diff --git a/.reuse/dep5 b/.reuse/dep5 index 2d30594..fe35989 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -73,6 +73,10 @@ Files: salt/kicksecure-minimal/files/repo/* Copyright: 2014 Patrick Schleizer License: CC0-1.0 +Files: salt/opentofu/files/repo/* +Copyright: 2023 OpenTofu +License: CC0-1.0 + Files: salt/signal/files/repo/* Copyright: 2017 Open Whisper Systems License: CC0-1.0 diff --git a/docs/BOOTSTRAP.md b/docs/BOOTSTRAP.md index 2768438..809f79b 100644 --- a/docs/BOOTSTRAP.md +++ b/docs/BOOTSTRAP.md @@ -85,6 +85,7 @@ you accomplish your mission. - Remote task execution and configuration management: - [ansible](../salt/ansible/README.md) - [docker](../salt/docker/README.md) + - [opentofu](../salt/opentofu/README.md) - [terraform](../salt/terraform/README.md) - Coding: diff --git a/salt/opentofu/README.md b/salt/opentofu/README.md new file mode 100644 index 0000000..210de36 --- /dev/null +++ b/salt/opentofu/README.md @@ -0,0 +1,38 @@ +# opentofu + +OpenTofu installation in Qubes OS. + +## Table of Contents + +* [Description](#description) +* [Installation](#installation) +* [Usage](#usage) + +## Description + +Installs OpenTofu and use it on the "opentofu" app qube. An open-source fork +of Terraform. + +## Installation + +- Top: +```sh +qubesctl top.enable opentofu +qubesctl --targets=tpl-opentofu state.apply +qubesctl top.disable opentofu +``` + +- State: + +```sh +qubesctl state.apply opentofu.create +qubesctl --skip-dom0 --targets=tpl-opentofu state.apply opentofu.install +``` + + +## Usage + +You will be able to run OpenTofu from the "opentofu" qube. As simple as +that. + +When using SSH keys, being a split-ssh-agent will facilitate key management. diff --git a/salt/opentofu/clone.sls b/salt/opentofu/clone.sls new file mode 100644 index 0000000..0554d7f --- /dev/null +++ b/salt/opentofu/clone.sls @@ -0,0 +1,8 @@ +{# +SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% from 'utils/macros/clone-template.sls' import clone_template -%} +{{ clone_template('debian-minimal', sls_path) }} diff --git a/salt/opentofu/clone.top b/salt/opentofu/clone.top new file mode 100644 index 0000000..5792088 --- /dev/null +++ b/salt/opentofu/clone.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - opentofu.clone diff --git a/salt/opentofu/create.sls b/salt/opentofu/create.sls new file mode 100644 index 0000000..c62f356 --- /dev/null +++ b/salt/opentofu/create.sls @@ -0,0 +1,44 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{%- from "qvm/template.jinja" import load -%} + +include: + - .clone + +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + +{% load_yaml as defaults -%} +name: {{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +present: +- template: tpl-{{ slsdotpath }} +- label: purple +prefs: +- template: tpl-{{ slsdotpath }} +- label: purple +- audiovm: "" +- vcpus: 1 +- memory: 400 +- maxmem: 600 +- autostart: False +features: +- disable: + - service.cups + - service.cups-browsed + - service.tinyproxy +{%- endload %} +{{ load(defaults) }} diff --git a/salt/opentofu/create.top b/salt/opentofu/create.top new file mode 100644 index 0000000..0d53542 --- /dev/null +++ b/salt/opentofu/create.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - opentofu.create diff --git a/salt/opentofu/files/repo/opentofu.asc b/salt/opentofu/files/repo/opentofu.asc new file mode 100644 index 0000000..baa49c3 --- /dev/null +++ b/salt/opentofu/files/repo/opentofu.asc @@ -0,0 +1,117 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGVUyIwBEADPg6jUJm5liMTiDndyprnwXQ23GdyQm/kW9MFOhYDRksmmbsz0 +DCfqntFpuoKxPXzA+JTrZlWZONtU+leZjIOlAVZiz0rwz5EJq7uIrkueWtUk6AYk +BLN+zMtbui0z3HCPVNnR5BlVNyXQeW3jlrQtzuKevjZWzI0gbQGgEKNpj+lfyRFu +6q3u/T0o3p/6bOOlQHwCMtnFlWpjr6f/J2EdUVO/6NYHQzImPj4LINXF/+eqo7v6 +svFtaVTtREG2V2V7We7bu/cJ+NgJYH7ro7UhB1RQH2k09NdpSCt9F60PVERnORpx +GBkM/VKZzgMSzRvdpxUWwrLxfAxinu5ddbBm3y0bzaU80OT3i1qrWIqW73fmdGHQ +71gbJxRrroyLMWehjcJ/9WJDxkHqsfPKqBifYsp6/J9npczDfSU+zYBVGpR73a4E +dbeIRWqwbH0LWhlbi1IM5aFDaZMFNkY+AWyP+OHn8Kehu6DOIh1AVM7v7vLxaX9h +t1jVJbswjvPFYquv1DvUdc7VP2QHz3xctQS1GZJQ1ekcgTv9rRYXUOOwknInjtkM +9kQDtyBkVLcEc8ha3Cfh6PJscIP5VHwaNMgAPr9tsl3xqdz56l5UPjFSFuel98jS +Bqn83VrT0uKwM0PnDVHd/7q8+Dg1EtOggMwZ830KORFNdjfv6ydsBvl7fwARAQAB +tEpPcGVuVG9mdSAoVGhpcyBrZXkgaXMgdXNlZCB0byBzaWduIG9wZW50b2Z1IHBy +b3ZpZGVycykgPGNvcmVAb3BlbnRvZnUub3JnPokCTAQTAQgAQQUCZVTIjAkQDArz +E+X9n4AWIQTj5uQ9hMuFLq2wBR0MCvMT5f2fgAIbAwIeAQIZAQMLCQcCFQgDFgAC +BScJAgcCAABwAg/1HZnTvPHZDWf5OluYOaQ7ADX/oyjUO85VNUmKhmBZkLr5mTqr +LO72k9fg+101hbggbhtK431z3Ca6ZqDAG/3DBi0BC1ag0rw83TEApkPGYnfX1DWS +1ZvyH1PkV0aqCkXAtMrte2PlUiieaKAsiYOIXqfZwszd07gch14wxMOw1B6Au/Xz +Nrv2omnWSgGIyR6WOsG4QQ8R5AMVz3K8Ftzl6520wBgtr3osA3uM/xconnGVukMn +9NLQqKx5oeaJwONZpyZL5bg2ke9MVZM2+bG30UGZKoxrzOtQ//OTOYlhPCqm1ffR +hYrUytwsWzDnJvXJF1QhnDu8whP3tSrcHyKxYZ9xUNzeu2AmjYfvkKHSdK2DFmOf +DafaRs3c1VYnC7J7aRi6kVF/t+vWeOEVpPylyK7vSbPFc6XVoQrsE07hbN/BjWjm +s8voK5U6oJRgEugXtSQKFypfOq8R99nXwbMHdhqY8aGyOCj++cuvRCUBDZAQqPEW +AuD0X7+9Trnfin47MK+n18wsTAL4w6PJhtCrwK4e0cVuQ5u4M/PMid5W6hEA27PX +x506Jpe8iRmcIP/cCR6pvhgOUMC36bIkAqZ5dJ545kDQju0lf8gLdVIQpig45udn +ZM2KgyApGqhsS7yCUrbLDrtNmQ31TSYdKc8IU+/jXkfy2RYbZ+wNgfloKLkCDQRl +VMiMARAAwRZUyMIc5TNbcFg3WGKxhaNC9hDZ4zBfXlb5jONzZOx3rDi2lD4UQOH+ +NpG7CF98co//kryS/4AsDdp2jzhh+VMgyx6KJIhSkBP6kqhriy9eWRmgfrnLbUf4 +6kkTkzLVkjYnMNeyHt+mi9I7EKtsDuF/EvjlwF5E81+DEOteCO/un/Qt1q3e1Slf +vTpLkPvr1FiQ3VqzaBeBBI3MAMb/ycwL6hQE1l4Lg34T43Zu+9zkE1uzvjeNIlIW +ucjB4q1htEjJl2CLAv+8cGHdmCcV2ZO3WM8M9Omq1CE7jhak4NE/YuGylJYCBd+B +S7tuDPDu6+o4Nx+axxcwMvgyfr07FteEr1Lopaw2ci8b/xzQie/gkI0CByQMwD5V +gnJpiMBnjP4d6UF6HEVldCQ7a3T1T80bKj5JjtFbR9P85Qntuheqn3Pge89YexMc +E/00VA3blrj+GeYpO9ZGFu7DR/x4sjnTEhfjXEoLv1C4AdgGHCIjW9wU6HkcWnla +X7akKlwIWEUP/BFLkcWPpmUrtClhWx9wq1GHFvKAN/qp//VWnv4IfRU6RjmVPOWB +efvTu/cpsfBHLyp15goOYPboahIdTUTNQIXh4Vid7E1NoKnWZUMu50n3/zAbjSds +mNmifi4g01MYJ3TVoU2Q01P7NiD3IRmaw72nLmf9cM9/7QMdGn0AEQEAAYkCNgQY +AQgAKgUCZVTIjAkQDArzE+X9n4AWIQTj5uQ9hMuFLq2wBR0MCvMT5f2fgAIbDAAA +SUoP/2ExsUoGbxjuZ76QUnYtfzDoz+o218UWd3gZCsBQ6/hGam5kMq+EUEabF3lV +7QLDyn/1v5sqrkmYg0u5cfjtY3oimCPvr6E0WTuqMIwYl0fdlkmdNttDpMqvCazq +bzLK5dDVWbh/EYTiEN1xKXM6rlAquYv8I16uWL8QHanMb6yexNmDYhC4fXWqCi+s +5sXxWrPrd+fGz8CR/fEYahPXj8uY6dwN9DlWyek9QtKW2PsqrkBn5vCOm2IyZW6d +t/Kn70tYtxMxJND2otk47mpG/Fv3sYK2bTGJ+k/5+E5IrjWqIX2lVB3G1+TCoZ5s +cc16zls32mOlRh81fTAqcwkDFxICxcOeNHGLt3N+UvoPSUafYKD96rn5mWFao4xb +cFniaYv2PdqH8HDjvXZXqHypRMXvYMbXXOgydLL+tSUSBpMTd4afjq8x2gNSWOEL +I1jT5FWbKTKan0ycKi37bSqGHhDjlg4HRGvC3IK0EuVjdX3r+8uIVgFbqLwNhXk4 +GAIL03vl689TQ7/oPW75XCQIevFai0kcJPl6qIRvi9/S/v5EPRy9UDCGY/MPmc5f +H1an0ebU4I4TlYfBoEUkYYqBDxvxWW0I/Q01rDebcd6mrGw8lW1EiNZlClLwx9Bv +/+MNnIT9m1f8KeqmweoAgbIQRUI7EkJSzxYN4DNuy2XoKmF9 +=CRuR +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGVOQMUBEACxkE5gkTJlIeXr68hdt181kmTjJpU3KrvkFbtpKqOaX23Mb7nr +wNjqt0z/N9fAUBmBrrEVwoyJljlxocKcTGfgIJ6GvbgfpxMIskm9yo9vZBoqzlV1 +wcTCDJhWOI3f3JzeSOSMYch2pv5fAIn8vKF+2H+iStJU6i9HRR9jfXutnSN9PyZ/ +DBlGITqF998K7AVYzcKJuURE5Z46ugVeYFxkM7e2Vox3SL1L5XYIL5AMKQISej5O +XHSUQTN2jT6JLlFYq32mQG1n3aoieiUhPRdyxnqDNfu3e7w7Sz9SbIrH4xPtGF71 +9rid+VaiECbRY4nUUbKseoV9EZ+3Ve3Vhn48h7F8xaPhVMw+BhF2PRZ8b2HG0vxS +WmJo6SDMmAG65P9ZvMCk2zn4IBSiFpMQIt+0Ndv5u6z1I+E4qhh7P7wP19zJmYxk +j+7+cJAjuB+5gZ4w+3aJ6gJO3q178lN7izBPOaw7d4cNkyqU0T0JnaDpZy/cTp2i +E+s/sca46e91Vm3y8ghuW/zf8FW94Ve4SUjV6QLi4fuyA73TSb8VlVeLtvymOmAD +rup6vL68alNvHxpOvyTW7S16E3GTcR7XE8m4Eyd986oZ5JCIK3yD9eAgCQ07x1yn +7tUu2mXEKevgJv36AVWMZHRy3EnQyfTGlm+Zz9TgT8octpgxB8aXuk0JVQARAQAB +tGpodHRwczovL3BhY2thZ2VjbG91ZC5pby9vcGVudG9mdS90b2Z1IChodHRwczov +L3BhY2thZ2VjbG91ZC5pby9kb2NzI2dwZ19zaWduaW5nKSA8c3VwcG9ydEBwYWNr +YWdlY2xvdWQuaW8+iQJOBBMBCgA4FiEE9K9w9m6sQzfu7Ml0B9PfzUxhSZ8FAmVO +QMUCGy8FCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQB9PfzUxhSZ+LUA//aMcE +Kw1Pa91YS38i72c7yWXzZ8m5ArGchpFDbWKqdu1Oce1NqP1A9rAUFOPy5Oj7ClT8 +vydqoiUKh1pQ/P8Vo1BpD7jxL/FqS083qFT8rcL+fab61PtYRitn55vCeYI/4anj +g22BVv5671861m+3e/MW3nwKNEanhoFA7LocXxfYn16qiogwdc00nyUJmfWq0N3B +iJEkY04pTUJONB1xDCi+DsU42PUcv+W/d4a/AMKsEpTfo0i/B2O+kJMFU4Zm1G7H +8mnmvTr9iM5FT7ebEOUQLT+xcpUPDvtums5RONU0Rs6VrJeHW52aRkcijMBdVVju +ZIBgor1EC5coqblMvWVFlA0OytG+aRvrIrRloDiXoACYJd2ax/qAAJiteFJYhAY1 +cOBwzepXOTzpEwzuRuKbrFTmUuXVh+lCJ3nHMCcdFsFuzjVh8ZHHLZS44KQrWaNL +iAguDfTWuV58m6V6v4FezOrz2O6TdM7Mj5Lq/9WZ0vfrtpbnGw9jl3IpaPgSIulP +b3s8xVMIFjEGItVjE+tNtuO5tL3X98yWxZWetRkI4qX7y4+Io8BY2rRldjqBIWwZ +L9UaiiYNUgGdR2lS3TXz1jEoG0+7Zd7Gh4cLa7UrZHOHg3jqRhEJFFkes6M+ZbnT ++vCg/qJaj77yKRs5f5R73hEzyrCY84Y7N3gXEfW5Ag0EZU5AxQEQAOsAzEW0XL1i +fXzWRN4KuK3lOxrgLro63YGKo3viKYPPhHja6VRmrYdnsZ8/FjccBy3jy92X5TQk +ZF2gAvpSkFYafhVzlpmYtYhdOiTmrjp63g0M5Q7xLVzT+KNeyUsg+Mgmda5j0LGh +7oZ7Oz/+W/nQHw+UVFoP+PR1Fg22icmVyGF/XaYI73Az73KR8Ffl1IoVLu9isF+N +iU7r7r8tUfWQbdCUT/pn1uQtxGrGxhG4b94b6d/k3LJWGg4mW4OZKPoFuTIWn0o2 +MJGvEN3ODZJ6iMdUgHKlrqkmNRA4mmXNl/vztGFwRaeN0N/oMXYCRKUcHLCHm1sq +QM4jlVj+7rXEPAol4843rC94RnGSzEkGiREONKAFFx0E7nYg+0EHNTs9eJ/qiQci +d4Eiw8nmFbM3Wi4JnyrJjQXXeQoZk/zibMQiM8j4mEsC4qHdpLGBX+9sJboyFwAa +a/BI28HysrLkDbZGvCp6b9Y+LDx3baMmZ0v1sQ+EOmUV3wvd/mQUx4yGIYaX7YX7 +CtE0FR71UhLKVur1lXVmQ0hGAnt7/YTKx8b+sFyGX19cSXt78XE/P0X8sHTVkn4m +XyZ7CLHwUp0OCyKfzsxcMtviID66hhn+Qwo4PYDRcaedHEpUWhGzdK7sYRMVmoDc +avVqfPepxNDcTd7KID+IbpOYEkwc2d+RABEBAAGJBGwEGAEKACAWIQT0r3D2bqxD +N+7syXQH09/NTGFJnwUCZU5AxQIbLgJACRAH09/NTGFJn8F0IAQZAQoAHRYhBFnU +EjT596/QBxQ/anDfWYEai5EJBQJlTkDFAAoJEHDfWYEai5EJTYMP/2kJ4g5wwKzC +PjeVGxiIxyp5ITvFnYhbI5hv1m62Qd9dQPtilWa4W0PB2G7LxMVwuT4TjVNLIKm0 +LUhKcc25XkMl5kh8NUIfAtWhssv/zEfdEDbqSBzQs0HwA27wWyVhYI0mp3n1u0JT +rIvf+lrtqExPJZtZSz5BLbi1vixB8aFdf9qN02nBaOLeunwd0XivT8uruE9FlAOg +ODMSQYIDPXgt+pOWroBIOau0lES/6r3OijY4QSSlPZXv8UHYd4EjUnHlACyM7yR+ +uXm/vb4j0jJkVuzDEOcShYBU4Mq4hX3F9pwxSg1vqdFrElAo4uRverrZsqDko11f +CtlEdYr14V2/Yjz04UuYzsVjQJs62sKtTLknrZo9zxl+r/vfZtuh07Lhr/dvWeyE +4wFCbjxwQtrqQbF9POLlKl200wCEcGgQSRMF7sRahsvx7aNrW51k3qg6XA9fV6RM +A0gtbJ1OLi91PA6dRpqiaMf2O6jJa2LcB/MGY3yiSUBvp80T3z2QUgPKGsmKQFJK +EUnYL006Qq3DE3rM49sFRFYyrBoIvGYxnFV4AyEYANr4laeHaty6LOR5KeUiWiBv +2gZU9lJ79ygnEAp7GD5SW/LzrIO0fjwdL9FQFp6M5ktfWeW+tzYsZ0ufshNb+ad/ +fhBGN82vhp4msK2D01sAevII2ZQUn4D1RioQAJTEd6zvPl92uAYqf0KxRddMtHsZ +L2EmWvUPXs7kgE/5OdwmD0x8ALW65cAiGZYl0yUdVMMfFq7EFMXqD9erwV7LUrsq +qucYDw4C1u6l96lC7mmqTPIwbL5B/Sq/14Y1qwfrF+uYjNji30Le4CCvreDzEe/z +Ro2pGJbmUjLDBvjuuqwcT8O0zbmCbOlJDNoZ7dYpzjDKytIJam+HYEQfAsfnYkbX +X+hIwLEq3sUQ2tBGBguIQeYc2nZKwHPP4z1d8bZ+W4GmTNBT5Xmlr+ibk1BWeLOY +ikoMbk+mjKL5aKCf5K5WPme6FxWUfrc35MK9Z+MadHt9avMUGoicmlE/QPjFmkr5 +RZPxmHdKZ3sLk1JPmOaaQD6iUitxRTIoLSxx54YbwrXy+E5oqSVgoreRj+lbmq63 +IQ5CQMh9A6BXZJSrvvTIuMqQcDh3YNgiWbENnPtxpeZBOpF/GM4O/EB5jyDi55Fw +TyhVBh6y29nlmvi0X/i/QYQirVYjn4eFJlqC6iTkoFFLe4nRe/vC80AxAzrjFWi/ +5YX0M4svJBgWRFtqUsCREVSymkhat64JhsUQso1wktjpdfg3sj9BfVPo+LzSbiPe +sK+NgDFNb6frvnfv53kgkDOToIrER8pOqEYPufmqRvY7WkZiRuZwcnQE4bsHA46e +5ReBboz/tMQSI5vI +=SxL8 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/salt/opentofu/files/repo/opentofu.list b/salt/opentofu/files/repo/opentofu.list new file mode 100644 index 0000000..f0e216e --- /dev/null +++ b/salt/opentofu/files/repo/opentofu.list @@ -0,0 +1,2 @@ +deb [signed-by=/usr/share/keyrings/opentofu.asc] http://packages.opentofu.org/opentofu/tofu/any/ any main +# vim:ft=debsources diff --git a/salt/opentofu/files/repo/opentofu.sources b/salt/opentofu/files/repo/opentofu.sources new file mode 100644 index 0000000..ec34871 --- /dev/null +++ b/salt/opentofu/files/repo/opentofu.sources @@ -0,0 +1,6 @@ +Types: deb +URIs: http://packages.opentofu.org/opentofu/tofu/any/ +Suites: any +Components: main +Signed-by: /usr/share/keyrings/opentofu.asc +# vim:ft=debsources diff --git a/salt/opentofu/files/repo/opentofu.yum.asc b/salt/opentofu/files/repo/opentofu.yum.asc new file mode 100644 index 0000000..baa49c3 --- /dev/null +++ b/salt/opentofu/files/repo/opentofu.yum.asc @@ -0,0 +1,117 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGVUyIwBEADPg6jUJm5liMTiDndyprnwXQ23GdyQm/kW9MFOhYDRksmmbsz0 +DCfqntFpuoKxPXzA+JTrZlWZONtU+leZjIOlAVZiz0rwz5EJq7uIrkueWtUk6AYk +BLN+zMtbui0z3HCPVNnR5BlVNyXQeW3jlrQtzuKevjZWzI0gbQGgEKNpj+lfyRFu +6q3u/T0o3p/6bOOlQHwCMtnFlWpjr6f/J2EdUVO/6NYHQzImPj4LINXF/+eqo7v6 +svFtaVTtREG2V2V7We7bu/cJ+NgJYH7ro7UhB1RQH2k09NdpSCt9F60PVERnORpx +GBkM/VKZzgMSzRvdpxUWwrLxfAxinu5ddbBm3y0bzaU80OT3i1qrWIqW73fmdGHQ +71gbJxRrroyLMWehjcJ/9WJDxkHqsfPKqBifYsp6/J9npczDfSU+zYBVGpR73a4E +dbeIRWqwbH0LWhlbi1IM5aFDaZMFNkY+AWyP+OHn8Kehu6DOIh1AVM7v7vLxaX9h +t1jVJbswjvPFYquv1DvUdc7VP2QHz3xctQS1GZJQ1ekcgTv9rRYXUOOwknInjtkM +9kQDtyBkVLcEc8ha3Cfh6PJscIP5VHwaNMgAPr9tsl3xqdz56l5UPjFSFuel98jS +Bqn83VrT0uKwM0PnDVHd/7q8+Dg1EtOggMwZ830KORFNdjfv6ydsBvl7fwARAQAB +tEpPcGVuVG9mdSAoVGhpcyBrZXkgaXMgdXNlZCB0byBzaWduIG9wZW50b2Z1IHBy +b3ZpZGVycykgPGNvcmVAb3BlbnRvZnUub3JnPokCTAQTAQgAQQUCZVTIjAkQDArz +E+X9n4AWIQTj5uQ9hMuFLq2wBR0MCvMT5f2fgAIbAwIeAQIZAQMLCQcCFQgDFgAC +BScJAgcCAABwAg/1HZnTvPHZDWf5OluYOaQ7ADX/oyjUO85VNUmKhmBZkLr5mTqr +LO72k9fg+101hbggbhtK431z3Ca6ZqDAG/3DBi0BC1ag0rw83TEApkPGYnfX1DWS +1ZvyH1PkV0aqCkXAtMrte2PlUiieaKAsiYOIXqfZwszd07gch14wxMOw1B6Au/Xz +Nrv2omnWSgGIyR6WOsG4QQ8R5AMVz3K8Ftzl6520wBgtr3osA3uM/xconnGVukMn +9NLQqKx5oeaJwONZpyZL5bg2ke9MVZM2+bG30UGZKoxrzOtQ//OTOYlhPCqm1ffR +hYrUytwsWzDnJvXJF1QhnDu8whP3tSrcHyKxYZ9xUNzeu2AmjYfvkKHSdK2DFmOf +DafaRs3c1VYnC7J7aRi6kVF/t+vWeOEVpPylyK7vSbPFc6XVoQrsE07hbN/BjWjm +s8voK5U6oJRgEugXtSQKFypfOq8R99nXwbMHdhqY8aGyOCj++cuvRCUBDZAQqPEW +AuD0X7+9Trnfin47MK+n18wsTAL4w6PJhtCrwK4e0cVuQ5u4M/PMid5W6hEA27PX +x506Jpe8iRmcIP/cCR6pvhgOUMC36bIkAqZ5dJ545kDQju0lf8gLdVIQpig45udn +ZM2KgyApGqhsS7yCUrbLDrtNmQ31TSYdKc8IU+/jXkfy2RYbZ+wNgfloKLkCDQRl +VMiMARAAwRZUyMIc5TNbcFg3WGKxhaNC9hDZ4zBfXlb5jONzZOx3rDi2lD4UQOH+ +NpG7CF98co//kryS/4AsDdp2jzhh+VMgyx6KJIhSkBP6kqhriy9eWRmgfrnLbUf4 +6kkTkzLVkjYnMNeyHt+mi9I7EKtsDuF/EvjlwF5E81+DEOteCO/un/Qt1q3e1Slf +vTpLkPvr1FiQ3VqzaBeBBI3MAMb/ycwL6hQE1l4Lg34T43Zu+9zkE1uzvjeNIlIW +ucjB4q1htEjJl2CLAv+8cGHdmCcV2ZO3WM8M9Omq1CE7jhak4NE/YuGylJYCBd+B +S7tuDPDu6+o4Nx+axxcwMvgyfr07FteEr1Lopaw2ci8b/xzQie/gkI0CByQMwD5V +gnJpiMBnjP4d6UF6HEVldCQ7a3T1T80bKj5JjtFbR9P85Qntuheqn3Pge89YexMc +E/00VA3blrj+GeYpO9ZGFu7DR/x4sjnTEhfjXEoLv1C4AdgGHCIjW9wU6HkcWnla +X7akKlwIWEUP/BFLkcWPpmUrtClhWx9wq1GHFvKAN/qp//VWnv4IfRU6RjmVPOWB +efvTu/cpsfBHLyp15goOYPboahIdTUTNQIXh4Vid7E1NoKnWZUMu50n3/zAbjSds +mNmifi4g01MYJ3TVoU2Q01P7NiD3IRmaw72nLmf9cM9/7QMdGn0AEQEAAYkCNgQY +AQgAKgUCZVTIjAkQDArzE+X9n4AWIQTj5uQ9hMuFLq2wBR0MCvMT5f2fgAIbDAAA +SUoP/2ExsUoGbxjuZ76QUnYtfzDoz+o218UWd3gZCsBQ6/hGam5kMq+EUEabF3lV +7QLDyn/1v5sqrkmYg0u5cfjtY3oimCPvr6E0WTuqMIwYl0fdlkmdNttDpMqvCazq +bzLK5dDVWbh/EYTiEN1xKXM6rlAquYv8I16uWL8QHanMb6yexNmDYhC4fXWqCi+s +5sXxWrPrd+fGz8CR/fEYahPXj8uY6dwN9DlWyek9QtKW2PsqrkBn5vCOm2IyZW6d +t/Kn70tYtxMxJND2otk47mpG/Fv3sYK2bTGJ+k/5+E5IrjWqIX2lVB3G1+TCoZ5s +cc16zls32mOlRh81fTAqcwkDFxICxcOeNHGLt3N+UvoPSUafYKD96rn5mWFao4xb +cFniaYv2PdqH8HDjvXZXqHypRMXvYMbXXOgydLL+tSUSBpMTd4afjq8x2gNSWOEL +I1jT5FWbKTKan0ycKi37bSqGHhDjlg4HRGvC3IK0EuVjdX3r+8uIVgFbqLwNhXk4 +GAIL03vl689TQ7/oPW75XCQIevFai0kcJPl6qIRvi9/S/v5EPRy9UDCGY/MPmc5f +H1an0ebU4I4TlYfBoEUkYYqBDxvxWW0I/Q01rDebcd6mrGw8lW1EiNZlClLwx9Bv +/+MNnIT9m1f8KeqmweoAgbIQRUI7EkJSzxYN4DNuy2XoKmF9 +=CRuR +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGVOQMUBEACxkE5gkTJlIeXr68hdt181kmTjJpU3KrvkFbtpKqOaX23Mb7nr +wNjqt0z/N9fAUBmBrrEVwoyJljlxocKcTGfgIJ6GvbgfpxMIskm9yo9vZBoqzlV1 +wcTCDJhWOI3f3JzeSOSMYch2pv5fAIn8vKF+2H+iStJU6i9HRR9jfXutnSN9PyZ/ +DBlGITqF998K7AVYzcKJuURE5Z46ugVeYFxkM7e2Vox3SL1L5XYIL5AMKQISej5O +XHSUQTN2jT6JLlFYq32mQG1n3aoieiUhPRdyxnqDNfu3e7w7Sz9SbIrH4xPtGF71 +9rid+VaiECbRY4nUUbKseoV9EZ+3Ve3Vhn48h7F8xaPhVMw+BhF2PRZ8b2HG0vxS +WmJo6SDMmAG65P9ZvMCk2zn4IBSiFpMQIt+0Ndv5u6z1I+E4qhh7P7wP19zJmYxk +j+7+cJAjuB+5gZ4w+3aJ6gJO3q178lN7izBPOaw7d4cNkyqU0T0JnaDpZy/cTp2i +E+s/sca46e91Vm3y8ghuW/zf8FW94Ve4SUjV6QLi4fuyA73TSb8VlVeLtvymOmAD +rup6vL68alNvHxpOvyTW7S16E3GTcR7XE8m4Eyd986oZ5JCIK3yD9eAgCQ07x1yn +7tUu2mXEKevgJv36AVWMZHRy3EnQyfTGlm+Zz9TgT8octpgxB8aXuk0JVQARAQAB +tGpodHRwczovL3BhY2thZ2VjbG91ZC5pby9vcGVudG9mdS90b2Z1IChodHRwczov +L3BhY2thZ2VjbG91ZC5pby9kb2NzI2dwZ19zaWduaW5nKSA8c3VwcG9ydEBwYWNr +YWdlY2xvdWQuaW8+iQJOBBMBCgA4FiEE9K9w9m6sQzfu7Ml0B9PfzUxhSZ8FAmVO +QMUCGy8FCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQB9PfzUxhSZ+LUA//aMcE +Kw1Pa91YS38i72c7yWXzZ8m5ArGchpFDbWKqdu1Oce1NqP1A9rAUFOPy5Oj7ClT8 +vydqoiUKh1pQ/P8Vo1BpD7jxL/FqS083qFT8rcL+fab61PtYRitn55vCeYI/4anj +g22BVv5671861m+3e/MW3nwKNEanhoFA7LocXxfYn16qiogwdc00nyUJmfWq0N3B +iJEkY04pTUJONB1xDCi+DsU42PUcv+W/d4a/AMKsEpTfo0i/B2O+kJMFU4Zm1G7H +8mnmvTr9iM5FT7ebEOUQLT+xcpUPDvtums5RONU0Rs6VrJeHW52aRkcijMBdVVju +ZIBgor1EC5coqblMvWVFlA0OytG+aRvrIrRloDiXoACYJd2ax/qAAJiteFJYhAY1 +cOBwzepXOTzpEwzuRuKbrFTmUuXVh+lCJ3nHMCcdFsFuzjVh8ZHHLZS44KQrWaNL +iAguDfTWuV58m6V6v4FezOrz2O6TdM7Mj5Lq/9WZ0vfrtpbnGw9jl3IpaPgSIulP +b3s8xVMIFjEGItVjE+tNtuO5tL3X98yWxZWetRkI4qX7y4+Io8BY2rRldjqBIWwZ +L9UaiiYNUgGdR2lS3TXz1jEoG0+7Zd7Gh4cLa7UrZHOHg3jqRhEJFFkes6M+ZbnT ++vCg/qJaj77yKRs5f5R73hEzyrCY84Y7N3gXEfW5Ag0EZU5AxQEQAOsAzEW0XL1i +fXzWRN4KuK3lOxrgLro63YGKo3viKYPPhHja6VRmrYdnsZ8/FjccBy3jy92X5TQk +ZF2gAvpSkFYafhVzlpmYtYhdOiTmrjp63g0M5Q7xLVzT+KNeyUsg+Mgmda5j0LGh +7oZ7Oz/+W/nQHw+UVFoP+PR1Fg22icmVyGF/XaYI73Az73KR8Ffl1IoVLu9isF+N +iU7r7r8tUfWQbdCUT/pn1uQtxGrGxhG4b94b6d/k3LJWGg4mW4OZKPoFuTIWn0o2 +MJGvEN3ODZJ6iMdUgHKlrqkmNRA4mmXNl/vztGFwRaeN0N/oMXYCRKUcHLCHm1sq +QM4jlVj+7rXEPAol4843rC94RnGSzEkGiREONKAFFx0E7nYg+0EHNTs9eJ/qiQci +d4Eiw8nmFbM3Wi4JnyrJjQXXeQoZk/zibMQiM8j4mEsC4qHdpLGBX+9sJboyFwAa +a/BI28HysrLkDbZGvCp6b9Y+LDx3baMmZ0v1sQ+EOmUV3wvd/mQUx4yGIYaX7YX7 +CtE0FR71UhLKVur1lXVmQ0hGAnt7/YTKx8b+sFyGX19cSXt78XE/P0X8sHTVkn4m +XyZ7CLHwUp0OCyKfzsxcMtviID66hhn+Qwo4PYDRcaedHEpUWhGzdK7sYRMVmoDc +avVqfPepxNDcTd7KID+IbpOYEkwc2d+RABEBAAGJBGwEGAEKACAWIQT0r3D2bqxD +N+7syXQH09/NTGFJnwUCZU5AxQIbLgJACRAH09/NTGFJn8F0IAQZAQoAHRYhBFnU +EjT596/QBxQ/anDfWYEai5EJBQJlTkDFAAoJEHDfWYEai5EJTYMP/2kJ4g5wwKzC +PjeVGxiIxyp5ITvFnYhbI5hv1m62Qd9dQPtilWa4W0PB2G7LxMVwuT4TjVNLIKm0 +LUhKcc25XkMl5kh8NUIfAtWhssv/zEfdEDbqSBzQs0HwA27wWyVhYI0mp3n1u0JT +rIvf+lrtqExPJZtZSz5BLbi1vixB8aFdf9qN02nBaOLeunwd0XivT8uruE9FlAOg +ODMSQYIDPXgt+pOWroBIOau0lES/6r3OijY4QSSlPZXv8UHYd4EjUnHlACyM7yR+ +uXm/vb4j0jJkVuzDEOcShYBU4Mq4hX3F9pwxSg1vqdFrElAo4uRverrZsqDko11f +CtlEdYr14V2/Yjz04UuYzsVjQJs62sKtTLknrZo9zxl+r/vfZtuh07Lhr/dvWeyE +4wFCbjxwQtrqQbF9POLlKl200wCEcGgQSRMF7sRahsvx7aNrW51k3qg6XA9fV6RM +A0gtbJ1OLi91PA6dRpqiaMf2O6jJa2LcB/MGY3yiSUBvp80T3z2QUgPKGsmKQFJK +EUnYL006Qq3DE3rM49sFRFYyrBoIvGYxnFV4AyEYANr4laeHaty6LOR5KeUiWiBv +2gZU9lJ79ygnEAp7GD5SW/LzrIO0fjwdL9FQFp6M5ktfWeW+tzYsZ0ufshNb+ad/ +fhBGN82vhp4msK2D01sAevII2ZQUn4D1RioQAJTEd6zvPl92uAYqf0KxRddMtHsZ +L2EmWvUPXs7kgE/5OdwmD0x8ALW65cAiGZYl0yUdVMMfFq7EFMXqD9erwV7LUrsq +qucYDw4C1u6l96lC7mmqTPIwbL5B/Sq/14Y1qwfrF+uYjNji30Le4CCvreDzEe/z +Ro2pGJbmUjLDBvjuuqwcT8O0zbmCbOlJDNoZ7dYpzjDKytIJam+HYEQfAsfnYkbX +X+hIwLEq3sUQ2tBGBguIQeYc2nZKwHPP4z1d8bZ+W4GmTNBT5Xmlr+ibk1BWeLOY +ikoMbk+mjKL5aKCf5K5WPme6FxWUfrc35MK9Z+MadHt9avMUGoicmlE/QPjFmkr5 +RZPxmHdKZ3sLk1JPmOaaQD6iUitxRTIoLSxx54YbwrXy+E5oqSVgoreRj+lbmq63 +IQ5CQMh9A6BXZJSrvvTIuMqQcDh3YNgiWbENnPtxpeZBOpF/GM4O/EB5jyDi55Fw +TyhVBh6y29nlmvi0X/i/QYQirVYjn4eFJlqC6iTkoFFLe4nRe/vC80AxAzrjFWi/ +5YX0M4svJBgWRFtqUsCREVSymkhat64JhsUQso1wktjpdfg3sj9BfVPo+LzSbiPe +sK+NgDFNb6frvnfv53kgkDOToIrER8pOqEYPufmqRvY7WkZiRuZwcnQE4bsHA46e +5ReBboz/tMQSI5vI +=SxL8 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/salt/opentofu/files/repo/opentofu.yum.repo b/salt/opentofu/files/repo/opentofu.yum.repo new file mode 100644 index 0000000..455f4e2 --- /dev/null +++ b/salt/opentofu/files/repo/opentofu.yum.repo @@ -0,0 +1,23 @@ +[opentofu] +name=opentofu +baseurl=http://packages.opentofu.org/opentofu/tofu/rpm_any/rpm_any/$basearch +repo_gpgcheck=0 +gpgcheck=1 +enabled=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-opentofu +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 + +[opentofu-source] +name=opentofu-source +baseurl=http://packages.opentofu.org/opentofu/tofu/rpm_any/rpm_any/SRPMS +repo_gpgcheck=0 +gpgcheck=1 +enabled=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-opentofu +sslverify=1 +sslcacert=/etc/pki/tls/certs/ca-bundle.crt +metadata_expire=300 + +# vim: ft=toml diff --git a/salt/opentofu/init.top b/salt/opentofu/init.top new file mode 100644 index 0000000..9d0f8fc --- /dev/null +++ b/salt/opentofu/init.top @@ -0,0 +1,12 @@ +{# +SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - opentofu.create + 'tpl-opentofu': + - opentofu.install diff --git a/salt/opentofu/install.sls b/salt/opentofu/install.sls new file mode 100644 index 0000000..5436012 --- /dev/null +++ b/salt/opentofu/install.sls @@ -0,0 +1,31 @@ +{# +SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if grains['nodename'] != 'dom0' -%} + +include: + - sys-ssh-agent.install-client + +{% from 'utils/macros/install-repo.sls' import install_repo -%} +{{ install_repo(sls_path, 'opentofu') }} + +"{{ slsdotpath }}-updated": + pkg.uptodate: + - refresh: True + +"{{ slsdotpath }}-installed": + pkg.installed: + - refresh: True + - install_recommends: False + - skip_suggestions: True + - pkgs: + - qubes-core-agent-networking + - ca-certificates + - tofu + - vim + - man-db + +{% endif -%} diff --git a/salt/opentofu/install.top b/salt/opentofu/install.top new file mode 100644 index 0000000..b4ba2eb --- /dev/null +++ b/salt/opentofu/install.top @@ -0,0 +1,9 @@ +{# +SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'tpl-opentofu': + - opentofu.install diff --git a/salt/sys-cacher/files/server/conf/acng.conf b/salt/sys-cacher/files/server/conf/acng.conf index 5b08c3f..19145df 100644 --- a/salt/sys-cacher/files/server/conf/acng.conf +++ b/salt/sys-cacher/files/server/conf/acng.conf @@ -94,7 +94,8 @@ Remap-googlerep: https://dl.google.com http://dl.google.com Remap-hashicorprep: https://apt.releases.hashicorp.com http://apt.releases.hashicorp.com Remap-launchpadrep: https://ppa.launchpad.net http://ppa.launchpad.net Remap-signalrep: https://updates.signal.org http://updates.signal.org -Remap-syncthingrep: https://apt.syncthing.net +Remap-syncthingrep: https://apt.syncthing.net http://apt.syncthing.net +Remap-opentofurep: https://packages.opentofu.org http://packages.opentofu.org Remap-whonixdebrep: https://deb.whonix.org http://deb.whonix.org Remap-kicksecuredebrep: https://deb.kicksecure.com http://deb.kicksecure.com