refactor: initial commit

2025-09-22 21:44:55 -04:00 · 2023-11-13 14:33:28 +00:00 · 2023-11-13 14:33:28 +00:00 · 5eebd789ed
commit 5eebd789ed
591 changed files with 18598 additions and 0 deletions
--- a/salt/reader/README.md
+++ b/salt/reader/README.md
@ -0,0 +1,46 @@
+# reader
+
+Reader environment as the default_dispvm in Qubes OS.
+
+## Table of Contents
+
+* [Description](#description)
+* [Installation](#installation)
+* [Usage](#usage)
+* [Credits](#credits)
+
+## Description
+
+Create a disposable template for reading documents and viewing images called
+"dvm-reader". It is designated to be the "default_dispvm", because of this,
+there is no "netvm", but if you assign one, you will get networking as the
+necessary packages will be installed in the template.
+
+## Installation
+
+- Top:
+```sh
+qubesctl top.enable reader
+qubesctl --targets=tpl-reader state.apply
+qubesctl top.disable reader
+```
+
+- State:
+<!-- pkg:begin:post-install -->
+```sh
+qubesctl state.apply reader.create
+qubesctl --skip-dom0 --targets=tpl-reader state.apply reader.install
+```
+<!-- pkg:end:post-install -->
+
+## Usage
+
+The intended usage of this qube is a receiver of incoming files that the call
+originator/client did no trust to open in its environment. When you run
+`qvm-open-in-dvm` from a qube and it is using the global preferences default
+`default_dispvm`, it will open the file to be read in a disposable based on
+`dvm-reader`.
+
+## Credits
+
+- [Unman](https://github.com/unman/shaker/tree/main/reader)
--- a/salt/reader/clone.sls
+++ b/salt/reader/clone.sls
@ -0,0 +1,8 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% from 'utils/macros/clone-template.sls' import clone_template -%}
+{{ clone_template('debian-minimal', sls_path) }}
--- a/salt/reader/clone.top
+++ b/salt/reader/clone.top
@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - reader.clone
--- a/salt/reader/create.sls
+++ b/salt/reader/create.sls
@ -0,0 +1,57 @@
+{#
+SPDX-FileCopyrightText: 2022 - 2023 unman <unman@thirdeyesecurity.com>
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- from "qvm/template.jinja" import load -%}
+
+include:
+  - .clone
+
+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- memory: 300
+- maxmem: 2000
+features:
+- set:
+  - default-menu-items: "firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204
+  - menu-items: "firefox-esr.desktop chromium.desktop google-chrome.desktop qubes-run-terminal.desktop qubes-start.desktop libreoffice-base.desktop libreoffice-calc.desktop libreoffice-draw.desktop libreoffice-impress.desktop libreoffice-math.desktop libreoffice-startcenter.desktop libreoffice-writer.desktop org.gnome.Evince.desktop qubes-open-file-manager.desktop" # noqa: 204
+{%- endload %}
+{{ load(defaults) }}
+
+{% load_yaml as defaults -%}
+name: dvm-{{ slsdotpath }}
+force: True
+require:
+- qvm: tpl-{{ slsdotpath }}
+present:
+- template: tpl-{{ slsdotpath }}
+- label: red
+prefs:
+- template: tpl-{{ slsdotpath }}
+- label: red
+- netvm: ""
+- memory: 400
+- maxmem: 700
+- vcpus: 1
+- template_for_dispvms: True
+- include_in_backups: False
+features:
+- enable:
+  - appmenus-dispvm
+- set:
+  - menu-items: "qubes-run-terminal.desktop qubes-start.desktop"
+{%- endload %}
+{{ load(defaults) }}
+
+"{{ slsdotpath }}-set-default_dispvm":
+  cmd.run:
+    - name: qubes-prefs default_dispvm dvm-{{ slsdotpath }}
+    - require:
+      - qvm: dvm-{{ slsdotpath }}
--- a/salt/reader/create.top
+++ b/salt/reader/create.top
@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - reader.create
--- a/salt/reader/init.top
+++ b/salt/reader/init.top
@ -0,0 +1,12 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - reader.create
+  'tpl-reader':
+    - reader.install
--- a/salt/reader/install.sls
+++ b/salt/reader/install.sls
@ -0,0 +1,29 @@
+{#
+SPDX-FileCopyrightText: 2022 - 2023 unman <unman@thirdeyesecurity.com>
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] != 'dom0' -%}
+
+include:
+  - browser.install
+
+"{{ slsdotpath }}-updated":
+  pkg.uptodate:
+    - refresh: True
+
+"{{ slsdotpath }}-installed":
+  pkg.installed:
+    - refresh: True
+    - install_recommends: False
+    - skip_suggestions: True
+    - pkgs:
+      - libreoffice
+      - antiword
+      - evince
+      - python3-pdfminer
+      - vim
+
+{% endif -%}
--- a/salt/reader/install.top
+++ b/salt/reader/install.top
@ -0,0 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'tpl-reader':
+    - reader.install