From 6e8541672f21886ce343cbc28237d309c553ad5f Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Tue, 4 Jun 2024 11:00:06 +0200 Subject: [PATCH] feat: add disposable qubes to bitcoin clients --- salt/electrum/create.sls | 134 +++++++++++++++++++++++++++++++++++- salt/sys-bitcoin/create.sls | 73 +++++++++++++++++++- 2 files changed, 202 insertions(+), 5 deletions(-) diff --git a/salt/electrum/create.sls b/salt/electrum/create.sls index c4a7a52..85db5ea 100644 --- a/salt/electrum/create.sls +++ b/salt/electrum/create.sls @@ -46,11 +46,76 @@ tags: {%- endload %} {{ load(defaults) }} +{% load_yaml as defaults -%} +name: dvm-{{ slsdotpath }} +force: True +require: +- qvm: tpl-{{ slsdotpath }} +present: +- template: tpl-{{ slsdotpath }} +- label: gray +prefs: +- template: tpl-{{ slsdotpath }} +- label: gray +- netvm: "" +- audiovm: "" +- vcpus: 1 +- memory: 400 +- maxmem: 600 +- autostart: False +- include_in_backups: False +- template_for_dispvms: True +features: +- enable: + - appmenus-dispvm +- disable: + - service.cups + - service.cups-browsed +- set: + - menu-items: "qubes-run-terminal.desktop qubes-start.desktop qubes-open-file-manager.desktop electrum.desktop" +tags: +- add: + - "electrum-client" +{%- endload %} +{{ load(defaults) }} + +{% load_yaml as defaults -%} +name: disp-{{ slsdotpath }} +force: True +require: +- qvm: dvm-{{ slsdotpath }} +present: +- template: dvm-{{ slsdotpath }} +- label: gray +- class: DispVM +prefs: +- template: dvm-{{ slsdotpath }} +- label: gray +- netvm: "" +- audiovm: "" +- vcpus: 1 +- memory: 400 +- maxmem: 600 +- autostart: False +- include_in_backups: False +features: +- disable: + - appmenus-dispvm + - service.cups + - service.cups-browsed +- set: + - menu-items: "qubes-run-terminal.desktop qubes-start.desktop qubes-open-file-manager.desktop electrum.desktop" +tags: +- add: + - "electrum-client" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }} force: True require: -- sls: {{ slsdotpath }}.clone +- qvm: tpl-{{ slsdotpath }} present: - template: tpl-{{ slsdotpath }} - label: gray @@ -76,11 +141,76 @@ tags: {%- endload %} {{ load(defaults) }} +{% load_yaml as defaults -%} +name: dvm-{{ slsdotpath }}-hot +force: True +require: +- qvm: {{ whonix_workstation.template }} +present: +- template: {{ whonix_workstation.template }} +- label: orange +prefs: +- template: {{ whonix_workstation.template }} +- label: orange +- audiovm: "" +- netvm: sys-bitcoin-gateway +- vcpus: 1 +- memory: 400 +- maxmem: 600 +- autostart: False +- include_in_backups: True +- template_for_dispvms: True +features: +- enable: + - appmenus-dispvm +- disable: + - service.cups + - service.cups-browsed +- set: + - menu-items: "qubes-run-terminal.desktop qubes-start.desktop qubes-open-file-manager.desktop electrum.desktop" +tags: +- add: + - "anon-vm" +{%- endload %} +{{ load(defaults) }} + +{% load_yaml as defaults -%} +name: disp-{{ slsdotpath }}-hot +force: True +require: +- qvm: dvm-{{ slsdotpath }}-hot +present: +- template: dvm-{{ slsdotpath }}-hot +- label: orange +- class: DispVM +prefs: +- template: dvm-{{ slsdotpath }}-hot +- label: orange +- audiovm: "" +- netvm: sys-bitcoin-gateway +- vcpus: 1 +- memory: 400 +- maxmem: 600 +- autostart: False +- include_in_backups: True +features: +- disable: + - appmenus-dispvm + - service.cups + - service.cups-browsed +- set: + - menu-items: "qubes-run-terminal.desktop qubes-start.desktop qubes-open-file-manager.desktop electrum.desktop" +tags: +- add: + - "anon-vm" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: {{ slsdotpath }}-hot force: True require: -- sls: {{ slsdotpath }}.clone +- qvm: {{ whonix_workstation.template }} present: - template: {{ whonix_workstation.template }} - label: orange diff --git a/salt/sys-bitcoin/create.sls b/salt/sys-bitcoin/create.sls index 1f27717..f6d1896 100644 --- a/salt/sys-bitcoin/create.sls +++ b/salt/sys-bitcoin/create.sls @@ -68,7 +68,7 @@ tags: name: {{ slsdotpath }} force: True require: -- sls: {{ slsdotpath }}.clone +- qvm: tpl-{{ slsdotpath }} present: - template: tpl-{{ slsdotpath }} - label: yellow @@ -168,11 +168,78 @@ tags: {%- endload %} {{ load(defaults) }} +{% load_yaml as defaults -%} +name: dvm-bitcoin +force: True +require: +- qvm: tpl-{{ slsdotpath }} +present: +- template: tpl-{{ slsdotpath }} +- label: gray +prefs: +- template: tpl-{{ slsdotpath }} +- label: gray +- netvm: "" +- audiovm: "" +- default_dispvm: "" +- vcpus: 4 +- memory: 400 +- maxmem: 600 +- autostart: False +- include_in_backups: False +- template_for_dispvms: True +features: +- enable: + - appmenus-dispvm +- disable: + - service.cups + - service.cups-browsed +- set: + - menu-items: "bitcoin-qt.desktop qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" +tags: +- del: + - "bitcoin-client" +{%- endload %} +{{ load(defaults) }} + +{% load_yaml as defaults -%} +name: disp-bitcoin +force: True +require: +- qvm: dvm-bitcoin +present: +- template: dvm-bitcoin +- label: gray +- class: DispVM +prefs: +- template: dvm-bitcoin +- label: gray +- netvm: "" +- audiovm: "" +- default_dispvm: "" +- vcpus: 4 +- memory: 400 +- maxmem: 600 +- autostart: False +- include_in_backups: False +features: +- disable: + - appmenus-dispvm + - service.cups + - service.cups-browsed +- set: + - menu-items: "bitcoin-qt.desktop qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" +tags: +- del: + - "bitcoin-client" +{%- endload %} +{{ load(defaults) }} + {% load_yaml as defaults -%} name: bitcoin force: True require: -- sls: {{ slsdotpath }}.clone +- qvm: tpl-{{ slsdotpath }} present: - template: tpl-{{ slsdotpath }} - label: gray @@ -208,7 +275,7 @@ tags: "{{ slsdotpath }}-extend-builder-private-volume": cmd.run: - require: - - qvm: disp-bitcoin-builder + - qvm: dvm-bitcoin-builder - name: qvm-volume extend dvm-bitcoin-builder:private 20Gi {% from 'utils/macros/policy.sls' import policy_set with context -%}