refactor: distinct whonix formulas

Separating the Gateway and the Workstation formula makes it easier to
use the clone-template macro as well as only run the necessary states.

salt/whonix-gateway/README.md

@@ -0,0 +1,37 @@
+# whonix-gateway
+
+Whonix Gateway Template in Qubes OS.
+
+## Table of Contents
+
+* [Description](#description)
+* [Installation](#installation)
+* [Usage](#usage)
+
+## Description
+
+Creates the Whonix Gateway templates as well as a Disposable Template based on
+it.
+
+## Installation
+
+- Top:
+```sh
+qubesctl top.enable whonix-gateway
+qubesctl --targets=whonix-gateway-17 state.apply
+qubesctl top.disable whonix-gateway
+qubesctl state.apply whonix-gateway.appmenus
+```
+
+- State:
+<!-- pkg:begin:post-install -->
+```sh
+qubesctl state.apply whonix-gateway.create
+qubesctl --skip-dom0 --targets=whonix-gateway-17 state.apply whonix-gateway.install
+qubesctl state.apply whonix-gateway.appmenus
+```
+<!-- pkg:end:post-install -->
+
+## Usage
+
+AppVMs and StandaloneVMs can be based on this template.

salt/whonix-gateway/appmenus.sls

@@ -7,4 +7,4 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 {%- import slsdotpath ~ "/template.jinja" as template -%}
 
 {% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%}
-{{ sync_appmenus('dvm-' ~ template.whonix_workstation_clean_template) }}
+{{ sync_appmenus('sys-whonix') }}

salt/whonix-gateway/appmenus.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - whonix-gateway.appmenus

salt/whonix-gateway/clone.sls

@@ -0,0 +1,12 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+"{{ template.template }}-installed":
+  qvm.template_installed:
+    - name: {{ template.template }}
+    - fromrepo: {{ template.repo }}

salt/whonix-gateway/clone.top

@@ -7,4 +7,4 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 base:
   'dom0':
     - match: nodegroup
-    - whonix.appmenus
+    - whonix-gateway.clone

salt/whonix-gateway/create.sls

@@ -0,0 +1,59 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- from "qvm/template.jinja" import load -%}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .clone
+
+{% load_yaml as defaults -%}
+name: {{ template.template }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+- default_dispvm: ""
+- vcpus: 1
+- memory: 300
+- maxmem: 600
+- include_in_backups: False
+features:
+- enable:
+  - whonix-gw
+tags:
+- add:
+  - whonix-updatevm
+{%- endload %}
+{{ load(defaults) }}
+
+{% load_yaml as defaults -%}
+name: sys-whonix
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+- qvm: {{ template.template }}
+present:
+- template: {{ template.template }}
+- label: black
+prefs:
+- template: {{ template.template }}
+- label: black
+- audiovm: ""
+- default_dispvm: ""
+- vcpus: 1
+- memory: 300
+- maxmem: 500
+- provides-network: True
+- include_in_backups: False
+- autostart: False
+tags:
+- add:
+  - anon-gateway
+{%- endload %}
+{{ load(defaults) }}

salt/whonix-gateway/create.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - whonix-gateway.create

salt/whonix-gateway/init.top

@@ -0,0 +1,12 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - whonix-gateway.create
+  'whonix-gateway-17':
+    - whonix-gateway.install

salt/whonix-gateway/install.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'whonix-gateway-17':
+    - match: list
+    - whonix-gateway.install

salt/whonix-gateway/template.jinja

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% set version = salt['pillar.get']('qvm:whonix:version', '17') -%}
+{% set repo = salt['pillar.get']('qvm:whonix:repo', 'qubes-templates-community') -%}
+{% set template = 'whonix-gateway-' ~ version -%}
+{% set clean_template = 'whonix-gateway' -%}

salt/whonix-workstation/README.md

@@ -0,0 +1,37 @@
+# whonix-workstation
+
+Whonix Workstation Template in Qubes OS.
+
+## Table of Contents
+
+* [Description](#description)
+* [Installation](#installation)
+* [Usage](#usage)
+
+## Description
+
+Creates the Whonix Workstation templates as well as a Disposable Template
+based on it.
+
+## Installation
+
+- Top:
+```sh
+qubesctl top.enable whonix-workstation
+qubesctl --targets=whonix-workstation-17 state.apply
+qubesctl top.disable whonix-workstation
+qubesctl state.apply whonix-workstation.appmenus
+```
+
+- State:
+<!-- pkg:begin:post-install -->
+```sh
+qubesctl state.apply whonix-workstation.create
+qubesctl --skip-dom0 --targets=whonix-workstation-17 state.apply whonix-workstation.install
+qubesctl state.apply whonix-workstation.appmenus
+```
+<!-- pkg:end:post-install -->
+
+## Usage
+
+AppVMs and StandaloneVMs can be based on this template.

salt/whonix-workstation/appmenus.sls

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+{% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%}
+{{ sync_appmenus('dvm-' ~ template.clean_template) }}

salt/whonix-workstation/appmenus.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - whonix-workstation.appmenus

salt/whonix-workstation/clone.sls

@@ -0,0 +1,12 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+"{{ template.template }}-installed":
+  qvm.template_installed:
+    - name: {{ template.template }}
+    - fromrepo: {{ template.repo }}

salt/whonix-workstation/clone.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - whonix-workstation.clone

salt/whonix-workstation/create.sls

@@ -0,0 +1,96 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- from "qvm/template.jinja" import load -%}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .clone
+  - whonix-gateway.create
+
+{% load_yaml as defaults -%}
+name: {{ template.template }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+- vcpus: 1
+- memory: 300
+- maxmem: 1500
+- include_in_backups: False
+features:
+- enable:
+  - whonix-ws
+tags:
+- add:
+  - whonix-updatevm
+{%- endload %}
+{{ load(defaults) }}
+
+{% load_yaml as defaults -%}
+name: dvm-{{ template.clean_template }}
+force: True
+require:
+- sls: whonix-gateway.create
+present:
+- template: {{ template.template }}
+- label: red
+prefs:
+- template: {{ template.template }}
+- label: red
+- netvm: sys-whonix
+- audiovm: ""
+- default_dispvm: dvm-{{ template.clean_template }}
+- vcpus: 1
+- memory: 300
+- maxmem: 1500
+- template_for_dispvms: True
+- include_in_backups: False
+- autostart: False
+features:
+- enable:
+  - appmenus-dispvm
+tags:
+- add:
+  - anon-vm
+{%- endload %}
+{{ load(defaults) }}
+
+{% load_yaml as defaults -%}
+name: anon-whonix
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+- sls: whonix-gateway.create
+present:
+- template: {{ template.template }}
+- label: red
+prefs:
+- template: {{ template.template }}
+- label: red
+- netvm: sys-whonix
+- audiovm: ""
+- default_dispvm: dvm-{{ template.clean_template }}
+- vcpus: 1
+- memory: 300
+- maxmem: 1500
+- include_in_backups: False
+- autostart: False
+tags:
+- add:
+  - anon-vm
+{%- endload %}
+{{ load(defaults) }}
+
+"{{ template.template }}-default_dispvm":
+  qvm.vm:
+    - require:
+      - qvm: dvm-{{ template.clean_template }}
+    - name: {{ template.template }}
+    - prefs:
+      - default_dispvm: dvm-{{ template.clean_template }}

salt/whonix-workstation/create.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - whonix-workstation.create

salt/whonix-workstation/init.top

@@ -0,0 +1,12 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - whonix-workstation.create
+  'whonix-workstation-17':
+    - whonix-workstation.install

salt/whonix-workstation/install.sls

@@ -4,7 +4,10 @@ SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
-base:
-  'dom0':
-    - match: nodegroup
-    - whonix.clone
+{% if grains['nodename'] != 'dom0' -%}
+
+"{{ slsdotpath }}-updated":
+  pkg.uptodate:
+    - refresh: True
+
+{% endif %}

salt/whonix-workstation/install.top

@@ -0,0 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'whonix-workstation-17':
+    - whonix-workstation.install

salt/whonix-workstation/template.jinja

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% set version = salt['pillar.get']('qvm:whonix:version', '17') -%}
+{% set repo = salt['pillar.get']('qvm:whonix:repo', 'qubes-templates-community') -%}
+{% set template = 'whonix-workstation-' ~ version -%}
+{% set clean_template = 'whonix-workstation' -%}

salt/whonix/README.md

@@ -1,37 +0,0 @@
-# whonix
-
-Whonix Template in Qubes OS.
-
-## Table of Contents
-
-* [Description](#description)
-* [Installation](#installation)
-* [Usage](#usage)
-
-## Description
-
-Creates the Whonix Gateway and Workstation templates as well as a Disposable
-Template based on it.
-
-## Installation
-
-- Top:
-```sh
-qubesctl top.enable whonix
-qubesctl --targets=whonix-workstation-17,whonix-gateway-17 state.apply
-qubesctl top.disable whonix
-qubesctl state.apply whonix.appmenus
-```
-
-- State:
-<!-- pkg:begin:post-install -->
-```sh
-qubesctl state.apply whonix.create
-qubesctl --skip-dom0 --targets=whonix-workstation-17,whonix-gateway-17 state.apply whonix.install
-qubesctl state.apply whonix.appmenus
-```
-<!-- pkg:end:post-install -->
-
-## Usage
-
-AppVMs and StandaloneVMs can be based on this template.

