refactor: distinct whonix formulas

Separating the Gateway and the Workstation formula makes it easier to use the clone-template macro as well as only run the necessary states.
2024-10-01 02:35:49 -04:00 · 2024-02-07 11:27:36 +01:00 · 2024-02-07 11:27:36 +01:00 · 7331b1938e
commit 7331b1938e
parent f27db69e3a
29 changed files with 385 additions and 241 deletions
--- a/salt/whonix-gateway/README.md
+++ b/salt/whonix-gateway/README.md
@ -0,0 +1,37 @@
 # whonix-gateway
 Whonix Gateway Template in Qubes OS.
 ## Table of Contents
 * [Description](#description)
 * [Installation](#installation)
 * [Usage](#usage)
 ## Description
 Creates the Whonix Gateway templates as well as a Disposable Template based on
 it.
 ## Installation
 - Top:
 ```sh
 qubesctl top.enable whonix-gateway
 qubesctl --targets=whonix-gateway-17 state.apply
 qubesctl top.disable whonix-gateway
 qubesctl state.apply whonix-gateway.appmenus
 ```
 - State:
 <!-- pkg:begin:post-install -->
 ```sh
 qubesctl state.apply whonix-gateway.create
 qubesctl --skip-dom0 --targets=whonix-gateway-17 state.apply whonix-gateway.install
 qubesctl state.apply whonix-gateway.appmenus
 ```
 <!-- pkg:end:post-install -->
 ## Usage
 AppVMs and StandaloneVMs can be based on this template.
--- a/salt/whonix-gateway/appmenus.sls
+++ b/salt/whonix-gateway/appmenus.sls
@ -7,4 +7,4 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 {%- import slsdotpath ~ "/template.jinja" as template -%}
 {% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%}
-{{ sync_appmenus('dvm-' ~ template.whonix_workstation_clean_template) }}
+{{ sync_appmenus('sys-whonix') }}
--- a/salt/whonix-gateway/appmenus.top
+++ b/salt/whonix-gateway/appmenus.top
@ -0,0 +1,10 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 base:
  'dom0':
    - match: nodegroup
    - whonix-gateway.appmenus
--- a/salt/whonix-gateway/clone.sls
+++ b/salt/whonix-gateway/clone.sls
@ -0,0 +1,12 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- import slsdotpath ~ "/template.jinja" as template -%}
 "{{ template.template }}-installed":
  qvm.template_installed:
    - name: {{ template.template }}
    - fromrepo: {{ template.repo }}
--- a/salt/whonix-gateway/clone.top
+++ b/salt/whonix-gateway/clone.top
@ -7,4 +7,4 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 base:
  'dom0':
    - match: nodegroup
-    - whonix.appmenus
+    - whonix-gateway.clone
--- a/salt/whonix-gateway/create.sls
+++ b/salt/whonix-gateway/create.sls
@ -0,0 +1,59 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- from "qvm/template.jinja" import load -%}
 {%- import slsdotpath ~ "/template.jinja" as template -%}
 include:
  - .clone
 {% load_yaml as defaults -%}
 name: {{ template.template }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
 prefs:
 - audiovm: ""
 - default_dispvm: ""
 - vcpus: 1
 - memory: 300
 - maxmem: 600
 - include_in_backups: False
 features:
 - enable:
  - whonix-gw
 tags:
 - add:
  - whonix-updatevm
 {%- endload %}
 {{ load(defaults) }}
 {% load_yaml as defaults -%}
 name: sys-whonix
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
 - qvm: {{ template.template }}
 present:
 - template: {{ template.template }}
 - label: black
 prefs:
 - template: {{ template.template }}
 - label: black
 - audiovm: ""
 - default_dispvm: ""
 - vcpus: 1
 - memory: 300
 - maxmem: 500
 - provides-network: True
 - include_in_backups: False
 - autostart: False
 tags:
 - add:
  - anon-gateway
 {%- endload %}
 {{ load(defaults) }}
--- a/salt/whonix-gateway/create.top
+++ b/salt/whonix-gateway/create.top
@ -0,0 +1,10 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 base:
  'dom0':
    - match: nodegroup
    - whonix-gateway.create
--- a/salt/whonix-gateway/init.top
+++ b/salt/whonix-gateway/init.top
@ -0,0 +1,12 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 base:
  'dom0':
    - match: nodegroup
    - whonix-gateway.create
  'whonix-gateway-17':
    - whonix-gateway.install
--- a/salt/whonix-gateway/install.sls
+++ b/salt/whonix-gateway/install.sls
--- a/salt/whonix-gateway/install.top
+++ b/salt/whonix-gateway/install.top
@ -0,0 +1,10 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 base:
  'whonix-gateway-17':
    - match: list
    - whonix-gateway.install
--- a/salt/whonix-gateway/template.jinja
+++ b/salt/whonix-gateway/template.jinja
@ -0,0 +1,10 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {% set version = salt['pillar.get']('qvm:whonix:version', '17') -%}
 {% set repo = salt['pillar.get']('qvm:whonix:repo', 'qubes-templates-community') -%}
 {% set template = 'whonix-gateway-' ~ version -%}
 {% set clean_template = 'whonix-gateway' -%}
--- a/salt/whonix-workstation/README.md
+++ b/salt/whonix-workstation/README.md
@ -0,0 +1,37 @@
 # whonix-workstation
 Whonix Workstation Template in Qubes OS.
 ## Table of Contents
 * [Description](#description)
 * [Installation](#installation)
 * [Usage](#usage)
 ## Description
 Creates the Whonix Workstation templates as well as a Disposable Template
 based on it.
