qusal/salt/sys-mirage-firewall/create.sls

121 lines
2.8 KiB
Plaintext
Raw Normal View History

2023-11-13 09:33:28 -05:00
{#
2024-01-12 11:56:28 -05:00
SPDX-FileCopyrightText: 2022 Thien Tran <contact@tommytran.io>
2023-11-13 13:18:06 -05:00
SPDX-FileCopyrightText: 2023 unman <unman@thirdeyesecurity.org>
2024-01-29 10:49:54 -05:00
SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
2023-11-13 09:33:28 -05:00
2024-01-12 11:56:28 -05:00
SPDX-License-Identifier: MIT
2023-11-13 09:33:28 -05:00
#}
{%- from "qvm/template.jinja" import load -%}
{# Use the netvm of the default_netvm. #}
{% set default_netvm = salt['cmd.shell']('qubes-prefs default_netvm') -%}
{% set netvm = salt['cmd.shell']('qvm-prefs ' + default_netvm + ' netvm') -%}
{#
If netvm of default_netvm is empty, user's default_netvm is the first in
the chain (sys-net).
#}
{% if netvm == '' %}
{% set netvm = default_netvm %}
{% endif %}
"sys-mirage-firewall-create-vm-kernels-dir":
file.directory:
- name: /var/lib/qubes/vm-kernels/mirage-firewall
- mode: '0755'
- user: root
- group: root
- makedirs: True
"sys-mirage-firewall-extract-to-vm-kernels":
archive.extracted:
- name: /var/lib/qubes/vm-kernels/
- require:
- file: sys-mirage-firewall-create-vm-kernels-dir
- source: salt://sys-mirage-firewall/files/admin/mirage-firewall.tar.bz2
- source_hash: salt://sys-mirage-firewall/files/admin/mirage-firewall.sha256
- archive_format: tar
- options: -j
"sys-mirage-firewall-save-version":
file.managed:
- name: /var/lib/qubes/vm-kernels/mirage-firewall/version.txt
- source: salt://sys-mirage-firewall/files/admin/version.txt
- mode: '0644'
- user: root
- group: root
- makedirs: True
{% load_yaml as defaults -%}
2024-01-12 11:56:28 -05:00
name: tpl-sys-mirage-firewall
2023-11-13 09:33:28 -05:00
force: True
require:
2024-01-12 11:56:28 -05:00
- file: sys-mirage-firewall-save-version
2023-11-13 09:33:28 -05:00
present:
2024-01-12 11:56:28 -05:00
- class: TemplateVM
- label: black
prefs:
2023-11-13 09:33:28 -05:00
- virt_mode: pvh
2024-01-12 11:56:28 -05:00
- label: black
- audiovm: ""
2024-01-12 11:56:28 -05:00
- memory: 64
- maxmem: 64
- vcpus: 1
- kernel: mirage-firewall
- kernelopts: ""
- include_in_backups: False
2024-01-12 11:56:28 -05:00
{%- endload %}
{{ load(defaults) }}
{% load_yaml as defaults -%}
name: dvm-sys-mirage-firewall
force: True
require:
- qvm: tpl-sys-mirage-firewall
present:
- template: tpl-sys-mirage-firewall
- label: orange
2023-11-13 09:33:28 -05:00
prefs:
2024-01-12 11:56:28 -05:00
- template: tpl-sys-mirage-firewall
- label: orange
- netvm: {{ netvm }}
- audiovm: ""
2024-01-12 11:56:28 -05:00
- memory: 64
- maxmem: 64
- vcpus: 1
- provides-network: True
- template_for_dispvms: True
- include_in_backups: False
2024-01-12 11:56:28 -05:00
features:
- enable:
- service.qubes-firewall
- no-default-kernelopts
{%- endload %}
{{ load(defaults) }}
{% load_yaml as defaults -%}
name: disp-sys-mirage-firewall
force: True
require:
- qvm: tpl-sys-mirage-firewall
present:
- class: DispVM
- template: dvm-sys-mirage-firewall
- label: orange
prefs:
- template: dvm-sys-mirage-firewall
2023-11-13 09:33:28 -05:00
- label: orange
- netvm: {{ netvm }}
- audiovm: ""
2023-11-13 09:33:28 -05:00
- memory: 64
- maxmem: 64
- vcpus: 1
- provides-network: True
- include_in_backups: False
2023-11-13 09:33:28 -05:00
features:
- enable:
- service.qubes-firewall
- no-default-kernelopts
{%- endload %}
{{ load(defaults) }}