepts a sudo rule string, a list of sudo rule
+# strings or False to explicitly deny sudo usage. Examples:
+#
+# Allow a user unrestricted sudo access.
+# sudo: "ALL=(ALL) NOPASSWD:ALL"
+# or
+# sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+#
+# Adding multiple sudo rule strings.
+# sudo:
+# - "ALL=(ALL) NOPASSWD:/bin/mysql"
+# - "ALL=(ALL) ALL"
+#
+# Note: Please double check your syntax and make sure it is valid.
+# cloud-init does not parse/check the syntax of the sudo
+# directive.
+# system: Create the user as a system user. This means no home directory.
+# snapuser: Create a Snappy (Ubuntu-Core) user via the snap create-user
+# command available on Ubuntu systems. If the user has an account
+# on the Ubuntu SSO, specifying the email will allow snap to
+# request a username and any public ssh keys and will import
+# these into the system with username specified by SSO account.
+# If 'username' is not set in SSO, then username will be the
+# shortname before the email domain.
+#
+
+# Default user creation:
+#
+# Unless you define users, you will get a 'ubuntu' user on Ubuntu systems with the
+# legacy permission (no password sudo, locked user, etc). If however, you want
+# to have the 'ubuntu' user in addition to other users, you need to instruct
+# cloud-init that you also want the default user. To do this use the following
+# syntax:
+# users:
+# - default
+# - bob
+# - ....
+# foobar: ...
+#
+# users[0] (the first user in users) overrides the user directive.
+#
+# The 'default' user above references the distro's config set in
+# /etc/cloud/cloud.cfg.