52 lines
1.0 KiB
YAML
52 lines
1.0 KiB
YAML
# -*- coding: utf-8 -*-
|
|
# vim: ft=yaml
|
|
---
|
|
|
|
salt-minion:
|
|
service.running:
|
|
- enable: True
|
|
- listen:
|
|
- file: /etc/salt/minion.d/signing_policies.conf
|
|
|
|
/etc/salt/minion.d/signing_policies.conf:
|
|
file.managed:
|
|
- source: salt://base/pki/signing_policies.conf
|
|
|
|
/etc/pki/issued_certs:
|
|
file.directory
|
|
|
|
/etc/pki/ca.key:
|
|
x509.private_key_managed:
|
|
- bits: 4096
|
|
- backup: True
|
|
- require:
|
|
- file: /etc/pki
|
|
|
|
/etc/pki/ca.crt:
|
|
x509.certificate_managed:
|
|
- signing_private_key: /etc/pki/ca.key
|
|
- CN: tumor.chaos
|
|
- C: DE
|
|
- ST: Berlin
|
|
- L: Berlin
|
|
- basicConstraints: "critical CA:true"
|
|
- keyUsage: "critical cRLSign, keyCertSign"
|
|
- subjectKeyIdentifier: hash
|
|
- authorityKeyIdentifier: keyid,issuer:always
|
|
- days_valid: 3650
|
|
- days_remaining: 0
|
|
- backup: True
|
|
- require:
|
|
- file: /etc/pki
|
|
- x509: /etc/pki/ca.key
|
|
|
|
mine.send:
|
|
module.run:
|
|
- func: x509.get_pem_entries
|
|
- kwargs:
|
|
glob_path: /etc/pki/ca.crt
|
|
- onchanges:
|
|
- x509: /etc/pki/ca.crt
|
|
|
|
|