From f933523e102f752ac5f9dcd3a68adfdc1be51d8f Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Mon, 24 Feb 2025 11:22:51 +0100 Subject: [PATCH] feat: bump Fedora version - Update to Fedora 41; - Change default Fedora template to Xfce variant; - Enforce Fedora based formulas to depend on a chain that always has the correct management disposable set. For 'qubes-builder,' it requires 'mgmt', which requires 'fedora-minimal', which requires 'fedora-xfce'; - Cleanup salt patch necessary on version 39 and 40. - Update base templates when stale before being cloned to derivative templates. - Remove non-essential bootstrap formulas from requirements. Dom0 was never required, but very recommended, templates were required because it was best to update them on their formula before generating outdated clones of it. Fix: https://github.com/ben-grande/qusal/issues/108 Fix: https://github.com/ben-grande/qusal/issues/57 --- docs/BOOTSTRAP.md | 3 -- salt/debian-minimal/template.jinja | 2 +- salt/debian-xfce/template.jinja | 11 +++-- salt/debian/template.jinja | 4 +- salt/fedora-minimal/README.md | 4 +- salt/fedora-minimal/create.sls | 26 ++-------- .../files/admin/bin/salt-patch.sh | 18 ------- salt/fedora-minimal/init.top | 2 +- salt/fedora-minimal/prefs.sls | 17 ++----- salt/fedora-minimal/template.jinja | 2 +- salt/fedora-xfce/README.md | 6 ++- salt/fedora-xfce/create.sls | 10 +++- salt/fedora-xfce/prefs.sls | 18 +++++++ salt/fedora-xfce/prefs.top | 10 ++++ salt/fedora-xfce/template.jinja | 11 +++-- salt/fedora/README.md | 6 ++- salt/fedora/create.sls | 10 +++- salt/fedora/prefs.sls | 18 +++++++ salt/fedora/prefs.top | 10 ++++ salt/fedora/template.jinja | 6 +-- salt/mgmt/create.sls | 23 +-------- salt/mgmt/prefs.sls | 15 +----- salt/qubes-builder/README.md | 9 ++-- salt/qubes-builder/create.sls | 36 ++------------ salt/qubes-builder/init.sls | 16 ------- salt/qubes-builder/init.top | 2 +- salt/qubes-builder/prefs-mgmt.sls | 17 +++++++ salt/qubes-builder/prefs-mgmt.top | 10 ++++ salt/qubes-builder/prefs.sls | 20 -------- salt/qubes-builder/prefs.top | 10 ---- salt/sys-gui-gpu/README.md | 8 +++- salt/sys-gui-gpu/create.sls | 1 + salt/sys-gui-vnc/README.md | 6 ++- salt/sys-gui-vnc/create.sls | 1 + salt/sys-gui/README.md | 8 +++- salt/sys-gui/create.sls | 4 +- salt/sys-gui/prefs-mgmt.sls | 16 +++++++ salt/sys-gui/prefs-mgmt.top | 10 ++++ salt/sys-gui/prefs.sls | 8 ++++ salt/sys-pgp/README.md | 9 ++-- salt/sys-pgp/create.sls | 25 ++-------- salt/sys-pgp/install.sls | 7 +-- salt/sys-pgp/prefs-mgmt.sls | 17 +++++++ salt/sys-pgp/prefs-mgmt.top | 10 ++++ salt/sys-pgp/prefs.sls | 27 ----------- salt/sys-pgp/prefs.top | 10 ---- salt/utils/macros/clone-template.sls | 5 +- salt/utils/macros/update-admin.sls | 48 +++++++++++++++++++ 48 files changed, 301 insertions(+), 271 deletions(-) delete mode 100755 salt/fedora-minimal/files/admin/bin/salt-patch.sh create mode 100644 salt/fedora-xfce/prefs.sls create mode 100644 salt/fedora-xfce/prefs.top create mode 100644 salt/fedora/prefs.sls create mode 100644 salt/fedora/prefs.top delete mode 100644 salt/qubes-builder/init.sls create mode 100644 salt/qubes-builder/prefs-mgmt.sls create mode 100644 salt/qubes-builder/prefs-mgmt.top delete mode 100644 salt/qubes-builder/prefs.sls delete mode 100644 salt/qubes-builder/prefs.top create mode 100644 salt/sys-gui/prefs-mgmt.sls create mode 100644 salt/sys-gui/prefs-mgmt.top create mode 100644 salt/sys-pgp/prefs-mgmt.sls create mode 100644 salt/sys-pgp/prefs-mgmt.top delete mode 100644 salt/sys-pgp/prefs.sls delete mode 100644 salt/sys-pgp/prefs.top create mode 100644 salt/utils/macros/update-admin.sls diff --git a/docs/BOOTSTRAP.md b/docs/BOOTSTRAP.md index 4187e03..d566319 100644 --- a/docs/BOOTSTRAP.md +++ b/docs/BOOTSTRAP.md @@ -23,9 +23,6 @@ matter in some circumstances, in those cases, it is noted in this page. ## Essential * Base (order matters): - * [dom0](../salt/dom0/README.md) - * [debian-minimal](../salt/debian-minimal/README.md) - * [fedora-minimal](../salt/fedora-minimal/README.md) * [mgmt](../salt/mgmt/README.md) * [sys-cacher](../salt/sys-cacher/README.md) diff --git a/salt/debian-minimal/template.jinja b/salt/debian-minimal/template.jinja index 6c4b200..a73ea03 