From db72f1aabf06b28555ee2e57afb95446222a639d Mon Sep 17 00:00:00 2001
From: do <do@maketank.net>
Date: Thu, 11 Feb 2021 23:12:37 +0100
Subject: [PATCH] intca in /etc/pki and multiple CNS

---
 base/pki/cert.sls |  6 +++---
 base/pki/host.sls | 17 ++++++++++++++++-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/base/pki/cert.sls b/base/pki/cert.sls
index 5e8bb78..6c9677c 100644
--- a/base/pki/cert.sls
+++ b/base/pki/cert.sls
@@ -2,9 +2,9 @@
 # vim: ft=yaml
 ---
 
-/usr/local/share/ca-certificates:
-  file.directory
+#/usr/local/share/ca-certificates:
+#  file.directory
 
-/usr/local/share/ca-certificates/intca.crt:
+/etc/pki/intca.crt:
   x509.pem_managed:
     - text: {{ salt['mine.get']('tumor.chaos', 'x509.get_pem_entries')['tumor.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}
diff --git a/base/pki/host.sls b/base/pki/host.sls
index 9a66fb0..cb664d5 100644
--- a/base/pki/host.sls
+++ b/base/pki/host.sls
@@ -15,7 +15,22 @@
     - signing_policy: host
     - public_key: /etc/pki/private.key
     - CN: {{ grains['fqdn'] }} 
-    - days_remaining: 30
+    - days_remaining: 90
     - backup: True
     - require:
       - x509: /etc/pki/private.key
+      
+{% for cn in salt['pillar.get']('pki:cns',{}) %}
+
+/etc/pki/{{ cn }}.crt:
+  x509.certificate_managed:
+    - ca_server: tumor.chaos 
+    - signing_policy: host
+    - public_key: /etc/pki/private.key
+    - CN: {{ cn }} 
+    - days_remaining: 90
+    - backup: False
+    - require:
+      - x509: /etc/pki/private.key
+{% endfor %}
+      
\ No newline at end of file