From 3beb1082243b68267d81f957d2f7ce4e9c4f927b Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank@brehm-online.com>
Date: Tue, 19 Sep 2023 11:24:49 +0200
Subject: [PATCH] committing changes in /etc made by "apt dist-upgrade -y"

Packages with configuration changes:
-salt-common 3005.2+ds-1 all
-salt-minion 3005.2+ds-1 all
+salt-common 3006.3 amd64
+salt-minion 3006.3 amd64

Package changes:
-salt-common 3005.2+ds-1 all
-salt-minion 3005.2+ds-1 all
+salt-common 3006.3 amd64
+salt-minion 3006.3 amd64
---
 .etckeeper                             |   4 +
 group                                  |   1 +
 group-                                 |   2 +-
 gshadow                                |   1 +
 gshadow-                               |   2 +-
 logrotate.d/salt/salt-common.logrotate |  50 +++++++++++
 passwd                                 |   1 +
 passwd-                                |   3 +-
 salt/cloud                             | 110 +++++++++++++++++++++++++
 salt/minion                            |  21 ++++-
 salt/roster                            |   8 ++
 shadow                                 |   1 +
 12 files changed, 200 insertions(+), 4 deletions(-)
 create mode 100644 logrotate.d/salt/salt-common.logrotate
 create mode 100644 salt/cloud
 create mode 100644 salt/roster

