From d8d20176295f88489a50d8b5091582ac4e5006ab Mon Sep 17 00:00:00 2001
From: Daniel Kraemer <dakr@solute.de>
Date: Thu, 28 Sep 2017 08:22:25 +0200
Subject: [PATCH] adjust file permissions of public ssh-keys

---
 pillar.example | 3 ++-
 users/init.sls | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/pillar.example b/pillar.example
index 6f65d95..b0024d2 100644
--- a/pillar.example
+++ b/pillar.example
@@ -50,7 +50,8 @@ users:
     ssh_keys:
       privkey: PRIVATEKEY
       pubkey: PUBLICKEY
-      # you can provide multiple keys, the keyname is takes as filename
+      # you can provide multiple keys, the keyname is taken as filename
+      # make sure your public keys suffix is .pub
       foobar: PRIVATEKEY
       foobar.pub: PUBLICKEY
     # ... or you can pull them from a different pillar,
diff --git a/users/init.sls b/users/init.sls
index a1bb4a0..96d733e 100644
--- a/users/init.sls
+++ b/users/init.sls
@@ -183,7 +183,11 @@ users_{{ name }}_{{ key_name }}_key:
     - name: {{ home }}/.ssh/{{ key_name }}
     - user: {{ name }}
     - group: {{ user_group }}
+      {% if key_name.endswith(".pub") %}
+    - mode: 644
+      {% else %}
     - mode: 600
+      {% endif %}
     - show_diff: False
     - contents_pillar: users:{{ name }}:ssh_keys:{{ _key }}
     - require: