tyrm/gist:43f89cd104ea0578eea577157b710a23

## gistfile1.txt
{% set dest_dir = salt['pillar.get']('config:dest_dir', '/etc/opt/config') -%}
{% set dev_files = [""] -%}
{% set prod_files = [""] -%}
{% set my_env = salt['pillar.get']('config:env', pillar['common']['env_type']) -%}
{% set my_group = salt['pillar.get']('config:group', 'root') -%}
{% set my_user = salt['pillar.get']('config:user', 'root') -%}
{% set files = {"dev": dev_files, "prod": prod_files}[my_env] -%}
---
include:
  - profiles.software.sops

{% for file in files %}
config-cache {{ file }}.enc locally:
  file.managed:
    - name: /var/cache/salt/minion/sops/{{ file }}.enc
    - source: salt://profiles/config/files/{{ my_env }}/{{ file }}.enc
    - skip_verify: false
    - user: {{my_user}}
    - group: {{my_group}}

config-version folder for {{ file }}:
  file.directory:
    - name: {{dest_dir}}/versions
    - makedirs: True
    - user: {{my_user}}
    - group: {{my_group}}
    - require:
        - file: config-cache {{ file }}.enc locally

config-decrypt {{file}}.enc:
  cmd.run:
    - name: /usr/local/sbin/sops -d /var/cache/salt/minion/sops/{{ file }}.enc > {{ dest_dir }}/versions/{{ file }}_`sha1sum /var/cache/salt/minion/sops/{{ file }}.enc | awk '{ print $1 }'`
    - unless: test -e {{ dest_dir }}/versions/{{ file }}_`sha1sum /var/cache/salt/minion/sops/{{ file }}.enc | awk '{ print $1 }'`
    - require:
        - file: config-cache {{ file }}.enc locally
        - file: config-version folder for {{ file }}

config-link to current {{ file }}:
  cmd.run:
    - name: ln -f -s versions/{{ file }}_`sha1sum /var/cache/salt/minion/sops/{{ file }}.enc | awk '{ print $1 }'` {{ file }}
    - cwd: {{ dest_dir }}
    - unless: readlink {{ file }}|grep `sha1sum /var/cache/salt/minion/sops/{{ file }}.enc | awk '{ print $1 }'`
{% endfor -%}
	{% set dest_dir = salt['pillar.get']('config:dest_dir', '/etc/opt/config') -%}
	{% set dev_files = [""] -%}
	{% set prod_files = [""] -%}
	{% set my_env = salt['pillar.get']('config:env', pillar['common']['env_type']) -%}
	{% set my_group = salt['pillar.get']('config:group', 'root') -%}
	{% set my_user = salt['pillar.get']('config:user', 'root') -%}
	{% set files = {"dev": dev_files, "prod": prod_files}[my_env] -%}
	---
	include:
	- profiles.software.sops

	{% for file in files %}
	config-cache {{ file }}.enc locally:
	file.managed:
	- name: /var/cache/salt/minion/sops/{{ file }}.enc
	- source: salt://profiles/config/files/{{ my_env }}/{{ file }}.enc
	- skip_verify: false
	- user: {{my_user}}
	- group: {{my_group}}

	config-version folder for {{ file }}:
	file.directory:
	- name: {{dest_dir}}/versions
	- makedirs: True
	- user: {{my_user}}
	- group: {{my_group}}
	- require:
	- file: config-cache {{ file }}.enc locally

	config-decrypt {{file}}.enc:
	cmd.run:
	- name: /usr/local/sbin/sops -d /var/cache/salt/minion/sops/{{ file }}.enc > {{ dest_dir }}/versions/{{ file }}_`sha1sum /var/cache/salt/minion/sops/{{ file }}.enc \| awk '{ print $1 }'`
	- unless: test -e {{ dest_dir }}/versions/{{ file }}_`sha1sum /var/cache/salt/minion/sops/{{ file }}.enc \| awk '{ print $1 }'`
	- require:
	- file: config-cache {{ file }}.enc locally
	- file: config-version folder for {{ file }}

	config-link to current {{ file }}:
	cmd.run:
	- name: ln -f -s versions/{{ file }}_`sha1sum /var/cache/salt/minion/sops/{{ file }}.enc \| awk '{ print $1 }'` {{ file }}
	- cwd: {{ dest_dir }}
	- unless: readlink {{ file }}\|grep `sha1sum /var/cache/salt/minion/sops/{{ file }}.enc \| awk '{ print $1 }'`
	{% endfor -%}