From 68ff1a4dcffafdcf79a33486fc9a01530e4070d4 Mon Sep 17 00:00:00 2001
From: kjefferson <kyle.w.jefferson.ctr@mail.mil>
Date: Thu, 22 Feb 2018 11:00:37 -0500
Subject: [PATCH 01/11] add nacl formula

---
 formulas/class/nacl/prod.sls | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 formulas/class/nacl/prod.sls

diff --git a/formulas/class/nacl/prod.sls b/formulas/class/nacl/prod.sls
new file mode 100644
index 000000000..42c1d7e45
--- /dev/null
+++ b/formulas/class/nacl/prod.sls
@@ -0,0 +1,19 @@
+include:
+
+### Previously Executed States ###
+
+### Common States ###
+
+  - /states/system/timezone
+  - /states/system/rsyslog
+
+### Network Configuration States ###
+
+  - /apps/ipsec/install-atlas
+  - /apps/ipsec/configure-atlas
+
+### Disk Configuration States ###
+
+### Application States ###
+
+### Status Configuration Changes ###
-- 
GitLab


From 97f9e3737aa83a415237b2023b889ff9f88e4c43 Mon Sep 17 00:00:00 2001
From: kjefferson <kyle.w.jefferson.ctr@mail.mil>
Date: Thu, 22 Feb 2018 11:09:18 -0500
Subject: [PATCH 02/11] add nacl formula

---
 formulas/class/nacl/prod.sls | 68 +++++++++++++++++++++++++++---------
 1 file changed, 51 insertions(+), 17 deletions(-)

diff --git a/formulas/class/nacl/prod.sls b/formulas/class/nacl/prod.sls
index 42c1d7e45..f3a007cd2 100644
--- a/formulas/class/nacl/prod.sls
+++ b/formulas/class/nacl/prod.sls
@@ -1,19 +1,53 @@
 include:
 
-### Previously Executed States ###
-
-### Common States ###
-
-  - /states/system/timezone
-  - /states/system/rsyslog
-
-### Network Configuration States ###
-
-  - /apps/ipsec/install-atlas
-  - /apps/ipsec/configure-atlas
-
-### Disk Configuration States ###
-
-### Application States ###
-
-### Status Configuration Changes ###
+{% if grains['reboot_required'] == true %}
+
+  - /system/common/reboot
+
+{% else %}
+
+{% if (grains['status'] == 'preprov') or (grains['status'] == 'prov') or (grains['status'] == 'preprod') or (grains['status'] == 'prod') %}
+  - /formulas/common/cloud-prov
+{% endif %}
+
+{% if (grains['status'] == 'prov') or (grains['status'] == 'preprod') or (grains['status'] == 'prod') %}
+  - /apps/ipsec/install-nacl
+{% endif %}
+
+{% if (grains['status'] == 'preprod') or (grains['status'] == 'prod') %}
+  - /apps/ipsec/configure-nacl
+{% endif %}
+
+{% if grains['status'] == 'preprov' %}
+upgrade_status_to_prov:
+  grains.present:
+    - name: status
+    - value: prov
+    - force: true
+    - require:
+      - sls: /formulas/common/cloud-prov
+{% endif %}
+
+{% if grains['status'] == 'prov' %}
+upgrade_status_to_preprod:
+  grains.present:
+    - name: status
+    - value: preprod
+    - force: true
+    - require:
+      - sls: /formulas/common/cloud-prov
+      - sls: /apps/ipsec/install-nacl
+{% endif %}
+
+{% if (grains['status'] == 'preprod') or (grains['status'] == 'prod') %}
+upgrade_status_to_prod:
+  grains.present:
+    - name: status
+    - value: prod
+    - force: true
+    - require:
+      - sls: /formulas/common/cloud-prov
+      - sls: /apps/ipsec/install-nacl
+      - sls: /apps/ipsec/configure-nacl
+{% endif %}
+{% endif %}
-- 
GitLab


From f7b406b2f65f405f50a022ee179d6c520c365073 Mon Sep 17 00:00:00 2001
From: kjefferson <kyle.w.jefferson.ctr@mail.mil>
Date: Thu, 22 Feb 2018 11:24:11 -0500
Subject: [PATCH 03/11] add nacl ipsec configs

---
 apps/ipsec/files/nacl-ipsec.conf | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 apps/ipsec/files/nacl-ipsec.conf

diff --git a/apps/ipsec/files/nacl-ipsec.conf b/apps/ipsec/files/nacl-ipsec.conf
new file mode 100644
index 000000000..2249487c9
--- /dev/null
+++ b/apps/ipsec/files/nacl-ipsec.conf
@@ -0,0 +1,22 @@
+config setup
+
+conn usacys-site-to-site
+        left=96.27.143.4
+        leftsubnet=10.10.0.0/22,10.10.4.0/22,192.168.240.0/22
+        leftid = cerberus.bbh.cyberschool.army.mil
+        right=cybbh.space
+        rightsubnet=192.168.200.248,192.168.200.248
+        rightid = nacl.cybbh.space
+        ike=aes256-sha256-modp4096!
+        esp=aes256gcm128-sha256,aes256gcm128-sha512,aes256gcm96-sha256,aes256gcm96-sha512,aes256gcm64-sha256,aes256gcm64-sha512!
+        keyingtries=0
+        ikelifetime=1h
+        lifetime=8h
+        dpddelay=30
+        dpdtimeout=120
+        dpdaction=clear
+        auto=start
+        leftauth = psk
+        rightauth = psk
+
+include /var/lib/strongswan/ipsec.conf.inc
-- 
GitLab


From bfefc5163a110892ad775f83c5331078eab1085f Mon Sep 17 00:00:00 2001
From: kjefferson <kyle.w.jefferson.ctr@mail.mil>
Date: Thu, 22 Feb 2018 11:25:05 -0500
Subject: [PATCH 04/11] update pillar nacl

---
 apps/ipsec/files/nacl-ipsec.secrets | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 apps/ipsec/files/nacl-ipsec.secrets

diff --git a/apps/ipsec/files/nacl-ipsec.secrets b/apps/ipsec/files/nacl-ipsec.secrets
new file mode 100644
index 000000000..de7dfc37a
--- /dev/null
+++ b/apps/ipsec/files/nacl-ipsec.secrets
@@ -0,0 +1,3 @@
+cerberus.bbh.cyberschool.army.mil nacl.cybbh.space : PSK '{{ nacl_ipsec_secret }}'
+
+include /var/lib/strongswan/ipsec.secrets.inc
-- 
GitLab


From a6699284491c3c60bf0baeaacd59278a990e60e8 Mon Sep 17 00:00:00 2001
From: kjefferson <kyle.w.jefferson.ctr@mail.mil>
Date: Thu, 22 Feb 2018 11:25:32 -0500
Subject: [PATCH 05/11] add hash

---
 apps/ipsec/files/hash | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 apps/ipsec/files/hash

diff --git a/apps/ipsec/files/hash b/apps/ipsec/files/hash
new file mode 100644
index 000000000..d2fd44585
--- /dev/null
+++ b/apps/ipsec/files/hash
@@ -0,0 +1,2 @@
+0a7d86ada00ad5ee294927332fb196b38537e0815659a8b688f2562b356c4f690a2b27593e8f1114dc7929e42d09d6e44b5010243185e1b04c389e39d1f9bc23 *nacl-ipsec.conf
+5a81cab9e56ccdfb1ba4165bef9daee76fbd90fe55e3ad6aa491689f0c4b3e5f6af0b8032fe3a19fe74ec6731a87a04e259023d5ba617ec17e3730518174b5d0 *nacl-ipsec.secrets
-- 
GitLab


From fdf9bc04ccbbe03483ef737f620ed6204bbeab28 Mon Sep 17 00:00:00 2001
From: kjefferson <kyle.w.jefferson.ctr@mail.mil>
Date: Thu, 22 Feb 2018 11:26:17 -0500
Subject: [PATCH 06/11] add nacl install

---
 apps/ipsec/install-nacl | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 apps/ipsec/install-nacl

diff --git a/apps/ipsec/install-nacl b/apps/ipsec/install-nacl
new file mode 100644
index 000000000..619a330a0
--- /dev/null
+++ b/apps/ipsec/install-nacl
@@ -0,0 +1,3 @@
+install_strongswan:
+  pkg.installed:
+    - name: strongswan
-- 
GitLab


From c01aed9559fa21daef7066040dae3428b0b60f2c Mon Sep 17 00:00:00 2001
From: kjefferson <kyle.w.jefferson.ctr@mail.mil>
Date: Thu, 22 Feb 2018 11:26:51 -0500
Subject: [PATCH 07/11] add nacl configs

---
 apps/ipsec/configure-nacl | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 apps/ipsec/configure-nacl

diff --git a/apps/ipsec/configure-nacl b/apps/ipsec/configure-nacl
new file mode 100644
index 000000000..25e821de5
--- /dev/null
+++ b/apps/ipsec/configure-nacl
@@ -0,0 +1,22 @@
+include:
+  - /apps/ipsec/install-nacl
+
+/etc/ipsec.secrets:
+  file.managed:
+    - source: salt://apps/ipsec/files/nacl-ipsec.secrets
+    - source_hash: salt://apps/ipsec/files/hash
+    - template: jinja
+    - defaults:
+        nacl_ipsec_secret: {{ pillar['nacl_ipsec_secret'] }}
+    - sls: /apps/ipsec/install-nacl
+
+/etc/ipsec.conf:
+  file.managed:
+    - source: salt://apps/ipsec/files/nacl-ipsec.conf
+    - source_hash: salt://apps/ipsec/files/hash
+
+strongswan:
+  service.running:
+    - watch:
+      - /etc/ipsec.conf
+      - /etc/ipsec.secrets
-- 
GitLab


From 81b6fdab49872320c37da3a55cf8e3e033d9913a Mon Sep 17 00:00:00 2001
From: kjefferson <kyle.w.jefferson.ctr@mail.mil>
Date: Thu, 22 Feb 2018 13:39:24 -0500
Subject: [PATCH 08/11] add saltstack extension