salt/whonix/clone.sls

@@ -1,17 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-{%- import slsdotpath ~ "/template.jinja" as whonix -%}
-
-"{{ whonix.whonix_gateway_template }}-installed":
-  qvm.template_installed:
-    - name: {{ whonix.whonix_gateway_template }}
-    - fromrepo: {{ whonix.whonix_repo }}
-
-"{{ whonix.whonix_workstation_template }}-installed":
-  qvm.template_installed:
-    - name: {{ whonix.whonix_workstation_template }}
-    - fromrepo: {{ whonix.whonix_repo }}

salt/whonix/create.sls

@@ -1,136 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-{%- from "qvm/template.jinja" import load -%}
-
-{%- import slsdotpath ~ "/template.jinja" as template -%}
-
-include:
-  - .clone
-
-{% load_yaml as defaults -%}
-name: {{ template.whonix_workstation_template }}
-force: True
-require:
-- sls: {{ slsdotpath }}.clone
-prefs:
-- audiovm: ""
-- vcpus: 1
-- memory: 300
-- maxmem: 1500
-- include_in_backups: False
-tags:
-- add:
-  - whonix-updatevm
-features:
-- enable:
-  - whonix-ws
-{%- endload %}
-{{ load(defaults) }}
-
-{% load_yaml as defaults -%}
-name: {{ template.whonix_gateway_template }}
-force: True
-require:
-- sls: {{ slsdotpath }}.clone
-prefs:
-- audiovm: ""
-- vcpus: 1
-- memory: 300
-- maxmem: 600
-- include_in_backups: False
-tags:
-- add:
-  - whonix-updatevm
-features:
-- enable:
-  - whonix-gw
-{%- endload %}
-{{ load(defaults) }}
-
-{% load_yaml as defaults -%}
-name: dvm-{{ template.whonix_workstation_clean_template }}
-force: True
-require:
-- qvm: sys-{{ slsdotpath }}
-- qvm: anon-{{ slsdotpath }}
-present:
-- template: {{ template.whonix_workstation_template }}
-- label: red
-prefs:
-- template: {{ template.whonix_workstation_template }}
-- label: red
-- netvm: sys-{{ slsdotpath }}
-- audiovm: ""
-- default_dispvm: dvm-{{ template.whonix_workstation_clean_template }}
-- vcpus: 1
-- memory: 300
-- maxmem: 1500
-- template_for_dispvms: True
-- include_in_backups: False
-- autostart: False
-features:
-- enable:
-  - appmenus-dispvm
-tags:
-- add:
-  - anon-vm
-{%- endload %}
-{{ load(defaults) }}
-
-{% load_yaml as defaults -%}
-name: sys-{{ slsdotpath }}
-force: True
-require:
-- sls: {{ slsdotpath }}.clone
-- qvm: {{ template.whonix_gateway_template }}
-present:
-- template: {{ template.whonix_gateway_template }}
-- label: black
-prefs:
-- template: {{ template.whonix_gateway_template }}
-- label: black
-- audiovm: ""
-- default_dispvm: dvm-{{ template.whonix_workstation_clean_template }}
-- vcpus: 1
-- memory: 300
-- maxmem: 500
-- provides-network: True
-- include_in_backups: False
-- autostart: False
-tags:
-- add:
-  - anon-gateway
-{%- endload %}
-{{ load(defaults) }}
-
-
-{% load_yaml as defaults -%}
-name: anon-{{ slsdotpath }}
-force: True
-require:
-- sls: {{ slsdotpath }}.clone
-- qvm: sys-{{ slsdotpath }}
-- qvm: {{ template.whonix_workstation_template }}
-present:
-- template: {{ template.whonix_workstation_template }}
-- label: red
-prefs:
-- template: {{ template.whonix_workstation_template }}
-- label: red
-- netvm: sys-{{ slsdotpath }}
-- audiovm: ""
-- default_dispvm: dvm-{{ template.whonix_workstation_clean_template }}
-- vcpus: 1
-- memory: 300
-- maxmem: 1500
-- include_in_backups: False
-- autostart: False
-tags:
-- add:
-  - anon-vm
-{%- endload %}
-{{ load(defaults) }}

salt/whonix/create.top

@@ -1,10 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-base:
-  'dom0':
-    - match: nodegroup
-    - whonix.create

salt/whonix/init.top

@@ -1,13 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-base:
-  'dom0':
-    - match: nodegroup
-    - whonix.create
-  'whonix-workstation-17,whonix-gateway-17':
-    - match: list
-    - whonix.install

salt/whonix/install.top

@@ -1,10 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-base:
-  'whonix-workstation-17,whonix-gateway-17':
-    - match: list
-    - whonix.install

salt/whonix/template.jinja

@@ -1,12 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-{% set whonix_version = salt['pillar.get']('qvm:whonix:version', '17') -%}
-{% set whonix_repo = salt['pillar.get']('qvm:whonix:repo', 'qubes-templates-community') -%}
-{% set whonix_workstation_template = 'whonix-workstation-' ~ whonix_version -%}
-{% set whonix_gateway_template = 'whonix-gateway-' ~ whonix_version -%}
-{% set whonix_workstation_clean_template = 'whonix-workstation' -%}
-{% set whonix_gateway_clean_template = 'whonix-gateway' -%}