sftp_only_group_present:
  group.present:
    - name: sftponly

www-data_group_present:
  group.present:
    - name: www-data


{% for page in salt['pillar.get']('static_pages', []) %}
{{ page.site }} user present:
  user.present:
    - name: {{ page.site }}
    - home: /opt/static_pages/{{ page.site }}
    - groups:
      - sftponly
      - www-data
    - shell: /bin/false

set_homdirectory_perms_{{ page.site }}:
  file.directory:
    - name: /opt/static_pages/{{ page.site }}
    - user: {{ page.site }}
    - group: {{ page.site }}
    - mode: 755


{{ page.site }} ssh public key present:
  ssh_auth.present:
    - user: {{ page.site }}
    - config: '%h/.ssh/authorized_keys'
    - names: {{ page.ssh_keys }}

{% endfor %}

sftp_only_config_present:
  file.managed:
    - name: /etc/ssh/sshd_config.d/sftp_only.conf
    - source: salt://static_pages/sftp.config
    - user: root
    - group: root
    - mode: 644
    - template: jinja

project dir for static_pages:
  file.directory:
    - name: /opt/static_pages
    - user: root
    - group: root
    - mode: 755