Untitled

{%- from "linux/map.jinja" import system with context %}
{%- if system.enabled %}

{%- for user, args in system.get('user', {}).iteritems() %}
{%- if user.enabled %}
system_user_{{ user }}:
  user.present:
    - name: {{ user }}
    - fullname: {{ args.fullname }}
    - home: {{ args.home }}
    - uid: {{ args.uid }}
    - gid_from_name: true
    {%- if user.password is defined %}
    - password: {{ args.password }}
    - enforce_password: true
    {%-endif %}
    {%- if 'secondary_groups' in user %}
    - optional_groups:
      {%- for group in args['secondary_groups'] %}
      - {{ group }}
      {%- endfor %}
    {%- endif %}
    {%- if args.system is defined and args.system %}
    - system: True
    {%- else %}
    - shell: {{ user.get('shell', '/bin/bash') }}
    {%- endif %}

# ----- Add public key if present in pillar -----
{%- if 'public_key' in user %}
system_user_{{ user }}_public_key:
  file.directory:
    - name: /etc/ssh/keys/{{ user }}
    - user: root
    - group: root
    - mode: '0755'
    - make_dirs: true
    - require:
      - user: {{ user }}
      - group: {{ user }}
  file.managed:
    - name: /etc/ssh/keys/{{ user }}/authorized_keys
    - user: root
    - group: root
    - mode: '0644'
    - contents_pillar: {{ args.public_key }}
{% endif %}

{%- if user.get('sudo', False) %}
/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
  file.managed:
    - source: salt://linux/files/etc/sudoers.d/90-salt-user
    - template: jinja
    - user: root
    - group: root
    - mode: 440
    - defaults:
      user_name: {{ name }}
    - require:
      - user: system_user_{{ name }}
{%- endif %}

{%- else %}
system_user_{{ name }}:
  user.absent:
    - name: {{ name }}

system_user_home_{{ user.home }}:
  file.absent:
    - name: {{ user.home }}

/etc/sudoers.d/90-salt-user-{{ name|replace('.', '-') }}:
  file.absent

system_user_{{ user }}_public_key:
  file.absent
    - name: /etc/ssh/keys/{{ user }}
{%- endif %}
{%- endfor %}

{%- endif %}