{% if grains['kernel'] == 'Linux' %}
  {% set KEY_NAME = 'secure_ssh_tunnel' %}
  {% set ANS_REMOTE_USER = salt['grains.get'](ANS_REMOTE_USER) %}
  {% set ANS_REMOTE_PORT = salt['grains.get'](ANS_REMOTE_PORT) %}
  {% set ANS_ADDR_TARGET = salt['grains.get'](ANS_ADDR_TARGET) %}
  {% set ANS_PORT_TARGET = salt['grains.get'](ANS_PORT_TARGET) %}
  {% set ANS_REMOTE_USER = salt['grains.get'](ANS_REMOTE_USER) %}
  {% set ANS_TARGET_USER = salt['grains.get'](ANS_TARGET_USER) %}

'generate_ssh_key_{{ANS_REMOTE_USER}}':
  cmd.run:
    - name: ssh-keygen -q -N '' -f /home/{{ANS_REMOTE_USER}}/.ssh/{{KEY_NAME}}
    - runas: {{ANS_REMOTE_USER}}
    - unless: test -f /home/{{ANS_REMOTE_USER}}/.ssh/{{KEY_NAME}}

'secure_tunnel_systemd_file':
  file.managed:
    - source: salt://templates/secure-tunnel.service
    - name: /etc/systemd/system/secure-tunnel.service
    - user: root
    - group: root
    - template: jinja
    - defaults:
      ANS_ADDR_TARGET: {{ANS_ADDR_TARGET}}

'secure_tunnel_default_file':
  file.managed:
    - source: salt://templates/secure-tunnel.dft
    - name: /etc/default/secure-tunnel
    - user: root
    - group: root
    - template: jinja
    - defaults:
      ANS_ADDR_TARGET: {{ANS_ADDR_TARGET}}
      ANS_REMOTE_PORT: {{ANS_REMOTE_PORT}}
      ANS_PORT_TARGET: {{ANS_PORT_TARGET}}
      ANS_REMOTE_USER: {{ANS_REMOTE_USER}}
      ANS_TARGET_USER: {{ANS_TARGET_USER}}

{% endif %}