From 422b01e0f6252055af9cf853e93a51fd316dc7bd Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Sat, 20 Jan 2024 19:34:39 +0100 Subject: [PATCH] feat: remove audiovm setting when unnecessary Decrease audio attack surface to qubes that will never need to use it. --- salt/ansible/create.sls | 4 +++ salt/browser/create.sls | 2 ++ salt/debian-minimal/create.sls | 42 ++++++++++++++------------- salt/debian-xfce/create.sls | 44 +++++++++++++++-------------- salt/debian/create.sls | 44 +++++++++++++++-------------- salt/dev/create.sls | 13 +++++++++ salt/fedora-minimal/create.sls | 44 +++++++++++++++-------------- salt/fedora-xfce/create.sls | 44 +++++++++++++++-------------- salt/fedora/create.sls | 42 ++++++++++++++------------- salt/fetcher/create.sls | 11 ++++++++ salt/kicksecure-minimal/create.sls | 42 ++++++++++++++------------- salt/media/create.sls | 19 +++++++++++-- salt/mgmt/create.sls | 13 ++++++++- salt/mirage-builder/create.sls | 13 +++++++++ salt/mutt/create.sls | 3 ++ salt/qubes-builder/create.sls | 12 ++++++++ salt/reader/create.sls | 9 ++++-- salt/remmina/create.sls | 6 +++- salt/signal/create.sls | 3 ++ salt/ssh/create.sls | 12 ++++++++ salt/sys-audio/create.sls | 12 ++++++++ salt/sys-cacher/create.sls | 5 +++- salt/sys-firewall/create.sls | 13 +++++++++ salt/sys-git/create.sls | 11 ++++++++ salt/sys-mirage-firewall/create.sls | 3 ++ salt/sys-net/create.sls | 13 +++++++++ salt/sys-pgp/create.sls | 13 ++++++++- salt/sys-pihole/create.sls | 8 ++++-- salt/sys-rsync/create.sls | 11 ++++++++ salt/sys-ssh-agent/create.sls | 11 ++++++++ salt/sys-ssh/create.sls | 11 ++++++++ salt/sys-syncthing/create.sls | 5 +++- salt/sys-usb/create.sls | 12 ++++++++ salt/sys-wireguard/create.sls | 11 ++++++++ salt/terraform/create.sls | 11 ++++++++ salt/usb/create.sls | 11 ++++++++ salt/vault/create.sls | 3 ++ salt/whonix/create.sls | 44 ++++++++++++++++++++++++++++- 38 files changed, 471 insertions(+), 159 deletions(-) diff --git a/salt/ansible/create.sls b/salt/ansible/create.sls index 725be2a..8d6cb54 100644 --- a/salt/ansible/create.sls +++ b/salt/ansible/create.sls @@ -15,6 +15,7 @@ force: True require: - sls: {{ slsdotpath }}.clone prefs: +- audiovm: "" - memory: 300 - maxmem: 400 features: @@ -24,6 +25,7 @@ features: {%- endload %} {{ load(defaults) }} +{% load_yaml as defaults -%} name: {{ slsdotpath }} force: True require: @@ -35,6 +37,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: purple - netvm: "" +- audiovm: "" - vcpus: 1 - memory: 400 - maxmem: 500 @@ -61,6 +64,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: purple - netvm: "" +- audiovm: "" - vcpus: 1 - memory: 400 - maxmem: 500 diff --git a/salt/browser/create.sls b/salt/browser/create.sls index 664789b..5ef6d87 100644 --- a/salt/browser/create.sls +++ b/salt/browser/create.sls @@ -15,6 +15,7 @@ force: True require: - sls: {{ slsdotpath }}.clone prefs: +- audiovm: "" - memory: 300 - maxmem: 2000 features: @@ -34,6 +35,7 @@ present: - label: red prefs: - label: red +- audiovm: "*default*" - memory: 300 - maxmem: 2000 - vcpus: 1 diff --git a/salt/debian-minimal/create.sls b/salt/debian-minimal/create.sls index b69818a..868630a 100644 --- a/salt/debian-minimal/create.sls +++ b/salt/debian-minimal/create.sls @@ -17,6 +17,27 @@ include: - {{ template.template_clean }}-dvm - {{ template.template }}-dvm +{% load_yaml as defaults -%} +name: {{ template.template }} +force: True +require: +- sls: {{ template.template_clean }}.clone +present: +- label: black +prefs: +- label: black +- audiovm: "" +- memory: 300 +- maxmem: 600 +- vcpus: 1 +- include_in_backups: False +features: +- set: + - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" + - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: dvm-{{ template.template_clean }} force: True @@ -28,6 +49,7 @@ present: prefs: - template: {{ template.template }} - label: red +- audiovm: "" - memory: 300 - maxmem: 400 - vcpus: 1 @@ -41,26 +63,6 @@ features: {%- endload %} {{ load(defaults) }} -{% load_yaml as defaults -%} -name: {{ template.template }} -force: True -require: -- sls: {{ template.template_clean }}.clone -present: -- label: black -prefs: -- label: black -- memory: 300 -- maxmem: 600 -- vcpus: 1 -- include_in_backups: False -features: -- set: - - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" - - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" -{%- endload %} -{{ load(defaults) }} - "{{ slsdotpath }}-set-default_template": cmd.run: - name: qubes-prefs default_template {{ template.template }} diff --git a/salt/debian-xfce/create.sls b/salt/debian-xfce/create.sls index 075f5a3..64f2cd5 100644 --- a/salt/debian-xfce/create.sls +++ b/salt/debian-xfce/create.sls @@ -17,6 +17,27 @@ include: - {{ template.template_clean }}-dvm - {{ template.template }}-dvm +{% load_yaml as defaults -%} +name: {{ template.template }} +force: True +require: +- sls: {{ slsdotpath }}.clone +present: +- label: black +prefs: +- label: black +- audiovm: "" +- vcpus: 1 +- memory: 300 +- maxmem: 600 +- include_in_backups: False +features: +- set: + - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" + - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: dvm-{{ template.template_clean }} force: True @@ -28,9 +49,10 @@ present: prefs: - template: {{ template.template }} - label: red +- audiovm: "" +- vcpus: 1 - memory: 300 - maxmem: 800 -- vcpus: 1 - template_for_dispvms: True - include_in_backups: False features: @@ -40,23 +62,3 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} - -{% load_yaml as defaults -%} -name: {{ template.template }} -force: True -require: -- sls: {{ slsdotpath }}.clone -present: -- label: black -prefs: -- label: black -- memory: 300 -- maxmem: 600 -- vcpus: 1 -- include_in_backups: False -features: -- set: - - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" - - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" -{%- endload %} -{{ load(defaults) }} diff --git a/salt/debian/create.sls b/salt/debian/create.sls index 075f5a3..64f2cd5 100644 --- a/salt/debian/create.sls +++ b/salt/debian/create.sls @@ -17,6 +17,27 @@ include: - {{ template.template_clean }}-dvm - {{ template.template }}-dvm +{% load_yaml as defaults -%} +name: {{ template.template }} +force: True +require: +- sls: {{ slsdotpath }}.clone +present: +- label: black +prefs: +- label: black +- audiovm: "" +- vcpus: 1 +- memory: 300 +- maxmem: 600 +- include_in_backups: False +features: +- set: + - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" + - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: dvm-{{ template.template_clean }} force: True @@ -28,9 +49,10 @@ present: prefs: - template: {{ template.template }} - label: red +- audiovm: "" +- vcpus: 1 - memory: 300 - maxmem: 800 -- vcpus: 1 - template_for_dispvms: True - include_in_backups: False features: @@ -40,23 +62,3 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} - -{% load_yaml as defaults -%} -name: {{ template.template }} -force: True -require: -- sls: {{ slsdotpath }}.clone -present: -- label: black -prefs: -- label: black -- memory: 300 -- maxmem: 600 -- vcpus: 1 -- include_in_backups: False -features: -- set: - - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" - - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" -{%- endload %} -{{ load(defaults) }} diff --git a/salt/dev/create.sls b/salt/dev/create.sls index 3fdecc7..d4f13a4 100644 --- a/salt/dev/create.sls +++ b/salt/dev/create.sls @@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True @@ -20,6 +30,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: purple +- audiovm: "" - vcpus: 1 - memory: 400 - maxmem: 600 @@ -46,6 +57,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: red +- audiovm: "" - vcpus: 1 - memory: 400 - maxmem: 600 @@ -73,6 +85,7 @@ present: prefs: - template: dvm-{{ slsdotpath }} - label: red +- audiovm: "" - vcpus: 1 - memory: 400 - maxmem: 600 diff --git a/salt/fedora-minimal/create.sls b/salt/fedora-minimal/create.sls index 1e26bd3..ef7d37c 100644 --- a/salt/fedora-minimal/create.sls +++ b/salt/fedora-minimal/create.sls @@ -17,6 +17,27 @@ include: - {{ template.template_clean }}-dvm - {{ template.template }}-dvm +{% load_yaml as defaults -%} +name: {{ template.template }} +force: True +require: +- sls: {{ template.template_clean }}.clone +present: +- label: black +prefs: +- label: black +- audiovm: "" +- vcpus: 1 +- memory: 300 +- maxmem: 600 +- include_in_backups: False +features: +- set: + - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" + - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: dvm-{{ template.template_clean }} force: True @@ -28,9 +49,10 @@ present: prefs: - template: {{ template.template }} - label: red +- audiovm: "" +- vcpus: 1 - memory: 300 - maxmem: 400 -- vcpus: 1 - template_for_dispvms: True - include_in_backups: False features: @@ -40,23 +62,3 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} - -{% load_yaml as defaults -%} -name: {{ template.template }} -force: True -require: -- sls: {{ template.template_clean }}.clone -present: -- label: black -prefs: -- label: black -- memory: 300 -- maxmem: 600 -- vcpus: 1 -- include_in_backups: False -features: -- set: - - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" - - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" -{%- endload %} -{{ load(defaults) }} diff --git a/salt/fedora-xfce/create.sls b/salt/fedora-xfce/create.sls index 1e26bd3..ef7d37c 100644 --- a/salt/fedora-xfce/create.sls +++ b/salt/fedora-xfce/create.sls @@ -17,6 +17,27 @@ include: - {{ template.template_clean }}-dvm - {{ template.template }}-dvm +{% load_yaml as defaults -%} +name: {{ template.template }} +force: True +require: +- sls: {{ template.template_clean }}.clone +present: +- label: black +prefs: +- label: black +- audiovm: "" +- vcpus: 1 +- memory: 300 +- maxmem: 600 +- include_in_backups: False +features: +- set: + - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" + - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: dvm-{{ template.template_clean }} force: True @@ -28,9 +49,10 @@ present: prefs: - template: {{ template.template }} - label: red +- audiovm: "" +- vcpus: 1 - memory: 300 - maxmem: 400 -- vcpus: 1 - template_for_dispvms: True - include_in_backups: False features: @@ -40,23 +62,3 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} - -{% load_yaml as defaults -%} -name: {{ template.template }} -force: True -require: -- sls: {{ template.template_clean }}.clone -present: -- label: black -prefs: -- label: black -- memory: 300 -- maxmem: 600 -- vcpus: 1 -- include_in_backups: False -features: -- set: - - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" - - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" -{%- endload %} -{{ load(defaults) }} diff --git a/salt/fedora/create.sls b/salt/fedora/create.sls index 1e26bd3..4430312 100644 --- a/salt/fedora/create.sls +++ b/salt/fedora/create.sls @@ -17,6 +17,27 @@ include: - {{ template.template_clean }}-dvm - {{ template.template }}-dvm +{% load_yaml as defaults -%} +name: {{ template.template }} +force: True +require: +- sls: {{ template.template_clean }}.clone +present: +- label: black +prefs: +- label: black +- audiovm: "" +- memory: 300 +- maxmem: 600 +- vcpus: 1 +- include_in_backups: False +features: +- set: + - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" + - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: dvm-{{ template.template_clean }} force: True @@ -28,6 +49,7 @@ present: prefs: - template: {{ template.template }} - label: red +- audiovm: "" - memory: 300 - maxmem: 400 - vcpus: 1 @@ -40,23 +62,3 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} - -{% load_yaml as defaults -%} -name: {{ template.template }} -force: True -require: -- sls: {{ template.template_clean }}.clone -present: -- label: black -prefs: -- label: black -- memory: 300 -- maxmem: 600 -- vcpus: 1 -- include_in_backups: False -features: -- set: - - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" - - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" -{%- endload %} -{{ load(defaults) }} diff --git a/salt/fetcher/create.sls b/salt/fetcher/create.sls index 271b2f0..b4b37a5 100644 --- a/salt/fetcher/create.sls +++ b/salt/fetcher/create.sls @@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: dvm-{{ slsdotpath }} force: True @@ -20,6 +30,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: red +- audiovm: "" - memory: 300 - maxmem: 500 - vcpus: 1 diff --git a/salt/kicksecure-minimal/create.sls b/salt/kicksecure-minimal/create.sls index e2aa7f5..c4d9d8b 100644 --- a/salt/kicksecure-minimal/create.sls +++ b/salt/kicksecure-minimal/create.sls @@ -23,6 +23,27 @@ include: - pkgs: - grub2-xen-pvh +{% load_yaml as defaults -%} +name: {{ template.template }} +force: True +require: +- sls: {{ slsdotpath }}.clone +present: +- label: black +prefs: +- label: black +- audiovm: "" +- memory: 300 +- maxmem: 600 +- vcpus: 2 +- include_in_backups: False +features: +- set: + - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" + - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: dvm-{{ template.template_clean }} force: True @@ -34,6 +55,7 @@ present: prefs: - template: {{ template.template }} - label: red +- audiovm: "" - memory: 300 - maxmem: 600 - vcpus: 1 @@ -49,23 +71,3 @@ tags: - updatevm-sys-cacher {%- endload %} {{ load(defaults) }} - -{% load_yaml as defaults -%} -name: {{ template.template }} -force: True -require: -- sls: {{ slsdotpath }}.clone -present: -- label: black -prefs: -- label: black -- memory: 300 -- maxmem: 600 -- vcpus: 2 -- include_in_backups: False -features: -- set: - - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" - - default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" -{%- endload %} -{{ load(defaults) }} diff --git a/salt/media/create.sls b/salt/media/create.sls index 7c60d55..6088e57 100644 --- a/salt/media/create.sls +++ b/salt/media/create.sls @@ -7,11 +7,21 @@ SPDX-License-Identifier: AGPL-3.0-or-later {%- from "qvm/template.jinja" import load -%} -{%- import "templates/debian-minimal.jinja" as template -%} +{%- import "debian-minimal/template.jinja" as template -%} include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True @@ -24,6 +34,7 @@ prefs: - template: {{ template.template }} - label: yellow - netvm: "" +- audiovm: "" - vcpus: 2 - memory: 300 - maxmem: 800 @@ -51,9 +62,10 @@ prefs: - template: tpl-{{ slsdotpath }} - label: yellow - netvm: "" +- audiovm: "*default*" +- vcpus: 2 - memory: 300 - maxmem: 800 -- vcpus: 2 - template_for_dispvms: True - include_in_backups: False features: @@ -78,8 +90,9 @@ present: prefs: - template: dvm-{{ slsdotpath }} - label: yellow -- vcpus: 2 - netvm: "" +- audiovm: "*default*" +- vcpus: 2 - memory: 300 - maxmem: 800 - autostart: False diff --git a/salt/mgmt/create.sls b/salt/mgmt/create.sls index d593194..b352d79 100644 --- a/salt/mgmt/create.sls +++ b/salt/mgmt/create.sls @@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: dvm-{{ slsdotpath }} force: True @@ -21,10 +31,11 @@ prefs: - template: tpl-{{ slsdotpath }} - label: black - netvm: "" +- audiovm: "" - dispvm-allowed: True +- vcpus: 1 - memory: 300 - maxmem: 600 -- vcpus: 1 - autostart: False - template_for_dispvms: True - include_in_backups: False diff --git a/salt/mirage-builder/create.sls b/salt/mirage-builder/create.sls index 7b37a8c..c014ff8 100644 --- a/salt/mirage-builder/create.sls +++ b/salt/mirage-builder/create.sls @@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True @@ -20,6 +30,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: gray +- audiovm: "" - vcpus: 2 - memory: 400 - maxmem: 600 @@ -43,6 +54,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: red +- audiovm: "" - vcpus: 2 - memory: 400 - maxmem: 600 @@ -70,6 +82,7 @@ present: prefs: - template: dvm-{{ slsdotpath }} - label: red +- audiovm: "" - vcpus: 2 - memory: 400 - maxmem: 600 diff --git a/salt/mutt/create.sls b/salt/mutt/create.sls index ab1f152..47dc179 100644 --- a/salt/mutt/create.sls +++ b/salt/mutt/create.sls @@ -14,6 +14,8 @@ name: tpl-{{ slsdotpath }} force: True require: - sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" features: - set: - menu-items: "mutt.desktop qubes-run-terminal.desktop qubes-start.desktop" @@ -32,6 +34,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: yellow +- audiovm: "" - vcpus: 1 - memory: 200 - maxmem: 350 diff --git a/salt/qubes-builder/create.sls b/salt/qubes-builder/create.sls index 72f2bf6..ae46d71 100644 --- a/salt/qubes-builder/create.sls +++ b/salt/qubes-builder/create.sls @@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: dvm-{{ slsdotpath }} force: True @@ -20,6 +30,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: red +- audiovm: "" - vcpus: 2 - memory: 400 - maxmem: 2000 @@ -46,6 +57,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: gray +- audiovm: "" - memory: 800 - maxmem: 8000 - vcpus: 4 diff --git a/salt/reader/create.sls b/salt/reader/create.sls index d68c130..73e0bb3 100644 --- a/salt/reader/create.sls +++ b/salt/reader/create.sls @@ -16,12 +16,13 @@ force: True require: - sls: {{ slsdotpath }}.clone prefs: +- audiovm: "" - memory: 300 - maxmem: 2000 features: - set: - - default-menu-items: "firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204 - - menu-items: "firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204 + - default-menu-items: "qubes-run-terminal.desktop qubes-start.desktop" + - menu-items: "qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} @@ -37,6 +38,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: red - netvm: "" +- audiovm: "" - memory: 400 - maxmem: 700 - vcpus: 1 @@ -46,7 +48,8 @@ features: - enable: - appmenus-dispvm - set: - - menu-items: "qubes-run-terminal.desktop qubes-start.desktop" + - default-menu-items: "firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204 + - menu-items: "firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204 {%- endload %} {{ load(defaults) }} diff --git a/salt/remmina/create.sls b/salt/remmina/create.sls index 71d1208..43531be 100644 --- a/salt/remmina/create.sls +++ b/salt/remmina/create.sls @@ -14,6 +14,8 @@ name: tpl-{{ slsdotpath }} force: True require: - sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" features: - set: - default-menu-items: "qubes-run-terminal.desktop qubes-start.desktop org.remmina.Remmina.desktop" @@ -32,9 +34,10 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: orange +- audiovm: "" +- vcpus: 1 - memory: 300 - maxmem: 600 -- vcpus: 1 - template_for_dispvms: True - include_in_backups: False features: @@ -56,6 +59,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: orange +- audiovm: "" - memory: 300 - maxmem: 600 - vcpus: 1 diff --git a/salt/signal/create.sls b/salt/signal/create.sls index d38ce36..6498289 100644 --- a/salt/signal/create.sls +++ b/salt/signal/create.sls @@ -15,6 +15,8 @@ name: tpl-{{ slsdotpath }} force: True require: - sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" features: - set: - menu-items: "signal-desktop.desktop qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" @@ -34,6 +36,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: yellow +- audiovm: "*default*" - vcpus: 1 - memory: 400 - maxmem: 600 diff --git a/salt/ssh/create.sls b/salt/ssh/create.sls index 988cf61..2b08259 100644 --- a/salt/ssh/create.sls +++ b/salt/ssh/create.sls @@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True @@ -20,6 +30,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: purple +- audiovm: "" - vcpus: 1 - memory: 400 - maxmem: 500 @@ -43,6 +54,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: purple +- audiovm: "" - vcpus: 1 - memory: 400 - maxmem: 500 diff --git a/salt/sys-audio/create.sls b/salt/sys-audio/create.sls index b42546a..e43b4b0 100644 --- a/salt/sys-audio/create.sls +++ b/salt/sys-audio/create.sls @@ -8,6 +8,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: dvm-{{ slsdotpath }} force: True @@ -20,6 +30,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: red - netvm: "" +- audiovm: "" - memory: 400 - maxmem: 0 - vcpus: 1 @@ -52,6 +63,7 @@ prefs: - template: dvm-{{ slsdotpath }} - label: red - netvm: "" +- audiovm: disp-{{ slsdotpath }} - include_in_backups: False - pci_strictreset: False - autostart: False diff --git a/salt/sys-cacher/create.sls b/salt/sys-cacher/create.sls index 7bb2337..19e9561 100644 --- a/salt/sys-cacher/create.sls +++ b/salt/sys-cacher/create.sls @@ -15,6 +15,7 @@ force: True require: - sls: {{ slsdotpath }}.clone prefs: +- audiovm: "" - vcpus: 1 - memory: 300 - maxmem: 500 @@ -43,6 +44,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: gray +- audiovm: "" ## Disable memory balooning because of HTTP 503: Cannot allocate memory - maxmem: 0 - memory: 500 @@ -74,8 +76,9 @@ present: prefs: - template: tpl-browser - label: gray -- vcpus: 1 - netvm: "" +- audiovm: "" +- vcpus: 1 - memory: 300 - maxmem: 500 - autostart: False diff --git a/salt/sys-firewall/create.sls b/salt/sys-firewall/create.sls index c437afb..730b62a 100644 --- a/salt/sys-firewall/create.sls +++ b/salt/sys-firewall/create.sls @@ -17,6 +17,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True @@ -28,6 +38,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: orange +- audiovm: "" - memory: 300 - maxmem: 400 - netvm: {{ netvm }} @@ -57,6 +68,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: orange - netvm: {{ netvm }} +- audiovm: "" - memory: 300 - maxmem: 400 - vcpus: 1 @@ -86,6 +98,7 @@ prefs: - template: dvm-{{ slsdotpath }} - label: orange - netvm: {{ netvm }} +- audiovm: "" - memory: 300 - maxmem: 400 - vcpus: 1 diff --git a/salt/sys-git/create.sls b/salt/sys-git/create.sls index b7d4450..acebfb8 100644 --- a/salt/sys-git/create.sls +++ b/salt/sys-git/create.sls @@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True @@ -21,6 +31,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: gray - netvm: "" +- audiovm: "" - vcpus: 1 - memory: 200 - maxmem: 300 diff --git a/salt/sys-mirage-firewall/create.sls b/salt/sys-mirage-firewall/create.sls index 3ef8f9d..21e9a7e 100644 --- a/salt/sys-mirage-firewall/create.sls +++ b/salt/sys-mirage-firewall/create.sls @@ -57,6 +57,7 @@ present: prefs: - virt_mode: pvh - label: black +- audiovm: "" - memory: 64 - maxmem: 64 - vcpus: 1 @@ -77,6 +78,7 @@ prefs: - template: tpl-sys-mirage-firewall - label: orange - netvm: {{ netvm }} +- audiovm: "" - memory: 64 - maxmem: 64 - vcpus: 1 @@ -102,6 +104,7 @@ prefs: - template: dvm-sys-mirage-firewall - label: orange - netvm: {{ netvm }} +- audiovm: "" - memory: 64 - maxmem: 64 - vcpus: 1 diff --git a/salt/sys-net/create.sls b/salt/sys-net/create.sls index 7c8cb81..6379977 100644 --- a/salt/sys-net/create.sls +++ b/salt/sys-net/create.sls @@ -11,6 +11,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True @@ -23,6 +33,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: red - netvm: "" +- audiovm: "" - memory: 400 - maxmem: 0 - vcpus: 1 @@ -55,6 +66,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: red - netvm: "" +- audiovm: "" - memory: 400 - maxmem: 0 - vcpus: 1 @@ -86,6 +98,7 @@ prefs: - template: dvm-{{ slsdotpath }} - label: red - netvm: "" +- audiovm: "" - autostart: False - provides-network: True - pcidevs: {{ net_pcidevs|yaml }} diff --git a/salt/sys-pgp/create.sls b/salt/sys-pgp/create.sls index 2e0424d..5cf5e44 100644 --- a/salt/sys-pgp/create.sls +++ b/salt/sys-pgp/create.sls @@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True @@ -20,9 +30,10 @@ present: prefs: - template: tpl-{{ slsdotpath }} - netvm: "" +- audiovm: "" +- vcpus: 1 - memory: 200 - maxmem: 300 -- vcpus: 1 features: - enable: - servicevm diff --git a/salt/sys-pihole/create.sls b/salt/sys-pihole/create.sls index da5ba5d..bc481e0 100644 --- a/salt/sys-pihole/create.sls +++ b/salt/sys-pihole/create.sls @@ -35,9 +35,10 @@ present: - class: StandaloneVM prefs: - label: orange +- audiovm: "" +- vcpus: 1 - memory: 300 - maxmem: 400 -- vcpus: 1 - netvm: {{ netvm }} - provides-network: true features: @@ -66,10 +67,11 @@ present: - label: orange prefs: - label: orange +- netvm: "" +- audiovm: "" +- vcpus: 1 - memory: 300 - maxmem: 600 -- vcpus: 1 -- netvm: "" - include_in_backups: False features: - disable: diff --git a/salt/sys-rsync/create.sls b/salt/sys-rsync/create.sls index 7dcb785..e6036f3 100644 --- a/salt/sys-rsync/create.sls +++ b/salt/sys-rsync/create.sls @@ -10,6 +10,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True @@ -22,6 +32,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: yellow - netvm: "" +- audiovm: "" - vcpus: 1 - memory: 300 - maxmem: 600 diff --git a/salt/sys-ssh-agent/create.sls b/salt/sys-ssh-agent/create.sls index 1c33726..17a41d6 100644 --- a/salt/sys-ssh-agent/create.sls +++ b/salt/sys-ssh-agent/create.sls @@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True @@ -21,6 +31,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: gray - netvm: "" +- audiovm: "" - memory: 200 - maxmem: 300 - vcpus: 1 diff --git a/salt/sys-ssh/create.sls b/salt/sys-ssh/create.sls index 7dcb785..e6036f3 100644 --- a/salt/sys-ssh/create.sls +++ b/salt/sys-ssh/create.sls @@ -10,6 +10,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True @@ -22,6 +32,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: yellow - netvm: "" +- audiovm: "" - vcpus: 1 - memory: 300 - maxmem: 600 diff --git a/salt/sys-syncthing/create.sls b/salt/sys-syncthing/create.sls index 71a6015..0a5a81e 100644 --- a/salt/sys-syncthing/create.sls +++ b/salt/sys-syncthing/create.sls @@ -17,6 +17,7 @@ force: True require: - sls: {{ slsdotpath }}.clone prefs: +- audiovm: "" - vcpus: 1 - memory: 300 - maxmem: 700 @@ -45,6 +46,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: yellow +- audiovm: "" - vcpus: 1 - memory: 300 - maxmem: 700 @@ -72,8 +74,9 @@ present: prefs: - template: tpl-browser - label: yellow -- vcpus: 1 - netvm: "" +- audiovm: "" +- vcpus: 1 - memory: 300 - maxmem: 600 - autostart: False diff --git a/salt/sys-usb/create.sls b/salt/sys-usb/create.sls index 1218110..b4cf808 100644 --- a/salt/sys-usb/create.sls +++ b/salt/sys-usb/create.sls @@ -23,6 +23,16 @@ include: - pkgs: - qubes-input-proxy +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: dvm-{{ slsdotpath }} force: True @@ -35,6 +45,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: red - netvm: "" +- audiovm: "" - memory: 400 - maxmem: 0 - vcpus: 1 @@ -108,6 +119,7 @@ prefs: - template: dvm-{{ slsdotpath }} - label: red - netvm: "" +- audiovm: "" - memory: 400 - maxmem: 0 - include_in_backups: False diff --git a/salt/sys-wireguard/create.sls b/salt/sys-wireguard/create.sls index 8c23836..97948c5 100644 --- a/salt/sys-wireguard/create.sls +++ b/salt/sys-wireguard/create.sls @@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True @@ -20,6 +30,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: orange +- audiovm: "" - provides-network: True - vcpus: 1 - memory: 300 diff --git a/salt/terraform/create.sls b/salt/terraform/create.sls index d6c1d97..a0be61e 100644 --- a/salt/terraform/create.sls +++ b/salt/terraform/create.sls @@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True @@ -20,6 +30,7 @@ present: prefs: - template: tpl-{{ slsdotpath }} - label: purple +- audiovm: "" - vcpus: 1 - memory: 400 - maxmem: 600 diff --git a/salt/usb/create.sls b/salt/usb/create.sls index 7fc1725..f5d60de 100644 --- a/salt/usb/create.sls +++ b/salt/usb/create.sls @@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone +{% load_yaml as defaults -%} +name: tpl-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: dvm-{{ slsdotpath }} force: True @@ -21,6 +31,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: red - netvm: "" +- audiovm: "" - memory: 300 - maxmem: 500 - vcpus: 1 diff --git a/salt/vault/create.sls b/salt/vault/create.sls index 724338f..5cef608 100644 --- a/salt/vault/create.sls +++ b/salt/vault/create.sls @@ -14,6 +14,8 @@ name: tpl-{{ slsdotpath }} force: True require: - sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" features: - set: - menu-items: "org.keepassxc.KeePassXC.desktop qubes-run-terminal.desktop qubes-start.desktop" @@ -33,6 +35,7 @@ prefs: - template: tpl-{{ slsdotpath }} - label: black - netvm: "" +- audiovm: "" - memory: 400 - maxmem: 600 - vcpus: 1 diff --git a/salt/whonix/create.sls b/salt/whonix/create.sls index 97350f7..ffb8182 100644 --- a/salt/whonix/create.sls +++ b/salt/whonix/create.sls @@ -12,6 +12,26 @@ include: - .clone - qvm.anon-whonix +{% load_yaml as defaults -%} +name: {{ template.whonix_workstation_template }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + +{% load_yaml as defaults -%} +name: {{ template.whonix_gateway_template }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: sys-{{ slsdotpath }} force: True @@ -23,9 +43,31 @@ present: prefs: - template: {{ template.whonix_gateway_template }} - label: black +- audiovm: "" +- vcpus: 1 - memory: 300 - maxmem: 500 -- vcpus: 1 +- include_in_backups: False +- autostart: False +{%- endload %} +{{ load(defaults) }} + +{% load_yaml as defaults -%} +name: anon-{{ slsdotpath }} +force: True +require: +- sls: {{ slsdotpath }}.clone +present: +- template: {{ template.whonix_workstation_template }} +- label: red +prefs: +- template: {{ template.whonix_workstation_template }} +- label: red +- netvm: sys-{{ slsdotpath }} +- audiovm: "" +- vcpus: 1 +- memory: 300 +- maxmem: 1500 - include_in_backups: False - autostart: False {%- endload %}