Configure sudoers:
  file.managed:
    - name: /etc/sudoers
    - source: salt://files/sudoers
    - user: root
    - group: root
    - mode: "0440"

add sudoers.d file for {{ pillar['username'] }}:
  file.managed:
    - name: /etc/sudoers.d/{{ pillar['username'] }}
    - source: salt://files/user_sudo
    - template: jinja
    - user: root
    - group: root
    - mode: 0640

remove root password:
  cmd.run:
    - name: usermod -p '!' root
    - unless: '[[ $(grep root /etc/shadow | cut -f2 -d":") == "!" ]]'