Move ssh_auth_file key processing to before ssh_auth key to extend instead of overwrite functionality.

users/init.sls

@@ -142,6 +142,17 @@ user_{{ name }}_public_key:
       {% endfor %}
   {% endif %}
 
+{% if 'ssh_auth_file' in user %}
+{{ home }}/.ssh/authorized_keys:
+  file.managed:
+    - user: {{ name }}
+    - group: {{ name }}
+    - mode: 600
+    - contents: |
+        {% for auth in user.ssh_auth_file -%}
+        {{ auth }}
+        {% endfor -%}
+{% endif %}
 
 {% if 'ssh_auth' in user %}
 {% for auth in user['ssh_auth'] %}
@@ -167,18 +178,6 @@ ssh_auth_delete_{{ name }}_{{ loop.index0 }}:
 {% endfor %}
 {% endif %}
 
-{% if 'ssh_auth_file' in user %}
-{{ home }}/.ssh/authorized_keys:
-  file.managed:
-    - user: {{ name }}
-    - group: {{ name }}
-    - mode: 600
-    - contents: |
-        {% for auth in user.ssh_auth_file -%}
-        {{ auth }}
-        {% endfor -%}
-{% endif %}
-
 {% if 'sudouser' in user and user['sudouser'] %}
 
 sudoer-{{ name }}: