{% for user in salt.pillar.get('authorized_keys').keys() %} {% set home = '' if user == 'root' else '/home' %} {{ home }}/{{ user }}/.ssh: file.directory: - user: {{ user }} - group: {{ user }} - mode: 700 {{ home }}/{{ user }}/.ssh/authorized_keys: file.managed: - template: jinja - source: salt://users/files/authorized_keys.jinja - user: {{ user }} - group: {{ user }} - mode: 400 - context: user: {{ user }} - require: - file: {{ home }}/{{ user }}/.ssh {% endfor %} {% if salt.pillar.get('manage_root_bashrc', False) %} /root/.bashrc: file.managed: - source: 'salt://users/files/bashrc.jinja' - template: jinja - user: root - group: root - mode: 0640 - context: bashrc_user: root {% endif %} #/root/.ssh/config: # file.managed: # - source: 'salt://ssh/files/ssh_config.jinja' # - template: jinja # - user: root # - group: root # - mode: 400 # - require: # - file: /root/.ssh {% for group in salt.pillar.get('sys_groups') %} {{ group }}: group.present: - system: True {% endfor %} {% for user, data in salt.pillar.get('users', {}).items() %} {{ user }}_user: user.present: - name: {{ user }} - shell: {{ data.get('shell', '/bin/bash')|yaml_encode }} {% if 'groups' in data %} - groups: {% for group in data['groups'] %} - {{ group|yaml_encode }} {% endfor %} {% endif %} {% if data.get('manage_bashrc', False) %} /home/{{ user }}/.bashrc: file.managed: - source: 'salt://users/files/bashrc.jinja' - template: jinja - user: {{ user }} - group: {{ user }} - mode: 0640 - context: bashrc_user: {{ user }} - require: - user: {{ user }}_user {% endif %} {% if 'ssh_config' in data %} /home/{{ user }}/.ssh/config: file.managed: - source: 'salt://users/files/ssh_hosts.jinja' #- contents_pillar: users:{{ user }}:ssh_config - user: {{ user }} - group: {{ user }} - mode: 0400 - require: - file: /home/{{ user }}/.ssh {% endif %} {% endfor %}