diff --git a/.etckeeper b/.etckeeper
index 0ca9e90..75755f5 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -2021,7 +2021,9 @@ maybe chmod 0644 'logrotate.d/fail2ban'
 maybe chmod 0644 'logrotate.d/icinga2'
 maybe chmod 0644 'logrotate.d/postgresql-common'
 maybe chmod 0644 'logrotate.d/rsyslog'
+maybe chmod 0755 'logrotate.d/salt'
 maybe chmod 0644 'logrotate.d/salt-common'
+maybe chmod 0644 'logrotate.d/salt/salt-common.logrotate'
 maybe chmod 0644 'logrotate.d/ulogd2'
 maybe chmod 0644 'logrotate.d/wtmp'
 maybe chmod 0755 'logwatch'
@@ -2516,6 +2518,7 @@ maybe chmod 0755 'runit'
 maybe chmod 0755 'runit/runsvdir'
 maybe chmod 0755 'runit/runsvdir/default'
 maybe chmod 0755 'salt'
+maybe chmod 0644 'salt/cloud'
 maybe chmod 0644 'salt/minion'
 maybe chmod 0755 'salt/minion.d'
 maybe chmod 0644 'salt/minion.d/_schedule.conf'
@@ -2527,6 +2530,7 @@ maybe chmod 0644 'salt/pki/minion/minion.pub'
 maybe chmod 0644 'salt/pki/minion/minion_master.pub'
 maybe chmod 0644 'salt/proxy'
 maybe chmod 0755 'salt/proxy.d'
+maybe chmod 0644 'salt/roster'
 maybe chmod 0644 'screenrc'
 maybe chmod 0755 'security'
 maybe chmod 0644 'security/access.conf'
diff --git a/group b/group
index 9961cfe..65b9850 100644
--- a/group
+++ b/group
@@ -65,3 +65,4 @@ repo:x:1111:repo,repo.in
 sgx:x:124:
 plocate:x:125:
 _ssh:x:109:
+salt:x:126:
diff --git a/group- b/group-
index bca8a8a..9961cfe 100644
--- a/group-
+++ b/group-
@@ -44,7 +44,6 @@ systemd-network:x:104:
 systemd-resolve:x:105:
 crontab:x:107:
 netdev:x:108:
-ssh:x:109:
 Debian-exim:x:110:
 mlocate:x:111:repo
 ssl-cert:x:112:postgres
@@ -65,3 +64,4 @@ tcpdump:x:123:
 repo:x:1111:repo,repo.in
 sgx:x:124:
 plocate:x:125:
+_ssh:x:109:
diff --git a/gshadow b/gshadow
index 9f0dfc6..efd2955 100644
--- a/gshadow
+++ b/gshadow
@@ -65,3 +65,4 @@ repo:!::repo,repo.in
 sgx:!::
 plocate:!::
 _ssh:!::
+salt:!::
diff --git a/gshadow- b/gshadow-
index 99d1860..9f0dfc6 100644
--- a/gshadow-
+++ b/gshadow-
@@ -44,7 +44,6 @@ systemd-network:!::
 systemd-resolve:!::
 crontab:!::
 netdev:!::
-ssh:!::
 Debian-exim:!::
 mlocate:!::repo
 ssl-cert:!::postgres
@@ -65,3 +64,4 @@ tcpdump:!::
 repo:!::repo,repo.in
 sgx:!::
 plocate:!::
+_ssh:!::
diff --git a/logrotate.d/salt/salt-common.logrotate b/logrotate.d/salt/salt-common.logrotate
new file mode 100644
index 0000000..1bc063e
--- /dev/null
+++ b/logrotate.d/salt/salt-common.logrotate
@@ -0,0 +1,50 @@
+/var/log/salt/master {
+	weekly
+	missingok
+	rotate 7
+	compress
+	notifempty
+	create 0640 salt salt
+}
+
+/var/log/salt/minion {
+	weekly
+	missingok
+	rotate 7
+	compress
+	notifempty
+}
+
+/var/log/salt/key {
+	weekly
+	missingok
+	rotate 7
+	compress
+	notifempty
+	create 0640 salt salt
+}
+
+/var/log/salt/api {
+	weekly
+	missingok
+	rotate 7
+	compress
+	notifempty
+	create 0640 salt salt
+}
+
+/var/log/salt/syndic {
+	weekly
+	missingok
+	rotate 7
+	compress
+	notifempty
+}
+
+/var/log/salt/proxy {
+	weekly
+	missingok
+	rotate 7
+	compress
+	notifempty
+}
diff --git a/passwd b/passwd
index 72547ec..ab4379d 100644
--- a/passwd
+++ b/passwd
@@ -34,3 +34,4 @@ minecraft:x:1222:100:Minecraft server user:/home/minecraft:/bin/bash
 systemd-coredump:x:998:998:systemd Core Dumper:/:/sbin/nologin
 repo.in:x:1112:100:Repo upload user:/home/repo.in:/bin/bash
 tcpdump:x:103:123::/nonexistent:/usr/sbin/nologin
+salt:x:997:126:Salt:/opt/saltstack/salt:/usr/sbin/nologin
diff --git a/passwd- b/passwd-
index 2bc3103..f7dc67c 100644
--- a/passwd-
+++ b/passwd-
@@ -10,7 +10,7 @@ mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
 news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
 uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
 proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
-www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/bin/bash
 backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
 list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
 irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
@@ -34,3 +34,4 @@ minecraft:x:1222:100:Minecraft server user:/home/minecraft:/bin/bash
 systemd-coredump:x:998:998:systemd Core Dumper:/:/sbin/nologin
 repo.in:x:1112:100:Repo upload user:/home/repo.in:/bin/bash
 tcpdump:x:103:123::/nonexistent:/usr/sbin/nologin
+salt:x:997:126::/home/salt:/usr/sbin/nologin
diff --git a/salt/cloud b/salt/cloud
new file mode 100644
index 0000000..5a379e6
--- /dev/null
+++ b/salt/cloud
@@ -0,0 +1,110 @@
+# This file should normally be installed at: /etc/salt/cloud
+
+
+##########################################
+#####          VM Defaults           #####
+##########################################
+
+# Set the size of minion keys to generate, defaults to 2048
+#
+#keysize: 2048
+
+
+# Set the default os being deployed. This sets which deployment script to
+# apply. This argument is optional.
+#
+#script: bootstrap-salt
+
+
+##########################################
+#####         Logging Settings       #####
+##########################################
+
+# The location of the master log file
+#
+#log_file: /var/log/salt/cloud
+
+
+# The level of messages to send to the console.
+# One of 'garbage', 'trace', 'debug', 'info', 'warning', 'error', 'critical'.
+#
+# The following log levels are considered INSECURE and may log sensitive data:
+# ['garbage', 'trace', 'debug']
+#
+# Default: 'info'
+#
+#log_level: info
+
+
+# The level of messages to send to the log file.
+# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
+#
+# Default: 'info'
+#
+#log_level_logfile: info
+
+
+# The date and time format used in log messages. Allowed date/time formatting
+# can be seen here:
+#
+#	http://docs.python.org/library/time.html#time.strftime
+#
+#log_datefmt: '%Y-%m-%d %H:%M:%S'
+
+
+# The format of the console logging messages. Allowed formatting options can
+# be seen here:
+#
+#	http://docs.python.org/library/logging.html#logrecord-attributes
+#
+# Console log colors are specified by these additional formatters:
+#
+# %(colorlevel)s
+# %(colorname)s
+# %(colorprocess)s
+# %(colormsg)s
+#
+# Since it is desirable to include the surrounding brackets, '[' and ']', in
+# the coloring of the messages, these color formatters also include padding as
+# well.  Color LogRecord attributes are only available for console logging.
+#
+#log_fmt_console: '%(colorlevel)s %(colormsg)s'
+#log_fmt_console: '[%(levelname)-8s] %(message)s'
+#
+#log_fmt_logfile: '%(asctime)s,%(msecs)03d [%(name)-17s][%(levelname)-8s] %(message)s'
+
+
+# Logger levels can be used to tweak specific loggers logging levels.
+# For example, if you want to have the salt library at the 'warning' level,
+# but you still wish to have 'salt.modules' at the 'debug' level:
+#
+#   log_granular_levels:
+#     'salt': 'warning',
+#     'salt.modules': 'debug'
+#     'saltcloud': 'info'
+#
+#log_granular_levels: {}
+
+
+##########################################
+#####         Misc Defaults          #####
+##########################################
+
+# Whether or not to remove the accompanying SSH key from the known_hosts file
+# when an instance is destroyed.
+#
+# Default: 'False'
+#
+#delete_sshkeys: False
+
+# Whether or not to include grains information in the /etc/salt/minion file
+# which is generated when the minion is provisioned.  For example...
+#   grains:
+#     salt-cloud:
+#       driver: ec2
+#       provider: my_ec2:ec2
+#       profile: micro_ec2
+#
+# Default: 'True'
+#
+#enable_cloud_grains: 'True'
diff --git a/salt/minion b/salt/minion
index 959cada..eeef626 100644
--- a/salt/minion
+++ b/salt/minion
@@ -171,7 +171,8 @@
 # asynchronously, however, it still adds 5 seconds every time grains are
 # generated if an IP does not resolve. In Windows grains are regenerated each
 # time a new process is spawned. Therefore, the default for Windows is `False`.
-# All other OSes default to `True`
+# On macOS, FQDN resolution can be very slow, therefore the default for macOS is
+# `False` as well. All other OSes default to `True`
 # enable_fqdns_grains: True
 
 # The minion can take a while to start up when lspci and/or dmidecode is used
@@ -591,6 +592,16 @@
 #
 #state_aggregate: False
 
+# Instead of failing immediately when another state run is in progress, a value
+# of True will queue the new state run to begin running once the other has
+# finished. This option starts a new thread for each queued state run, so use
+# this option sparingly. Additionally, it can be set to an integer representing
+# the maximum queue size which can be attained before the state runs will fail
+# to be queued. This can prevent runaway conditions where new threads are
+# started until system performance is hampered.
+#
+#state_queue: False
+
 # Disable requisites during state runs by specifying a single requisite
 # or a list of requisites to disable.
 #
@@ -600,6 +611,14 @@
 #     - require
 #     - require_in
 
+# If set, this parameter expects a dictionary of state module names as keys
+# and list of conditions which must be satisfied in order to run any functions
+# in that state module.
+#
+#global_state_conditions:
+#  "*": ["G@global_noop:false"]
+#  service: ["not G@virtual_subtype:chroot"]
+
 #####     File Directory Settings    #####
 ##########################################
 # The Salt Minion can redirect all file server operations to a local directory,
diff --git a/salt/roster b/salt/roster
new file mode 100644
index 0000000..3eac2fa
--- /dev/null
+++ b/salt/roster
@@ -0,0 +1,8 @@
+# Sample salt-ssh config file
+#web1:
+#  host: 192.168.42.1 # The IP addr or DNS hostname
+#  user: fred         # Remote executions will be executed as user fred
+#  passwd: foobarbaz  # The password to use for login, if omitted, keys are used
+#  sudo: True         # Whether to sudo to root, not enabled by default
+#web2:
+#  host: 192.168.42.2
diff --git a/shadow b/shadow
index 5c39e39..85e9d70 100644
--- a/shadow
+++ b/shadow
@@ -34,3 +34,4 @@ minecraft:$6$BmvC.jE1$LyKFxZz/gB.RbhoD4c39GovWEok45rrVBx1VqUdKJKCDoU7eN23uGY77SU
 systemd-coredump:!!:18129::::::
 repo.in:!:18478:0:99999:7:::
 tcpdump:*:18884:0:99999:7:::
+salt:!:19619::::::
-- 
2.39.5