Manage salt-minion package, service and config

Restart the service after upgrading the package or modifying the minion
configuration file.

Signed-off-by: Joe Groocock <me@frebib.net>

states/salt/minion/init.sls

@@ -0,0 +1,39 @@
+{%- set masters = ['salt.nerdhouse.io'] %}
+
+salt-minion:
+  pkg.installed:
+  - version: latest
+  service.running:
+  - enable: true
+  - require:
+    - pkg: salt-minion
+    - file: /etc/salt/minion
+
+restart-salt-minion:
+  cmd.run:
+  - name: "sleep 10 && systemctl restart salt-minion --no-block"
+  - bg: true
+  - order: last
+  - watch:
+    - pkg: salt-minion
+    - file: /etc/salt/minion
+  - require:
+    - cmd: check-minion-config
+
+/etc/salt/minion:
+  file.managed:
+  - source: salt://{{ slspath }}/templates/minion.jinja
+  - template: jinja
+  - user: root
+  - group: root
+  - mode: 644
+  - context:
+      masters: {{ masters|json }}
+  - require:
+    - pkg: salt-minion
+
+check-minion-config:
+  cmd.run:
+  - name: sudo salt-call --local --skip-grains test.ping
+  - watch:
+    - file: /etc/salt/minion

states/salt/minion/templates/minion.jinja

@@ -0,0 +1,26 @@
+id: {{ grains.id|lower }}
+log_level: info
+ipv6: true
+ssl: true
+transport: tcp
+
+# https://github.com/saltstack/salt/blob/b95213ec903402f25c1e0aeb3990fe8452ab63ce/conf/minion#L39-L47
+# str, failover or disable
+master_type: str
+{% if masters is defined %}
+master:
+  {%- for master in masters %}
+- {{ master }}
+  {%- endfor %}
+{%- endif %}
+
+# set the default saltenv for highstate
+# otherwise it tries to run all of them 🤔
+saltenv: base
+# useful for influencing git_pillar and gitfs at the same time
+pillarenv_from_saltenv: true
+
+enable_fqdns_grains: false
+enable_gpu_grains: false
+
+# vim: ft=yaml

states/top.sls

@@ -2,3 +2,4 @@
   '*':
   - users
   - sshd
+  - salt.minion