---
 apps/ipsec/configure-nacl.sls | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 apps/ipsec/configure-nacl.sls

diff --git a/apps/ipsec/configure-nacl.sls b/apps/ipsec/configure-nacl.sls
new file mode 100644
index 000000000..25e821de5
--- /dev/null
+++ b/apps/ipsec/configure-nacl.sls
@@ -0,0 +1,22 @@
+include:
+  - /apps/ipsec/install-nacl
+
+/etc/ipsec.secrets:
+  file.managed:
+    - source: salt://apps/ipsec/files/nacl-ipsec.secrets
+    - source_hash: salt://apps/ipsec/files/hash
+    - template: jinja
+    - defaults:
+        nacl_ipsec_secret: {{ pillar['nacl_ipsec_secret'] }}
+    - sls: /apps/ipsec/install-nacl
+
+/etc/ipsec.conf:
+  file.managed:
+    - source: salt://apps/ipsec/files/nacl-ipsec.conf
+    - source_hash: salt://apps/ipsec/files/hash
+
+strongswan:
+  service.running:
+    - watch:
+      - /etc/ipsec.conf
+      - /etc/ipsec.secrets
-- 
GitLab


From 51c1eb31f909682bf15bc44562c1e9c8c747686a Mon Sep 17 00:00:00 2001
From: kjefferson <kyle.w.jefferson.ctr@mail.mil>
Date: Thu, 22 Feb 2018 13:40:13 -0500
Subject: [PATCH 09/11] add saltstack extension

---
 apps/ipsec/install-nacl.sls | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 apps/ipsec/install-nacl.sls

diff --git a/apps/ipsec/install-nacl.sls b/apps/ipsec/install-nacl.sls
new file mode 100644
index 000000000..619a330a0
--- /dev/null
+++ b/apps/ipsec/install-nacl.sls
@@ -0,0 +1,3 @@
+install_strongswan:
+  pkg.installed:
+    - name: strongswan
-- 
GitLab


From 47428993ce6ca0d0a49c1dd7a8d8634a96620595 Mon Sep 17 00:00:00 2001
From: kjefferson <kyle.w.jefferson.ctr@mail.mil>
Date: Thu, 22 Feb 2018 14:24:23 -0500
Subject: [PATCH 10/11] remove wrong file extensions

---
 apps/ipsec/configure-nacl | 22 ----------------------
 apps/ipsec/install-nacl   |  3 ---
 2 files changed, 25 deletions(-)
 delete mode 100644 apps/ipsec/configure-nacl
 delete mode 100644 apps/ipsec/install-nacl

diff --git a/apps/ipsec/configure-nacl b/apps/ipsec/configure-nacl
deleted file mode 100644
index 25e821de5..000000000
--- a/apps/ipsec/configure-nacl
+++ /dev/null
@@ -1,22 +0,0 @@
-include:
-  - /apps/ipsec/install-nacl
-
-/etc/ipsec.secrets:
-  file.managed:
-    - source: salt://apps/ipsec/files/nacl-ipsec.secrets
-    - source_hash: salt://apps/ipsec/files/hash
-    - template: jinja
-    - defaults:
-        nacl_ipsec_secret: {{ pillar['nacl_ipsec_secret'] }}
-    - sls: /apps/ipsec/install-nacl
-
-/etc/ipsec.conf:
-  file.managed:
-    - source: salt://apps/ipsec/files/nacl-ipsec.conf
-    - source_hash: salt://apps/ipsec/files/hash
-
-strongswan:
-  service.running:
-    - watch:
-      - /etc/ipsec.conf
-      - /etc/ipsec.secrets
diff --git a/apps/ipsec/install-nacl b/apps/ipsec/install-nacl
deleted file mode 100644
index 619a330a0..000000000
--- a/apps/ipsec/install-nacl
+++ /dev/null
@@ -1,3 +0,0 @@
-install_strongswan:
-  pkg.installed:
-    - name: strongswan
-- 
GitLab


From 8e9f82b5fe2dcaba7ac825112b1d2f1376ea1dec Mon Sep 17 00:00:00 2001
From: kjefferson <kyle.w.jefferson.ctr@mail.mil>
Date: Wed, 28 Feb 2018 09:34:58 -0500
Subject: [PATCH 11/11] add nacl to top file

---
 top.sls | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/top.sls b/top.sls
index 21e33bde1..7a17be256 100644
--- a/top.sls
+++ b/top.sls
@@ -9,7 +9,7 @@ base:
   '*cybbh.space':
     - formulas/common/cloud-preprov
 
-### Run all nodes in preprov status through the prov state; apply the prov status if and 
+### Run all nodes in preprov status through the prov state; apply the prov status if and
 ### only if the prov state for the node class succeeds.
 
 ### Core Classes
@@ -109,3 +109,7 @@ base:
   'P@status:(preprov|prov|preprod|prod) and E@^(register)':
      - match: compound
      - formulas/class/public/register
+
+  'P@status:(preprov|prov|preprod|prod) and E@^(nacl)':
+     - match: compound
+     - formulas/class/nacl/prod
-- 
GitLab