create separate user for salt api pam auth
This commit is contained in:
wh1te909
parent
a13e06cd8d
commit
9b7d736da2
15
install.sh
15
install.sh
|
|
@ -7,6 +7,7 @@ fi
|
|||
|
||||
|
||||
DJANGO_SEKRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 50 | head -n 1)
|
||||
SALTPW=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)
|
||||
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
|
|
@ -32,8 +33,6 @@ echo -ne "${YELLOW}Create a username for the postgres database${NC}: "
|
|||
read pgusername
|
||||
echo -ne "${YELLOW}Create a password for the postgres database${NC}: "
|
||||
read pgpw
|
||||
echo -ne "${YELLOW}Enter your linux password for ${GREEN}${USER}${NC}: "
|
||||
read linuxpw
|
||||
echo -ne "${YELLOW}Enter the backend API domain for the rmm${NC}: "
|
||||
read rmmdomain
|
||||
echo -ne "${YELLOW}Enter the frontend domain for the rmm${NC}: "
|
||||
|
|
@ -48,6 +47,12 @@ echo -ne "${YELLOW}Please use google authenticator and enter TOTP code${NC}: "
|
|||
read twofactor
|
||||
|
||||
|
||||
print_green 'Creating saltapi user'
|
||||
|
||||
sudo adduser --no-create-home --disabled-password --gecos "" saltapi
|
||||
echo "saltapi:${SALTPW}" | sudo chpasswd
|
||||
|
||||
|
||||
print_green 'Installing Nginx'
|
||||
|
||||
sudo add-apt-repository -y ppa:nginx/stable
|
||||
|
|
@ -198,8 +203,8 @@ EMAIL_HOST_PASSWORD = 'yourgmailpassword'
|
|||
EMAIL_PORT = 587
|
||||
EMAIL_ALERT_RECIPIENTS = ["jsmith@example.com",]
|
||||
|
||||
SALT_USERNAME = "${USER}"
|
||||
SALT_PASSWORD = "${linuxpw}"
|
||||
SALT_USERNAME = "saltapi"
|
||||
SALT_PASSWORD = "${SALTPW}"
|
||||
MESH_USERNAME = "${meshusername}"
|
||||
MESH_SITE = "https://${meshdomain}"
|
||||
TWO_FACTOR_OTP = "${twofactor}"
|
||||
|
|
@ -375,7 +380,7 @@ gather_job_timeout: 30
|
|||
max_event_size: 30485760
|
||||
external_auth:
|
||||
pam:
|
||||
${USER}:
|
||||
saltapi:
|
||||
- .*
|
||||
- '@runner'
|
||||
- '@wheel'
|
||||
|
|
|
|||
Loading…
Reference in New Issue