From 04bb63811f68fa47a847263f9469343934bda029 Mon Sep 17 00:00:00 2001
From: Deimos <deimos@tildes.net>
Date: Tue, 22 Jan 2019 20:57:07 -0700
Subject: [PATCH] Salt: split Redis passwords server to own state

The monitoring server needs Redis, but not the separate server that's
used for the breached-passwords bloom filter in dev/prod. This splits
that server out to its own state, so that it doesn't need to be set up
on the monitoring server.
---
 salt/salt/redis/breached-passwords.sls | 29 +++++++++++++++++++++++++
 salt/salt/redis/init.sls               | 30 --------------------------
 salt/salt/top.sls                      |  1 +
 3 files changed, 30 insertions(+), 30 deletions(-)
 create mode 100644 salt/salt/redis/breached-passwords.sls

diff --git a/salt/salt/redis/breached-passwords.sls b/salt/salt/redis/breached-passwords.sls
new file mode 100644
index 0000000..39f4807
--- /dev/null
+++ b/salt/salt/redis/breached-passwords.sls
@@ -0,0 +1,29 @@
+/run/redis_breached_passwords:
+  file.directory:
+    - user: redis
+    - group: redis
+    - mode: 755
+    - require:
+      - user: redis-user
+
+/etc/redis_breached_passwords.conf:
+  file.managed:
+    - source: salt://redis/redis_breached_passwords.conf
+    - user: redis
+    - group: redis
+    - mode: 600
+
+/etc/systemd/system/redis_breached_passwords.service:
+  file.managed:
+    - source: salt://redis/redis_breached_passwords.service
+    - user: root
+    - group: root
+    - mode: 644
+    - require_in:
+      - service: redis_breached_passwords.service
+
+redis_breached_passwords.service:
+  service.running:
+    - enable: True
+    - watch:
+      - file: /etc/redis_breached_passwords.conf
diff --git a/salt/salt/redis/init.sls b/salt/salt/redis/init.sls
index 245f601..eb2d41e 100644
--- a/salt/salt/redis/init.sls
+++ b/salt/salt/redis/init.sls
@@ -112,33 +112,3 @@ redis.service:
     - require:
       - user: redis-user
       - cmd: install-redis
-
-/run/redis_breached_passwords:
-  file.directory:
-    - user: redis
-    - group: redis
-    - mode: 755
-    - require:
-      - user: redis-user
-
-/etc/redis_breached_passwords.conf:
-  file.managed:
-    - source: salt://redis/redis_breached_passwords.conf
-    - user: redis
-    - group: redis
-    - mode: 600
-
-/etc/systemd/system/redis_breached_passwords.service:
-  file.managed:
-    - source: salt://redis/redis_breached_passwords.service
-    - user: root
-    - group: root
-    - mode: 644
-    - require_in:
-      - service: redis_breached_passwords.service
-
-redis_breached_passwords.service:
-  service.running:
-    - enable: True
-    - watch:
-      - file: /etc/redis_breached_passwords.conf
diff --git a/salt/salt/top.sls b/salt/salt/top.sls
index b829b43..ccfb711 100644
--- a/salt/salt/top.sls
+++ b/salt/salt/top.sls
@@ -8,6 +8,7 @@ base:
     - postgresql.pgbouncer
     - python
     - redis
+    - redis.breached-passwords
     - redis.modules.rebloom
     - redis.modules.redis-cell
     - rabbitmq