diff --git a/salt/files/SALT-PROJECT-GPG-PUBKEY-2023.pub b/salt/files/SALT-PROJECT-GPG-PUBKEY-2023.pub
new file mode 100644
index 0000000..be55ef5
--- /dev/null
+++ b/salt/files/SALT-PROJECT-GPG-PUBKEY-2023.pub
@@ -0,0 +1,41 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBGPazmABDAC6qc2st6/Uh/5AL325OB5+Z1XMFM2HhQNjB/VcYbLvcCx9AXsU
+eaEmNPm6OY3p5+j8omjpXPYSU7DUQ0lIutuAtwkDMROH7uH/r9IY7iu88S6w3q89
+bgbnqhu4mrSik2RNH2NqEiJkylz5rwj4F387y+UGH3aXIGryr+Lux9WxfqoRRX7J
+WCf6KOaduLSp9lF4qdpAb4/Z5yExXtQRA9HULSJZqNVhfhWInTkVPw+vUo/P9AYv
+mJVv6HRNlTb4HCnl6AZGcAYv66J7iWukavmYKxuIbdn4gBJwE0shU9SaP70dh/LT
+WqIUuGRZBVH/LCuVGzglGYDh2iiOvR7YRMKf26/9xlR0SpeU/B1g6tRu3p+7OgjA
+vJFws+bGSPed07asam3mRZ0Y9QLCXMouWhQZQpx7Or1pUl5Wljhe2W84MfW+Ph6T
+yUm/j0yRlZJ750rGfDKA5gKIlTUXr+nTvsK3nnRiHGH2zwrC1BkPG8K6MLRluU/J
+ChgZo72AOpVNq9MAEQEAAbQ5U2FsdCBQcm9qZWN0IFBhY2thZ2luZyA8c2FsdHBy
+b2plY3QtcGFja2FnaW5nQHZtd2FyZS5jb20+iQHSBBMBCAA8FiEEEIV//dP5Hq5X
+eiHWZMu8gXPXaz8FAmPazmACGwMFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheA
+AAoJEGTLvIFz12s/yf0L/jyP/LfduA4DwpjKX9Vpk26tgis9Q0I54UerpD5ibpTA
+krzZxK1yFOPddcOjo+Xqg+I8aA+0nJkf+vsfnRgcpLs2qHZkikwZbPduZwkNUHX7
+6YPSXTwyFlzhaRycwPtvBPLFjfmjjjTi/aH4V/frfxfjH/wFvH/xiaiFsYbP3aAP
+sJNTLh3im480ugQ7P54ukdte2QHKsjJ3z4tkjnu1ogc1+ZLCSZVDxfR4gLfE6GsN
+YFNd+LF7+NtAeJRuJceXIisj8mTQYg+esTF9QtWovdg7vHVPz8mmcsrG9shGr+G9
+iwwtCig+hAGtXFAuODRMur9QfPlP6FhJw0FX/36iJ2p6APZB0EGqn7LJ91EyOnWv
+iRimLLvlGFiVB9Xxw1TxnQMNj9jmB1CA4oNqlromO/AA0ryh13TpcIo5gbn6Jcdc
+fD4Rbj5k+2HhJTkQ78GpZ0q95P08XD2dlaM2QxxKQGqADJOdV2VgjB2NDXURkInq
+6pdkcaRgAKme8b+xjCcVjLkBjQRj2s5gAQwAxmgflHInM8oKQnsXezG5etLmaUsS
+EkV5jjQFCShNn9zJEF/PWJk5Df/mbODj02wyc749dSJbRlTY3LgGz1AeywOsM1oQ
+XkhfRZZqMwqvfx8IkEPjMvGIv/UI9pqqg/TY7OiYLEDahYXHJDKmlnmCBlnU96cL
+yh7a/xY3ZC20/JwbFVAFzD4biWOrAm1YPpdKbqCPclpvRP9N6nb6hxvKKmDo7MqS
+uANZMaoqhvnGazt9n435GQkYRvtqmqmOvt8I4oCzV0Y39HfbCHhhy64HSIowKYE7
+YWIujJcfoIDQqq2378T631BxLEUPaoSOV4B8gk/Jbf3KVu4LNqJive7chR8F1C2k
+eeAKpaf2CSAe7OrbAfWysHRZ060bSJzRk3COEACk/UURY+RlIwh+LQxEKb1YQueS
+YGjxIjV1X7ScyOvam5CmqOd4do9psOS7MHcQNeUbhnjm0TyGT9DF8ELoE0NSYa+J
+PvDGHo51M33s31RUO4TtJnU5xSRb2sOKzIuBABEBAAGJAbYEGAEIACAWIQQQhX/9
+0/kerld6IdZky7yBc9drPwUCY9rOYAIbDAAKCRBky7yBc9drP8ctC/9wGi01cBAW
+BPEKEnfrKdvlsaLeRxotriupDqGSWxqVxBVd+n0Xs0zPB/kuZFTkHOHpbAWkhPr+
+hP+RJemxCKMCo7kT2FXVR1OYej8Vh+aYWZ5lw6dJGtgo3Ebib2VSKdasmIOI2CY/
+03G46jv05qK3fP6phz+RaX+9hHgh1XW9kKbdkX5lM9RQSZOof3/67IN8w+euy61O
+UhNcrsDKrp0kZxw3S+b/02oP1qADXHz2BUerkCZa4RVK1pM0UfRUooOHiEdUxKKM
+DE501hwQsMH7WuvlIR8Oc2UGkEtzgukhmhpQPSsVPg54y9US+LkpztM+yq+zRu33
+gAfssli0MvSmkbcTDD22PGbgPMseyYxfw7vuwmjdqvi9Z4jdln2gyZ6sSZdgUMYW
+PGEjZDoMzsZx9Zx6SO9XCS7XgYHVc8/B2LGSxj+rpZ6lBbywH88lNnrm/SpQB74U
+4QVLffuw76FanTH6advqdWIqtlWPoAQcEkKf5CdmfT2ei2wX1QLatTs=
+=ZKPF
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/salt/files/salt-master.service b/salt/files/salt-master.service
index c737fa7..1dd201e 100644
--- a/salt/files/salt-master.service
+++ b/salt/files/salt-master.service
@@ -6,7 +6,7 @@ After=network.target
 LimitNOFILE=100000
 Type=notify
 NotifyAccess=all
-ExecStart=/opt/salt/bin/salt-master
+ExecStart=/opt/saltstack/salt/bin/salt-master
 
 [Install]
 WantedBy=multi-user.target
diff --git a/salt/files/salt-minion.service b/salt/files/salt-minion.service
