feat: remove audiovm setting when unnecessary

Decrease audio attack surface to qubes that will never need to use it.
2025-01-11 07:29:33 -05:00 · 2024-01-20 19:34:39 +01:00 · 2024-01-20 19:34:39 +01:00 · 422b01e0f6
commit 422b01e0f6
parent 71dd9a5280
38 changed files with 471 additions and 159 deletions
--- a/salt/ansible/create.sls
+++ b/salt/ansible/create.sls
@ -15,6 +15,7 @@ force: True
 require:
 - sls: {{ slsdotpath }}.clone
 prefs:
+- audiovm: ""
 - memory: 300
 - maxmem: 400
 features:
@ -24,6 +25,7 @@ features:
 {%- endload %}
 {{ load(defaults) }}

+{% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
 require:
@ -35,6 +37,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: purple
 - netvm: ""
+- audiovm: ""
 - vcpus: 1
 - memory: 400
 - maxmem: 500
@ -61,6 +64,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: purple
 - netvm: ""
+- audiovm: ""
 - vcpus: 1
 - memory: 400
 - maxmem: 500
--- a/salt/browser/create.sls
+++ b/salt/browser/create.sls
@ -15,6 +15,7 @@ force: True
 require:
 - sls: {{ slsdotpath }}.clone
 prefs:
+- audiovm: ""
 - memory: 300
 - maxmem: 2000
 features:
@ -34,6 +35,7 @@ present:
 - label: red
 prefs:
 - label: red
+- audiovm: "*default*"
 - memory: 300
 - maxmem: 2000
 - vcpus: 1
--- a/salt/debian-minimal/create.sls
+++ b/salt/debian-minimal/create.sls
@ -17,6 +17,27 @@ include:
      - {{ template.template_clean }}-dvm
      - {{ template.template }}-dvm

+{% load_yaml as defaults -%}
+name: {{ template.template }}
+force: True
+require:
+- sls: {{ template.template_clean }}.clone
+present:
+- label: black
+prefs:
+- label: black
+- audiovm: ""
+- memory: 300
+- maxmem: 600
+- vcpus: 1
+- include_in_backups: False
+features:
+- set:
+  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: dvm-{{ template.template_clean }}
 force: True
@ -28,6 +49,7 @@ present:
 prefs:
 - template: {{ template.template }}
 - label: red
+- audiovm: ""
 - memory: 300
 - maxmem: 400
 - vcpus: 1
@ -41,26 +63,6 @@ features:
 {%- endload %}
 {{ load(defaults) }}

-{% load_yaml as defaults -%}
-name: {{ template.template }}
-force: True
-require:
- sls: {{ template.template_clean }}.clone
-present:
- label: black
-prefs:
- label: black
- memory: 300
- maxmem: 600
- vcpus: 1
- include_in_backups: False
-features:
- set:
-  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-{%- endload %}
-{{ load(defaults) }}
-
 "{{ slsdotpath }}-set-default_template":
  cmd.run:
    - name: qubes-prefs default_template {{ template.template }}
--- a/salt/debian-xfce/create.sls
+++ b/salt/debian-xfce/create.sls
@ -17,6 +17,27 @@ include:
      - {{ template.template_clean }}-dvm
      - {{ template.template }}-dvm

+{% load_yaml as defaults -%}
+name: {{ template.template }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+present:
+- label: black
+prefs:
+- label: black
+- audiovm: ""
+- vcpus: 1
+- memory: 300
+- maxmem: 600
+- include_in_backups: False
+features:
+- set:
+  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: dvm-{{ template.template_clean }}
 force: True
@ -28,9 +49,10 @@ present:
 prefs:
 - template: {{ template.template }}
 - label: red
+- audiovm: ""
+- vcpus: 1
 - memory: 300
 - maxmem: 800
- vcpus: 1
 - template_for_dispvms: True
 - include_in_backups: False
 features:
@ -40,23 +62,3 @@ features:
  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
 {%- endload %}
 {{ load(defaults) }}
-
-{% load_yaml as defaults -%}
-name: {{ template.template }}
-force: True
-require:
- sls: {{ slsdotpath }}.clone
-present:
- label: black
-prefs:
- label: black
- memory: 300
- maxmem: 600
- vcpus: 1
- include_in_backups: False
-features:
- set:
-  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-{%- endload %}
-{{ load(defaults) }}
--- a/salt/debian/create.sls
+++ b/salt/debian/create.sls
@ -17,6 +17,27 @@ include:
      - {{ template.template_clean }}-dvm
      - {{ template.template }}-dvm

+{% load_yaml as defaults -%}
+name: {{ template.template }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+present:
+- label: black
+prefs:
+- label: black
+- audiovm: ""
+- vcpus: 1
+- memory: 300
+- maxmem: 600
+- include_in_backups: False
+features:
+- set:
+  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: dvm-{{ template.template_clean }}
 force: True
@ -28,9 +49,10 @@ present:
 prefs:
 - template: {{ template.template }}
 - label: red
+- audiovm: ""
+- vcpus: 1
 - memory: 300
 - maxmem: 800
- vcpus: 1
 - template_for_dispvms: True
 - include_in_backups: False
 features:
@ -40,23 +62,3 @@ features:
  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
 {%- endload %}
 {{ load(defaults) }}
-
-{% load_yaml as defaults -%}
-name: {{ template.template }}
-force: True
-require:
- sls: {{ slsdotpath }}.clone
-present:
- label: black
-prefs:
- label: black
- memory: 300
- maxmem: 600
- vcpus: 1
- include_in_backups: False
-features:
- set:
-  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-{%- endload %}
-{{ load(defaults) }}
--- a/salt/dev/create.sls
+++ b/salt/dev/create.sls
@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
@ -20,6 +30,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: purple
+- audiovm: ""
 - vcpus: 1
 - memory: 400
 - maxmem: 600
@ -46,6 +57,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: red
+- audiovm: ""
 - vcpus: 1
 - memory: 400
 - maxmem: 600
@ -73,6 +85,7 @@ present:
 prefs:
 - template: dvm-{{ slsdotpath }}
 - label: red
+- audiovm: ""
 - vcpus: 1
 - memory: 400
 - maxmem: 600
--- a/salt/fedora-minimal/create.sls
+++ b/salt/fedora-minimal/create.sls
@ -17,6 +17,27 @@ include:
      - {{ template.template_clean }}-dvm
      - {{ template.template }}-dvm

+{% load_yaml as defaults -%}
+name: {{ template.template }}
+force: True
+require:
+- sls: {{ template.template_clean }}.clone
+present:
+- label: black
+prefs:
+- label: black
+- audiovm: ""
+- vcpus: 1
+- memory: 300
+- maxmem: 600
+- include_in_backups: False
+features:
+- set:
+  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: dvm-{{ template.template_clean }}
 force: True
@ -28,9 +49,10 @@ present:
 prefs:
 - template: {{ template.template }}
 - label: red
+- audiovm: ""
+- vcpus: 1
 - memory: 300
 - maxmem: 400
- vcpus: 1
 - template_for_dispvms: True
 - include_in_backups: False
 features:
@ -40,23 +62,3 @@ features:
  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
 {%- endload %}
 {{ load(defaults) }}
-
-{% load_yaml as defaults -%}
-name: {{ template.template }}
-force: True
-require:
- sls: {{ template.template_clean }}.clone
-present:
- label: black
-prefs:
- label: black
- memory: 300
- maxmem: 600
- vcpus: 1
- include_in_backups: False
-features:
- set:
-  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-{%- endload %}
-{{ load(defaults) }}
--- a/salt/fedora-xfce/create.sls
+++ b/salt/fedora-xfce/create.sls
@ -17,6 +17,27 @@ include:
      - {{ template.template_clean }}-dvm
      - {{ template.template }}-dvm