100644 --- a/salt/debian-minimal/template.jinja +++ b/salt/debian-minimal/template.jinja @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} diff --git a/salt/debian-xfce/template.jinja b/salt/debian-xfce/template.jinja index 95f196a..64142a7 100644 --- a/salt/debian-xfce/template.jinja +++ b/salt/debian-xfce/template.jinja @@ -1,15 +1,16 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} -{% set base = 'debian' -%} -{% set version = salt['pillar.get']('qvm:debian:version', '12') -%} +{%- import "debian/template.jinja" as template_base -%} +{% set base = template_base.base -%} +{% set version = template_base.version -%} {% set flavor = 'xfce' -%} -{% set repo = salt['pillar.get']('qvm:debian:repo', 'qubes-templates-itl') -%} +{% set repo = template_base.repo -%} {% if flavor -%} {% set flavor = '-' ~ flavor -%} {% endif -%} -{% set template = base ~ '-' ~ version ~ flavor -%} +{% set template = base ~ '-' ~ version ~ flavor -%} {% set template_clean = base ~ flavor -%} diff --git a/salt/debian/template.jinja b/salt/debian/template.jinja index e52e7f6..4427b25 100644 --- a/salt/debian/template.jinja +++ b/salt/debian/template.jinja @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -11,5 +11,5 @@ SPDX-License-Identifier: AGPL-3.0-or-later {% if flavor -%} {% set flavor = '-' ~ flavor -%} {% endif -%} -{% set template = base ~ '-' ~ version ~ flavor -%} +{% set template = base ~ '-' ~ version ~ flavor -%} {% set template_clean = base ~ flavor -%} diff --git a/salt/fedora-minimal/README.md b/salt/fedora-minimal/README.md index 694cf83..a600ffb 100644 --- a/salt/fedora-minimal/README.md +++ b/salt/fedora-minimal/README.md @@ -19,7 +19,7 @@ it. ```sh sudo qubesctl top.enable fedora-minimal -sudo qubesctl --targets=fedora-40-minimal state.apply +sudo qubesctl --targets=fedora-41-minimal state.apply sudo qubesctl top.disable fedora-minimal sudo qubesctl state.apply fedora-minimal.prefs ``` @@ -30,7 +30,7 @@ sudo qubesctl state.apply fedora-minimal.prefs ```sh sudo qubesctl state.apply fedora-minimal.create -sudo qubesctl --skip-dom0 --targets=fedora-40-minimal state.apply fedora-minimal.install +sudo qubesctl --skip-dom0 --targets=fedora-41-minimal state.apply fedora-minimal.install sudo qubesctl state.apply fedora-minimal.prefs ``` diff --git a/salt/fedora-minimal/create.sls b/salt/fedora-minimal/create.sls index c9a00b9..0cef47a 100644 --- a/salt/fedora-minimal/create.sls +++ b/salt/fedora-minimal/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -9,7 +9,8 @@ SPDX-License-Identifier: AGPL-3.0-or-later {%- import slsdotpath ~ "/template.jinja" as template -%} include: - - fedora.create + - fedora-xfce.create + - fedora-xfce.prefs - .clone "dvm-{{ template.template }}-absent": @@ -23,6 +24,7 @@ name: {{ template.template }} force: True require: - sls: {{ template.template_clean }}.clone +- sls: fedora-xfce.create present: - label: black prefs: @@ -32,6 +34,7 @@ prefs: - memory: 300 - maxmem: 600 - include_in_backups: False +- management_dispvm: dvm-fedora-xfce features: - set: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" @@ -63,22 +66,3 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} - -"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora": - qvm.vm: - - require: - - qvm: dvm-fedora - - name: {{ template.template }} - - prefs: - - management_dispvm: dvm-fedora - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-install-salt-deps": - cmd.script: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora" - - name: salt-patch.sh - - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh - - args: {{ template.template }} diff --git a/salt/fedora-minimal/files/admin/bin/salt-patch.sh b/salt/fedora-minimal/files/admin/bin/salt-patch.sh deleted file mode 100755 index abaec32..0000000 --- a/salt/fedora-minimal/files/admin/bin/salt-patch.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -## SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. -## -## SPDX-License-Identifier: AGPL-3.0-or-later - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 - -set -eu - -qube="${1}" -dnf_min_install="dnf -q install --refresh -y --setopt=install_weak_deps=False" - -qvm-run --no-gui --user=root --pass-io --filter-escape-chars \ - --no-color-output --no-color-stderr -- "${qube}" \ - "${dnf_min_install} python3-urllib3" diff --git a/salt/fedora-minimal/init.top b/salt/fedora-minimal/init.top index 08006ac..ff2f7bf 100644 --- a/salt/fedora-minimal/init.top +++ b/salt/fedora-minimal/init.top @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} diff --git a/salt/fedora-minimal/prefs.sls b/salt/fedora-minimal/prefs.sls index b6ef9fe..b735b2a 100644 --- a/salt/fedora-minimal/prefs.sls +++ b/salt/fedora-minimal/prefs.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -9,21 +9,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .create -"{{ slsdotpath }}-set-management_dispvm-to-default": +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default": qvm.vm: - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" + - sls: {{ slsdotpath }}.create - name: {{ template.template }} - prefs: - management_dispvm: "*default*" - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-shutdown-template": - qvm.shutdown: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default" - - name: {{ template.template }} - - flags: - - force diff --git a/salt/fedora-minimal/template.jinja b/salt/fedora-minimal/template.jinja index df1c90f..9bdf7be 100644 --- a/salt/fedora-minimal/template.jinja +++ b/salt/fedora-minimal/template.jinja @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} diff --git a/salt/fedora-xfce/README.md b/salt/fedora-xfce/README.md index 696510c..962a001 100644 --- a/salt/fedora-xfce/README.md +++ b/salt/fedora-xfce/README.md @@ -18,8 +18,9 @@ Creates the Fedora Xfce template as well as a Disposable Template based on it. ```sh sudo qubesctl top.enable fedora-xfce -sudo qubesctl --targets=fedora-40-xfce state.apply +sudo qubesctl --targets=fedora-41-xfce state.apply sudo qubesctl top.disable fedora-xfce +sudo qubesctl state.apply fedora-xfce.prefs ``` * State: @@ -28,7 +29,8 @@ sudo qubesctl top.disable fedora-xfce ```sh sudo qubesctl state.apply fedora-xfce.create -sudo qubesctl --skip-dom0 --targets=fedora-40-xfce state.apply fedora-xfce.install +sudo qubesctl --skip-dom0 --targets=fedora-41-xfce state.apply fedora-xfce.install +sudo qubesctl state.apply fedora-xfce.prefs ``` diff --git a/salt/fedora-xfce/create.sls b/salt/fedora-xfce/create.sls index cc6492f..cdf289f 100644 --- a/salt/fedora-xfce/create.sls +++ b/salt/fedora-xfce/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -62,3 +62,11 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} + +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-dvm-{{ template.template_clean }}": + qvm.vm: + - require: + - qvm: dvm-{{ template.template_clean }} + - name: {{ template.template }} + - prefs: + - management_dispvm: "dvm-{{ template.template_clean }}" diff --git a/salt/fedora-xfce/prefs.sls b/salt/fedora-xfce/prefs.sls new file mode 100644 index 0000000..b735b2a --- /dev/null +++ b/salt/fedora-xfce/prefs.sls @@ -0,0 +1,18 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: {{ template.template }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/fedora-xfce/prefs.top b/salt/fedora-xfce/prefs.top new file mode 100644 index 0000000..2d3d2c8 --- /dev/null +++ b/salt/fedora-xfce/prefs.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - fedora-xfce.prefs diff --git a/salt/fedora-xfce/template.jinja b/salt/fedora-xfce/template.jinja index 609841b..d39a376 100644 --- a/salt/fedora-xfce/template.jinja +++ b/salt/fedora-xfce/template.jinja @@ -1,15 +1,16 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} -{% set base = 'fedora' -%} -{% set version = salt['pillar.get']('qvm:fedora:version', '39') -%} +{%- import "fedora/template.jinja" as template_base -%} +{% set base = template_base.base -%} +{% set version = template_base.version -%} {% set flavor = 'xfce' -%} -{% set repo = salt['pillar.get']('qvm:fedora:repo', 'qubes-templates-itl') -%} +{% set repo = template_base.repo -%} {% if flavor -%} {% set flavor = '-' ~ flavor -%} {% endif -%} -{% set template = base ~ '-' ~ version ~ flavor -%} +{% set template = base ~ '-' ~ version ~ flavor -%} {% set template_clean = base ~ flavor -%} diff --git a/salt/fedora/README.md b/salt/fedora/README.md index 262cb78..435c074 100644 --- a/salt/fedora/README.md +++ b/salt/fedora/README.md @@ -18,8 +18,9 @@ Creates the Fedora template as well as a Disposable Template based on it. ```sh sudo qubesctl top.enable fedora -sudo qubesctl --targets=fedora-40 state.apply +sudo qubesctl --targets=fedora-41 state.apply sudo qubesctl top.disable fedora +sudo qubesctl state.apply fedora.prefs ``` * State: @@ -28,7 +29,8 @@ sudo qubesctl top.disable fedora ```sh sudo qubesctl state.apply fedora.create -sudo qubesctl --skip-dom0 --targets=fedora-40 state.apply fedora.install +sudo qubesctl --skip-dom0 --targets=fedora-41 state.apply fedora.install +sudo qubesctl state.apply fedora.prefs ``` diff --git a/salt/fedora/create.sls b/salt/fedora/create.sls index d5065b4..f778b0b 100644 --- a/salt/fedora/create.sls +++ b/salt/fedora/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -62,3 +62,11 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} + +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-dvm-{{ template.template_clean }}": + qvm.vm: + - require: + - qvm: dvm-{{ template.template_clean }} + - name: {{ template.template }} + - prefs: + - management_dispvm: "dvm-{{ template.template_clean }}" diff --git a/salt/fedora/prefs.sls b/salt/fedora/prefs.sls new file mode 100644 index 0000000..b735b2a --- /dev/null +++ b/salt/fedora/prefs.sls @@ -0,0 +1,18 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: {{ template.template }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/fedora/prefs.top b/salt/fedora/prefs.top new file mode 100644 index 0000000..d43ade1 --- /dev/null +++ b/salt/fedora/prefs.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - fedora.prefs diff --git a/salt/fedora/template.jinja b/salt/fedora/template.jinja index 68f6403..2fc1f0e 100644 --- a/salt/fedora/template.jinja +++ b/salt/fedora/template.jinja @@ -1,15 +1,15 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} {% set base = 'fedora' -%} -{% set version = salt['pillar.get']('qvm:fedora:version', '40') -%} +{% set version = salt['pillar.get']('qvm:fedora:version', '41') -%} {% set flavor = '' -%} {% set repo = salt['pillar.get']('qvm:fedora:repo', 'qubes-templates-itl') -%} {% if flavor -%} {% set flavor = '-' ~ flavor -%} {% endif -%} -{% set template = base ~ '-' ~ version ~ flavor -%} +{% set template = base ~ '-' ~ version ~ flavor -%} {% set template_clean = base ~ flavor -%} diff --git a/salt/mgmt/create.sls b/salt/mgmt/create.sls index 220cb4b..6a24cce 100644 --- a/salt/mgmt/create.sls +++ b/salt/mgmt/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -7,7 +7,6 @@ SPDX-License-Identifier: AGPL-3.0-or-later {%- from "qvm/template.jinja" import load -%} include: - - fedora.create - .clone - fedora-minimal.prefs @@ -19,6 +18,7 @@ require: - sls: fedora-minimal.prefs prefs: - audiovm: "" +- management_dispvm: dvm-fedora-xfce {%- endload %} {{ load(defaults) }} @@ -48,22 +48,3 @@ features: - internal {%- endload %} {{ load(defaults) }} - -"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora": - qvm.vm: - - require: - - qvm: dvm-fedora - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: dvm-fedora - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-install-salt-deps": - cmd.script: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora" - - name: salt-patch.sh - - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh - - args: tpl-{{ slsdotpath }} diff --git a/salt/mgmt/prefs.sls b/salt/mgmt/prefs.sls index 73e491b..635858e 100644 --- a/salt/mgmt/prefs.sls +++ b/salt/mgmt/prefs.sls @@ -10,13 +10,13 @@ include: "{{ slsdotpath }}-set-qubes-prefs-management_dispvm-to-dvm-{{ slsdotpath }}": cmd.run: - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" + - sls: {{ slsdotpath }}.create - name: qubes-prefs -- management_dispvm dvm-{{ slsdotpath }} "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default": qvm.vm: - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" + - sls: {{ slsdotpath }}.create - name: tpl-{{ slsdotpath }} - prefs: - management_dispvm: "*default*" @@ -27,14 +27,3 @@ include: - cmd: "{{ slsdotpath }}-set-qubes-prefs-management_dispvm-to-dvm-{{ slsdotpath }}" - qvm: "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default" - name: default-mgmt-dvm - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-shutdown-template": - qvm.shutdown: - - require: - - qvm: "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default" - - name: tpl-{{ slsdotpath }} - - flags: - - force diff --git a/salt/qubes-builder/README.md b/salt/qubes-builder/README.md index 27cfdb4..8ea0631 100644 --- a/salt/qubes-builder/README.md +++ b/salt/qubes-builder/README.md @@ -35,9 +35,11 @@ template. * Top: ```sh -sudo qubesctl top.enable qubes-builder +sudo qubesctl top.enable mgmt qubes-builder +sudo qubesctl --targets=tpl-mgmt state.apply +sudo qubesctl state.apply qubes-builder.prefs-mgmt sudo qubesctl --targets=tpl-qubes-builder,dvm-qubes-builder,qubes-builder state.apply -sudo qubesctl top.disable qubes-builder +sudo qubesctl top.disable mgmt qubes-builder sudo qubesctl state.apply qubes-builder.prefs ``` @@ -47,8 +49,9 @@ sudo qubesctl state.apply qubes-builder.prefs ```sh sudo qubesctl state.apply qubes-builder.create +sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install +sudo qubesctl state.apply qubes-builder.prefs-mgmt sudo qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply qubes-builder.install -sudo qubesctl state.apply qubes-builder.prefs sudo qubesctl --skip-dom0 --targets=dvm-qubes-builder state.apply qubes-builder.configure-qubes-executor sudo qubesctl --skip-dom0 --targets=qubes-builder state.apply qubes-builder.configure ``` diff --git a/salt/qubes-builder/create.sls b/salt/qubes-builder/create.sls index 2c69073..7cc0519 100644 --- a/salt/qubes-builder/create.sls +++ b/salt/qubes-builder/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -8,14 +8,14 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone - - fedora-minimal.prefs + - mgmt.create {% load_yaml as defaults -%} name: tpl-{{ slsdotpath }} force: True require: - sls: {{ slsdotpath }}.clone -- sls: fedora-minimal.prefs +- sls: mgmt.create prefs: - audiovm: "" {%- endload %} @@ -89,33 +89,3 @@ features: {% from 'utils/macros/policy.sls' import policy_set with context -%} {{ policy_set(sls_path, '70') }} - -"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora": - qvm.vm: - - require: - - qvm: dvm-fedora - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: dvm-fedora - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-install-salt-deps": - cmd.script: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora" - - name: salt-patch.sh - - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh - - args: tpl-{{ slsdotpath }} - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-shutdown-template": - qvm.shutdown: - - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" - - name: tpl-{{ slsdotpath }} - - flags: - - force diff --git a/salt/qubes-builder/init.sls b/salt/qubes-builder/init.sls deleted file mode 100644 index 2a7887f..0000000 --- a/salt/qubes-builder/init.sls +++ /dev/null @@ -1,16 +0,0 @@ -{# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -include: -{% if grains['id'] == 'dom0' -%} - - .create -{% elif grains['id'] == 'tpl-' ~ slsdotpath -%} - - .install -{% elif grains['id'] == 'dvm-' ~ slsdotpath -%} - - .configure-qubes-executor -{% elif grains['id'] == slsdotpath -%} - - .configure -{% endif -%} diff --git a/salt/qubes-builder/init.top b/salt/qubes-builder/init.top index 3866ba0..4f04eef 100644 --- a/salt/qubes-builder/init.top +++ b/salt/qubes-builder/init.top @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} diff --git a/salt/qubes-builder/prefs-mgmt.sls b/salt/qubes-builder/prefs-mgmt.sls new file mode 100644 index 0000000..b67ac56 --- /dev/null +++ b/salt/qubes-builder/prefs-mgmt.sls @@ -0,0 +1,17 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +include: + - .create + - mgmt.prefs + +"{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: tpl-{{ slsdotpath }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/qubes-builder/prefs-mgmt.top b/salt/qubes-builder/prefs-mgmt.top new file mode 100644 index 0000000..1de602d --- /dev/null +++ b/salt/qubes-builder/prefs-mgmt.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - qubes-builder.prefs-mgmt diff --git a/salt/qubes-builder/prefs.sls b/salt/qubes-builder/prefs.sls deleted file mode 100644 index 9650569..0000000 --- a/salt/qubes-builder/prefs.sls +++ /dev/null @@ -1,20 +0,0 @@ -{# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 - -include: - - .create - -"{{ slsdotpath }}-set-management_dispvm-to-default": - qvm.vm: - - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: "*default*" diff --git a/salt/qubes-builder/prefs.top b/salt/qubes-builder/prefs.top deleted file mode 100644 index 3a073c3..0000000 --- a/salt/qubes-builder/prefs.top +++ /dev/null @@ -1,10 +0,0 @@ -{# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -base: - 'dom0': - - match: nodegroup - - qubes-builder.prefs diff --git a/salt/sys-gui-gpu/README.md b/salt/sys-gui-gpu/README.md index a8faddb..1ba6bee 100644 --- a/salt/sys-gui-gpu/README.md +++ b/salt/sys-gui-gpu/README.md @@ -23,9 +23,11 @@ WARNING: [unfinished formula](../../docs/TROUBLESHOOT.md#no-support-for-unfinish ```sh sudo qubesctl top.enable qvm.sys-gui-gpu pillar=True -sudo qubesctl top.enable sys-gui-gpu +sudo qubesctl top.enable mgmt sys-gui-gpu +sudo qubesctl --targets=tpl-mgmt state.apply +sudo qubesctl state.apply sys-gui.prefs-mgmt sudo qubesctl --targets=tpl-sys-gui,sys-gui-gpu state.apply -sudo qubesctl top.disable sys-gui-gpu +sudo qubesctl top.disable mgmt sys-gui-gpu sudo qubesctl state.apply sys-gui-gpu.prefs ``` @@ -36,6 +38,8 @@ sudo qubesctl state.apply sys-gui-gpu.prefs ```sh sudo qubesctl top.enable qvm.sys-gui-gpu pillar=True sudo qubesctl state.apply sys-gui-gpu.create +sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install +sudo qubesctl state.apply sys-gui.prefs-mgmt sudo qubesctl --skip-dom0 --targets=tpl-sys-gui state.apply sys-gui-gpu.install sudo qubesctl --skip-dom0 --targets=sys-gui-gpu state.apply sys-gui-gpu.configure sudo qubesctl state.apply sys-gui-gpu.prefs diff --git a/salt/sys-gui-gpu/create.sls b/salt/sys-gui-gpu/create.sls index af59907..7aece6a 100644 --- a/salt/sys-gui-gpu/create.sls +++ b/salt/sys-gui-gpu/create.sls @@ -12,6 +12,7 @@ SPDX-License-Identifier: GPL-2.0-only include: - .clone + - sys-gui.create "{{ slsdotpath }}-gpu-installed": pkg.installed: diff --git a/salt/sys-gui-vnc/README.md b/salt/sys-gui-vnc/README.md index 5485f1f..a541443 100644 --- a/salt/sys-gui-vnc/README.md +++ b/salt/sys-gui-vnc/README.md @@ -23,7 +23,9 @@ WARNING: [unfinished formula](../../docs/TROUBLESHOOT.md#no-support-for-unfinish ```sh sudo qubesctl top.enable qvm.sys-gui-vnc pillar=True -sudo qubesctl top.enable sys-gui-vnc +sudo qubesctl top.enable mgmt sys-gui-vnc +sudo qubesctl --targets=tpl-mgmt state.apply +sudo qubesctl state.apply sys-gui.prefs-mgmt sudo qubesctl --targets=tpl-sys-gui,sys-gui-vnc state.apply sudo qubesctl top.disable sys-gui-vnc sudo qubesctl state.apply sys-gui-vnc.prefs @@ -36,6 +38,8 @@ sudo qubesctl state.apply sys-gui-vnc.prefs ```sh sudo qubesctl top.enable qvm.sys-gui-vnc pillar=True sudo qubesctl state.apply sys-gui-vnc.create +sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install +sudo qubesctl state.apply sys-gui.prefs-mgmt sudo qubesctl --skip-dom0 --targets=tpl-sys-gui state.apply sys-gui-vnc.install sudo qubesctl --skip-dom0 --targets=sys-gui-vnc state.apply sys-gui-vnc.configure sudo qubesctl state.apply sys-gui-vnc.prefs diff --git a/salt/sys-gui-vnc/create.sls b/salt/sys-gui-vnc/create.sls index c6b41af..c4b1af4 100644 --- a/salt/sys-gui-vnc/create.sls +++ b/salt/sys-gui-vnc/create.sls @@ -11,6 +11,7 @@ SPDX-License-Identifier: GPL-2.0-only include: - .clone + - sys-gui.create {% if 'psu' in salt['pillar.get']('qvm:sys-gui-vnc:dummy-modules', []) or 'backlight' in salt['pillar.get']('qvm:sys-gui-vnc:dummy-modules', []) %} "{{ slsdotpath }}-vnc-installed": diff --git a/salt/sys-gui/README.md b/salt/sys-gui/README.md index 1476418..2a33b32 100644 --- a/salt/sys-gui/README.md +++ b/salt/sys-gui/README.md @@ -23,9 +23,11 @@ WARNING: [unfinished formula](../../docs/TROUBLESHOOT.md#no-support-for-unfinish ```sh sudo qubesctl top.enable qvm.sys-gui pillar=True -sudo qubesctl top.enable sys-gui +sudo qubesctl top.enable mgmt sys-gui +sudo qubesctl --targets=tpl-mgmt state.apply +sudo qubesctl state.apply sys-gui.prefs-mgmt sudo qubesctl --targets=tpl-sys-gui,sys-gui state.apply -sudo qubesctl top.disable sys-gui +sudo qubesctl top.disable mgmt sys-gui sudo qubesctl state.apply sys-gui.prefs ``` @@ -36,6 +38,8 @@ sudo qubesctl state.apply sys-gui.prefs ```sh sudo qubesctl top.enable qvm.sys-gui pillar=True sudo qubesctl state.apply sys-gui.create +sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install +sudo qubesctl state.apply sys-gui.prefs-mgmt sudo qubesctl --skip-dom0 --targets=tpl-sys-gui state.apply sys-gui.install sudo qubesctl --skip-dom0 --targets=sys-gui state.apply sys-gui.configure sudo qubesctl state.apply sys-gui.prefs diff --git a/salt/sys-gui/create.sls b/salt/sys-gui/create.sls index ea7a50f..5ca2b7b 100644 --- a/salt/sys-gui/create.sls +++ b/salt/sys-gui/create.sls @@ -1,7 +1,7 @@ {# SPDX-FileCopyrightText: 2019 - 2020 Frederic Pierret SPDX-FileCopyrightText: 2020 - 2024 Marmarek Marczykowski-Gorecki -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: GPL-2.0-only #} @@ -11,6 +11,7 @@ SPDX-License-Identifier: GPL-2.0-only include: - .clone + - mgmt.create {% if 'psu' in salt['pillar.get']('qvm:sys-gui:dummy-modules', []) or 'backlight' in salt['pillar.get']('qvm:sys-gui:dummy-modules', []) %} "{{ slsdotpath }}-installed": @@ -32,6 +33,7 @@ name: tpl-{{ slsdotpath }} force: True require: - sls: {{ slsdotpath }}.clone +- sls: mgmt.create prefs: - audiovm: "" {%- endload %} diff --git a/salt/sys-gui/prefs-mgmt.sls b/salt/sys-gui/prefs-mgmt.sls new file mode 100644 index 0000000..f9a5109 --- /dev/null +++ b/salt/sys-gui/prefs-mgmt.sls @@ -0,0 +1,16 @@ +{# +SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +include: + - mgmt.prefs + +"{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: tpl-{{ slsdotpath }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/sys-gui/prefs-mgmt.top b/salt/sys-gui/prefs-mgmt.top new file mode 100644 index 0000000..7a6d8f8 --- /dev/null +++ b/salt/sys-gui/prefs-mgmt.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - sys-gui.prefs-mgmt diff --git a/salt/sys-gui/prefs.sls b/salt/sys-gui/prefs.sls index edaa347..18b08df 100644 --- a/salt/sys-gui/prefs.sls +++ b/salt/sys-gui/prefs.sls @@ -14,3 +14,11 @@ SPDX-License-Identifier: AGPL-3.0-or-later - require: - qvm: "{{ slsdotpath }}-autostart" - name: qubes-prefs -- default_guivm {{ slsdotpath }} + +"{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: tpl-{{ slsdotpath }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/sys-pgp/README.md b/salt/sys-pgp/README.md index c999924..93c98a4 100644 --- a/salt/sys-pgp/README.md +++ b/salt/sys-pgp/README.md @@ -28,9 +28,11 @@ and access to them is made from the client through Qrexec. * Top: ```sh -sudo qubesctl top.enable sys-pgp +sudo qubesctl top.enable mgmt sys-pgp +sudo qubesctl --targets=tpl-mgmt state.apply +sudo qubesctl state.apply sys-pgp.prefs-mgmt sudo qubesctl --targets=tpl-sys-pgp,sys-pgp state.apply -sudo qubesctl top.disable sys-pgp +sudo qubesctl top.disable mgmt sys-pgp sudo qubesctl state.apply sys-pgp.prefs ``` @@ -40,9 +42,10 @@ sudo qubesctl state.apply sys-pgp.prefs ```sh sudo qubesctl state.apply sys-pgp.create +sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install +sudo qubesctl state.apply sys-pgp.prefs-mgmt sudo qubesctl --skip-dom0 --targets=tpl-sys-pgp state.apply sys-pgp.install sudo qubesctl --skip-dom0 --targets=sys-pgp state.apply sys-pgp.configure -sudo qubesctl state.apply sys-pgp.prefs ``` diff --git a/salt/sys-pgp/create.sls b/salt/sys-pgp/create.sls index 8fddeee..b2accc2 100644 --- a/salt/sys-pgp/create.sls +++ b/salt/sys-pgp/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -8,14 +8,14 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone - - fedora-minimal.prefs + - mgmt.create {% load_yaml as defaults -%} name: tpl-{{ slsdotpath }} force: True require: - sls: {{ slsdotpath }}.clone -- sls: fedora-minimal.prefs +- sls: mgmt.create prefs: - audiovm: "" {%- endload %} @@ -47,22 +47,3 @@ features: {% from 'utils/macros/policy.sls' import policy_set with context -%} {{ policy_set(sls_path, '80') }} - -"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora": - qvm.vm: - - require: - - qvm: dvm-fedora - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: dvm-fedora - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-install-salt-deps": - cmd.script: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora" - - name: salt-patch.sh - - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh - - args: tpl-{{ slsdotpath }} diff --git a/salt/sys-pgp/install.sls b/salt/sys-pgp/install.sls index 14c6744..b582bd9 100644 --- a/salt/sys-pgp/install.sls +++ b/salt/sys-pgp/install.