mirror of
https://github.com/ben-grande/qusal.git
synced 2024-12-27 00:19:42 -05:00
96 lines
2.5 KiB
Plaintext
96 lines
2.5 KiB
Plaintext
|
{#
|
||
|
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
|
||
|
|
||
|
SPDX-License-Identifier: AGPL-3.0-or-later
|
||
|
#}
|
||
|
|
||
|
{% if grains['nodename'] != 'dom0' -%}
|
||
|
|
||
|
{% set mirage_firewall_tag = 'v0.8.6' -%}
|
||
|
|
||
|
include:
|
||
|
- dev.home-cleanup
|
||
|
- dotfiles.copy-sh
|
||
|
- dotfiles.copy-ssh
|
||
|
- dotfiles.copy-git
|
||
|
- docker.configure
|
||
|
|
||
|
"{{ slsdotpath }}-opam-completion-and-hooks":
|
||
|
file.managed:
|
||
|
- name: /home/user/.config/sh/profile.d/opam.sh
|
||
|
- source: salt://{{ slsdotpath }}/files/client/profile/opam.sh
|
||
|
- mode: '0755'
|
||
|
- user: user
|
||
|
- group: user
|
||
|
- makedirs: True
|
||
|
|
||
|
"{{ slsdotpath }}-makedir-src":
|
||
|
file.directory:
|
||
|
- name: /home/user/src
|
||
|
- user: user
|
||
|
- group: user
|
||
|
- mode: '0755'
|
||
|
- makedirs: True
|
||
|
|
||
|
"{{ slsdotpath }}-gnupg-home":
|
||
|
file.directory:
|
||
|
- name: /home/user/.gnupg/mirage-firewall
|
||
|
- user: user
|
||
|
- group: user
|
||
|
- mode: '0700'
|
||
|
- makedirs: True
|
||
|
|
||
|
"{{ slsdotpath }}-keyring-and-trustdb":
|
||
|
file.managed:
|
||
|
- user: user
|
||
|
- group: user
|
||
|
- mode: '0600'
|
||
|
- names:
|
||
|
- /home/user/.gnupg/mirage-firewall/pubring.kbx:
|
||
|
- source: salt://{{ slsdotpath }}/files/client/keys/pubring.kbx
|
||
|
- /home/user/.gnupg/mirage-firewall/trustdb.gpg:
|
||
|
- source: salt://{{ slsdotpath }}/files/client/keys/trustdb.gpg
|
||
|
|
||
|
"{{ slsdotpath }}-git-clone":
|
||
|
git.latest:
|
||
|
- name: https://github.com/mirage/qubes-mirage-firewall
|
||
|
- target: /home/user/src/qubes-mirage-firewall
|
||
|
- user: user
|
||
|
- force_fetch: True
|
||
|
|
||
|
## The tag is annotated, using verify-commit instead.
|
||
|
"{{ slsdotpath }}-git-verify-tag":
|
||
|
cmd.run:
|
||
|
- require:
|
||
|
- git: "{{ slsdotpath }}-git-clone"
|
||
|
- name: GNUPGHOME="$HOME/.gnupg/mirage-firewall" git -c gpg.program=gpg2 verify-commit {{ mirage_firewall_tag }}
|
||
|
- cwd: /home/user/src/qubes-mirage-firewall
|
||
|
- runas: user
|
||
|
|
||
|
"{{ slsdotpath }}-git-checkout-tag-{{ mirage_firewall_tag }}":
|
||
|
cmd.run:
|
||
|
- name: git checkout {{ mirage_firewall_tag }}
|
||
|
- require:
|
||
|
- cmd: "{{ slsdotpath }}-git-verify-tag"
|
||
|
- cwd: /home/user/src/qubes-mirage-firewall
|
||
|
- runas: user
|
||
|
|
||
|
"{{ slsdotpath }}-makedir-home-docker":
|
||
|
file.directory:
|
||
|
- name: /home/user/docker
|
||
|
- user: user
|
||
|
- group: user
|
||
|
- mode: '0755'
|
||
|
- makedirs: True
|
||
|
|
||
|
{% if salt['grains.get']('os_family') = 'RedHat' -%}
|
||
|
"{{ slsdotpath }}-file-security-context":
|
||
|
cmd.run:
|
||
|
- name: chcon -Rt container_file_t /home/user/docker
|
||
|
- require:
|
||
|
- file: "{{ slsdotpath }}-makedir-home-docker"
|
||
|
- runas: user
|
||
|
{% endif -%}
|
||
|
|
||
|
{% endif -%}
|