From 5a9b09a0bc822f4c887d195fd29068749bd9c410 Mon Sep 17 00:00:00 2001
From: do <do@maketank.net>
Date: Mon, 24 Oct 2022 13:45:40 +0200
Subject: [PATCH] salt master stuff and CA move

---
 base/packages/salt/master.sls | 14 ++++++++++++++
 base/pki/cert.sls             |  4 ++--
 base/pki/host.sls             |  4 ++--
 top.sls                       |  6 +++---
 4 files changed, 21 insertions(+), 7 deletions(-)
 create mode 100644 base/packages/salt/master.sls

diff --git a/base/packages/salt/master.sls b/base/packages/salt/master.sls
new file mode 100644
index 0000000..971df69
--- /dev/null
+++ b/base/packages/salt/master.sls
@@ -0,0 +1,14 @@
+{%- set salt_v = "3002.6+dfsg1-4+deb11u1" %} 
+
+pkgs-salt-master:
+  pkg.installed:
+    - hold: True
+    - pkgs:
+      - salt-master: {{ salt_v }}
+      - salt-api: {{ salt_v }}
+
+pkgs-salt-additional:
+	pkg.installed
+	  - pkgs:
+		- python3-cherrypy3
+		- python3-pygit2
\ No newline at end of file
diff --git a/base/pki/cert.sls b/base/pki/cert.sls
index a4c2beb..d1e6166 100644
--- a/base/pki/cert.sls
+++ b/base/pki/cert.sls
@@ -7,11 +7,11 @@
 
 /etc/pki/intca.crt:
   x509.pem_managed:
-    - text: {{ salt['mine.get']('tumor.chaos', 'x509.get_pem_entries')['tumor.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}
+    - text: {{ salt['mine.get']('salt.chaos', 'x509.get_pem_entries')['salt.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}
 
 /etc/ssl/certs/intca.crt:
   x509.pem_managed:
-    - text: {{ salt['mine.get']('tumor.chaos', 'x509.get_pem_entries')['tumor.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}
+    - text: {{ salt['mine.get']('salt.chaos', 'x509.get_pem_entries')['salt.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}
 
     
 /usr/sbin/update-ca-certificates:
diff --git a/base/pki/host.sls b/base/pki/host.sls
index de6ee1e..9d7aedc 100644
--- a/base/pki/host.sls
+++ b/base/pki/host.sls
@@ -11,7 +11,7 @@
 
 /etc/pki/public.crt:
   x509.certificate_managed:
-    - ca_server: tumor.chaos 
+    - ca_server: salt.chaos 
     - signing_policy: host
     - public_key: /etc/pki/private.key
     - CN: {{ grains['fqdn'] }}
@@ -25,7 +25,7 @@
 
 /etc/pki/{{ cn }}.crt:
   x509.certificate_managed:
-    - ca_server: tumor.chaos 
+    - ca_server: salt.chaos 
     - signing_policy: host
     - public_key: /etc/pki/private.key
     - days_remaining: 5
diff --git a/top.sls b/top.sls
index 88acc92..133ba1f 100644
--- a/top.sls
+++ b/top.sls
@@ -7,8 +7,6 @@ base:
     - base
     - hardware
     - os
-  'tumor*':
-    - base.pki.ca
   'adm01.wks':
     - base.rsyslog.server
     - base.packages.haproxy
@@ -20,10 +18,12 @@ base:
   'G@osarch:arm64 or G@osarch:armhf or G@osarch:armel':
     - match: compound
     - base.packages.arch.arm
-  'auto*':
+  'auto02*':
     - k8s.podman
     - base.packages.haproxy
     - systemd.units
+    - base.packages.salt.master
+    - base.pki.ca
   'pine*':
     - k8s
     - roles.nut.client