diff --git a/salt/whonix-gateway/README.md b/salt/whonix-gateway/README.md new file mode 100644 index 0000000..5c2ff4c --- /dev/null +++ b/salt/whonix-gateway/README.md @@ -0,0 +1,37 @@ +# whonix-gateway + +Whonix Gateway Template in Qubes OS. + +## Table of Contents + +* [Description](#description) +* [Installation](#installation) +* [Usage](#usage) + +## Description + +Creates the Whonix Gateway templates as well as a Disposable Template based on +it. + +## Installation + +- Top: +```sh +qubesctl top.enable whonix-gateway +qubesctl --targets=whonix-gateway-17 state.apply +qubesctl top.disable whonix-gateway +qubesctl state.apply whonix-gateway.appmenus +``` + +- State: + +```sh +qubesctl state.apply whonix-gateway.create +qubesctl --skip-dom0 --targets=whonix-gateway-17 state.apply whonix-gateway.install +qubesctl state.apply whonix-gateway.appmenus +``` + + +## Usage + +AppVMs and StandaloneVMs can be based on this template. diff --git a/salt/whonix/appmenus.sls b/salt/whonix-gateway/appmenus.sls similarity index 78% rename from salt/whonix/appmenus.sls rename to salt/whonix-gateway/appmenus.sls index 7d436ff..b720c9e 100644 --- a/salt/whonix/appmenus.sls +++ b/salt/whonix-gateway/appmenus.sls @@ -7,4 +7,4 @@ SPDX-License-Identifier: AGPL-3.0-or-later {%- import slsdotpath ~ "/template.jinja" as template -%} {% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%} -{{ sync_appmenus('dvm-' ~ template.whonix_workstation_clean_template) }} +{{ sync_appmenus('sys-whonix') }} diff --git a/salt/whonix-gateway/appmenus.top b/salt/whonix-gateway/appmenus.top new file mode 100644 index 0000000..4dc497f --- /dev/null +++ b/salt/whonix-gateway/appmenus.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - whonix-gateway.appmenus diff --git a/salt/whonix-gateway/clone.sls b/salt/whonix-gateway/clone.sls new file mode 100644 index 0000000..e81bbd9 --- /dev/null +++ b/salt/whonix-gateway/clone.sls @@ -0,0 +1,12 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +"{{ template.template }}-installed": + qvm.template_installed: + - name: {{ template.template }} + - fromrepo: {{ template.repo }} diff --git a/salt/whonix/appmenus.top b/salt/whonix-gateway/clone.top similarity index 86% rename from salt/whonix/appmenus.top rename to salt/whonix-gateway/clone.top index 67d81c3..cae3479 100644 --- a/salt/whonix/appmenus.top +++ b/salt/whonix-gateway/clone.top @@ -7,4 +7,4 @@ SPDX-License-Identifier: AGPL-3.0-or-later base: 'dom0': - match: nodegroup - - whonix.appmenus + - whonix-gateway.clone diff --git a/salt/whonix-gateway/create.sls b/salt/whonix-gateway/create.sls new file mode 100644 index 0000000..c45fb41 --- /dev/null +++ b/salt/whonix-gateway/create.sls @@ -0,0 +1,59 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{%- from "qvm/template.jinja" import load -%} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .clone + +{% load_yaml as defaults -%} +name: {{ template.template }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +- default_dispvm: "" +- vcpus: 1 +- memory: 300 +- maxmem: 600 +- include_in_backups: False +features: +- enable: + - whonix-gw +tags: +- add: + - whonix-updatevm +{%- endload %} +{{ load(defaults) }} + +{% load_yaml as defaults -%} +name: sys-whonix +force: True +require: +- sls: {{ slsdotpath }}.clone +- qvm: {{ template.template }} +present: +- template: {{ template.template }} +- label: black +prefs: +- template: {{ template.template }} +- label: black +- audiovm: "" +- default_dispvm: "" +- vcpus: 1 +- memory: 300 +- maxmem: 500 +- provides-network: True +- include_in_backups: False +- autostart: False +tags: +- add: + - anon-gateway +{%- endload %} +{{ load(defaults) }} diff --git a/salt/whonix-gateway/create.top b/salt/whonix-gateway/create.top new file mode 100644 index 0000000..a7d2b7b --- /dev/null +++ b/salt/whonix-gateway/create.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - whonix-gateway.create diff --git a/salt/whonix-gateway/init.top b/salt/whonix-gateway/init.top new file mode 100644 index 0000000..18ea5b2 --- /dev/null +++ b/salt/whonix-gateway/init.top @@ -0,0 +1,12 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - whonix-gateway.create + 'whonix-gateway-17': + - whonix-gateway.install diff --git a/salt/whonix/install.sls b/salt/whonix-gateway/install.sls similarity index 100% rename from salt/whonix/install.sls rename to salt/whonix-gateway/install.sls diff --git a/salt/whonix-gateway/install.top b/salt/whonix-gateway/install.top new file mode 100644 index 0000000..ca4427c --- /dev/null +++ b/salt/whonix-gateway/install.