up2date

users/files/authorized_keys.jinja

@@ -0,0 +1,3 @@
+{% for comment, key in salt.pillar.get('authorized_keys')[user].items() -%}
+{{ key }} {{ comment }}
+{% endfor -%}

users/init.sls

@@ -1,20 +1,26 @@
 
-{% if salt.pillar.get('root_authorized_keys', None) is not none %}
-/root/.ssh:
+{% for user in salt.pillar.get('authorized_keys').keys() %}
+  {% set home = '' if user == 'root' else '/home' %}
+
+{{ home }}/{{ user }}/.ssh:
   file.directory:
-    - user: root
-    - group: root
+    - user: {{ user }}
+    - group: {{ user }}
     - mode: 700
 
-/root/.ssh/authorized_keys:
+{{ home }}/{{ user }}/.ssh/authorized_keys:
   file.managed:
-    - contents_pillar: root_authorized_keys
-    - user: root
-    - group: root
+    - template: jinja
+    - source: salt://users/files/authorized_keys.jinja
+    - user: {{ user }}
+    - group: {{ user }}
     - mode: 400
+    - context:
+        user: {{ user }}
     - require:
-      - file: /root/.ssh
-{% endif %}
+      - file: {{ home }}/{{ user }}/.ssh
+
+{% endfor %}
 
 {% if salt.pillar.get('manage_root_bashrc', False) %}
 /root/.bashrc:
@@ -71,27 +77,6 @@
       - user: {{ user }}_user
 {% endif %}
 
-{% if 'authorized_keys' in data or 'ssh_config' in data %}
-/home/{{ user }}/.ssh:
-  file.directory:
-    - user: {{ user }}
-    - group: {{ user }}
-    - mode: 0700
-    - require:
-      - user: {{ user }}_user
-{% endif %}
-
-{% if 'authorized_keys' in data %}
-/home/{{ user }}/.ssh/authorized_keys:
-  file.managed:
-    - contents_pillar: users:{{ user }}:authorized_keys
-    - user: {{ user }}
-    - group: {{ user }}
-    - mode: 0400
-    - require:
-      - file: /home/{{ user }}/.ssh
-{% endif %}
-
 {% if 'ssh_config' in data %}
 /home/{{ user }}/.ssh/config:
   file.managed: