From 744d8449c431788f0af805aa1e759c95dd41bf97 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank@brehm-online.com>
Date: Tue, 10 Oct 2017 22:11:49 +0200
Subject: [PATCH] committing changes in /etc after apt run

Package changes:
-apache2-bin 2.4.25-3+deb9u2 amd64
-apt 1.4.7 amd64
+apache2-bin 2.4.25-3+deb9u3 amd64
+apt 1.4.8 amd64
-apt-utils 1.4.7 amd64
+apt-utils 1.4.8 amd64
-base-files 9.9+deb9u1 amd64
+base-files 9.9+deb9u2 amd64
-chrony 3.0-4 amd64
+chrony 3.0-4+deb9u1 amd64
-dbus 1.10.18-1 amd64
+dbus 1.10.22-0+deb9u1 amd64
-dirmngr 2.1.18-6 amd64
+dirmngr 2.1.18-8~deb9u1 amd64
-git 1:2.11.0-3+deb9u1 amd64
-git-email 1:2.11.0-3+deb9u1 all
-git-man 1:2.11.0-3+deb9u1 all
-gnupg 2.1.18-6 amd64
-gnupg-agent 2.1.18-6 amd64
-gpgv 2.1.18-6 amd64
+git 1:2.11.0-3+deb9u2 amd64
+git-email 1:2.11.0-3+deb9u2 all
+git-man 1:2.11.0-3+deb9u2 all
+gnupg 2.1.18-8~deb9u1 amd64
+gnupg-agent 2.1.18-8~deb9u1 amd64
+gpgv 2.1.18-8~deb9u1 amd64
-haveged 1.9.1-5 amd64
+haveged 1.9.1-5+deb9u1 amd64
-krb5-locales 1.15-1 all
+krb5-locales 1.15-1+deb9u1 all
-libapt-inst2.0 1.4.7 amd64
-libapt-pkg5.0 1.4.7 amd64
+libapt-inst2.0 1.4.8 amd64
+libapt-pkg5.0 1.4.8 amd64
-libcurl3-gnutls 7.52.1-5 amd64
+libcurl3-gnutls 7.52.1-5+deb9u1 amd64
-libdb5.3 5.3.28-12+b1 amd64
+libdb5.3 5.3.28-12+deb9u1 amd64
-libdbus-1-3 1.10.18-1 amd64
+libdbus-1-3 1.10.22-0+deb9u1 amd64
-libgnutls-openssl27 3.5.8-5+deb9u2 amd64
-libgnutls30 3.5.8-5+deb9u2 amd64
+libgnutls-openssl27 3.5.8-5+deb9u3 amd64
+libgnutls30 3.5.8-5+deb9u3 amd64
-libgssapi-krb5-2 1.15-1 amd64
-libhavege1 1.9.1-5 amd64
-libhogweed4 3.3-1+b1 amd64
+libgssapi-krb5-2 1.15-1+deb9u1 amd64
+libhavege1 1.9.1-5+deb9u1 amd64
+libhogweed4 3.3-1+b2 amd64
-libidn2-0 0.16-1 amd64
+libidn2-0 0.16-1+deb9u1 amd64
-libk5crypto3 1.15-1 amd64
+libk5crypto3 1.15-1+deb9u1 amd64
-libkrb5-3 1.15-1 amd64
-libkrb5support0 1.15-1 amd64
+libkrb5-3 1.15-1+deb9u1 amd64
+libkrb5support0 1.15-1+deb9u1 amd64
-libldap-2.4-2 2.4.44+dfsg-5 amd64
-libldap-common 2.4.44+dfsg-5 all
+libldap-2.4-2 2.4.44+dfsg-5+deb9u1 amd64
+libldap-common 2.4.44+dfsg-5+deb9u1 all
-libncurses5 6.0+20161126-1 amd64
-libncursesw5 6.0+20161126-1 amd64
+libncurses5 6.0+20161126-1+deb9u1 amd64
+libncursesw5 6.0+20161126-1+deb9u1 amd64
-libnettle6 3.3-1+b1 amd64
+libnettle6 3.3-1+b2 amd64
-libopendkim11 2.11.0~alpha-10 amd64
+libopendkim11 2.11.0~alpha-10+deb9u1 amd64
-libperl5.24 5.24.1-3+deb9u1 amd64
+libperl5.24 5.24.1-3+deb9u2 amd64
-librbl1 2.11.0~alpha-10 amd64
+librbl1 2.11.0~alpha-10+deb9u1 amd64
-libselinux1 2.6-3+b1 amd64
+libselinux1 2.6-3+b3 amd64
-libtinfo5 6.0+20161126-1 amd64
+libtinfo5 6.0+20161126-1+deb9u1 amd64
-libvbr2 2.11.0~alpha-10 amd64
+libvbr2 2.11.0~alpha-10+deb9u1 amd64
-linux-image-4.9.0-3-amd64 4.9.30-2+deb9u3 amd64
-linux-image-amd64 4.9+80+deb9u1 amd64
+linux-image-4.9.0-3-amd64 4.9.30-2+deb9u5 amd64
+linux-image-4.9.0-4-amd64 4.9.51-1 amd64
+linux-image-amd64 4.9+80+deb9u2 amd64
-ncurses-base 6.0+20161126-1 all
-ncurses-bin 6.0+20161126-1 amd64
-ncurses-term 6.0+20161126-1 all
+ncurses-base 6.0+20161126-1+deb9u1 all
+ncurses-bin 6.0+20161126-1+deb9u1 amd64
+ncurses-term 6.0+20161126-1+deb9u1 all
-opendkim 2.11.0~alpha-10 amd64
-opendkim-tools 2.11.0~alpha-10 amd64
+opendkim 2.11.0~alpha-10+deb9u1 amd64
+opendkim-tools 2.11.0~alpha-10+deb9u1 amd64
-perl 5.24.1-3+deb9u1 amd64
-perl-base 5.24.1-3+deb9u1 amd64
+perl 5.24.1-3+deb9u2 amd64
+perl-base 5.24.1-3+deb9u2 amd64
-perl-modules-5.24 5.24.1-3+deb9u1 all
+perl-modules-5.24 5.24.1-3+deb9u2 all
-postfix 3.1.4-7 amd64
-postfix-mysql 3.1.4-7 amd64
-postfix-pcre 3.1.4-7 amd64
-postfix-sqlite 3.1.4-7 amd64
+postfix 3.1.6-0+deb9u1 amd64
+postfix-mysql 3.1.6-0+deb9u1 amd64
+postfix-pcre 3.1.6-0+deb9u1 amd64
+postfix-sqlite 3.1.6-0+deb9u1 amd64
-salt-common 2017.7.1+ds-1 all
-salt-minion 2017.7.1+ds-1 all
+salt-common 2017.7.2+ds-1 all
+salt-minion 2017.7.2+ds-1 all
-vim 2:8.0.0197-4 amd64
-vim-common 2:8.0.0197-4 all
-vim-runtime 2:8.0.0197-4 all
-vim-tiny 2:8.0.0197-4 amd64
+vim 2:8.0.0197-4+deb9u1 amd64
+vim-common 2:8.0.0197-4+deb9u1 all
+vim-runtime 2:8.0.0197-4+deb9u1 all
+vim-tiny 2:8.0.0197-4+deb9u1 amd64
-whois 5.2.15 amd64
+whois 5.2.17~deb9u1 amd64
-xkb-data 2.19-1 all
+xkb-data 2.19-1+deb9u1 all
-xxd 2:8.0.0197-4 amd64
+xxd 2:8.0.0197-4+deb9u1 amd64
---
 .etckeeper                          |   1 +
 apt/apt.conf.d/01autoremove-kernels |  34 ++++++++----
 debian_version                      |   2 +-
 motd                                |   6 +--
 network/if-up.d/chrony              |   2 +-
 opendkim.conf                       |  77 ++++++++++++++++++++--------
 opendkim.conf.current               |  45 ++++++++++++++++
 postfix/aliases.db                  | Bin 12288 -> 12288 bytes
 postfix/makedefs.out                |   8 +--
 ppp/ip-up.d/chrony                  |   2 +-
 salt/minion                         |  18 +++++++
 11 files changed, 155 insertions(+), 40 deletions(-)
 create mode 100644 opendkim.conf.current

diff --git a/.etckeeper b/.etckeeper
index 45f29b1..22d0579 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -930,6 +930,7 @@ maybe chmod 0644 'nginx/win-utf'
 maybe chmod 0644 'nsswitch.conf'
 maybe chmod 0755 'opendkim'
 maybe chmod 0644 'opendkim.conf'
+maybe chmod 0644 'opendkim.conf.current'
 maybe chmod 0644 'opendkim.conf.sample'
 maybe chmod 0644 'opendkim/keytable.txt'
 maybe chmod 0644 'opendkim/signingtable.txt'
diff --git a/apt/apt.conf.d/01autoremove-kernels b/apt/apt.conf.d/01autoremove-kernels
index dad165d..5e8cc43 100644
--- a/apt/apt.conf.d/01autoremove-kernels
+++ b/apt/apt.conf.d/01autoremove-kernels
@@ -2,34 +2,50 @@
 APT::NeverAutoRemove
 {
    "^linux-image-4\.9\.0-3-amd64$";
+   "^linux-image-4\.9\.0-4-amd64$";
    "^linux-headers-4\.9\.0-3-amd64$";
+   "^linux-headers-4\.9\.0-4-amd64$";
    "^linux-image-extra-4\.9\.0-3-amd64$";
+   "^linux-image-extra-4\.9\.0-4-amd64$";
    "^linux-signed-image-4\.9\.0-3-amd64$";
+   "^linux-signed-image-4\.9\.0-4-amd64$";
    "^kfreebsd-image-4\.9\.0-3-amd64$";
+   "^kfreebsd-image-4\.9\.0-4-amd64$";
    "^kfreebsd-headers-4\.9\.0-3-amd64$";
+   "^kfreebsd-headers-4\.9\.0-4-amd64$";
    "^gnumach-image-4\.9\.0-3-amd64$";
+   "^gnumach-image-4\.9\.0-4-amd64$";
    "^.*-modules-4\.9\.0-3-amd64$";
+   "^.*-modules-4\.9\.0-4-amd64$";
    "^.*-kernel-4\.9\.0-3-amd64$";
+   "^.*-kernel-4\.9\.0-4-amd64$";
    "^linux-backports-modules-.*-4\.9\.0-3-amd64$";
+   "^linux-backports-modules-.*-4\.9\.0-4-amd64$";
    "^linux-tools-4\.9\.0-3-amd64$";
+   "^linux-tools-4\.9\.0-4-amd64$";
 };
 /* Debug information:
 # dpkg list:
 rc  linux-image-4.7.0-0.bpo.1-amd64 4.7.8-1~bpo8+1                 amd64        Linux 4.7 for 64-bit PCs (signed)
 rc  linux-image-4.8.0-0.bpo.2-amd64 4.8.15-2~bpo8+2                amd64        Linux 4.8 for 64-bit PCs (signed)
 rc  linux-image-4.9.0-0.bpo.1-amd64 4.9.2-2~bpo8+1                 amd64        Linux 4.9 for 64-bit PCs (signed)
-iF  linux-image-4.9.0-3-amd64       4.9.30-2+deb9u3                amd64        Linux 4.9 for 64-bit PCs
-ii  linux-image-amd64               4.9+80+deb9u1                  amd64        Linux for 64-bit PCs (meta-package)
+iF  linux-image-4.9.0-3-amd64       4.9.30-2+deb9u5                amd64        Linux 4.9 for 64-bit PCs
+ii  linux-image-4.9.0-4-amd64       4.9.51-1                       amd64        Linux 4.9 for 64-bit PCs
+iU  linux-image-amd64               4.9+80+deb9u2                  amd64        Linux for 64-bit PCs (meta-package)
 # list of installed kernel packages:
-4.9.0-3-amd64 4.9.30-2+deb9u3
+4.9.0-3-amd64 4.9.30-2+deb9u5
+4.9.0-4-amd64 4.9.51-1
 # list of different kernel versions:
-4.9.30-2+deb9u3
-# Installing kernel: 4.9.30-2+deb9u3 (4.9.0-3-amd64)
-# Running kernel: 4.9.30-2+deb9u3 (4.9.0-3-amd64)
-# Last kernel: 4.9.30-2+deb9u3
-# Previous kernel: 
+4.9.51-1
+4.9.30-2+deb9u5
+# Installing kernel: 4.9.30-2+deb9u5 (4.9.0-3-amd64)
+# Running kernel: 4.9.30-2+deb9u5 (4.9.0-3-amd64)
+# Last kernel: 4.9.51-1
+# Previous kernel: 4.9.30-2+deb9u5
 # Kernel versions list to keep:
-4.9.30-2+deb9u3
+4.9.30-2+deb9u5
+4.9.51-1
 # Kernel packages (version part) to protect:
 4\.9\.0-3-amd64
+4\.9\.0-4-amd64
 */
diff --git a/debian_version b/debian_version
index 28a2186..1a2c355 100644
--- a/debian_version
+++ b/debian_version
@@ -1 +1 @@
-9.1
+9.2
diff --git a/motd b/motd
index 46d927c..95fb940 100644
--- a/motd
+++ b/motd
@@ -1,4 +1,4 @@
-Debian GNU/Linux 9.1 (stretch)
+Debian GNU/Linux 9.2 (stretch)
  ____                  _     
 / ___|  __ _ _ __ __ _| |__  
 \___ \ / _` | '__/ _` | '_ \ 
@@ -6,8 +6,8 @@ Debian GNU/Linux 9.1 (stretch)
 |____/ \__,_|_|  \__,_|_| |_|
                              
 
-Sobald Gesetz ersonnen, wird Betrug gesponnen.
-		-- Italienisches Sprichwort
+Begeisterung ist Glaube, der Feuer gefangen hat.
+		-- Walter Heiby
 
 Today is Pungenday, the 64th day of Bureaucracy in the YOLD 3183
 
diff --git a/network/if-up.d/chrony b/network/if-up.d/chrony
index 7c7e01e..b4de1fa 100755
--- a/network/if-up.d/chrony
+++ b/network/if-up.d/chrony
@@ -6,7 +6,7 @@ set -e
 
 if [ -e /run/chronyd.pid ] &&
     ip r list dev $IFACE 2> /dev/null | grep -q '^default'; then
-    chronyc -m online 'burst 4/10' > /dev/null 2>&1
+    chronyc online > /dev/null 2>&1
 else
     exit 0
 fi
diff --git a/opendkim.conf b/opendkim.conf
index 38704cd..afc808c 100644
--- a/opendkim.conf
+++ b/opendkim.conf
@@ -4,33 +4,43 @@
 
 # Log to syslog
 Syslog			yes
-SyslogSuccess		yes
 # Required to use local socket with MTAs that access the socket as a non-
 # privileged user (e.g. Postfix)
-UMask			002
+UMask			007
 
-# Sign for example.com with key in /etc/mail/dkim.key using
+# Sign for example.com with key in /etc/dkimkeys/dkim.key using
 # selector '2007' (e.g. 2007._domainkey.example.com)
 #Domain			example.com
-Domain			frankepedia.eu
-#KeyFile		/etc/mail/dkim.key
-KeyFile			/var/lib/dkim/frankepedia.eu.2017-04-05.pem
-Selector		mail-2017-04-05
-
-KeyTable		/etc/opendkim/keytable.txt
-SigningTable		refile:/etc/opendkim/signingtable.txt
-
-Canonicalization	relaxed/simple
-OmitHeaders		Return-Path,Received,Comments,Keywords,Bcc,Resent-Bcc
-
-Socket			inet:8891@127.0.0.1
-Background		yes
+#KeyFile		/etc/dkimkeys/dkim.key
+#Selector		2007
 
 # Commonly-used options; the commented-out versions show the defaults.
 #Canonicalization	simple
 #Mode			sv
-SubDomains		yes
-#ADSPAction            continue
+#SubDomains		no
+
+# Socket smtp://localhost
+#
+# ##  Socket socketspec
+# ##
+# ##  Names the socket where this filter should listen for milter connections
+# ##  from the MTA.  Required.  Should be in one of these forms:
+# ##
+# ##  inet:port@address           to listen on a specific interface
+# ##  inet:port                   to listen on all interfaces
+# ##  local:/path/to/socket       to listen on a UNIX domain socket
+#
+#Socket                  inet:8892@localhost
+Socket			local:/var/run/opendkim/opendkim.sock
+
+##  PidFile filename
+###      default (none)
+###
+###  Name of the file where the filter should write its pid before beginning
+###  normal operations.
+#
+PidFile               /var/run/opendkim/opendkim.pid
+
 
 # Always oversign From (sign using actual From and a null From to prevent
 # malicious signatures header fields (From and/or others) between the signer
@@ -39,7 +49,32 @@ SubDomains		yes
 # somewhat security sensitive.
 OversignHeaders		From
 
-# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
-# (ATPS) (experimental)
+##  ResolverConfiguration filename
+##      default (none)
+##
+##  Specifies a configuration file to be passed to the Unbound library that
+##  performs DNS queries applying the DNSSEC protocol.  See the Unbound
+##  documentation at http://unbound.net for the expected content of this file.
+##  The results of using this and the TrustAnchorFile setting at the same
+##  time are undefined.
+##  In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
+##  unbound package
+
+# ResolverConfiguration     /etc/unbound/unbound.conf
+
+##  TrustAnchorFile filename
+##      default (none)
+##
+## Specifies a file from which trust anchor data should be read when doing
+## DNS queries and applying the DNSSEC protocol.  See the Unbound documentation
+## at http://unbound.net for the expected format of this file.
+
+TrustAnchorFile       /usr/share/dns/root.key
 
-#ATPSDomains		example.com
+##  Userid userid
+###      default (none)
+###
+###  Change to user "userid" before starting normal operation?  May include
+###  a group ID as well, separated from the userid by a colon.
+#
+UserID                opendkim
diff --git a/opendkim.conf.current b/opendkim.conf.current
new file mode 100644
index 0000000..38704cd
--- /dev/null
+++ b/opendkim.conf.current
@@ -0,0 +1,45 @@
+# This is a basic configuration that can easily be adapted to suit a standard
+# installation. For more advanced options, see opendkim.conf(5) and/or
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
+
+# Log to syslog
+Syslog			yes
+SyslogSuccess		yes
+# Required to use local socket with MTAs that access the socket as a non-
+# privileged user (e.g. Postfix)
+UMask			002
+
+# Sign for example.com with key in /etc/mail/dkim.key using
+# selector '2007' (e.g. 2007._domainkey.example.com)
+#Domain			example.com
+Domain			frankepedia.eu
+#KeyFile		/etc/mail/dkim.key
+KeyFile			/var/lib/dkim/frankepedia.eu.2017-04-05.pem
+Selector		mail-2017-04-05
+
+KeyTable		/etc/opendkim/keytable.txt
+SigningTable		refile:/etc/opendkim/signingtable.txt
+
+Canonicalization	relaxed/simple
+OmitHeaders		Return-Path,Received,Comments,Keywords,Bcc,Resent-Bcc
+
+Socket			inet:8891@127.0.0.1
+Background		yes
+
+# Commonly-used options; the commented-out versions show the defaults.
+#Canonicalization	simple
+#Mode			sv
+SubDomains		yes
+#ADSPAction            continue
+
+# Always oversign From (sign using actual From and a null From to prevent
+# malicious signatures header fields (From and/or others) between the signer
+# and the verifier.  From is oversigned by default in the Debian pacakge
+# because it is often the identity key used by reputation systems and thus
+# somewhat security sensitive.
+OversignHeaders		From
+
+# List domains to use for RFC 6541 DKIM Authorized Third-Party Signatures
+# (ATPS) (experimental)
+
+#ATPSDomains		example.com
diff --git a/postfix/aliases.db b/postfix/aliases.db
index a3269c56c722989cc8e8b1c405ba6cae60a78f8d..4206bc0c24c215944ab366f4e9e3852048e57999 100644
GIT binary patch
delta 34
qcmZojXh@h~!xkfOzCY#A<bV8P8zZ{p+0D(&%nU3nH@}n@7XSe32@FmE

delta 34
qcmZojXh@h~!*;5xcSqjD$^ZDpHb!*Gvm2OL8XFiJY<?*(E&u@hT@2p<

diff --git a/postfix/makedefs.out b/postfix/makedefs.out
index 03b00e4..c4c09ae 100644
--- a/postfix/makedefs.out
+++ b/postfix/makedefs.out
@@ -2,7 +2,7 @@
 #----------------------------------------------------------------
 # Start of summary of user-configurable 'make makefiles' options.
 # CCARGS=-DDEBIAN -DHAS_PCRE -DHAS_LDAP -DUSE_LDAP_SASL -DHAS_SQLITE -DMYORIGIN_FROM_FILE  -DHAS_CDB -DHAS_LMDB -DHAS_MYSQL -I/usr/include/mysql -DHAS_PGSQL -I/usr/include/postgresql -DHAS_SQLITE -I/usr/include -DHAS_SSL -I/usr/include/openssl -DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_CYRUS_SASL -DUSE_TLS
-# AUXLIBS=-lssl -lcrypto -lsasl2 -lpthread -L/tmp/buildd/postfix-3.1.4/debian
+# AUXLIBS=-lssl -lcrypto -lsasl2 -lpthread -L/tmp/buildd/postfix-3.1.6/debian
 # AUXLIBS_CDB=-lcdb -L../../lib -L. -lpostfix-util
 # AUXLIBS_LMDB=-llmdb -L../../lib -L. -lpostfix-util
 # AUXLIBS_MYSQL=-lmysqlclient -L../../lib -L. -lpostfix-util -lpostfix-global
@@ -24,7 +24,7 @@ SYSTYPE	= LINUX3
 _AR	= ar
 ARFL	= rv
 _RANLIB	= ranlib
-SYSLIBS	= -pie -z relro -z now -lssl -lcrypto -lsasl2 -lpthread -L/tmp/buildd/postfix-3.1.4/debian -ldb -lnsl -lresolv -ldl -L/usr/lib/x86_64-linux-gnu -licui18n -licuuc -licudata 
+SYSLIBS	= -pie -z relro -z now -lssl -lcrypto -lsasl2 -lpthread -L/tmp/buildd/postfix-3.1.6/debian -ldb -lnsl -lresolv -ldl -L/usr/lib/x86_64-linux-gnu -licui18n -licuuc -licudata 
 AUXLIBS_CDB = -lcdb -L../../lib -L. -lpostfix-util
 AUXLIBS_LDAP = -lldap -llber -L../../lib -L. -lpostfix-util -lpostfix-global
 AUXLIBS_LMDB = -llmdb -L../../lib -L. -lpostfix-util
@@ -50,9 +50,9 @@ LIB_PREFIX = postfix-
 LIB_SUFFIX = .so
 SHLIB_CFLAGS = -fPIC
 SHLIB_DIR = /usr/lib/postfix
-SHLIB_ENV = LD_LIBRARY_PATH=/tmp/buildd/postfix-3.1.4/lib
+SHLIB_ENV = LD_LIBRARY_PATH=/tmp/buildd/postfix-3.1.6/lib
 SHLIB_LD = gcc -shared -Wl,-soname,${LIB}
-SHLIB_SYSLIBS = -lssl -lcrypto -lsasl2 -lpthread -L/tmp/buildd/postfix-3.1.4/debian -ldb -lnsl -lresolv -ldl -L/usr/lib/x86_64-linux-gnu -licui18n -licuuc -licudata
+SHLIB_SYSLIBS = -lssl -lcrypto -lsasl2 -lpthread -L/tmp/buildd/postfix-3.1.6/debian -ldb -lnsl -lresolv -ldl -L/usr/lib/x86_64-linux-gnu -licui18n -licuuc -licudata
 SHLIB_RPATH = -Wl,--enable-new-dtags -Wl,-rpath,${SHLIB_DIR}
 # Switch between dynamicmaps.cf plugins and hard-linked databases.
 NON_PLUGIN_MAP_OBJ = 
diff --git a/ppp/ip-up.d/chrony b/ppp/ip-up.d/chrony
index ee25043..62698f5 100755
--- a/ppp/ip-up.d/chrony
+++ b/ppp/ip-up.d/chrony
@@ -6,6 +6,6 @@
 # Modified by Vincent Blut <vincent.debian@free.fr>
 
 /bin/pidof chronyd > /dev/null || exit 0
-/usr/bin/chronyc -m online 'burst 4/4' > /dev/null 2>&1
+/usr/bin/chronyc online > /dev/null 2>&1
 touch /var/run/chrony-ppp-up
 exit 0
diff --git a/salt/minion b/salt/minion
index b1122c9..6cae043 100644
--- a/salt/minion
+++ b/salt/minion
@@ -620,6 +620,9 @@
 # you do so at your own risk!
 #open_mode: False
 
+# The size of key that should be generated when creating new keys.
+#keysize: 2048
+
 # Enable permissive access to the salt keys.  This allows you to run the
 # master or minion as root, but have a non-root group be given access to
 # your pki_dir.  To make the access explicit, root must belong to the group
@@ -661,6 +664,21 @@
 #    ssl_version: PROTOCOL_TLSv1_2
 
 
+######        Reactor Settings        #####
+###########################################
+# Define a salt reactor. See https://docs.saltstack.com/en/latest/topics/reactor/
+#reactor: []
+
+#Set the TTL for the cache of the reactor configuration.
+#reactor_refresh_interval: 60
+
+#Configure the number of workers for the runner/wheel in the reactor.
+#reactor_worker_threads: 10
+
+#Define the queue size for workers in the reactor.
+#reactor_worker_hwm: 10000
+
+
 ######         Thread settings        #####
 ###########################################
 # Disable multiprocessing support, by default when a minion receives a
-- 
2.39.5