# -*- coding: utf-8 -*-
# vim: ft=yaml
---
salt:
  # Set this to true to clean any non-salt-formula managed files out of
  # /etc/salt/{master,minion}.d ... You really don't want to do this on 2015.2
  # and up as it'll wipe out important files that Salt relies on.
  clean_config_d_dir: false

  # This state will remove "/etc/salt/minion" when you set this to true.
  minion_remove_config: true

  # This state will remove "/etc/salt/master" when you set this to true.
  master_remove_config: true

  # Set this to 'py3' to install the Python 3 packages.
  # If this is not set, the Python 2 packages will be installed by default.
  py_ver: 'py3'

  # Set this to false to not have the formula install packages (in the case you
  # install Salt via git/pip/etc.)
  install_packages: true

  # Optional: set salt version (if install_packages is set to true)
  version: 2017.7.2-1.el7

  # Pin version provided under 'version' key by using apt-pinning
  # available only on Debian family OS-es
  pin_version: false

  # to overwrite map.jinja salt packages
  lookup:
    salt_master: 'salt-master'
    salt_minion: 'salt-minion'
    salt_syndic: 'salt-syndic'
    salt_cloud: 'salt-cloud'
    salt_ssh: 'salt-ssh'
    pyinotify: 'python-pyinotify'  # the package to be installed for pyinotify

  # Set which release of SaltStack to use, default to 'latest'
  # To get the available releases:
  # * http://repo.saltstack.com/yum/redhat/7/x86_64/
  # * http://repo.saltstack.com/apt/debian/8/amd64/
  release: '2018.3'

  # MacOS has no package management.
  # Instead, we use file.managed to download an appropriate .pkg file and
  # macpackage.installed to install it 'version', if set (see above), will be
  # used to check the .pkg version to determine if it should be installed
  #
  # NOTE: if 'version' is not set version comparison will not occur and the
  # .pkg WILL NOT be installed if a salt .pkg is already installed
  # NOTE: salt_minion_pkg_hash, if set, will be passed into file.managed's
  # source_hash, use URL or hash string
  # yamllint disable rule:line-length
  salt_minion_pkg_source: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg'
  salt_minion_pkg_hash: 'https://repo.saltstack.com/osx/salt-2017.7.4-py3-x86_64.pkg.md5'
  # yamllint enable rule:line-length

  # tofs:
  #   The files_switch key serves as a selector for alternative
  #   directories under the formula files directory. See TOFS pattern
  #   doc for more info.
  #   Note: Any value not evaluated by `config.get` will be used literally.
  #   This can be used to set custom paths, as many levels deep as required.
  #   files_switch:
  #     - any/path/can/be/used/here
  #     - id
  #     - osfinger
  #     - os
  #     - os_family
  #   All aspects of path/file resolution are customisable using the options below.
  #   This is unnecessary in most cases; there are sensible defaults.
  #   path_prefix: template_alt
  #   dirs:
  #     files: files_alt
  #     default: default_alt
  #   source_files:
  #     salt-master:
  #       - 'alt_master.d'
  #     salt-minion:
  #       - 'alt_minion.d'

  # salt master config
  master_config_use_TOFS: true
  master:
    standalone: false
    fileserver_backend:
      - git
      - s3fs
      - roots
    gitfs_remotes:
      - git://github.com/saltstack-formulas/salt-formula.git:
          - base: develop
    s3.keyid: GKTADJGHEIQSXMKKRBJ08H
    s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
    s3.buckets:
      - bucket1
      - bucket2
      - bucket3
      - bucket4
    file_roots:
      base:
        - /srv/salt
    pillar_roots:
      base:
        - /srv/pillar
    # for salt-api with tornado rest interface
    rest_tornado:
      port: 8000
      ssl_crt: /etc/pki/api/certs/server.crt
      ssl_key: /etc/pki/api/certs/server.key
      debug: false
      disable_ssl: false
      # yamllint disable-line rule:line-length
    # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles
    lxc.container_profile:
      debian:
        template: download
        options:
          dist: debian
          release: jessie
          arch: amd64
        backing: lvm
        vgname: kimsufi
        size: 10G
    lxc.network_profile:
      basic:
        eth0:
          link: lxcbr0
          type: veth
          flags: up
    ## for external auth - LDAP
    ## filter to use for Active Directory LDAP
    # auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %}
    ## filter to use for Most other LDAP servers
    # auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %}

