refactor: initial commit

This commit is contained in:
Ben Grande 2023-11-13 14:33:28 +00:00
commit 5eebd789ed
591 changed files with 18598 additions and 0 deletions

18
salt/utils/README.md Normal file
View file

@ -0,0 +1,18 @@
# utils
Utilities library for Qusal.
## Table of Contents
* [Description](#description)
* [Usage](#usage)
## Description
Utils is a SaltStack Qubes library for certain operations shared by multiple
projects such as macros and common tools to be installed.
## Usage
You are not meant to interact with the utils directly, but through other
states.

View file

@ -0,0 +1,30 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
{#
Usage:
1: Import this template:
{% from 'utils/macros/clone-template.sls' import clone_template -%}
2: Set template to clone from and the clone name:
{{ clone_template('debian-minimal', sls_path) }}
#}
{% macro clone_template(source, name) -%}
{%- import source ~ "/template.jinja" as template -%}
include:
- {{ source }}.create
"tpl-{{ name }}-clone":
qvm.clone:
- require:
- sls: {{ source }}.create
- source: {{ template.template }}
- name: tpl-{{ name }}
{% endmacro -%}

View file

@ -0,0 +1,77 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
{#
Install repositories with ease.
Usage:
1: Import this template:
{% from 'utils/macros/install-repo.sls' import install_repo -%}
2: Set template to clone from and the clone name:
{{ install_repo(sls_path, 'chrome') }}
If sls_path is 'browser', then this would install the repo from:
Source directory:
salt://browser/files/repo/
Debian:
chrome.sources -> /etc/apt/sources.list.d/chrome.sources
chrome.asc -> /usr/share/keyrings/chrome.asc
Fedora:
chrome.yum.repo -> /etc/yum.repos.d/chrome.repo
chrome.yum.asc -> /etc/pki/rpm-gpg/RPM-GPG-KEY-chrome
#}
{% macro install_repo(name, repo) -%}
{% if grains['os_family']|lower == 'debian' -%}
"{{ name }}-install-{{ repo }}-keyring":
file.managed:
- name: /usr/share/keyrings/{{ repo }}.asc
- source: salt://{{ name }}/files/repo/{{ repo }}.asc
- mode: '0644'
- user: root
- group: root
- makedirs: True
"{{ name }}-install-{{ repo }}-repository":
file.managed:
- name: /etc/apt/sources.list.d/{{ repo }}.sources
- source: salt://{{ name }}/files/repo/{{ repo }}.sources
- mode: '0644'
- user: root
- group: root
- makedirs: True
"{{ name }}-remove-{{ repo }}-old-format":
file.absent:
- name: /etc/apt/sources.list.d/{{ repo }}.list
{% elif grains['os_family']|lower == 'redhat' -%}
"{{ name }}-install-{{ repo }}-keyring":
file.managed:
- name: /etc/pki/rpm-gpg/RPM-GPG-KEY-{{ repo }}
- source: salt://{{ name }}/files/repo/{{ repo }}.yum.asc
- mode: '0644'
- user: root
- group: root
- makedirs: True
"{{ name }}-install-{{ repo }}-repository":
file.managed:
- name: /etc/yum.repos.d/{{ repo }}.repo
- source: salt://{{ name }}/files/repo/{{ repo }}.yum.repo
- mode: '0644'
- user: root
- group: root
- makedirs: True
{% endif -%}
{% endmacro -%}

