dehydrated: pkg.installed: - pkgs: - dehydrated - dnsutils - rsync dehydrated_domains: file.managed: - name: /etc/dehydrated/domains.txt - source: salt://certificates/dehydrated/domains.txt - mode: '0644' dehydrated_dnsapi: file.managed: - name: /etc/dehydrated/dnsapi.config.txt - source: salt://certificates/dehydrated/dnsapi.config.txt - mode: '0600' - template: jinja dehydrated_mythic_dns01: file.recurse: - name: /etc/dehydrated/dehydrated-mythic-dns01 - source: salt://certificates/dehydrated/dehydrated-mythic-dns01 - dir_mode: '0755' - file_mode: '0755' - include_pat: - "*.sh" - "*-challenge/*" - "common/*" dehydrated_cert_group: group.present: - name: ssl-cert - system: true dehydrated_confs: file.recurse: - name: /etc/dehydrated/conf.d - source: salt://certificates/dehydrated/conf.d - dir_mode: '0755' - file_mode: '0644' dehydrated_hooks: file.recurse: - name: /etc/dehydrated/hooks - source: salt://certificates/dehydrated/hooks - dir_mode: '0755' - file_mode: '0755' dehydrated_cron: file.managed: - name: /etc/cron.daily/dehydrated - source: salt://certificates/dehydrated/cron.daily - mode: '0755' dehydrated_logrotate: file.managed: - name: /etc/logrotate.d/dehydrated - source: salt://certificates/dehydrated/logrotate - mode: '0644' server_key: ssh_auth.present: - user: root - source: salt://certificates/certificates_id_ed25519.pub server_client_certificate_location: file.directory: - name: /var/local/certificates - dir_mode: 0750 - file_mode: 0640