    # Define winrepo provider, by default support order is pygit2, gitpython
    # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993
    # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support
    winrepo_provider: gitpython

    # optional engine configuration
    engines:
      - slack:
          token: xoxp-XXXXX-XXXXXXX   # use Slack's legacy API token
          control: true
          valid_users:
            - someuser
            - otheruser
          valid_commands:
            - test.ping
            - list_jobs
          aliases:
            list_jobs:
              type: runner
              cmd: jobs.list_jobs

    # optional: these reactors will be configured on the master
    # They override reactors configured in
    # 'salt:reactors' or the old 'salt:reactor' parameters
    reactors:
      - 'master/deploy':
          - /srv/salt/reactors/deploy.sls

  # salt minion config:
  minion_config_use_TOFS: true
  minion:

    # standalone setup
    master_type: false   # see init.sls & standalone.sls

    # single master setup
    master: salt

    # multi master setup
    # master:
    #   - salt_master_1
    #   - salt_master_2

    fileserver_backend:
      - git
      - roots
    gitfs_remotes:
      - git://github.com/saltstack-formulas/salt-formula.git:
          - base: develop
    file_roots:
      base:
        - /srv/salt
    pillar_roots:
      base:
        - /srv/pillar
    module_config:
      test: true
      test.foo: foo
      test.bar:
        - baz
        - quo
      test.baz:
        spam: sausage
        cheese: bread

    # salt mine setup
    mine_interval: 60
    # mine_functions can be set at the top level of the pillar, and
    # that is preferable because it doesn't affect the conf file and
    # doesn't require a minion restart. However, you can configure it
    # here instead if you really want to.
    mine_functions:
      network.interface_ip: [eth0]

    # Define a minion scheduler
    schedule:
      - highstate:
          - function: state.apply
          - minutes: 60
          - returner: redis

    # other 'non-default' config
    auth_keytab: /root/auth.keytab
    auth_principal: kadmin/admin

    # optional engine configuration
    engines:
      - slack:
          token: xoxp-XXXXX-XXXXXXX   # use Slack's legacy API token
          control: true
          valid_users:
            - someuser
            - otheruser
          valid_commands:
            - test.ping
            - list_jobs
          aliases:
            list_jobs:
              type: runner
              cmd: jobs.list_jobs

    # optional beacons configuration
    beacons:
      load:
        1m:
          - 0.0
          - 2.0
        5m:
          - 0.0
          - 1.5
        15m:
          - 0.1
          - 1.0
        interval: 10

    # Optional reactors: these reactors will be configured on the minion
    # They override reactors configured in
    # 'salt:reactors' or the old 'salt:reactor' parameters
    reactors:
      - 'minion/deploy':
          - /srv/salt/reactors/deploy.sls

    # Optional: Configure an elasticsearch returner
    return: elasticsearch
    elasticsearch:
      hosts:
        - example.elasticsearch.host:9200
        - example.elasticsearch.host2:9200
      index_date: true
      index: salt
      number_of_shards: 5
      number_of_replicas: 2
      debug_returner_payload: true
      states_count: true
      states_order_output: true
      states_single_index: true
      functions_blacklist:
        - test.ping
        - saltutil.find_job

  # init.sls skips salt.api and salt.syndic states
  # unless those dicts are populated with something
  api:
    somekey: somevalue
  syndic:
    somekey: somevalue

  # salt cloud config
  cloud:
    master: salt

    # For non-templated custom cloud provider/profile/map files
    providers:
      provider-filename1.conf:
        vmware-prod:
          driver: vmware
          user: myusernameprod
          password: mypassword
        vmware-nonprod:
          driver: vmware
          user: myusernamenonprod
          password: mypassword
    profiles:
      profile-filename1.conf:
        server-non-prod:
          clonefrom: rhel6xtemplatenp
          grains:
            platform:
              name: salt
              realm: lab
            subscription_level: standard
          memory: 8GB
          num_cpus: 4
          password: sUpErsecretey
          provider: vmware-nonprod
    maps:
      map-filename1.map:
        server-non-prod:
          - host.mycompany.com:
              grains:
                environment: dev1

