diff --git a/README.md b/README.md
index 3230cfb933bddb03892a6ec7be0a5bb60dbb1db2..7bc4a204e573ded3ea6e5218a51f3f77250ec512 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # hshbase
 
-Basic server configuration, used for all unix based servers at HsH.
+Basic server configuration used for most unix based servers at HsH.
 
 ## States
 
@@ -8,3 +8,31 @@ Basic server configuration, used for all unix based servers at HsH.
 * iptables
 * locale
 * open-vm-tools
+
+## Configuration
+
+The states of this formula should be configurable using one central pillar
+for all configurations. Have a look at pillar.example for details.
+
+## Development
+
+**All features should be as configurable as necessary.
+Keep it simple, stupid ([KISS](https://de.wikipedia.org/wiki/KISS-Prinzip)).**
+
+Working on this formula requires virtualbox and vagrant installed.
+It comes with an vagrant box you can instantly set up to get a machine where all states will apply against.
+
+```bash
+git clone ssh://git@lab.it.hs-hannover.de:2222/salt/hshbase-formula.git
+cd hshbase-formula
+vagrant up
+vagrant ssh
+sudo salt-call state.highstate
+```
+
+### Default values when developing the formula
+
+If you introduce a new feature and want to make it configurable you might need
+default values. Just add them to defauls.yaml and they are magically available.
+
+Consult map.jinja for details on this topic.
diff --git a/hshbase/apt.sls b/hshbase/apt.sls
deleted file mode 100644
index 57fcba45562ca4d5e7dd532a458bca3ce1eeb32b..0000000000000000000000000000000000000000
--- a/hshbase/apt.sls
+++ /dev/null
@@ -1,37 +0,0 @@
-{% from "hshbase/map.jinja" import config with context %}
-
-{% set proxy_address = {{ config.apt.proxy_address | default('http://apt-proxy.it.hs-hannover.de:8080') }} %}
-
-{% if grains['os'] == 'FreeBSD' %}
-
-  hsh_freebsd_apt_proxy_folder:
-    file.directory:
-      - name: /usr/local/etc/pkg/repos
-      - makedirs: True
-      - mode: 755
-      - user: root
-      - group: wheel
-
-  hsh_freebsd_apt_proxy:
-    file.managed:
-      - name: /usr/local/etc/pkg/repos/FreeBSD.conf
-      - contents: 'FreeBSD { url: "pkg+http://apt-proxy.it.hs-hannover.de:8080/pkg.FreeBSD.org/${ABI}/latest" }'
-      - mode: 644
-      - user: root
-      - group: wheel
-
-{% elif grains['os'] == 'Debian' or grains['os'] == 'Ubuntu' %}
-
-foobar_test:
-  cmd.run:
-    - name: echo "{{ config.apt.proxy_address }}"
-
-#   hsh_debian_apt_proxy:
-#     file.managed:
-#       - name: /etc/apt/apt.conf.d/02proxy
-#       - contents: 'Acquire::http { Proxy "http://apt-proxy.it.hs-hannover.de:8080"; };'
-#       - mode: 644
-#       - user: root
-#       - group: root
-
-{% endif %}
diff --git a/hshbase/apt/init.sls b/hshbase/apt/init.sls
new file mode 100644
index 0000000000000000000000000000000000000000..68a8cf0b62ab7dfe30d4a2e97aa58327b11de05e
--- /dev/null
+++ b/hshbase/apt/init.sls
@@ -0,0 +1,43 @@
+{% from "hshbase/map.jinja" import hshbase with context %}
+{% set oscodename = grains['oscodename'] %}
+
+include:
+  - .proxy
+
+# control /apt/sources.list and apt.sources.list.d on ubuntu and debian
+{% if grains['os'] == 'Debian' and grains['oscodename'] in ['squeeze', 'wheezy', 'jessie']
+   or grains['os'] == 'Ubuntu' and grains['oscodename'] in ['trusty'] %}
+hsh_apt_sources_list:
+  file.managed:
+    - name: /etc/apt/sources.list
+    - source: salt://hahbase/apt/sources.tpl
+    - template: jinja
+    - mode: 644
+    - user: root
+    - group: root
+
+{% if grains['os'] == 'Debian' and oscodename == 'jessie' %}
+hsh_apt_sources_d_salt_jessie:
+  pkgrepo.managed:
+    - humanname: deb-salt
+    - name: deb http://repo.saltstack.com/apt/debian/latest {{ oscodename }} main
+    - file: /etc/apt/sources.list.d/salt.list
+    - gpgcheck: 1
+    - key_url: salt://apt-sources/SALTSTACK-GPG-KEY.pub
+
+{% endif %}
+
+
+{% if grains['os'] == 'Debian' and oscodename != 'jessie' %}
+hsh_apt_sources_d_salt_not_jessie:
+  file.managed:
+    - name: /etc/apt/sources.list.d/salt.list
+    - source: salt://hshbase/apt/sources.tpl.d/salt.tpl
+    - template: jinja
+    - mode: 644
+    - user: root
+    - group: root
+
+{% endif %}
+
+{% endif %}
diff --git a/hshbase/apt/proxy.sls b/hshbase/apt/proxy.sls
new file mode 100644
index 0000000000000000000000000000000000000000..291f38ed752376102e08acc86270e74bd05ffb6e
--- /dev/null
+++ b/hshbase/apt/proxy.sls
@@ -0,0 +1,33 @@
+{% from "hshbase/map.jinja" import hshbase with context %}
+
+{% if hshbase.apt.proxy %}
+
+{% if grains['os'] == 'FreeBSD' %}
+hsh_freebsd_apt_proxy_folder:
+  file.directory:
+    - name: /usr/local/etc/pkg/repos
+    - makedirs: True
+    - mode: 755
+    - user: root
+    - group: wheel
+
+hsh_freebsd_apt_proxy:
+  file.managed:
+    - name: /usr/local/etc/pkg/repos/FreeBSD.conf
+    - contents: 'FreeBSD { url: "pkg+{{ hshbase.apt.proxy_address }}/${ABI}/latest" }'
+    - mode: 644
+    - user: root
+    - group: wheel
+
+{% elif grains['os'] == 'Debian' or grains['os'] == 'Ubuntu' %}
+hsh_debian_apt_proxy:
+ file.managed:
+   - name: /etc/apt/apt.conf.d/02proxy
+   - contents: 'Acquire::http { Proxy "{{ hshbase.apt.proxy_address }}"; };'
+   - mode: 644
+   - user: root
+   - group: root
+
+{% endif %}
+
+{% endif %}
diff --git a/hshbase/apt/sources.tpl b/hshbase/apt/sources.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..9e654b64da8df633419339f8866ee3085ca931fe
--- /dev/null
+++ b/hshbase/apt/sources.tpl
@@ -0,0 +1,55 @@
+{% set os = grains['os'] -%}
+{% set oscodename = grains['oscodename'] -%}
+# This file is managed by salt!
+# If you want to add or modify sources, please use salt!
+# Generated for:
+# OS: {{ os }}
+# Codename: {{ oscodename }}
+{% if os == 'Debian' -%}
+
+deb http://ftp.de.debian.org/debian {{ oscodename }} main non-free
+deb-src http://ftp.de.debian.org/debian {{ oscodename }} main non-free
+
+deb http://security.debian.org/ {{ oscodename }}/updates main
+deb-src http://security.debian.org/ {{ oscodename }}/updates main
+
+deb http://ftp.de.debian.org/debian/ {{ oscodename }}-updates main
+deb-src http://ftp.de.debian.org/debian/ {{ oscodename }}-updates main
+
+{% if oscodename == 'squeeze' %}
+# Make sure this gets updated! - see dates here: https://wiki.debian.org/LTS/
+# LTS for squeeze only until 02/2016
+# See https://www.debian.org/News/2014/20140424
+deb http://ftp.de.debian.org/debian {{ oscodename }}-lts main non-free
+deb-src http://ftp.de.debian.org/debian {{ oscodename }}-lts main non-free
+{% endif %}
+
+{% elif os == 'Ubuntu' %}
+
+{% if oscodename == 'trusty' %}
+deb http://de.archive.ubuntu.com/ubuntu/ trusty main restricted
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty main restricted
+deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates main restricted
+deb http://de.archive.ubuntu.com/ubuntu/ trusty universe
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty universe
+deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates universe
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates universe
+deb http://de.archive.ubuntu.com/ubuntu/ trusty multiverse
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty multiverse
+deb http://de.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-updates multiverse
+deb http://de.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
+deb-src http://de.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
+deb http://security.ubuntu.com/ubuntu trusty-security main restricted
+deb-src http://security.ubuntu.com/ubuntu trusty-security main restricted
+deb http://security.ubuntu.com/ubuntu trusty-security universe
+deb-src http://security.ubuntu.com/ubuntu trusty-security universe
+deb http://security.ubuntu.com/ubuntu trusty-security multiverse
+deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse
+{% endif %}
+
+{% else %}
+# Something went wrong - apt-sources not ready BUT CONFIGURED (init.sls) for this!
+{% endif %}
+# End of file.
diff --git a/hshbase/apt/sources.tpl.d/salt.list b/hshbase/apt/sources.tpl.d/salt.list
new file mode 100644
index 0000000000000000000000000000000000000000..a9cecdf8937d002e8407dfd30275b4c33411af8c
--- /dev/null
+++ b/hshbase/apt/sources.tpl.d/salt.list
@@ -0,0 +1,5 @@
+{% set os = grains['os'] -%}
+{% set oscodename = grains['oscodename'] -%}
+{% if os == 'Debian' %}
+deb http://debian.saltstack.com/debian {{ oscodename }}-saltstack main
+{% endif %}
diff --git a/hshbase/init.sls b/hshbase/init.sls
index 0f166f762d801ea2a8ea1e89dd7d9fe6f561a76a..e401adba9bcfd881450b8f657d82f7a01805c926 100644
--- a/hshbase/init.sls
+++ b/hshbase/init.sls
@@ -1,5 +1,9 @@
+{% from "hshbase/map.jinja" import hshbase with context %}
+
+# Include all submodules by default.
+
 include:
   - hshbase.apt
 
-echo "hshbase is under construction":
+echo "hshbase is under construction look at the issue tracker!":
   cmd.run
diff --git a/hshbase/map.jinja b/hshbase/map.jinja
index 66f132073dc7433f2de7f90194b0a5f69d31fb9c..e0f5c3fd41556661fa7de5ee2bc1d034809d2594 100644
--- a/hshbase/map.jinja
+++ b/hshbase/map.jinja
@@ -1,6 +1,7 @@
-{% set base_config = salt['pillar.get']('hshbase') %}
-{% import_yaml 'hshbase/defaults.yaml' as default_config %}
+{% import_yaml 'hshbase/defaults.yaml' as defaults %}
 
-{% do default_config.update(base_config) %}
+{% set lookup = salt['pillar.get']('hshbase',
+                                   default=defaults.hshbase,
+                                   merge=True) %}
 
-{% set config = default_config %}
+{% set hshbase = salt['pillar.get']('hshbase', default=lookup, merge=True) %}
diff --git a/pillar.example b/pillar.example
index 74efa6f9faa9dba656983f6d08ac23c8f98678da..3f2a853bba8566407b946866ce1fbad22fa8f382 100644
--- a/pillar.example
+++ b/pillar.example
@@ -1,3 +1,3 @@
 hshbase:
   apt:
-    proxy: True
+    proxy: True  # if you do not want to to use apt-proxy: set to False