Support configuring PKI

[kyrias]

It would be useful to have support for configuring a PKI for TLS support.

[0xf10e]

You mean for a CA to verify outgoing connections against with the `ca` directive? Or the `pki` one for `listen on $addr [secure|…]`?

[kyrias]

The pki statements required to set up TLS listens, yeah. Though while trying to make this formula a bit more complete I ended up replacing the config file with one rendered from a python module. You can take a look at it here if you want to see if it's something you would consider merging.

[0xf10e]

I first thought you used some external module but the #!py renderer would be fine.

But before merging we'd need to sort out two things:

• You're using absolute paths in your template
• I think when switching from the jinja-based defaults file you removed the standard merging logic with pillar lookups

I haven't looked closely enough at your changes yet to see if you reintroduced the merging logic later.

[kyrias]

Yeah, I'm at an impasse when it comes to the template, because there seems to be no python function for loading a function.

Anyway, with regards to the defaults file, I did that because I've never seen anyone do it like that before, because it seems rather pointless? Generally you just have a static yaml file with the defaults, because they're just the general defaults, and then the map file merges that in.

(Solved the problem with the relative path loading now.)