Template security.conf in Debian

Including optional per-OS templates

(Solves https://github.com/saltstack-formulas/apache-formula/issues/153)

apache/manage_security.sls

 {% from "apache/map.jinja" import apache with context %}
 
+{%- macro security_config(name) %}
+{{ name }}:
+  file.managed:
+    - source:
+      - salt://apache/files/{{ salt['grains.get']('os_family') }}/security.conf.jinja
+      - salt://apache/files/security.conf.jinja
+    - mode: 644
+    - template: jinja
+    - require:
+      - pkg: apache
+    - watch_in:
+      - module: apache-restart
+{%- endmacro %}
+
 include:
   - apache
 
 {% if grains['os_family']=="Debian" %}
 
 {% if salt['file.file_exists' ]('/etc/apache2/conf-available/security.conf') %}
-apache_security-block:
-  file.blockreplace:
-    - name: /etc/apache2/conf-available/security.conf
-    - marker_start: "# START managed zone -DO-NOT-EDIT-"
-    - marker_end: "# END managed zone --"
-    - append_if_not_found: True
-    - show_changes: True
-    - require:
-      - pkg: apache
-    - watch_in:
-      - module: apache-reload
-
-{% for option, value in salt['pillar.get']('apache:security', {}).items() %}
-apache_manage-security-{{ option }}:
-  file.accumulated:
-    - filename: /etc/apache2/conf-available/security.conf
-    - name: apache_manage-security-add-{{ option }}
-    - text: "{{ option }} {{ value }}"
-    - require_in:
-      - file: apache_security-block
-{% endfor %}
-
+{{ security_config('/etc/apache2/conf-available/security.conf') }}
 {% endif %}
 
 {% elif grains['os_family']=="FreeBSD" %}
-{{ apache.confdir }}/security.conf:
-  file.managed:
-    - source: salt://apache/files/{{ salt['grains.get']('os_family') }}/security.conf.jinja
-    - mode: 644
-    - template: jinja
-    - require:
-      - pkg: apache
-    - watch_in:
-      - module: apache-restart
+{{ security_config(apache.confdir+'/security.conf') }}
 {% endif %}