+{% load_yaml as defaults -%}
+name: {{ template.template }}
+force: True
+require:
+- sls: {{ template.template_clean }}.clone
+present:
+- label: black
+prefs:
+- label: black
+- audiovm: ""
+- vcpus: 1
+- memory: 300
+- maxmem: 600
+- include_in_backups: False
+features:
+- set:
+  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: dvm-{{ template.template_clean }}
 force: True
@ -28,9 +49,10 @@ present:
 prefs:
 - template: {{ template.template }}
 - label: red
+- audiovm: ""
+- vcpus: 1
 - memory: 300
 - maxmem: 400
- vcpus: 1
 - template_for_dispvms: True
 - include_in_backups: False
 features:
@ -40,23 +62,3 @@ features:
  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
 {%- endload %}
 {{ load(defaults) }}
-
-{% load_yaml as defaults -%}
-name: {{ template.template }}
-force: True
-require:
- sls: {{ template.template_clean }}.clone
-present:
- label: black
-prefs:
- label: black
- memory: 300
- maxmem: 600
- vcpus: 1
- include_in_backups: False
-features:
- set:
-  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-{%- endload %}
-{{ load(defaults) }}
--- a/salt/fedora/create.sls
+++ b/salt/fedora/create.sls
@ -17,6 +17,27 @@ include:
      - {{ template.template_clean }}-dvm
      - {{ template.template }}-dvm

+{% load_yaml as defaults -%}
+name: {{ template.template }}
+force: True
+require:
+- sls: {{ template.template_clean }}.clone
+present:
+- label: black
+prefs:
+- label: black
+- audiovm: ""
+- memory: 300
+- maxmem: 600
+- vcpus: 1
+- include_in_backups: False
+features:
+- set:
+  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: dvm-{{ template.template_clean }}
 force: True
@ -28,6 +49,7 @@ present:
 prefs:
 - template: {{ template.template }}
 - label: red
+- audiovm: ""
 - memory: 300
 - maxmem: 400
 - vcpus: 1
@ -40,23 +62,3 @@ features:
  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
 {%- endload %}
 {{ load(defaults) }}
-
-{% load_yaml as defaults -%}
-name: {{ template.template }}
-force: True
-require:
- sls: {{ template.template_clean }}.clone
-present:
- label: black
-prefs:
- label: black
- memory: 300
- maxmem: 600
- vcpus: 1
- include_in_backups: False
-features:
- set:
-  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-{%- endload %}
-{{ load(defaults) }}
--- a/salt/fetcher/create.sls
+++ b/salt/fetcher/create.sls
@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: dvm-{{ slsdotpath }}
 force: True
@ -20,6 +30,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: red
+- audiovm: ""
 - memory: 300
 - maxmem: 500
 - vcpus: 1
--- a/salt/kicksecure-minimal/create.sls
+++ b/salt/kicksecure-minimal/create.sls
@ -23,6 +23,27 @@ include:
    - pkgs:
      - grub2-xen-pvh

+{% load_yaml as defaults -%}
+name: {{ template.template }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+present:
+- label: black
+prefs:
+- label: black
+- audiovm: ""
+- memory: 300
+- maxmem: 600
+- vcpus: 2
+- include_in_backups: False
+features:
+- set:
+  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: dvm-{{ template.template_clean }}
 force: True
@ -34,6 +55,7 @@ present:
 prefs:
 - template: {{ template.template }}
 - label: red
+- audiovm: ""
 - memory: 300
 - maxmem: 600
 - vcpus: 1
@ -49,23 +71,3 @@ tags:
  - updatevm-sys-cacher
 {%- endload %}
 {{ load(defaults) }}
-
-{% load_yaml as defaults -%}
-name: {{ template.template }}
-force: True
-require:
- sls: {{ slsdotpath }}.clone
-present:
- label: black
-prefs:
- label: black
- memory: 300
- maxmem: 600
- vcpus: 2
- include_in_backups: False
-features:
- set:
-  - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-  - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
-{%- endload %}
-{{ load(defaults) }}
--- a/salt/media/create.sls
+++ b/salt/media/create.sls
@ -7,11 +7,21 @@ SPDX-License-Identifier: AGPL-3.0-or-later

 {%- from "qvm/template.jinja" import load -%}

-{%- import "templates/debian-minimal.jinja" as template -%}
+{%- import "debian-minimal/template.jinja" as template -%}

 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
@ -24,6 +34,7 @@ prefs:
 - template: {{ template.template }}
 - label: yellow
 - netvm: ""
+- audiovm: ""
 - vcpus: 2
 - memory: 300
 - maxmem: 800
@ -51,9 +62,10 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: yellow
 - netvm: ""
+- audiovm: "*default*"
+- vcpus: 2
 - memory: 300
 - maxmem: 800
- vcpus: 2
 - template_for_dispvms: True
 - include_in_backups: False
 features:
@ -78,8 +90,9 @@ present:
 prefs:
 - template: dvm-{{ slsdotpath }}
 - label: yellow
- vcpus: 2
 - netvm: ""
+- audiovm: "*default*"
+- vcpus: 2
 - memory: 300
 - maxmem: 800
 - autostart: False
--- a/salt/mgmt/create.sls
+++ b/salt/mgmt/create.sls
@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: dvm-{{ slsdotpath }}
 force: True
@ -21,10 +31,11 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: black
 - netvm: ""
+- audiovm: ""
 - dispvm-allowed: True
+- vcpus: 1
 - memory: 300
 - maxmem: 600
- vcpus: 1
 - autostart: False
 - template_for_dispvms: True
 - include_in_backups: False
--- a/salt/mirage-builder/create.sls
+++ b/salt/mirage-builder/create.sls
@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
@ -20,6 +30,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: gray
+- audiovm: ""
 - vcpus: 2
 - memory: 400
 - maxmem: 600
@ -43,6 +54,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: red
+- audiovm: ""
 - vcpus: 2
 - memory: 400
 - maxmem: 600
@ -70,6 +82,7 @@ present:
 prefs:
 - template: dvm-{{ slsdotpath }}
 - label: red
+- audiovm: ""
 - vcpus: 2
 - memory: 400
 - maxmem: 600
--- a/salt/mutt/create.sls
+++ b/salt/mutt/create.sls
@ -14,6 +14,8 @@ name: tpl-{{ slsdotpath }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
 features:
 - set:
  - menu-items: "mutt.desktop qubes-run-terminal.desktop qubes-start.desktop"
@ -32,6 +34,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: yellow
+- audiovm: ""
 - vcpus: 1
 - memory: 200
 - maxmem: 350
--- a/salt/qubes-builder/create.sls
+++ b/salt/qubes-builder/create.sls
@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: dvm-{{ slsdotpath }}
 force: True
@ -20,6 +30,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: red
+- audiovm: ""
 - vcpus: 2
 - memory: 400
 - maxmem: 2000
@ -46,6 +57,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: gray
+- audiovm: ""
 - memory: 800
 - maxmem: 8000
 - vcpus: 4
--- a/salt/reader/create.sls
+++ b/salt/reader/create.sls
@ -16,12 +16,13 @@ force: True
 require:
 - sls: {{ slsdotpath }}.clone
 prefs:
+- audiovm: ""
 - memory: 300
 - maxmem: 2000
 features:
 - set:
-  - default-menu-items: "firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204
-  - menu-items: "firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204
+  - default-menu-items: "qubes-run-terminal.desktop qubes-start.desktop"
+  - menu-items: "qubes-run-terminal.desktop qubes-start.desktop"
 {%- endload %}
 {{ load(defaults) }}

@ -37,6 +38,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: red
 - netvm: ""
+- audiovm: ""
 - memory: 400
 - maxmem: 700
 - vcpus: 1
@ -46,7 +48,8 @@ features:
 - enable:
  - appmenus-dispvm
 - set:
-  - menu-items: "qubes-run-terminal.desktop qubes-start.desktop"
+  - default-menu-items: "firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204
+  - menu-items: "firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204
 {%- endload %}
 {{ load(defaults) }}

--- a/salt/remmina/create.sls
+++ b/salt/remmina/create.sls
@ -14,6 +14,8 @@ name: tpl-{{ slsdotpath }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
 features:
 - set:
  - default-menu-items: "qubes-run-terminal.desktop qubes-start.desktop org.remmina.Remmina.desktop"
@ -32,9 +34,10 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: orange
+- audiovm: ""
+- vcpus: 1
 - memory: 300
 - maxmem: 600
- vcpus: 1
 - template_for_dispvms: True
 - include_in_backups: False
 features:
@ -56,6 +59,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: orange
+- audiovm: ""
 - memory: 300
 - maxmem: 600
 - vcpus: 1
--- a/salt/signal/create.sls
+++ b/salt/signal/create.sls
@ -15,6 +15,8 @@ name: tpl-{{ slsdotpath }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
 features:
 - set:
  - menu-items: "signal-desktop.desktop qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
@ -34,6 +36,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: yellow
+- audiovm: "*default*"
 - vcpus: 1
 - memory: 400
 - maxmem: 600
--- a/salt/ssh/create.sls
+++ b/salt/ssh/create.sls
@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
@ -20,6 +30,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: purple
+- audiovm: ""
 - vcpus: 1
 - memory: 400
 - maxmem: 500
@ -43,6 +54,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: purple
+- audiovm: ""
 - vcpus: 1
 - memory: 400
 - maxmem: 500
--- a/salt/sys-audio/create.sls
+++ b/salt/sys-audio/create.sls
@ -8,6 +8,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: dvm-{{ slsdotpath }}
 force: True
@ -20,6 +30,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: red
 - netvm: ""
+- audiovm: ""
 - memory: 400
 - maxmem: 0
 - vcpus: 1
@ -52,6 +63,7 @@ prefs:
 - template: dvm-{{ slsdotpath }}
 - label: red
 - netvm: ""
+- audiovm: disp-{{ slsdotpath }}
 - include_in_backups: False
 - pci_strictreset: False
 - autostart: False
--- a/salt/sys-cacher/create.sls
+++ b/salt/sys-cacher/create.sls
@ -15,6 +15,7 @@ force: True
 require:
 - sls: {{ slsdotpath }}.clone
 prefs:
+- audiovm: ""
 - vcpus: 1
 - memory: 300
 - maxmem: 500
@ -43,6 +44,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: gray
+- audiovm: ""
  ## Disable memory balooning because of HTTP 503: Cannot allocate memory
 - maxmem: 0
 - memory: 500
@ -74,8 +76,9 @@ present:
 prefs:
 - template: tpl-browser
 - label: gray
- vcpus: 1
 - netvm: ""
+- audiovm: ""
+- vcpus: 1
 - memory: 300
 - maxmem: 500
 - autostart: False
--- a/salt/sys-firewall/create.sls
+++ b/salt/sys-firewall/create.sls
@ -17,6 +17,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
@ -28,6 +38,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: orange
+- audiovm: ""
 - memory: 300
 - maxmem: 400
 - netvm: {{ netvm }}
@ -57,6 +68,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: orange
 - netvm: {{ netvm }}
+- audiovm: ""
 - memory: 300
 - maxmem: 400
 - vcpus: 1
@ -86,6 +98,7 @@ prefs:
 - template: dvm-{{ slsdotpath }}
 - label: orange
 - netvm: {{ netvm }}
+- audiovm: ""
 - memory: 300
 - maxmem: 400
 - vcpus: 1
--- a/salt/sys-git/create.sls
+++ b/salt/sys-git/create.sls
@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
@ -21,6 +31,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: gray
 - netvm: ""
+- audiovm: ""
 - vcpus: 1
 - memory: 200
 - maxmem: 300
--- a/salt/sys-mirage-firewall/create.sls
+++ b/salt/sys-mirage-firewall/create.sls
@ -57,6 +57,7 @@ present:
 prefs:
 - virt_mode: pvh
 - label: black
+- audiovm: ""
 - memory: 64
 - maxmem: 64
 - vcpus: 1
@ -77,6 +78,7 @@ prefs:
 - template: tpl-sys-mirage-firewall
 - label: orange
 - netvm: {{ netvm }}
+- audiovm: ""
 - memory: 64
 - maxmem: 64
 - vcpus: 1
@ -102,6 +104,7 @@ prefs:
 - template: dvm-sys-mirage-firewall
 - label: orange
 - netvm: {{ netvm }}
+- audiovm: ""
 - memory: 64
 - maxmem: 64
 - vcpus: 1
--- a/salt/sys-net/create.sls
+++ b/salt/sys-net/create.sls
@ -11,6 +11,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
@ -23,6 +33,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: red
 - netvm: ""
+- audiovm: ""
 - memory: 400
 - maxmem: 0
 - vcpus: 1
@ -55,6 +66,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: red
 - netvm: ""
+- audiovm: ""
 - memory: 400
 - maxmem: 0
 - vcpus: 1
@ -86,6 +98,7 @@ prefs:
 - template: dvm-{{ slsdotpath }}
 - label: red
 - netvm: ""
+- audiovm: ""
 - autostart: False
 - provides-network: True
 - pcidevs: {{ net_pcidevs|yaml }}
--- a/salt/sys-pgp/create.sls
+++ b/salt/sys-pgp/create.sls
@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
@ -20,9 +30,10 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - netvm: ""
+- audiovm: ""
+- vcpus: 1
 - memory: 200
 - maxmem: 300
- vcpus: 1
 features:
 - enable:
  - servicevm
--- a/salt/sys-pihole/create.sls
+++ b/salt/sys-pihole/create.sls
@ -35,9 +35,10 @@ present:
 - class: StandaloneVM
 prefs:
 - label: orange
+- audiovm: ""
+- vcpus: 1
 - memory: 300
 - maxmem: 400
- vcpus: 1
 - netvm: {{ netvm }}
 - provides-network: true
 features:
@ -66,10 +67,11 @@ present:
 - label: orange
 prefs:
 - label: orange
+- netvm: ""
+- audiovm: ""
+- vcpus: 1
 - memory: 300
 - maxmem: 600
- vcpus: 1
- netvm: ""
 - include_in_backups: False
 features:
 - disable:
--- a/salt/sys-rsync/create.sls
+++ b/salt/sys-rsync/create.sls
@ -10,6 +10,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
@ -22,6 +32,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: yellow
 - netvm: ""
+- audiovm: ""
 - vcpus: 1
 - memory: 300
 - maxmem: 600
--- a/salt/sys-ssh-agent/create.sls
+++ b/salt/sys-ssh-agent/create.sls
@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
@ -21,6 +31,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: gray
 - netvm: ""
+- audiovm: ""
 - memory: 200
 - maxmem: 300
 - vcpus: 1
--- a/salt/sys-ssh/create.sls
+++ b/salt/sys-ssh/create.sls
@ -10,6 +10,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
@ -22,6 +32,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: yellow
 - netvm: ""
+- audiovm: ""
 - vcpus: 1
 - memory: 300
 - maxmem: 600
--- a/salt/sys-syncthing/create.sls
+++ b/salt/sys-syncthing/create.sls
@ -17,6 +17,7 @@ force: True
 require:
 - sls: {{ slsdotpath }}.clone
 prefs:
+- audiovm: ""
 - vcpus: 1
 - memory: 300
 - maxmem: 700
@ -45,6 +46,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: yellow
+- audiovm: ""
 - vcpus: 1
 - memory: 300
 - maxmem: 700
@ -72,8 +74,9 @@ present:
 prefs:
 - template: tpl-browser
 - label: yellow
- vcpus: 1
 - netvm: ""
+- audiovm: ""
+- vcpus: 1
 - memory: 300
 - maxmem: 600
 - autostart: False
--- a/salt/sys-usb/create.sls
+++ b/salt/sys-usb/create.sls
@ -23,6 +23,16 @@ include:
    - pkgs:
      - qubes-input-proxy

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: dvm-{{ slsdotpath }}
 force: True
@ -35,6 +45,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: red
 - netvm: ""
+- audiovm: ""
 - memory: 400
 - maxmem: 0
 - vcpus: 1
@ -108,6 +119,7 @@ prefs:
 - template: dvm-{{ slsdotpath }}
 - label: red
 - netvm: ""
+- audiovm: ""
 - memory: 400
 - maxmem: 0
 - include_in_backups: False
--- a/salt/sys-wireguard/create.sls
+++ b/salt/sys-wireguard/create.sls
@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
@ -20,6 +30,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: orange
+- audiovm: ""
 - provides-network: True
 - vcpus: 1
 - memory: 300
--- a/salt/terraform/create.sls
+++ b/salt/terraform/create.sls
@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: {{ slsdotpath }}
 force: True
@ -20,6 +30,7 @@ present:
 prefs:
 - template: tpl-{{ slsdotpath }}
 - label: purple
+- audiovm: ""
 - vcpus: 1
 - memory: 400
 - maxmem: 600
--- a/salt/usb/create.sls
+++ b/salt/usb/create.sls
@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
  - .clone

+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: dvm-{{ slsdotpath }}
 force: True
@ -21,6 +31,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: red
 - netvm: ""
+- audiovm: ""
 - memory: 300
 - maxmem: 500
 - vcpus: 1
--- a/salt/vault/create.sls
+++ b/salt/vault/create.sls
@ -14,6 +14,8 @@ name: tpl-{{ slsdotpath }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
 features:
 - set:
  - menu-items: "org.keepassxc.KeePassXC.desktop qubes-run-terminal.desktop qubes-start.desktop"
@ -33,6 +35,7 @@ prefs:
 - template: tpl-{{ slsdotpath }}
 - label: black
 - netvm: ""
+- audiovm: ""
 - memory: 400
 - maxmem: 600
 - vcpus: 1
--- a/salt/whonix/create.sls
+++ b/salt/whonix/create.sls
@ -12,6 +12,26 @@ include:
  - .clone
  - qvm.anon-whonix

+{% load_yaml as defaults -%}
+name: {{ template.whonix_workstation_template }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
+{% load_yaml as defaults -%}
+name: {{ template.whonix_gateway_template }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
 {% load_yaml as defaults -%}
 name: sys-{{ slsdotpath }}
 force: True
@ -23,9 +43,31 @@ present:
 prefs:
 - template: {{ template.whonix_gateway_template }}
 - label: black
+- audiovm: ""
+- vcpus: 1
 - memory: 300
 - maxmem: 500
- vcpus: 1
+- include_in_backups: False
+- autostart: False
+{%- endload %}
+{{ load(defaults) }}
+
+{% load_yaml as defaults -%}
+name: anon-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+present:
+- template: {{ template.whonix_workstation_template }}
+- label: red
+prefs:
+- template: {{ template.whonix_workstation_template }}
+- label: red
+- netvm: sys-{{ slsdotpath }}
+- audiovm: ""
+- vcpus: 1
+- memory: 300
+- maxmem: 1500
 - include_in_backups: False
 - autostart: False
 {%- endload %}