    # You can take profile and map templates from an alternate location
    # if you want to write your own.
    template_sources:
      providers: salt://salt/files/cloud.providers.d
      profiles: salt://salt/files/cloud.profiles.d
      maps: salt://salt/files/cloud.maps.d

    # These settings are used by the default provider templates and
    # only need to be set for the ones you're using.
    aws_key: AWSKEYIJSHJAIJS6JSH
    aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95
    gce_project: test
    # yamllint disable-line rule:line-length
    gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com
    rsos_user: afeawofghob
    rsos_tenant: tenant_id_number
    rsos_apikey: WFJIOJEOIGHSOFHESO
    rsos_regions:
      - ORD
      - DFW
      - IAD
      - SYD
      - HKG

  ssh_roster:
    prod1:
      host: host.example.com
      user: ubuntu
      sudo: true
      priv: /etc/salt/ssh_keys/sshkey.pem
  gitfs:
    keys:
      global:
        # key and pub end up being the extension used on the key file
        # values other than key and pub are possible
        key: |
          -----BEGIN RSA PRIVATE KEY-----
          ...........
          -----END RSA PRIVATE KEY-----
        pub: |
          ...........

  # These reactors will be configured both in the minion and the master
  reactors:
    - 'deploy':
        - /srv/salt/reactors/deploy.sls

salt_cloud_certs:
  aws:
    pem: |
      -----BEGIN RSA PRIVATE KEY-----
      ...........
      -----END RSA PRIVATE KEY-----

  gce:
    pem: |
      -----BEGIN RSA PRIVATE KEY-----
      ...........
      -----END RSA PRIVATE KEY-----

salt_formulas:
  git_opts:
    # The Git options can be customized differently for each
    # environment, if an option is missing in a given environment, the
    # value from "default" is used instead.
    default:
      # URL where the formulas git repositories are downloaded from
      # it will be suffixed with <formula-name>.git
      baseurl: https://github.com/saltstack-formulas
      # Directory where Git repositories are downloaded
      basedir: /srv/formulas
      # Update the git repository to the latest version (false by default)
      update: false
      # Options passed directly to the git.latest state
      options:
        rev: master
        user: username
        identity: /path/to/.ssh/id_rsa_github_username
    dev:
      basedir: /srv/formulas/dev
      update: true
      options:
        rev: develop
    # Alternatively, a single directory with multiple branches can be used
    # E.g. It is strongly recommended to fork saltstack-formula repositories
    #      to avoid unexpected changes to your infrastructure
    # Then upstream changes can be merged in manually with due consideration
    # Specific values for `rev`, `user` & `identity` will override the defaults
    production:
      baseurl: git@github.com:username
      options:
        branch: master
        remote: origin
    staging:
      baseurl: git@github.com:username
      options:
        branch: staging
        remote: origin
        rev: staging
    upstream:
      baseurl: git@github.com:saltstack-formulas
      update: true
      options:
        branch: upstream
        remote: upstream
  # Options of the file.directory state that creates the directory where
  # the git repositories of the formulas are stored
  basedir_opts:
    makedirs: true
    user: root
    group: root
    mode: 755
  # Explicitly checkout the original branch for repos after the
  # git.latest states have been processed (false by default)
  # Enable if using the alternative method (single directory, multiple branches)
  checkout_orig_branch: true
  # List of formulas to enable in each environment
  list:
    base:
      - salt-formula
      - postfix-formula
      - nginx-formula:  # We can also override some options per formula
          rev: 'v1.1.0'  # Pin a version
      - openssh-formula:
          rev: '3e01ad8'  # or pin a commit id
    dev:
      - salt-formula
      - postfix-formula
      - openssh-formula
      - nginx-formula:
          # You can also pull from another location
          name: 'https://github.com/another-fork-location/salt-formula.git'
          rev: 'feat/feature'
    # Likewise for the alternative method (single directory, multiple branches)
    production:
      - salt-formula
      - openssh-formula
    staging:
      - salt-formula
      - postfix-formula
      - openssh-formula
    upstream:
      - salt-formula
      - postfix-formula
      - openssh-formula