index 00cea7e..2e68f51 100644
--- a/salt/files/salt-minion.service
+++ b/salt/files/salt-minion.service
@@ -7,7 +7,7 @@ KillMode=process
 Type=notify
 NotifyAccess=all
 LimitNOFILE=8192
-ExecStart=/opt/salt/bin/salt-minion
+ExecStart=/opt/saltstack/salt/bin/salt-minion
 
 [Install]
 WantedBy=multi-user.target
diff --git a/salt/init.sls b/salt/init.sls
new file mode 100644
index 0000000..c4a024a
--- /dev/null
+++ b/salt/init.sls
@@ -0,0 +1,130 @@
+{% if salt.pillar.get('salt:master', false) %}
+{%   set salt_daemons = ['master', 'minion'] %}
+{% else %}
+{%   set salt_daemons = ['minion'] %}
+{% endif %}
+
+{% if grains['osarch'].lower().startswith('arm') %}
+
+'make salt venv':
+  cmd.run:
+    - name: /usr/bin/python3 -m venv /opt/saltstack/salt
+    - creates: /opt/saltstack/salt
+
+pip install salt:
+  cmd.run:
+    - name: /opt/saltstack/salt/bin/pip3 install 'salt=={{ salt.pillar.get("salt:version") }}'
+    - unless: /opt/saltstack/salt/bin/pip3 freeze | grep -q 'salt=={{ salt.pillar.get("salt:version") }}'
+    - require:
+      - cmd: 'make salt venv'
+
+{%   for link in ('salt', 'salt-call', 'salt-minion', 'salt-proxy') %}
+/usr/bin/{{ link }}:
+  file.symlink:
+    - target: /opt/saltstack/salt/bin/{{ link }}
+{%   endfor %}
+/usr/bin/salt-pip:
+  file.symlink:
+    - target: /opt/saltstack/salt/bin/pip3
+
+systemd reload for salt:
+  module.run:
+    - name: service.systemctl_reload
+    - onchanges:
+{%   for daemon in salt_daemons %}
+      - file: /lib/systemd/system/salt-{{ daemon }}.service
+{%   endfor %}
+
+{%   for daemon in salt_daemons %}
+/lib/systemd/system/salt-{{ daemon }}.service:
+  file.managed:
+    - source: salt://salt/files/salt-{{ daemon }}.service
+    - user: root
+    - group: root
+    - mode: 644
+salt-{{ daemon }}:
+  service.running:
+    - enable: true
+    - require:
+      - file: /lib/systemd/system/salt-{{ daemon }}.service
+      - module: systemd reload for salt
+    - watch:
+      - cmd: pip install salt
+    - listen:
+      - file: /etc/salt/{{ daemon }}
+{%   endfor %}
+
+{% elif grains['os'] == 'Ubuntu' %}
+
+/etc/apt/keyrings/salt-archive-keyring-2023.gpg:
+  file.managed:
+    - source: https://repo.saltproject.io/salt/py3/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
+    - source_hash: c6f6cbcd96fdb130b1dde8dcfc05d46a3a3f322ff0514f98e2e6473896243472 # sha256
+
+/etc/apt/sources.list.d/salt.list:
+  file.managed:
+    - contents: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/minor/{{ salt.pillar.get("salt:version") }} {{ grains['lsb_distrib_codename'] }} main"
+
+salt-common:
+  pkg.installed:
+    - version: '{{ salt.pillar.get("salt:version") }}'
+    - refresh: true
+    - require:
+      - file: /etc/apt/keyrings/salt-archive-keyring-2023.gpg
+      - file: /etc/apt/sources.list.d/salt.list
+
+{%   for daemon in salt_daemons %}
+salt-{{ daemon }}:
+  pkg.installed:
+    - version: '{{ salt.pillar.get("salt:version") }}'
+    - require:
+      - pkg: salt-common
+  service.running:
+    - enable: true
+    - require:
+      - pkg: salt-{{ daemon }}
+    - listen:
+      - file: /etc/salt/{{ daemon }}
+{%   endfor %}
+
+{% elif grains['os_family'] == 'RedHat' %}
+
+/etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023:
+  file.managed:
+    - source: salt://salt/files/SALT-PROJECT-GPG-PUBKEY-2023.pub
+salt:
+  pkgrepo.managed:
+    - baseurl: "https://repo.saltproject.io/salt/py3/redhat/{{ grains['osmajorrelease'] }}/x86_64/minor/{{ salt.pillar.get("salt:version") }}"
+    - humanname: Salt repo for RHEL/CentOS {{ grains['osmajorrelease'] }} PY3
+    - gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
+    - skip_if_unavailable: true
+    - failovermethod: priority
+    - priority: 10
+    - enabled: 1
+    - enabled_metadata: 1
+    - gpgcheck: 1
+    - gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
+    - require:
+      - file: /etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
+  pkg.installed:
+    - version: '{{ salt.pillar.get("salt:version") }}-*'
+    - refresh: true
+    - require:
+      - pkgrepo: salt
+
+{% else %}
+
+{{ raise("Unsupported grains.os") }}
+
+{% endif %}
+
+{%   for daemon in salt_daemons %}
+/etc/salt/{{ daemon }}:
+  file.managed:
+    - source: salt://salt/files/{{ daemon }}.jinja
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: 644
+{%   endfor %}
+
diff --git a/salt/master.sls b/salt/master.sls
deleted file mode 100644
index be215b2..0000000
--- a/salt/master.sls
+++ /dev/null
@@ -1,34 +0,0 @@
-include:
-  - salt.update
-  - salt.minion
-
-/etc/salt/master:
-  file.managed:
-    - source: 'salt://salt/files/master.jinja'
-    - template: jinja
-    - user: root
-    - group: root
-    - mode: 644
-
-/lib/systemd/system/salt-master.service:
-  file.managed:
-    - source: salt://salt/files/salt-master.service
-    - user: root
-    - group: root
-    - mode: 644
-
-systemd reload for salt-master:
-  cmd.run:
-    - name: systemctl daemon-reload
-    - onchanges:
-      - file: /lib/systemd/system/salt-master.service
-
-salt-master:
-  service.running:
-    - enable: true
-    - require:
-      - file: /lib/systemd/system/salt-minion.service
-      - cmd: systemd reload for salt-master
-    - watch:
-      - pip: salt
-
diff --git a/salt/minion.sls b/salt/minion.sls
deleted file mode 100644
index 6096dd3..0000000
--- a/salt/minion.sls
+++ /dev/null
@@ -1,33 +0,0 @@
-include:
-  - salt.update
-
-/lib/systemd/system/salt-minion.service:
-  file.managed:
-    - source: salt://salt/files/salt-minion.service
-    - user: root
-    - group: root
-    - mode: 644
-
-systemd reload for salt-minion:
-  module.run:
-    - name: service.systemctl_reload
-    - onchanges:
-      - file: /lib/systemd/system/salt-minion.service
-
-salt-minion:
-  service.running:
-    - enable: true
-    - require:
-      - file: /lib/systemd/system/salt-minion.service
-      - module: systemd reload for salt-minion
-    - watch:
-      - pip: salt
-
-/etc/salt/minion:
-  file.managed:
-    - source: salt://salt/files/minion.jinja
-    - template: jinja
-    - user: root
-    - group: root
-    - mode: 644
-
diff --git a/salt/update.sls b/salt/update.sls
deleted file mode 100644
index 925391c..0000000
--- a/salt/update.sls
+++ /dev/null
@@ -1,13 +0,0 @@
-pip:
-  pip.installed:
-    - pip_bin: /opt/salt/bin/pip3
-    - user: root
-    - upgrade: true
-
-salt:
-  pip.installed:
-    - name: salt == 3005.1
-    - pip_bin: /opt/salt/bin/pip3
-    - user: root
-    - require:
-      - pip: pip