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'whonix-gateway-17': + - match: list + - whonix-gateway.install diff --git a/salt/whonix-gateway/template.jinja b/salt/whonix-gateway/template.jinja new file mode 100644 index 0000000..10c17dd --- /dev/null +++ b/salt/whonix-gateway/template.jinja @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% set version = salt['pillar.get']('qvm:whonix:version', '17') -%} +{% set repo = salt['pillar.get']('qvm:whonix:repo', 'qubes-templates-community') -%} +{% set template = 'whonix-gateway-' ~ version -%} +{% set clean_template = 'whonix-gateway' -%} diff --git a/salt/whonix-workstation/README.md b/salt/whonix-workstation/README.md new file mode 100644 index 0000000..b5ab560 --- /dev/null +++ b/salt/whonix-workstation/README.md @@ -0,0 +1,37 @@ +# whonix-workstation + +Whonix Workstation Template in Qubes OS. + +## Table of Contents + +* [Description](#description) +* [Installation](#installation) +* [Usage](#usage) + +## Description + +Creates the Whonix Workstation templates as well as a Disposable Template +based on it. + +## Installation + +- Top: +```sh +qubesctl top.enable whonix-workstation +qubesctl --targets=whonix-workstation-17 state.apply +qubesctl top.disable whonix-workstation +qubesctl state.apply whonix-workstation.appmenus +``` + +- State: + +```sh +qubesctl state.apply whonix-workstation.create +qubesctl --skip-dom0 --targets=whonix-workstation-17 state.apply whonix-workstation.install +qubesctl state.apply whonix-workstation.appmenus +``` + + +## Usage + +AppVMs and StandaloneVMs can be based on this template. diff --git a/salt/whonix-workstation/appmenus.sls b/salt/whonix-workstation/appmenus.sls new file mode 100644 index 0000000..fad2c69 --- /dev/null +++ b/salt/whonix-workstation/appmenus.sls @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +{% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%} +{{ sync_appmenus('dvm-' ~ template.clean_template) }} diff --git a/salt/whonix-workstation/appmenus.top b/salt/whonix-workstation/appmenus.top new file mode 100644 index 0000000..9ddf5c8 --- /dev/null +++ b/salt/whonix-workstation/appmenus.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - whonix-workstation.appmenus diff --git a/salt/whonix-workstation/clone.sls b/salt/whonix-workstation/clone.sls new file mode 100644 index 0000000..e81bbd9 --- /dev/null +++ b/salt/whonix-workstation/clone.sls @@ -0,0 +1,12 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +"{{ template.template }}-installed": + qvm.template_installed: + - name: {{ template.template }} + - fromrepo: {{ template.repo }} diff --git a/salt/whonix-workstation/clone.top b/salt/whonix-workstation/clone.top new file mode 100644 index 0000000..7f4c9c2 --- /dev/null +++ b/salt/whonix-workstation/clone.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - whonix-workstation.clone diff --git a/salt/whonix-workstation/create.sls b/salt/whonix-workstation/create.sls new file mode 100644 index 0000000..76dbbf7 --- /dev/null +++ b/salt/whonix-workstation/create.sls @@ -0,0 +1,96 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{%- from "qvm/template.jinja" import load -%} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .clone + - whonix-gateway.create + +{% load_yaml as defaults -%} +name: {{ template.template }} +force: True +require: +- sls: {{ slsdotpath }}.clone +prefs: +- audiovm: "" +- vcpus: 1 +- memory: 300 +- maxmem: 1500 +- include_in_backups: False +features: +- enable: + - whonix-ws +tags: +- add: + - whonix-updatevm +{%- endload %} +{{ load(defaults) }} + +{% load_yaml as defaults -%} +name: dvm-{{ template.clean_template }} +force: True +require: +- sls: whonix-gateway.create +present: +- template: {{ template.template }} +- label: red +prefs: +- template: {{ template.template }} +- label: red +- netvm: sys-whonix +- audiovm: "" +- default_dispvm: dvm-{{ template.clean_template }} +- vcpus: 1 +- memory: 300 +- maxmem: 1500 +- template_for_dispvms: True +- include_in_backups: False +- autostart: False +features: +- enable: + - appmenus-dispvm +tags: +- add: + - anon-vm +{%- endload %} +{{ load(defaults) }} + +{% load_yaml as defaults -%} +name: anon-whonix +force: True +require: +- sls: {{ slsdotpath }}.clone +- sls: whonix-gateway.create +present: +- template: {{ template.template }} +- label: red +prefs: +- template: {{ template.template }} +- label: red +- netvm: sys-whonix +- audiovm: "" +- default_dispvm: dvm-{{ template.clean_template }} +- vcpus: 1 +- memory: 300 +- maxmem: 1500 +- include_in_backups: False +- autostart: False +tags: +- add: + - anon-vm +{%- endload %} +{{ load(defaults) }} + +"{{ template.template }}-default_dispvm": + qvm.vm: + - require: + - qvm: dvm-{{ template.clean_template }} + - name: {{ template.template }} + - prefs: + - default_dispvm: dvm-{{ template.clean_template }} diff --git a/salt/whonix-workstation/create.top b/salt/whonix-workstation/create.top new file mode 100644 index 0000000..214bfac --- /dev/null +++ b/salt/whonix-workstation/create.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - whonix-workstation.create diff --git a/salt/whonix-workstation/init.top b/salt/whonix-workstation/init.top new file mode 100644 index 0000000..35c7bff --- /dev/null +++ b/salt/whonix-workstation/init.top @@ -0,0 +1,12 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - whonix-workstation.create + 'whonix-workstation-17': + - whonix-workstation.install diff --git a/salt/whonix/clone.top b/salt/whonix-workstation/install.sls similarity index 52% rename from salt/whonix/clone.top rename to salt/whonix-workstation/install.sls index 068810f..41e3943 100644 --- a/salt/whonix/clone.top +++ b/salt/whonix-workstation/install.sls @@ -4,7 +4,10 @@ SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} -base: - 'dom0': - - match: nodegroup - - whonix.clone +{% if grains['nodename'] != 'dom0' -%} + +"{{ slsdotpath }}-updated": + pkg.uptodate: + - refresh: True + +{% endif %} diff --git a/salt/whonix-workstation/install.top b/salt/whonix-workstation/install.top new file mode 100644 index 0000000..0b2b274 --- /dev/null +++ b/salt/whonix-workstation/install.top @@ -0,0 +1,9 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'whonix-workstation-17': + - whonix-workstation.install diff --git a/salt/whonix-workstation/template.jinja b/salt/whonix-workstation/template.jinja new file mode 100644 index 0000000..83fa3dc --- /dev/null +++ b/salt/whonix-workstation/template.jinja @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% set version = salt['pillar.get']('qvm:whonix:version', '17') -%} +{% set repo = salt['pillar.get']('qvm:whonix:repo', 'qubes-templates-community') -%} +{% set template = 'whonix-workstation-' ~ version -%} +{% set clean_template = 'whonix-workstation' -%} diff --git a/salt/whonix/README.md b/salt/whonix/README.md deleted file mode 100644 index b20e3f9..0000000 --- a/salt/whonix/README.md +++ /dev/null @@ -1,37 +0,0 @@ -# whonix - -Whonix Template in Qubes OS. - -## Table of Contents - -* [Description](#description) -* [Installation](#installation) -* [Usage](#usage) - -## Description - -Creates the Whonix Gateway and Workstation templates as well as a Disposable -Template based on it. - -## Installation - -- Top: -```sh -qubesctl top.enable whonix -qubesctl --targets=whonix-workstation-17,whonix-gateway-17 state.apply -qubesctl top.disable whonix -qubesctl state.apply whonix.appmenus -``` - -- State: - -```sh -qubesctl state.apply whonix.create -qubesctl --skip-dom0 --targets=whonix-workstation-17,whonix-gateway-17 state.apply whonix.install -qubesctl state.apply whonix.appmenus -``` - - -## Usage - -AppVMs and StandaloneVMs can be based on this template. diff --git a/salt/whonix/clone.sls b/salt/whonix/clone.sls deleted file mode 100644 index efbcc82..0000000 --- a/salt/whonix/clone.sls +++ /dev/null @@ -1,17 +0,0 @@ -{# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -{%- import slsdotpath ~ "/template.jinja" as whonix -%} - -"{{ whonix.whonix_gateway_template }}-installed": - qvm.template_installed: - - name: {{ whonix.whonix_gateway_template }} - - fromrepo: {{ whonix.whonix_repo }} - -"{{ whonix.whonix_workstation_template }}-installed": - qvm.template_installed: - - name: {{ whonix.whonix_workstation_template }} - - fromrepo: {{ whonix.whonix_repo }} diff --git a/salt/whonix/create.sls b/salt/whonix/create.sls deleted file mode 100644 index 9c6cb6c..0000000 --- a/salt/whonix/create.sls +++ /dev/null @@ -1,136 +0,0 @@ -{# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -{%- from "qvm/template.jinja" import load -%} - -{%- import slsdotpath ~ "/template.jinja" as template -%} - -include: - - .clone - -{% load_yaml as defaults -%} -name: {{ template.whonix_workstation_template }} -force: True -require: -- sls: {{ slsdotpath }}.clone -prefs: -- audiovm: "" -- vcpus: 1 -- memory: 300 -- maxmem: 1500 -- include_in_backups: False -tags: -- add: - - whonix-updatevm -features: -- enable: - - whonix-ws -{%- endload %} -{{ load(defaults) }} - -{% load_yaml as defaults -%} -name: {{ template.whonix_gateway_template }} -force: True -require: -- sls: {{ slsdotpath }}.clone -prefs: -- audiovm: "" -- vcpus: 1 -- memory: 300 -- maxmem: 600 -- include_in_backups: False -tags: -- add: - - whonix-updatevm -features: -- enable: - - whonix-gw -{%- endload %} -{{ load(defaults) }} - -{% load_yaml as defaults -%} -name: dvm-{{ template.whonix_workstation_clean_template }} -force: True -require: -- qvm: sys-{{ slsdotpath }} -- qvm: anon-{{ slsdotpath }} -present: -- template: {{ template.whonix_workstation_template }} -- label: red -prefs: -- template: {{ template.whonix_workstation_template }} -- label: red -- netvm: sys-{{ slsdotpath }} -- audiovm: "" -- default_dispvm: dvm-{{ template.whonix_workstation_clean_template }} -- vcpus: 1 -- memory: 300 -- maxmem: 1500 -- template_for_dispvms: True -- include_in_backups: False -- autostart: False -features: -- enable: - - appmenus-dispvm -tags: -- add: - - anon-vm -{%- endload %} -{{ load(defaults) }} - -{% load_yaml as defaults -%} -name: sys-{{ slsdotpath }} -force: True -require: -- sls: {{ slsdotpath }}.clone -- qvm: {{ template.whonix_gateway_template }} -present: -- template: {{ template.whonix_gateway_template }} -- label: black -prefs: -- template: {{ template.whonix_gateway_template }} -- label: black -- audiovm: "" -- default_dispvm: dvm-{{ template.whonix_workstation_clean_template }} -- vcpus: 1 -- memory: 300 -- maxmem: 500 -- provides-network: True -- include_in_backups: False -- autostart: False -tags: -- add: - - anon-gateway -{%- endload %} -{{ load(defaults) }} - - -{% load_yaml as defaults -%} -name: anon-{{ slsdotpath }} -force: True -require: -- sls: {{ slsdotpath }}.clone -- qvm: sys-{{ slsdotpath }} -- qvm: {{ template.whonix_workstation_template }} -present: -- template: {{ template.whonix_workstation_template }} -- label: red -prefs: -- template: {{ template.whonix_workstation_template }} -- label: red -- netvm: sys-{{ slsdotpath }} -- audiovm: "" -- default_dispvm: dvm-{{ template.whonix_workstation_clean_template }} -- vcpus: 1 -- memory: 300 -- maxmem: 1500 -- include_in_backups: False -- autostart: False -tags: -- add: - - anon-vm -{%- endload %} -{{ load(defaults) }} diff --git a/salt/whonix/create.top b/salt/whonix/create.top deleted file mode 100644 index 477bc87..0000000 --- a/salt/whonix/create.top +++ /dev/null @@ -1,10 +0,0 @@ -{# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -base: - 'dom0': - - match: nodegroup - - whonix.create diff --git a/salt/whonix/init.top b/salt/whonix/init.top deleted file mode 100644 index 5bcaa53..0000000 --- a/salt/whonix/init.top +++ /dev/null @@ -1,13 +0,0 @@ -{# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -base: - 'dom0': - - match: nodegroup - - whonix.create - 'whonix-workstation-17,whonix-gateway-17': - - match: list - - whonix.install diff --git a/salt/whonix/install.top b/salt/whonix/install.top deleted file mode 100644 index f36fd3b..0000000 --- a/salt/whonix/install.top +++ /dev/null @@ -1,10 +0,0 @@ -{# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -base: - 'whonix-workstation-17,whonix-gateway-17': - - match: list - - whonix.install diff --git a/salt/whonix/template.jinja b/salt/whonix/template.jinja deleted file mode 100644 index fe1ac58..0000000 --- a/salt/whonix/template.jinja +++ /dev/null @@ -1,12 +0,0 @@ -{# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -{% set whonix_version = salt['pillar.get']('qvm:whonix:version', '17') -%} -{% set whonix_repo = salt['pillar.get']('qvm:whonix:repo', 'qubes-templates-community') -%} -{% set whonix_workstation_template = 'whonix-workstation-' ~ whonix_version -%} -{% set whonix_gateway_template = 'whonix-gateway-' ~ whonix_version -%} -{% set whonix_workstation_clean_template = 'whonix-workstation' -%} -{% set whonix_gateway_clean_template = 'whonix-gateway' -%}