fix missing "then"

TODO

@@ -0,0 +1,4 @@
+screenrc
+apt remove triggerhappy
+restic pulls x86 on the pi
+install python3-dev for manual pip setup

_grains/lsusb.py

@@ -1,6 +1,6 @@
 import re
 import logging
-from subprocess import check_output
+from subprocess import check_output, CalledProcessError
 
 log = logging.getLogger(__name__)
 
@@ -8,8 +8,8 @@ def main():
     dev_re = re.compile(r"Bus\s+(\d+)\s+Device\s+(\d+):\s+ID\s(\w+:\w+)\s(.+)$")
     try:
         lsusb = check_output("lsusb", encoding='UTF-8')
-    except OSError as exc:
+    except (CalledProcessError, OSError) as exc:
-        log.error(exc)
+        log.debug(exc)
         return {}
     devices = []
     corsair_aio = None

gitea/cpapache.sls

@@ -6,6 +6,7 @@
     - user: root
     - group: root
     - mode: 644
+    - makedirs: true
 
 verify_vhost_includes:
   cmd.wait:
@@ -25,7 +26,7 @@ queue_httpd_graceful:
     - watch:
       - cmd: rebuildhttpdconf
 
-/home/{{ salt.pillar.get('gitea:user') }}/public_html/.htaccess:
+{{ salt.pillar.get('gitea:docroot') }}/.htaccess:
   file.managed:
     - source: 'salt://gitea/files/htaccess.jinja'
     - template: jinja

icinga2/plugins.sls

@@ -1,35 +1,39 @@
 # A deploy key must be added for this to work!
-/usr/local/lib/nagios:
+
+{% set git_dir = '/usr/local/lib/icinga' %}
+{% set venv_dir = '%s/venv' | format(git_dir) %}
+
+{{ git_dir }}:
   git.cloned:
     - name: {{ salt.pillar.get("icinga2:monitoring_plugins_git_url") | yaml_encode }}
-    - target: /usr/local/lib/nagios
+    - target: {{ git_dir }}
     - branch: master
     - user: root
 
-/usr/local/lib/nagios/venv:
+{{ venv_dir }}:
   cmd.run:
 {% if 'inmotionhosting' in grains.fqdn %}
-    - name: imh-python3 -m venv /usr/local/lib/nagios/venv
+    - name: imh-python3 -m venv {{ venv_dir }}
 {% else %}
-    - name: python3 -m venv /usr/local/lib/nagios/venv
+    - name: python3 -m venv {{ venv_dir }}
 {% endif %}
-    - creates: /usr/local/lib/nagios/venv
+    - creates: {{ venv_dir }}
     - require:
-      - git: /usr/local/lib/nagios
+      - git: {{ git_dir }}
       - pkg: monitoring_packages
 
 venv-ensurepip:
   cmd.run:
-    - name: /usr/local/lib/nagios/venv/bin/python3 -m ensurepip
+    - name: {{ venv_dir }}/bin/python3 -m ensurepip
-    - creates: /usr/local/lib/nagios/venv/bin/pip3
+    - creates: {{ venv_dir }}/bin/pip3
     - require:
-      - cmd: /usr/local/lib/nagios/venv
+      - cmd: {{ venv_dir }}
 
 {#
 venv-psutil:
   cmd.run:
-    - name: /usr/local/lib/nagios/venv/bin/pip3 install psutil
+    - name: {{ venv_dir }}/bin/pip3 install psutil
-    - unless: /usr/local/lib/nagios/venv/bin/pip3 freeze | grep -q '^psutil='
+    - unless: {{ venv_dir }}/bin/pip3 freeze | grep -q '^psutil='
     - require:
       - cmd: venv-ensurepip
 #}

icinga2/server.sls

@@ -18,7 +18,7 @@ icingaweb2_vhost:
     - group: root
     - mode: 644
     - source: https://packages.icinga.com/icinga.key
-    - source_hash: be677e07972ed57b99ffc2fd211379ac11b9c6a7c8d9460086b447b96b0a82bb
+    - source_hash: e2b9301181fcc3cd555323cafbecfcd8764f47e06e14e0128f172c544bbb619f
 
 icingacmd:
   group.present: []

salt/deb_install/init.sls

@@ -1,23 +1,36 @@
 {% from "salt/map.jinja" import salt_daemons with context %}
 {% from "salt/deb_install/map.jinja" import osrelease, oscodename with context %}
 
-/etc/apt/keyrings/salt-archive-keyring-2023.gpg:
+/etc/apt/keyrings/salt-archive-keyring-2023.pgp:
   file.managed:
-    - source: https://repo.saltproject.io/salt/py3/{{ grains['os'].lower() }}/{{ osrelease }}/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
+    - source: https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public
-    - source_hash: c6f6cbcd96fdb130b1dde8dcfc05d46a3a3f322ff0514f98e2e6473896243472
+    - source_hash: 36decef986477acb8ba2a1fc4041bcf9f22229ef6c939d0317c9e36a9d142b34
 
 /etc/apt/sources.list.d/salt.list:
   file.managed:
-    - contents: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/{{ grains['os'].lower() }}/{{ osrelease }}/amd64/minor/{{ salt.pillar.get("salt:version") }} {{ oscodename }} main"
+    - contents: deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.pgp arch=amd64] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main
 
 salt-common:
   pkg.installed:
     - version: '{{ salt.pillar.get("salt:version") }}'
     - refresh: true
     - require:
-      - file: /etc/apt/keyrings/salt-archive-keyring-2023.gpg
+      - file: /etc/apt/keyrings/salt-archive-keyring-2023.pgp
       - file: /etc/apt/sources.list.d/salt.list
 