View file

@ -0,0 +1,86 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
{#
Qubes RPC Policy Template
Usage:
UNSET POLICY:
------------
{% from 'utils/macros/policy.sls' import policy_unset with context -%}
{{ policy_unset(sls_path, '80') }}
SET POLICY:
-----------
{% from 'utils/macros/policy.sls' import policy_set with context -%}
{{ policy_set(sls_path, '80') }}
{% from 'utils/macros/policy.sls' import policy_set_full with context -%}
{{ policy_set_full('project', '/etc/qubes/policy.d/80-project.policy', 'salt://project/files/admin/policy/default.policy') }}
If you prefer to use 'contents' instead of 'source':
{% from 'utils/macros/policy.sls' import load_policy -%}
{% load_yaml as defaults_policy -%}
name: /etc/qubes/policy.d/80-{{ slsdotpath }}.policy
contents:
- "## Comments need to be quoted."
- qubes.Example * {{ slsdotpath }} @default ask target=sys-test
- qubes.Example * {{ slsdotpath }} sys-test ask
{%- endload %}
{{ load_policy(defaults_policy) }}
#}
{% set policy_mode = '0644' -%}
{% set policy_user = 'root' -%}
{% set policy_group = 'qubes' -%}
{% macro policy_unset(project, number) -%}
"{{ project }}-absent-rpc-policy":
file.absent:
- name: /etc/qubes/policy.d/{{ number ~ '-' ~ project }}.policy
{%- endmacro %}
{% macro policy_set(project, number) -%}
"{{ project }}-set-rpc-policy":
file.managed:
- name: /etc/qubes/policy.d/{{ number ~ '-' ~ project }}.policy
- source: salt://{{ project }}/files/admin/policy/default.policy
- template: jinja
- context:
sls_path: {{ project }}
- mode: {{ policy_mode }}
- user: {{ policy_user }}
- group: {{ policy_group }}
{% endmacro -%}
{% macro policy_set_full(project, name, source) -%}
"{{ project }}-set-full-rpc-policy":
file.managed:
- name: {{ name }}
- source: {{ source }}
- template: jinja
- context:
sls_path: {{ project }}
- mode: {{ policy_mode }}
- user: {{ policy_user }}
- group: {{ policy_group }}
{% endmacro -%}
{% macro state_policy(name, contents) -%}
"{{ name }}-rpc-policy":
file.managed:
- name: {{ name }}
- contents: {{ contents }}
- mode: {{ policy_mode }}
- user: {{ policy_user }}
- group: {{ policy_group }}
{%- endmacro %}
{% macro load_policy(policy) -%}
{{- state_policy(policy.name, policy.contents) }}
{%- endmacro %}

View file

@ -0,0 +1,26 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
{#
Switch Template to Default Template
Usage:
1: Import this template:
{% from 'utils/macros/switch-template.sls' import switch_template -%}
2: Set list of qubes to set default template:
{{ switch_template([sls_path, 'example']) }}
#}
{% set default_template = salt['cmd.shell']('qubes-prefs default_template') -%}
{% macro switch_template(qubes) -%}
{% for qube in qubes -%}
"{{ slsdotpath }}-reset-{{ qube }}-template-to-default_template":
cmd.run:
- name: qvm-prefs {{ qube }} template {{ default_template }}
{% endfor -%}
{% endmacro -%}

View file

@ -0,0 +1,46 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
{#
Qubes Sync Appmenus
Usage:
1: Import this template:
{% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%}
2: Set qube to sync the appmenus:
{{ sync_appmenus('tpl-' ~ sls_path) }}
{{ sync_appmenus('tpl-ssh') }}
#}
{% macro sync_appmenus(qube) -%}
{% set running = 0 -%}
{% if salt['cmd.shell']('qvm-ls --no-spinner --raw-list --running ' ~ qube) == qube -%}
{% set running = 1 -%}
{% endif -%}
"{{ qube }}-start":
qvm.start:
- name: {{ qube }}
{% set gui_user = salt['cmd.shell']('groupmems -l -g qubes') -%}
"{{ qube }}-sync-appmenus":
cmd.run:
- require:
- qvm: {{ qube }}-start
- name: qvm-sync-appmenus {{ qube }}
- runas: {{ gui_user }}
{% if running == 0 -%}
"{{ qube }}-shutdown":
qvm.shutdown:
- require:
- cmd: {{ qube }}-sync-appmenus
- name: {{ qube }}
{% endif -%}
{% endmacro -%}

View file

@ -0,0 +1,29 @@
# builder
Build tools for packaging in Qubes OS.
## Table of Contents
* [Description](#description)
* [Installation](#installation)
* [Usage](#usage)
## Description
This is not necessary for qubes-builder, it is just a set of useful tools for
building packages in UNIX distributions.
## Installation
Install builder tools on templates:
```sh
qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.builder.core
```
Install documentation tools on templates:
```sh
qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.builder.doc
```
## Usage
Standard builder usage, no extra configuration required.

View file

@ -0,0 +1,46 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
{% if grains['nodename'] != 'dom0' -%}
"{{ slsdotpath }}-core-updated":
pkg.uptodate:
- refresh: True
"{{ slsdotpath }}-core-installed":
pkg.installed:
- refresh: True
- install_recommends: False
- skip_suggestions: True
- pkgs:
- qubes-core-agent-networking
- qubes-core-agent-passwordless-root
- bash-completion
- make
- rpmlint
- rpm
- licensecheck
- devscripts
{% set pkg = {
'Debian': {
'pkg': ['equivs', 'dctrl-tools', 'build-essential' 'debhelper', 'quilt',
'lintian', 'mmdebstrap'],
},
'RedHat': {
'pkg': ['rpmdevtools', 'rpm-sign', 'rpm-build', 'fedora-packager',
'fedora-review'],
},
}.get(grains.os_family) -%}
"{{ slsdotpath }}-core-installed-os-specific":
pkg.installed:
- refresh: True
- install_recommends: False
- skip_suggestions: True
- pkgs: {{ pkg.pkg|sequence|yaml }}
{% endif -%}

View file

@ -0,0 +1,25 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
{% if grains['nodename'] != 'dom0' -%}
"{{ slsdotpath }}-doc-updated":
pkg.uptodate:
- refresh: True
"{{ slsdotpath }}-doc-installed":
pkg.installed:
- refresh: True
- install_recommends: False
- skip_suggestions: True
- pkgs:
- pandoc
- ronn
- groff
- man-db
- less
{% endif -%}

View file

@ -0,0 +1,35 @@
# zsh
Zsh environment in Qubes OS.
## Table of Contents
* [Description](#description)
* [Installation](#installation)
* [Usage](#usage)
## Description
Install Zsh, setup it to be the user shell and touch ~/.zshrc to avoid
warnings.
## Installation
- Top
```sh
qubesctl top.enable utils.tools.zsh
qubesctl --targets=TARGET state.apply
qubesctl top.disable utils.tools.zsh
```
- State
<!-- pkg:begin:post-install -->
```sh
qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.zsh.change-shell
qubesctl --skip-dom0 --targets=APPVMS state.apply utils.tools.zsh.touch-zshrc
```
<!-- pkg:end:post-install -->
## Usage
Standard Zsh usage. No extra configuration required.

View file

@ -0,0 +1,20 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
{% if grains['nodename'] != 'dom0' -%}
include:
- .install
## chsh is not in Fedora and usermod covers a wider range.
"{{ slsdotpath }}-change-user-shell-to-zsh":
cmd.run:
- name: usermod -s /bin/zsh user
- runas: root
- require:
- sls: {{ slsdotpath }}.install
{% endif -%}

View file

@ -0,0 +1,9 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
base:
'*':
- utils.tools.zsh.change-shell

View file

@ -0,0 +1,10 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
include:
- .install
- .touch-zshrc
- .change-shell

View file

@ -0,0 +1,11 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
base:
'*':
- utils.tools.zsh.touch-zshrc
- utils.tools.zsh.install
- utils.tools.zsh.change-shell

View file

@ -0,0 +1,26 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
{% if grains['nodename'] != 'dom0' -%}
include:
- .touch-zshrc
"{{ slsdotpath }}-updated":
pkg.uptodate:
- refresh: True
"{{ slsdotpath }}-installed":
pkg.installed:
- refresh: True
- install_recommends: False
- skip_suggestions: True
- pkgs:
- zsh
- zsh-autosuggestions
- zsh-syntax-highlighting
{% endif -%}

View file

@ -0,0 +1,9 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
base:
'*':
- utils.tools.zsh.install

View file

@ -0,0 +1,16 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
# zsh complains if there is no .zshrc when.
# Only useful if not using the dotfiles but installing zsh.
"{{ slsdotpath }}-touch-home-zshrc":
file.touch:
- name: /home/user/.zshrc
"{{ slsdotpath }}-touch-skel-zshrc":
file.touch:
- name: /etc/skel/.zshrc

View file

@ -0,0 +1,9 @@
{#
SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later
#}
base:
'*':
- utils.tools.zsh.touch-zshrc