salt/minion: only restart salt-minion on config/pkg change

Signed-off-by: Joe Groocock <me@frebib.net>

states/salt/minion/init.sls

@@ -11,10 +11,10 @@ salt-minion:
 
 restart-salt-minion:
   cmd.run:
-  - name: "sleep 10 && systemctl restart salt-minion --no-block"
+  - name: sleep 10 && systemctl restart salt-minion
   - bg: true
   - order: last
-  - watch:
+  - onchanges:
     - pkg: salt-minion
     - file: /etc/salt/minion
   - require:
@@ -34,6 +34,7 @@ restart-salt-minion:
 
 check-minion-config:
   cmd.run:
-  - name: sudo salt-call --local --skip-grains test.ping
-  - watch:
+  - name: sudo salt-call --local --skip-grains test.true
+  - onchanges:
+    - pkg: salt-minion
     - file: /etc/salt/minion

states/users/init.sls

@@ -16,4 +16,9 @@
   {%- if user.shell is defined %}
   - shell: {{ user.shell }}
   {%- endif %}
+  ssh_auth.manage:
+  - user: {{ name }}
+  {%- if user['ssh-keys'] is defined %}
+  - ssh_keys: {{ user['ssh-keys']|json }}
+  {%- endif %}
 {%- endfor %}

states/users/users.jinja

@@ -4,6 +4,9 @@
   {%- do admin_groups.append('systemd-journal') %}
 {%- endif %}
 
+{# FIXME(frebib): manage Docker group instead of blindly adding it #}
+{%- do admin_groups.append('docker') %}
+
 frebib:
   groups:
 {%- for group in admin_groups %}
@@ -12,6 +15,7 @@ frebib:
   ssh-keys:
   - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINk+sOUEXKsGqITyMhna9v77ADGagkr3YMpgZFkrvqcd frebib@frebib-PC
   - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIGxhZPQM/3Ck+DNNM0CoIZTsvKqQLKq8fqQoO6fXzX frebib@frebib-OnePlus3
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+T8ChEU9YmpE2BY77oEtKzedB8HWDSM5bErDN9gcvj frebib@frebib-Cf
 
 adam:
   groups: