Indeed you’ll soon find out I don’t apply individual states often and use so-called top files instead 
precisely because I find composing these long commands is error-prone. Confirm to me that was my mistake and I’ll correct the tutorial! 
Edit: The repository is private, but I opened an issue to track this mistake.
Edit 2: And I just checked the other commands in the tutorial: that should be the only one with that problem.
Hmm…
What does this error mean?
[root@dom0 user_salt]# qubesctl state.apply split-ssh.client.vm,split-ssh.vault.vm saltenv=user
[CRITICAL] Rendering SLS 'user:split-ssh.client.vm' failed: mapping values are not allowed in this context
local:
Data failed to compile:
----------
Rendering SLS 'user:split-ssh.client.vm' failed: mapping values are not allowed in this context
DOM0 configuration failed, not continuing
Darn, looks like this one is on me again!
The error usually indicates that the YAML is invalid for some reason. See how the second and third state’s - are not aligned on the m of qvm like in the first state?
I missed a space when indenting those. 
In both lists, the lines starting by - should have one more space before the -:
# split-ssh/vault/vm.sls
ssh-vault-present: # ①
qvm.present: # ②
- name: ssh-vault # ③
- template: fedora-32 # ④
- label: black
- mem: 400
- vcpus: 2
- ssh-vault-has-no-network-access:
- qvm.prefs: # ⑤
- - name: ssh-vault # HERE: should be indented one more space, like state above.
- - netvm: none # ⑥
- - default_dispvm: # ⑦
+ ssh-vault-has-no-network-access:
+ qvm.prefs: # ⑤
+ - name: ssh-vault # HERE: se how there is one more space before the hyphen.
+ - netvm: none # ⑥
+ - default_dispvm: # ⑦
- ssh-vault-autostarts:
- qvm.prefs:
- - name: ssh-vault
- - autostart: True # ⑧
+ ssh-vault-autostarts:
+ qvm.prefs:
+ - name: ssh-vault
+ - autostart: True # ⑧
In the YAML format (which is what .sls files typically use), the indentation has meaning, and must be kept consistent thorough the file. Two spaces, then only one space is no good. And the error messages are sometimes a bit cryptic.
Issue opened in my side to fix that one too. Thank you for reporting with full details! 
Heads up, I just checked the remaining state files, and one of them features the same mistake;
# split-ssh/policy/init.sls
- /etc/qubes-rpc/policy/qubes.SSHAgent: # ①
- file.managed: # ②
- - user: root # ③
- - group: root
- - mode: '0755'
- - makedirs: True ④
- - source: salt://split-ssh/policy/files/qubes.SSHAgent # ⑤
+ /etc/qubes-rpc/policy/qubes.SSHAgent: # ①
+ file.managed: # ②
+ - user: root # ③
+ - group: root
+ - mode: '0755'
+ - makedirs: True ④
+ - source: salt://split-ssh/policy/files/qubes.SSHAgent # ⑤
It’s only that one. (On the bright side, now you know what that error hints to!)
I see, but the indentation in my file looks correct
[root@dom0 user_salt]# cat split-ssh/client/vm.sls
ssh-client-present:
qvm.present
- name: ssh-client
- template: fedora-38-xfce
- label: blue
- mem: 400
- vcpus: 2
[root@dom0 user_salt]# cat split-ssh/vault/vm.sls
ssh-vault-present:
qvm.present:
- name: ssh-vault
- template: fedora-38-xfce
- label: black
- mem: 400
- vcpus: 2
ssh-vault-has-no-network-access:
qvm.prefs:
- name: ssh-vault
- netvm: none
- default_dispvm:
ssh-vault-autostarts:
qvm.prefs:
- name: ssh-vault
- autostart: True
[root@dom0 user_salt]# qubesctl state.apply split-ssh.client.vm,split-ssh.vault.vm saltenv=user
[CRITICAL] Rendering SLS 'user:split-ssh.client.vm' failed: mapping values are not allowed in this context
local:
Data failed to compile:
----------
Rendering SLS 'user:split-ssh.client.vm' failed: mapping values are not allowed in this context
DOM0 configuration failed, not continuing
Edit: I forgot the colon after “default_dispvm” but even if I fixed it the error still occurs
There is another missing colon after qvm.present in the client file.
And after that, if the error persists, I’d check the whitespaces: might you be mixing tabs and spaces? (YAML is finicky like that, and to be fair, that’s YAML, not Salt.)
As a troubleshooting tip: you can apply the states one by one to narrow the scope of the error:
# dom0, as root
# only one
qubesctl state.apply split-ssh.client.vm saltenv=user
# then the other
qubesctl state.apply split-ssh.vault.vm saltenv=user
(For good measure you can apply them together once they succeed individually.)
And as a step back: that’s one reason why I package my states as RPM. Once everything is is place, it’s nice not to have to type them when setting them up again after a fresh Qubes OS installation or on a new machine…
On that note, as a lighter step: working in your dom0’s home directory and creating a symlink in /srv/user_salt is a good way to make sure your personal Salt files are included in dom0 backups! (If that makes no sense, let me know!)
thx
This solved the problem
This command was executed successfully: qubesctl state.apply split-ssh.client.vm,split-ssh.vault.vm saltenv=user
Back to salt-n-pepper, I got an error
I downloaded the asc and gpg files from the Brave official website and copied them to dom0, but an error occurs
[root@dom0 user_salt]# qubesctl --skip-dom0 --target=debian-12-xfce state.apply salt-n-pepper.template-browser.brave-browser saltenv=user
debian-12-xfce: ERROR (exit code 20, details in /var/log/qubes/mgmt-debian-12-xfce.log)
[root@dom0 user_salt]# cat /var/log/qubes/mgmt-debian-12-xfce.log
2023-10-07 20:39:59,231 calling 'state.apply salt-n-pepper.template-browser.brave-browser saltenv=user'...
2023-10-07 20:40:37,399 output: debian-12-xfce:
2023-10-07 20:40:37,399 output: ----------
2023-10-07 20:40:37,399 output: ID: /usr/share/keyrings/brave-browser-archive-keyring.gpg
2023-10-07 20:40:37,399 output: Function: file.managed
2023-10-07 20:40:37,399 output: Result: False
2023-10-07 20:40:37,399 output: Comment: Source file salt://template-browser/brave-browser.gpg not found in saltenv 'user'
2023-10-07 20:40:37,399 output: Started: 20:40:31.169724
2023-10-07 20:40:37,400 output: Duration: 54.998 ms
2023-10-07 20:40:37,400 output: Changes:
2023-10-07 20:40:37,400 output: ----------
2023-10-07 20:40:37,400 output: ID: brave-browser-repo
2023-10-07 20:40:37,400 output: Function: pkgrepo.managed
2023-10-07 20:40:37,400 output: Name: deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main
2023-10-07 20:40:37,400 output: Result: True
2023-10-07 20:40:37,400 output: Comment: Package repo 'deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main' already configured
2023-10-07 20:40:37,400 output: Started: 20:40:31.254894
2023-10-07 20:40:37,400 output: Duration: 28.767 ms
2023-10-07 20:40:37,400 output: Changes:
2023-10-07 20:40:37,400 output: ----------
2023-10-07 20:40:37,400 output: ID: brave-browser-updated
2023-10-07 20:40:37,400 output: Function: pkg.uptodate
2023-10-07 20:40:37,400 output: Result: False
2023-10-07 20:40:37,400 output: Comment: W: GPG error: https://brave-browser-apt-release.s3.brave.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A8580BDC82D3DC6C
2023-10-07 20:40:37,400 output: E: The repository 'https://brave-browser-apt-release.s3.brave.com stable InRelease' is not signed.
2023-10-07 20:40:37,400 output: Started: 20:40:32.599080
2023-10-07 20:40:37,400 output: Duration: 1824.858 ms
2023-10-07 20:40:37,400 output: Changes:
2023-10-07 20:40:37,400 output: ----------
2023-10-07 20:40:37,400 output: ID: brave-browser
2023-10-07 20:40:37,400 output: Function: pkg.installed
2023-10-07 20:40:37,400 output: Result: False
2023-10-07 20:40:37,401 output: Comment: An error was encountered while installing package(s): W: GPG error: https://brave-browser-apt-release.s3.brave.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A8580BDC82D3DC6C
2023-10-07 20:40:37,401 output: E: The repository 'https://brave-browser-apt-release.s3.brave.com stable InRelease' is not signed.
2023-10-07 20:40:37,401 output: Started: 20:40:34.432053
2023-10-07 20:40:37,401 output: Duration: 2280.066 ms
2023-10-07 20:40:37,401 output: Changes:
2023-10-07 20:40:37,401 output:
2023-10-07 20:40:37,401 output: Summary for debian-12-xfce
2023-10-07 20:40:37,401 output: ------------
2023-10-07 20:40:37,401 output: Succeeded: 1
2023-10-07 20:40:37,401 output: Failed: 3
2023-10-07 20:40:37,401 output: ------------
2023-10-07 20:40:37,401 output: Total states run: 4
2023-10-07 20:40:37,401 output: Total run time: 4.189 s
2023-10-07 20:40:37,401 exit code: 20
2023-10-07 20:59:11,219 calling 'state.apply salt-n-pepper.template-browser.brave-browser saltenv=user'...
2023-10-07 21:00:05,364 output: debian-12-xfce:
2023-10-07 21:00:05,364 output: ----------
2023-10-07 21:00:05,364 output: ID: /usr/share/keyrings/brave-browser-archive-keyring.gpg
2023-10-07 21:00:05,364 output: Function: file.managed
2023-10-07 21:00:05,364 output: Result: False
2023-10-07 21:00:05,364 output: Comment: Source file salt://template-browser/brave-browser.gpg not found in saltenv 'user'
2023-10-07 21:00:05,364 output: Started: 20:59:43.873633
2023-10-07 21:00:05,364 output: Duration: 83.546 ms
2023-10-07 21:00:05,364 output: Changes:
2023-10-07 21:00:05,364 output: ----------
2023-10-07 21:00:05,364 output: ID: brave-browser-repo
2023-10-07 21:00:05,365 output: Function: pkgrepo.managed
2023-10-07 21:00:05,365 output: Name: deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main
2023-10-07 21:00:05,365 output: Result: True
2023-10-07 21:00:05,365 output: Comment: Package repo 'deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main' already configured
2023-10-07 21:00:05,365 output: Started: 20:59:44.000852
2023-10-07 21:00:05,365 output: Duration: 32.524 ms
2023-10-07 21:00:05,365 output: Changes:
2023-10-07 21:00:05,365 output: ----------
2023-10-07 21:00:05,365 output: ID: brave-browser-updated
2023-10-07 21:00:05,365 output: Function: pkg.uptodate
2023-10-07 21:00:05,365 output: Result: False
2023-10-07 21:00:05,365 output: Comment: W: GPG error: https://brave-browser-apt-release.s3.brave.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A8580BDC82D3DC6C
2023-10-07 21:00:05,365 output: E: The repository 'https://brave-browser-apt-release.s3.brave.com stable InRelease' is not signed.
2023-10-07 21:00:05,365 output: Started: 20:59:45.420931
2023-10-07 21:00:05,365 output: Duration: 17132.615 ms
2023-10-07 21:00:05,365 output: Changes:
2023-10-07 21:00:05,365 output: ----------
2023-10-07 21:00:05,365 output: ID: brave-browser
2023-10-07 21:00:05,365 output: Function: pkg.installed
2023-10-07 21:00:05,365 output: Result: False
2023-10-07 21:00:05,365 output: Comment: An error was encountered while installing package(s): W: GPG error: https://brave-browser-apt-release.s3.brave.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A8580BDC82D3DC6C
2023-10-07 21:00:05,365 output: E: The repository 'https://brave-browser-apt-release.s3.brave.com stable InRelease' is not signed.
2023-10-07 21:00:05,365 output: Started: 21:00:02.564680
2023-10-07 21:00:05,365 output: Duration: 2201.56 ms
2023-10-07 21:00:05,365 output: Changes:
2023-10-07 21:00:05,365 output:
2023-10-07 21:00:05,365 output: Summary for debian-12-xfce
2023-10-07 21:00:05,365 output: ------------
2023-10-07 21:00:05,365 output: Succeeded: 1
2023-10-07 21:00:05,365 output: Failed: 3
2023-10-07 21:00:05,365 output: ------------
2023-10-07 21:00:05,365 output: Total states run: 4
2023-10-07 21:00:05,365 output: Total run time: 19.450 s
2023-10-07 21:00:05,365 exit code: 20
2023-10-07 21:01:28,799 calling 'state.apply salt-n-pepper.template-browser.brave-browser saltenv=user'...
2023-10-07 21:02:08,100 output: debian-12-xfce:
2023-10-07 21:02:08,101 output: ----------
2023-10-07 21:02:08,101 output: ID: /usr/share/keyrings/brave-browser-archive-keyring.gpg
2023-10-07 21:02:08,101 output: Function: file.managed
2023-10-07 21:02:08,101 output: Result: False
2023-10-07 21:02:08,101 output: Comment: Source file salt://template-browser/brave-browser.gpg not found in saltenv 'user'
2023-10-07 21:02:08,101 output: Started: 21:02:01.714447
2023-10-07 21:02:08,101 output: Duration: 54.366 ms
2023-10-07 21:02:08,101 output: Changes:
2023-10-07 21:02:08,101 output: ----------
2023-10-07 21:02:08,101 output: ID: brave-browser-repo
2023-10-07 21:02:08,101 output: Function: pkgrepo.managed
2023-10-07 21:02:08,101 output: Name: deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main
2023-10-07 21:02:08,101 output: Result: True
2023-10-07 21:02:08,101 output: Comment: Package repo 'deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main' already configured
2023-10-07 21:02:08,101 output: Started: 21:02:01.800066
2023-10-07 21:02:08,101 output: Duration: 30.37 ms
2023-10-07 21:02:08,101 output: Changes:
2023-10-07 21:02:08,101 output: ----------
2023-10-07 21:02:08,101 output: ID: brave-browser-updated
2023-10-07 21:02:08,101 output: Function: pkg.uptodate
2023-10-07 21:02:08,101 output: Result: False
2023-10-07 21:02:08,102 output: Comment: W: GPG error: https://brave-browser-apt-release.s3.brave.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A8580BDC82D3DC6C
2023-10-07 21:02:08,102 output: E: The repository 'https://brave-browser-apt-release.s3.brave.com stable InRelease' is not signed.
2023-10-07 21:02:08,102 output: Started: 21:02:03.438283
2023-10-07 21:02:08,102 output: Duration: 2108.427 ms
2023-10-07 21:02:08,102 output: Changes:
2023-10-07 21:02:08,102 output: ----------
2023-10-07 21:02:08,102 output: ID: brave-browser
2023-10-07 21:02:08,102 output: Function: pkg.installed
2023-10-07 21:02:08,102 output: Result: False
2023-10-07 21:02:08,102 output: Comment: An error was encountered while installing package(s): W: GPG error: https://brave-browser-apt-release.s3.brave.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A8580BDC82D3DC6C
2023-10-07 21:02:08,102 output: E: The repository 'https://brave-browser-apt-release.s3.brave.com stable InRelease' is not signed.
2023-10-07 21:02:08,102 output: Started: 21:02:05.555341
2023-10-07 21:02:08,102 output: Duration: 1909.001 ms
2023-10-07 21:02:08,102 output: Changes:
2023-10-07 21:02:08,102 output:
2023-10-07 21:02:08,102 output: Summary for debian-12-xfce
2023-10-07 21:02:08,102 output: ------------
2023-10-07 21:02:08,102 output: Succeeded: 1
2023-10-07 21:02:08,102 output: Failed: 3
2023-10-07 21:02:08,102 output: ------------
2023-10-07 21:02:08,102 output: Total states run: 4
2023-10-07 21:02:08,102 output: Total run time: 4.102 s
2023-10-07 21:02:08,103 exit code: 20
[root@dom0 user_salt]# rm /var/log/qubes/mgmt-debian-12-xfce.log -rf
[root@dom0 user_salt]# cat /var/log/qubes/mgmt-debian-12-xfce.log
cat: /var/log/qubes/mgmt-debian-12-xfce.log: No such file or directory
[root@dom0 user_salt]# qubesctl --skip-dom0 --target=debian-12-xfce state.apply salt-n-pepper.template-browser.brave-browser saltenv=user
debian-12-xfce: ERROR (exit code 20, details in /var/log/qubes/mgmt-debian-12-xfce.log)
[root@dom0 user_salt]# cat /var/log/qubes/mgmt-debian-12-xfce.log
2023-10-07 21:09:53,111 calling 'state.apply salt-n-pepper.template-browser.brave-browser saltenv=user'...
2023-10-07 21:10:31,862 output: debian-12-xfce:
2023-10-07 21:10:31,862 output: ----------
2023-10-07 21:10:31,862 output: ID: /usr/share/keyrings/brave-browser-archive-keyring.gpg
2023-10-07 21:10:31,862 output: Function: file.managed
2023-10-07 21:10:31,862 output: Result: False
2023-10-07 21:10:31,862 output: Comment: Source file salt://template-browser/brave-browser.gpg not found in saltenv 'user'
2023-10-07 21:10:31,862 output: Started: 21:10:24.233882
2023-10-07 21:10:31,862 output: Duration: 87.414 ms
2023-10-07 21:10:31,862 output: Changes:
2023-10-07 21:10:31,862 output: ----------
2023-10-07 21:10:31,862 output: ID: brave-browser-repo
2023-10-07 21:10:31,862 output: Function: pkgrepo.managed
2023-10-07 21:10:31,862 output: Name: deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main
2023-10-07 21:10:31,862 output: Result: True
2023-10-07 21:10:31,862 output: Comment: Package repo 'deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main' already configured
2023-10-07 21:10:31,862 output: Started: 21:10:24.366840
2023-10-07 21:10:31,862 output: Duration: 57.366 ms
2023-10-07 21:10:31,862 output: Changes:
2023-10-07 21:10:31,862 output: ----------
2023-10-07 21:10:31,862 output: ID: brave-browser-updated
2023-10-07 21:10:31,862 output: Function: pkg.uptodate
2023-10-07 21:10:31,862 output: Result: False
2023-10-07 21:10:31,862 output: Comment: W: GPG error: https://brave-browser-apt-release.s3.brave.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A8580BDC82D3DC6C
2023-10-07 21:10:31,862 output: E: The repository 'https://brave-browser-apt-release.s3.brave.com stable InRelease' is not signed.
2023-10-07 21:10:31,862 output: Started: 21:10:26.444005
2023-10-07 21:10:31,862 output: Duration: 2270.436 ms
2023-10-07 21:10:31,862 output: Changes:
2023-10-07 21:10:31,862 output: ----------
2023-10-07 21:10:31,862 output: ID: brave-browser
2023-10-07 21:10:31,862 output: Function: pkg.installed
2023-10-07 21:10:31,862 output: Result: False
2023-10-07 21:10:31,862 output: Comment: An error was encountered while installing package(s): W: GPG error: https://brave-browser-apt-release.s3.brave.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A8580BDC82D3DC6C
2023-10-07 21:10:31,862 output: E: The repository 'https://brave-browser-apt-release.s3.brave.com stable InRelease' is not signed.