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -22,13 +22,14 @@ include: - gnupg2 - man-db +{# TODO: sequoia-wot can't be installed on fedora-41 #} {% set pkg = { 'Debian': { 'pkg': ['sq', 'sq-keyring-linter', 'sq-wot', 'sqop', 'sqv'], }, 'RedHat': { - 'pkg': ['sequoia-sq', 'sequoia-keyring-linter', 'sequoia-wot', - 'sequoia-sop', 'sequoia-sqv', 'sequoia-policy-config', + 'pkg': ['sequoia-sq', 'sequoia-keyring-linter', 'sequoia-sop', + 'sequoia-sqv', 'sequoia-policy-config', 'sequoia-chameleon-gnupg'], }, }.get(grains.os_family) -%} diff --git a/salt/sys-pgp/prefs-mgmt.sls b/salt/sys-pgp/prefs-mgmt.sls new file mode 100644 index 0000000..b67ac56 --- /dev/null +++ b/salt/sys-pgp/prefs-mgmt.sls @@ -0,0 +1,17 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +include: + - .create + - mgmt.prefs + +"{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: tpl-{{ slsdotpath }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/sys-pgp/prefs-mgmt.top b/salt/sys-pgp/prefs-mgmt.top new file mode 100644 index 0000000..08d3eda --- /dev/null +++ b/salt/sys-pgp/prefs-mgmt.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - sys-pgp.prefs-mgmt diff --git a/salt/sys-pgp/prefs.sls b/salt/sys-pgp/prefs.sls deleted file mode 100644 index 74627a7..0000000 --- a/salt/sys-pgp/prefs.sls +++ /dev/null @@ -1,27 +0,0 @@ -{# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -include: - - .create - -"{{ slsdotpath }}-set-management_dispvm-to-default": - qvm.vm: - - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: "*default*" - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-shutdown-template": - qvm.shutdown: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default" - - name: tpl-{{ slsdotpath }} - - flags: - - force diff --git a/salt/sys-pgp/prefs.top b/salt/sys-pgp/prefs.top deleted file mode 100644 index 9cc84b3..0000000 --- a/salt/sys-pgp/prefs.top +++ /dev/null @@ -1,10 +0,0 @@ -{# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -base: - 'dom0': - - match: nodegroup - - sys-pgp.prefs diff --git a/salt/utils/macros/clone-template.sls b/salt/utils/macros/clone-template.sls index 329bd90..a66020e 100644 --- a/salt/utils/macros/clone-template.sls +++ b/salt/utils/macros/clone-template.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -35,6 +35,9 @@ include: {% endif %} +{% from 'utils/macros/update-admin.sls' import update_admin -%} +{{ update_admin(source, prefix + name) }} + "{{ prefix }}{{ name }}-clone": qvm.clone: - require: diff --git a/salt/utils/macros/update-admin.sls b/salt/utils/macros/update-admin.sls new file mode 100644 index 0000000..0f6082f --- /dev/null +++ b/salt/utils/macros/update-admin.sls @@ -0,0 +1,48 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{# +Usage: +1: Import this template: +{% from 'utils/macros/update-admin.sls' import update_admin -%} + +2: Set template base to update and the reason for it: +{{ update_admin('fedora-minimal', 'tpl-sys-pgp') }} + +The 'reason' is only used for creating a globally unique ID. +#} + +{% macro update_admin(source, reason, shutdown=True, include_create=False) -%} +{% import source ~ "/template.jinja" as template -%} +{% import "dom0/gui-user.jinja" as gui_user -%} + +{% if include_create -%} +include: + - {{ source }}.create +{% endif -%} + +"{{ reason }}-{{ source }}-update-admin": + cmd.run: + - require: + - sls: {{ source }}.create + - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }} + - runas: {{ gui_user.gui_user }} + +{% if shutdown -%} +{# +Shutdown is necessary for cloned templates to have the newer state. +Even if 'qubes-vm-update' tries to shutdown a qube that was not previously +running, it does not wait for the shutdown to complete: + https://github.com/qubesos/qubes-issues/issues/9814 +#} +"{{ reason }}-{{ source }}-update-admin-shutdown": + qvm.shutdown: + - name: {{ template.template }} + - flags: + - wait +{% endif -%} + +{% endmacro -%}