{%- from "salt/map.jinja" import api with context %}
{%- if api.get('enabled', False) %}

salt_api_packages:
  pkg.installed:
  - names: {{ api.pkgs }}

/etc/salt/master.d/_api.conf:
  file.managed:
  - source: salt://salt/files/_api.conf
  - user: root
  - template: jinja
  - require:
    - pkg: salt_api_packages
  - watch_in:
    - service: salt_api_service

{%- if api.get('ssl', {}).authority is defined %}

{%- set cert_file = "/etc/ssl/certs/" + api.ssl.get('name', grains.id) + ".crt" %}
{%- set ca_file = "/etc/ssl/certs/ca-" + api.ssl.authority + ".crt" %}

salt_api_init_tls:
  cmd.run:
  - name: "cat {{ cert_file }} {{ ca_file }} > /etc/ssl/certs/{{ api.ssl.get('name', grains.id) }}-chain.crt"
  - creates: /etc/ssl/certs/{{ api.ssl.get('name', grains.id) }}-chain.crt
  - watch_in:
    - service: salt_api_service
{%- endif %}

salt_api_service:
  service.running:
  - name: {{ api.service }}
  - require:
    - pkg: salt_api_packages
  - watch:
    - file: /etc/salt/master.d/_api.conf

{%- if grains.get('init', None) == 'systemd' %}
salt_api_systemd_override:
  file.managed:
    - name: /etc/systemd/system/{{ api.service }}.service.d/50-restarts.conf
    - source: salt://salt/files/systemd/{{ api.service }}.service_50-restarts
    - makedirs: True

salt_api_systemd_reload:
  module.wait:
    - name: service.systemctl_reload
    - onchanges:
      - file: salt_api_systemd_override
    - watch_in:
      - service: salt_api_service
{%- endif %}
{%- endif %}