+salt {{ salt.pillar.get("salt:version") }}:
+  pkg.held:
+    - pkgs:
+      - salt-common
+{% for daemon in salt_daemons %}
+      - salt-{{ daemon }}
+{% endfor %}
+    - require:
+      - pkg: salt-common
+{% for daemon in salt_daemons %}
+      - pkg: salt-{{ daemon }}
+{% endfor %}
+  
 {% for daemon in salt_daemons %}
 salt-{{ daemon }}:
   pkg.installed:

salt/files/minion.jinja

@@ -12,4 +12,4 @@ mysql.default_file: '/root/.my.cnf'
 mine_functions:
   root_id_rsa_pub:
     - mine_function: file.read
-    - /root/.ssh/id_rsa.pub
+    - /root/.ssh/id_ed25519.pub

salt/rhel_install.sls

@@ -1,6 +1,6 @@
 {% from "salt/map.jinja" import salt_daemons with context %}
 
-{% if grains['os'] != 'CentOS' %}
+{% if grains['os'] not in ('CentOS', 'AlmaLinux') %}
   {{ raise("Unsupported distro") }}
 {% endif %}
 
@@ -10,7 +10,7 @@
 salt:
   pkgrepo.managed:
     - baseurl: "https://repo.saltproject.io/salt/py3/redhat/{{ grains['osmajorrelease'] }}/x86_64/minor/{{ salt.pillar.get("salt:version") }}"
-    - humanname: Salt repo for RHEL/CentOS {{ grains['osmajorrelease'] }} PY3
+    - humanname: Salt repo for RHEL/CentOS/AlmaLinux {{ grains['osmajorrelease'] }} PY3
     - gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
     - skip_if_unavailable: true
     - failovermethod: priority

samba/smbd.sls

@@ -17,11 +17,11 @@ smbd:
     - template: jinja
     - check_cmd: /usr/bin/testparm -d 0 -s
 
-{# generate these with print(hashlib.new('md4', "password".encode('utf-16le')).hexdigest()) #}
+#{# generate these with print(hashlib.new('md4', "password".encode('utf-16le')).hexdigest()) #}
-{% for user, passw in salt.pillar.get('samba:users', {}).items() %}
+#{% for user, passw in salt.pillar.get('samba:users', {}).items() %}
-samba_{{user}}:
+#samba_{{user}}:
-  pdbedit.managed:
+#  pdbedit.managed:
-    - name: {{user}}
+#    - name: {{user}}
-    - password: {{passw}}
+#    - password: {{passw}}
-    - password_hashed: True
+#    - password_hashed: True
-{% endfor %}
+#{% endfor %}

screen/init.sls

@@ -1 +0,0 @@
-# TODO

setup.sh

@@ -2,7 +2,7 @@
 
 set -e
 
-SALT_VERSION='3006.4'
+SALT_VERSION='3007.1'
 
 CYAN='\033[1;36m'
 RED='\033[0;31m'
@@ -45,6 +45,7 @@ read
 
 if ! [ -e /usr/bin/salt-call ]; then
   if [[ "$DISTRO" == "fedora" ]]; then
+    mkdir -p /etc/salt/pki/minion
     echo -e "${CYAN}Fedora detected - installing Python3.10 if not present, then using a venv${NC}"
     if ! which python3.10 &>/dev/null; then
       wget -O /usr/local/bin/python3.10 https://github.com/niess/python-appimage/releases/download/python3.10/python3.10.13-cp310-cp310-manylinux_2_28_x86_64.AppImage
@@ -62,7 +63,10 @@ if ! [ -e /usr/bin/salt-call ]; then
     /opt/saltstack/salt/bin/pip3 freeze | grep -q ^salt== ||
       /opt/saltstack/salt/bin/pip3 install "salt==$SALT_VERSION"
     ln -sfT /opt/saltstack/salt/bin/salt-call /usr/bin/salt-call
-  elif [[ "$DISTRO" == "centos" ]]; then
+  elif [[ "$DISTRO" == "centos" ]] || [[ "$DISTRO" == "almalinux" ]]; then
+    if [[ "$DISTRO" == "almalinux" ]]; then
+        OS_VERSION="$(python3 -m distro --json | jq -r .version_parts.major)"
+    fi
     rpm --import https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub
     [ -f /etc/yum.repos.d/salt.repo ] ||
       curl -fsSL -o /etc/yum.repos.d/salt.repo https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/minor/$SALT_VERSION.repo

ssh/map.jinja

@@ -8,7 +8,7 @@
           'HostName': 'kpi.keiran.us',
           'User': restic_repo.split(':')[1],
           'Port': 9022,
-          'IdentityFile': '/root/.ssh/id_rsa',
+          'IdentityFile': '/root/.ssh/id_ed25519',
         }
       }
     }

users/init.sls

@@ -1,3 +1,12 @@
+screen:
+  pkg.installed: []
+
+/root/.screenrc:
+  file.managed:
+    - source: salt://users/files/screenrc
+    - user: root
+    - group: root
+    - mode: 640
 
 {% if salt.pillar.get('manage_root_bashrc', False) %}
 /root/.bashrc:
@@ -6,7 +15,7 @@
     - template: jinja
     - user: root
     - group: root
-    - mode: 0640
+    - mode: 640
     - context:
       bashrc_user: root
 {% endif %}
@@ -41,6 +50,14 @@
       bashrc_user: {{ user }}
     - require:
       - user: {{ user }}_user
+
+{{ homedir }}/.screenrc:
+  file.managed:
+    - source: salt://users/files/screenrc
+    - user: {{ user }}
+    - group: {{ user }}
+    - mode: 640
+
 {% endif %}
   {% endif %}
 {% endfor %}