diff --git a/pillar/services/table.sls b/pillar/services/table.sls
index 06a3ca0..a75bdf1 100644
--- a/pillar/services/table.sls
+++ b/pillar/services/table.sls
@@ -1,23 +1,25 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Description: Table of the services to use in configuration
# -------------------------------------------------------------
nasqueron_services:
# Complector services
salt_primary: 172.27.27.7
+ salt_api_url: https://172.27.27.7:8300
+
vault: 172.27.27.7
vault_url: https://172.27.27.7:8200
# PaaS Docker
docker:
api: 172.27.27.5
cd: 172.27.27.5
notifications: 172.27.27.5
# Databases
db-A: 172.27.27.8
db-B: 172.27.27.9
diff --git a/roles/salt-primary/api/certificates.sls b/roles/salt-primary/api/certificates.sls
new file mode 100644
index 0000000..c809517
--- /dev/null
+++ b/roles/salt-primary/api/certificates.sls
@@ -0,0 +1,30 @@
+# -------------------------------------------------------------
+# Salt — Provision a salt primary server
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+
+# -------------------------------------------------------------
+# Copy TLS certificates from Vault
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ dirs.etc }}/certificates/salt-api:
+ file.directory:
+ - user: salt
+ - mode: 755
+ - makedirs: True
+
+{{ dirs.etc }}/certificates/salt-api/fullchain.pem:
+ file.managed:
+ - user: salt
+ - mode: 444
+ - source: /usr/local/etc/certificates/vault/fullchain.pem
+
+{{ dirs.etc }}/certificates/salt-api/private.key:
+ file.managed:
+ - user: salt
+ - mode: 400
+ - source: /usr/local/etc/certificates/vault/private.key
diff --git a/roles/salt-primary/api/files/api.conf b/roles/salt-primary/api/files/api.conf
new file mode 100644
index 0000000..52cabfd
--- /dev/null
+++ b/roles/salt-primary/api/files/api.conf
@@ -0,0 +1,22 @@
+# -------------------------------------------------------------
+# Salt configuration :: API
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/salt-primary/api/files/api.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+rest_cherrypy:
+ port: 8300
+ ssl_crt: {{ certificates_path }}/fullchain.pem
+ ssl_key: {{ certificates_path }}/private.key
+ webhook_disable_auth: True
+ collect_stats: True
+ stats_disable_auth: True
diff --git a/roles/salt-primary/api/files/salt_api.rc b/roles/salt-primary/api/files/salt_api.rc
new file mode 100644
index 0000000..76d5b8f
--- /dev/null
+++ b/roles/salt-primary/api/files/salt_api.rc
@@ -0,0 +1,16 @@
+# -------------------------------------------------------------
+# Salt
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/salt-primary/api/files/salt_api.rc
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+salt_api_enable="YES"
diff --git a/roles/salt-primary/init.sls b/roles/salt-primary/api/init.sls
similarity index 75%
copy from roles/salt-primary/init.sls
copy to roles/salt-primary/api/init.sls
index c6f05a4..5c5107d 100644
--- a/roles/salt-primary/init.sls
+++ b/roles/salt-primary/api/init.sls
@@ -1,15 +1,11 @@
# -------------------------------------------------------------
# Salt — Provision a salt primary server
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
-# Created: 2017-10-21
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- - .software
- - .config
- - .account
- - .cloud
- - .staging
- - .salt-wrapper
+ - .rest_cherrypy
+ - .certificates
+ - .service
diff --git a/roles/salt-primary/api/rest_cherrypy.sls b/roles/salt-primary/api/rest_cherrypy.sls
new file mode 100644
index 0000000..b34ac4c
--- /dev/null
+++ b/roles/salt-primary/api/rest_cherrypy.sls
@@ -0,0 +1,44 @@
+# -------------------------------------------------------------
+# Salt — Provision a salt primary server
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs, packages_prefixes with context %}
+
+# -------------------------------------------------------------
+# Additional software
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+install_salt_api_extra_software:
+ pkg.installed:
+ - pkgs:
+ - {{ packages_prefixes.python3 }}cherrypy
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ dirs.etc }}/salt/master.d/api.conf:
+ file.managed:
+ - source: salt://roles/salt-primary/api/files/api.conf
+ - template: jinja
+ - context:
+ certificates_path: {{ dirs.etc }}/certificates/salt-api
+
+# -------------------------------------------------------------
+# Fix for contextvars issue
+#
+# This package is now a part of the Python library since 3.7
+# Yes, this is hacky.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% set pythonversion = "{}.{}".format(grains["pythonversion"][0], grains["pythonversion"][1]) %}
+
+drop_contextvars:
+ file.comment:
+ - name: {{ grains["saltpath"] }}-{{ grains["saltversion"] }}-py{{ pythonversion }}.egg-info/requires.txt
+ - regex: ^contextvars
+ - backup: False
+ - ignore_missing: True
diff --git a/roles/salt-primary/api/service.sls b/roles/salt-primary/api/service.sls
new file mode 100644
index 0000000..1e9291a
--- /dev/null
+++ b/roles/salt-primary/api/service.sls
@@ -0,0 +1,29 @@
+# -------------------------------------------------------------
+# Salt — Provision a salt primary server
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import services with context %}
+
+# -------------------------------------------------------------
+# Enable FreeBSD service
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if services["manager"] == "rc" %}
+
+/etc/rc.conf.d/salt_api:
+ file.managed:
+ - source: salt://roles/salt-primary/api/files/salt_api.rc
+
+{% endif %}
+
+# -------------------------------------------------------------
+# Start service
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+service_salt_api:
+ service.running:
+ - name: salt_api
+ - enable: true
diff --git a/roles/salt-primary/init.sls b/roles/salt-primary/init.sls
index c6f05a4..6e4b736 100644
--- a/roles/salt-primary/init.sls
+++ b/roles/salt-primary/init.sls
@@ -1,15 +1,16 @@
# -------------------------------------------------------------
# Salt — Provision a salt primary server
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-10-21
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- .software
- .config
- .account
- .cloud
- .staging
- .salt-wrapper
+ - .api