2023-10-07 21:10:31,862 output: Started: 21:10:28.719014
2023-10-07 21:10:31,862 output: Duration: 2619.767 ms
2023-10-07 21:10:31,862 output: Changes:
2023-10-07 21:10:31,862 output:
2023-10-07 21:10:31,862 output: Summary for debian-12-xfce
2023-10-07 21:10:31,862 output: ------------
2023-10-07 21:10:31,862 output: Succeeded: 1
2023-10-07 21:10:31,862 output: Failed: 3
2023-10-07 21:10:31,863 output: ------------
2023-10-07 21:10:31,863 output: Total states run: 4
2023-10-07 21:10:31,863 output: Total run time: 5.035 s
2023-10-07 21:10:31,863 exit code: 20
This is the most significant failure. (Note that you’ve got multiple runs in your log, only the last is relevant usually.)
The keyring brave-browser.gpg is not where the state says it should be salt://template-browser/brave-browser.gpg, so it cannot be copied to /usr/share/keyrings/brave-browser-archive-keyring.gpg (so Salt fails to apply that state) and it does not get where DNF expects it to be (so the repo signature verifications fail down the line).
The other errors are a consequence of that. Notice they’re all same. For example:
Knowing that, comes the question where is salt://template-browser/brave-browser.gpg supposed to be?
In the user environment, on a typical setup, that would be:
/srv/user_salt/template-browser/brave-browser.gpg
Is that where you copied that file?
Note: If tree is available in your dom0,
sudo tree /srv/user_salt can be a good way to visualize the layout of your Salt states.
Note 2: There are examples of file.managed in the tutorial too!, which use that salt://... path, etc.
Given this command, I’d expect the keyring file to be in:
/srv/user_salt/salt-n-pepper/template-browser/brave-browser.gpg
# look ---------------
And I’d expect correspondingly:
salt://salt-n-pepper/template-browser/brave-browser.gpg
# -------------
Now I’d also expect the person who wrote salt-n-pepper had the setup working as it is, so I’m probably missing something.
Well it looks like salt-n-pepper dir is user_salt dir
[root@dom0 user_salt]# cp -r salt-n-pepper/template-browser template-browser
[root@dom0 user_salt]# qubesctl --skip-dom0 --target=debian-12-xfce state.apply template-browser.brave-browser saltenv=user
debian-12-xfce: OK
I tried copying the template-browser dir before rewriting brave-browser.sls and it was successful
--skip-dom0 is necessary, right?
BTW I made a mistake in the target, so I reinstalled the template
And how can I run qubesctl --skip-dom0 --target=debian-12-xfce state.apply salt-n-pepper.template-browser.brave-browser saltenv=user without running this cp command or editing brave-browser.sls ?
I’m afraid you’ve got to pick one. On the bright side, you can do whichever you prefer! 
Hmm…
Doesn’t a command like qubesctl --skip-dom0 --target=debian-12-xfce state.apply template-browser.brave-browser saltenv=user.salt-n-pepper exist?
Not unless you define an environment called user.salt-n-pepper. But I don’t know if using a dot is legal in an environment name, and I doubt it would be interpreted as a nested directory. Likely more trouble than your other two options! (But you might learn something by trying, don’t let me stop you! )
By default, dom0 is an implicit target when you apply Salt states (imagine --targets=dom0 being always there).
As you’ve probably noticed, applying states takes time. The more targets, the more time. So if you know that you don’t need to target dom0, the option --skip-dom0 allows you to save some time. But it’s an option, and as such it is never strictly speaking necessary.
Thank you for your kind support☺️
Please tell me about this
When you include dom0 in a backup (using the Qubes Backup tool), it’s your user’s home directory in dom0 that’s backed up.
Among other things, /srv/user_salt is not included.
One easy way to make sure that you don’t forget those files in your next backup is to place the entirety of /srv/user_salt in your user’s home directory (e.g. in ~/user_salt), and replace that /srv/user_salt directory by a symbolic link to the directory you created in your user’s home (e.g. ~/user_salt).
Next time you restore a backup, you only need to re-create that symbolic link if needed and you’re good to go again. No copying files around, no forgetting to backup that last Salt state you created, etc. Does that make sense?
I’ve only skimmed through it, but I’ve read some good docs by DigialOcean before and this seems like a decent explanation of what symbolic links are useful for: