2024-01-12 11:22:58 -05:00
|
|
|
{#
|
2024-01-29 10:49:54 -05:00
|
|
|
SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
|
2024-01-12 11:22:58 -05:00
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
|
|
|
|
https://www.kicksecure.com/wiki/Debian
|
|
|
|
https://www.kicksecure.com/wiki/Security-misc
|
|
|
|
https://www.kicksecure.com/wiki/Hardened-kernel
|
|
|
|
https://www.kicksecure.com/wiki/Hardened_Malloc
|
|
|
|
https://www.kicksecure.com/wiki/Operating_System_Hardening
|
|
|
|
https://www.kicksecure.com/wiki/Linux_Kernel_Runtime_Guard_LKRG
|
|
|
|
https://www.qubes-os.org/doc/managing-vm-kernels/#distribution-kernel
|
|
|
|
#}
|
|
|
|
|
|
|
|
{% if grains['nodename'] != 'dom0' -%}
|
|
|
|
|
|
|
|
include:
|
|
|
|
- kicksecure-minimal.install-repo
|
|
|
|
- sys-cacher.install-client
|
|
|
|
- utils.tools.zsh
|
|
|
|
|
|
|
|
"{{ slsdotpath }}-updated":
|
|
|
|
pkg.uptodate:
|
|
|
|
- refresh: True
|
|
|
|
|
|
|
|
"{{ slsdotpath }}-installed":
|
|
|
|
pkg.installed:
|
|
|
|
- refresh: True
|
|
|
|
- install_recommends: False
|
|
|
|
- skip_suggestions: True
|
|
|
|
- pkgs:
|
|
|
|
- kicksecure-qubes-cli
|
|
|
|
- linux-image-amd64
|
|
|
|
- linux-headers-amd64
|
|
|
|
- grub2
|
|
|
|
- qubes-kernel-vm-support
|
|
|
|
|
|
|
|
"{{ slsdotpath }}-remove-debian-default-sources.list":
|
2024-02-01 11:40:26 -05:00
|
|
|
file.comment:
|
2024-01-12 11:22:58 -05:00
|
|
|
- require:
|
|
|
|
- pkg: "{{ slsdotpath }}-installed"
|
|
|
|
- name: /etc/apt/sources.list
|
2024-02-01 11:40:26 -05:00
|
|
|
- regex: "^\s*deb"
|
|
|
|
- ignore_missing: True
|
2024-01-12 11:22:58 -05:00
|
|
|
|
|
|
|
"{{ slsdotpath }}-distribution-kernel":
|
|
|
|
cmd.run:
|
|
|
|
- require:
|
|
|
|
- pkg: "{{ slsdotpath }}-installed"
|
|
|
|
- name: grub-install /dev/xvda
|
|
|
|
- runas: root
|
|
|
|
|
|
|
|
{% endif %}
|