feat: default to disposable netvm

- Default sys-net and sys-firewall to disposable;
- Set global and per vm preferences by starting the qubes or shutting
  down them when necessary; and
- Less manual steps remaining for the user: just rename the net qube, as
  it can only be done via Qubes Manager.

salt/sys-net/prefs.sls

@@ -4,17 +4,47 @@ SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
-include:
-  - .create
+{% set netvm = slsdotpath -%}
 
 {% set default_netvm = salt['cmd.shell']('qubes-prefs default_netvm') -%}
-"{{ slsdotpath }}-set-{{ default_netvm }}-netvm-to-{{ slsdotpath }}":
-  qvm.vm:
-    - require:
-      - qvm: {{ slsdotpath }}
+
+{% set running = 0 -%}
+{% if salt['cmd.shell']('qvm-ls --no-spinner --raw-list --running ' ~ default_netvm) == default_netvm -%}
+  {% set running = 1 -%}
+{% endif -%}
+
+"{{ slsdotpath }}-{{ default_netvm }}-shutdown":
+  qvm.shutdown:
     - name: {{ default_netvm }}
-    - prefs:
-      - netvm: {{ slsdotpath }}
+    - flags:
+      - wait
+      - force
+
+{% set default_netvm_netvm = salt['cmd.shell']('qvm-prefs ' ~ default_netvm ~ ' netvm') -%}
+{% if default_netvm_netvm -%}
+"{{ slsdotpath }}-{{ default_netvm_netvm }}-shutdown":
+  qvm.shutdown:
+    - require:
+      - qvm: "{{ slsdotpath }}-{{ default_netvm }}-shutdown"
+    - name: {{ default_netvm_netvm }}
+    - flags:
+      - wait
+      - force
+{% endif -%}
 
 {% from 'utils/macros/policy.sls' import policy_set with context -%}
 {{ policy_set(sls_path, '80') }}
+
+"{{ slsdotpath }}-set-{{ default_netvm }}-netvm-to-{{ netvm }}":
+  qvm.vm:
+    - require:
+      - qvm: "{{ slsdotpath }}-{{ default_netvm }}-shutdown"
+    - name: {{ default_netvm }}
+    - prefs:
+      - netvm: {{ netvm }}
+
+{% if running == 1 -%}
+"{{ slsdotpath }}-{{ default_netvm }}-start":
+  qvm.start:
+    - name: {{ default_netvm }}
+{% endif -%}