{% for user in salt.pillar.get('authorized_keys').keys() %}
  {% set home = '' if user == 'root' else '/home' %}

  {% if user != 'root' %}
{{ home }}/{{ user }}/.ssh:
  file.directory:
    - user: {{ user }}
    - group: {{ user }}
    - mode: 700
  {% endif %}

{{ home }}/{{ user }}/.ssh/authorized_keys:
  file.managed:
    - template: jinja
    - source: salt://users/files/authorized_keys.jinja
    - user: {{ user }}
    - group: {{ user }}
    - mode: 400
    - context:
        user: {{ user }}
    - require:
      - file: {{ home }}/{{ user }}/.ssh

{% endfor %}

{% if salt.pillar.get('manage_root_bashrc', False) %}
/root/.bashrc:
  file.managed:
    - source: 'salt://users/files/bashrc.jinja'
    - template: jinja
    - user: root
    - group: root
    - mode: 0640
    - context:
      bashrc_user: root
{% endif %}

/root/.ssh:
  file.directory:
    - user: root
    - group: root
    - mode: 700

{% if salt.pillar.get("ssh_hosts:root", None) is not none or salt.pillar.get('restic:client:environ:RESTIC_REPOSITORY', '').startswith('sftp:') %}
/root/.ssh/config:
  file.managed:
    - source: 'salt://users/files/ssh_hosts.jinja'
    - template: jinja
    - user: root
    - group: root
    - mode: 400
    - context:
      user: root
    - require:
      - file: /root/.ssh
{% endif %}

{% for group in salt.pillar.get('sys_groups') %}
{{ group }}:
  group.present:
    - system: True
{% endfor %}

{% for user, data in salt.pillar.get('users', {}).items() %}

{{ user }}_user:
  user.present:
    - name: {{ user }}
    - shell: {{ data.get('shell', '/bin/bash')|yaml_encode }}
{% if 'groups' in data %}
    - groups:
{%   for group in data['groups'] %}
      - {{ group|yaml_encode }}
{%   endfor %}
{% endif %}

{% if data.get('manage_bashrc', False) %}
/home/{{ user }}/.bashrc:
  file.managed:
    - source: 'salt://users/files/bashrc.jinja'
    - template: jinja
    - user: {{ user }}
    - group: {{ user }}
    - mode: 0640
    - context:
      bashrc_user: {{ user }}
    - require:
      - user: {{ user }}_user
{% endif %}

{% if salt.pillar.get('ssh_hosts', {}).get(user, None) is not none %}
/home/{{ user }}/.ssh/config:
  file.managed:
    - source: 'salt://users/files/ssh_hosts.jinja'
    - template: jinja
    - user: {{ user }}
    - group: {{ user }}
    - mode: 0400
    - context:
      user: keiran
    - require:
      - file: /home/{{ user }}/.ssh
{% endif %}

{% endfor %}