{% if salt.pillar.get('root_authorized_keys', None) is not none %} /root/.ssh: file.directory: - user: root - group: root - mode: 700 /root/.ssh/authorized_keys: file.managed: - contents_pillar: root_authorized_keys - user: root - group: root - mode: 400 - require: - file: /root/.ssh {% endif %} {% if salt.pillar.get('manage_root_bashrc', False) %} /root/.bashrc: file.managed: - source: 'salt://users/files/bashrc.jinja' - template: jinja - user: root - group: root - mode: 0640 - context: bashrc_user: root {% endif %} #/root/.ssh/config: # file.managed: # - source: 'salt://ssh/files/ssh_config.jinja' # - template: jinja # - user: root # - group: root # - mode: 400 # - require: # - file: /root/.ssh {% for group in salt.pillar.get('sys_groups') %} {{ group }}: group.present: - system: True {% endfor %} {% for user, data in salt.pillar.get('users', {}).items() %} {{ user }}_user: user.present: - name: {{ user }} - shell: {{ data.get('shell', '/bin/bash')|yaml_encode }} {% if 'groups' in data %} - groups: {% for group in data['groups'] %} - {{ group|yaml_encode }} {% endfor %} {% endif %} {% if data.get('manage_bashrc', False) %} /home/{{ user }}/.bashrc: file.managed: - source: 'salt://users/files/bashrc.jinja' - template: jinja - user: {{ user }} - group: {{ user }} - mode: 0640 - require: - user: {{ user }}_user {% endif %} {% if 'authorized_keys' in data or 'ssh_config' in data %} /home/{{ user }}/.ssh: file.directory: - user: {{ user }} - group: {{ user }} - mode: 0700 - require: - user: {{ user }}_user {% endif %} {% if 'authorized_keys' in data %} /home/{{ user }}/.ssh/authorized_keys: file.managed: - contents_pillar: users:{{ user }}:authorized_keys - user: {{ user }} - group: {{ user }} - mode: 0400 - require: - file: /home/{{ user }}/.ssh {% endif %} {% if 'ssh_config' in data %} /home/{{ user }}/.ssh/config: file.managed: - contents_pillar: users:{{ user }}:ssh_config - user: {{ user }} - group: {{ user }} - mode: 0400 - require: - file: /home/{{ user }}/.ssh {% endif %} {% endfor %}