 ## Installation
 - Top:
 ```sh
 qubesctl top.enable whonix-workstation
 qubesctl --targets=whonix-workstation-17 state.apply
 qubesctl top.disable whonix-workstation
 qubesctl state.apply whonix-workstation.appmenus
 ```
 - State:
 <!-- pkg:begin:post-install -->
 ```sh
 qubesctl state.apply whonix-workstation.create
 qubesctl --skip-dom0 --targets=whonix-workstation-17 state.apply whonix-workstation.install
 qubesctl state.apply whonix-workstation.appmenus
 ```
 <!-- pkg:end:post-install -->
 ## Usage
 AppVMs and StandaloneVMs can be based on this template.
--- a/salt/whonix-workstation/appmenus.sls
+++ b/salt/whonix-workstation/appmenus.sls
@ -0,0 +1,10 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- import slsdotpath ~ "/template.jinja" as template -%}
 {% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%}
 {{ sync_appmenus('dvm-' ~ template.clean_template) }}
--- a/salt/whonix-workstation/appmenus.top
+++ b/salt/whonix-workstation/appmenus.top
@ -0,0 +1,10 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 base:
  'dom0':
    - match: nodegroup
    - whonix-workstation.appmenus
--- a/salt/whonix-workstation/clone.sls
+++ b/salt/whonix-workstation/clone.sls
@ -0,0 +1,12 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- import slsdotpath ~ "/template.jinja" as template -%}
 "{{ template.template }}-installed":
  qvm.template_installed:
    - name: {{ template.template }}
    - fromrepo: {{ template.repo }}
--- a/salt/whonix-workstation/clone.top
+++ b/salt/whonix-workstation/clone.top
@ -0,0 +1,10 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 base:
  'dom0':
    - match: nodegroup
    - whonix-workstation.clone
--- a/salt/whonix-workstation/create.sls
+++ b/salt/whonix-workstation/create.sls
@ -0,0 +1,96 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- from "qvm/template.jinja" import load -%}
 {%- import slsdotpath ~ "/template.jinja" as template -%}
 include:
  - .clone
  - whonix-gateway.create
 {% load_yaml as defaults -%}
 name: {{ template.template }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
 prefs:
 - audiovm: ""
 - vcpus: 1
 - memory: 300
 - maxmem: 1500
 - include_in_backups: False
 features:
 - enable:
  - whonix-ws
 tags:
 - add:
  - whonix-updatevm
 {%- endload %}
 {{ load(defaults) }}
 {% load_yaml as defaults -%}
 name: dvm-{{ template.clean_template }}
 force: True
 require:
 - sls: whonix-gateway.create
 present:
 - template: {{ template.template }}
 - label: red
 prefs:
 - template: {{ template.template }}
 - label: red
 - netvm: sys-whonix
 - audiovm: ""
 - default_dispvm: dvm-{{ template.clean_template }}
 - vcpus: 1
 - memory: 300
 - maxmem: 1500
 - template_for_dispvms: True
 - include_in_backups: False
 - autostart: False
 features:
 - enable:
  - appmenus-dispvm
 tags:
 - add:
  - anon-vm
 {%- endload %}
 {{ load(defaults) }}
 {% load_yaml as defaults -%}
 name: anon-whonix
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
 - sls: whonix-gateway.create
 present:
 - template: {{ template.template }}
 - label: red
 prefs:
 - template: {{ template.template }}
 - label: red
 - netvm: sys-whonix
 - audiovm: ""
 - default_dispvm: dvm-{{ template.clean_template }}
 - vcpus: 1
 - memory: 300
 - maxmem: 1500
 - include_in_backups: False
 - autostart: False
 tags:
 - add:
  - anon-vm
 {%- endload %}
 {{ load(defaults) }}
 "{{ template.template }}-default_dispvm":
  qvm.vm:
    - require:
      - qvm: dvm-{{ template.clean_template }}
    - name: {{ template.template }}
    - prefs:
      - default_dispvm: dvm-{{ template.clean_template }}
--- a/salt/whonix-workstation/create.top
+++ b/salt/whonix-workstation/create.top
@ -0,0 +1,10 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 base:
  'dom0':
    - match: nodegroup
    - whonix-workstation.create
--- a/salt/whonix-workstation/init.top
+++ b/salt/whonix-workstation/init.top
@ -0,0 +1,12 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 base:
  'dom0':
    - match: nodegroup
    - whonix-workstation.create
  'whonix-workstation-17':
    - whonix-workstation.install
--- a/salt/whonix-workstation/install.sls
+++ b/salt/whonix-workstation/install.sls
@ -4,7 +4,10 @@ SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
-base:
+{% if grains['nodename'] != 'dom0' -%}
-  'dom0':
+
-    - match: nodegroup
+"{{ slsdotpath }}-updated":
-    - whonix.clone
+  pkg.uptodate:
    - refresh: True
 {% endif %}
--- a/salt/whonix-workstation/install.top
+++ b/salt/whonix-workstation/install.top
@ -0,0 +1,9 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 base:
  'whonix-workstation-17':
    - whonix-workstation.install
--- a/salt/whonix-workstation/template.jinja
+++ b/salt/whonix-workstation/template.jinja
@ -0,0 +1,10 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {% set version = salt['pillar.get']('qvm:whonix:version', '17') -%}
 {% set repo = salt['pillar.get']('qvm:whonix:repo', 'qubes-templates-community') -%}
 {% set template = 'whonix-workstation-' ~ version -%}
 {% set clean_template = 'whonix-workstation' -%}
--- a/salt/whonix/README.md
+++ b/salt/whonix/README.md
@ -1,37 +0,0 @@
 # whonix
 Whonix Template in Qubes OS.
 ## Table of Contents
 * [Description](#description)
 * [Installation](#installation)
 * [Usage](#usage)
 ## Description
 Creates the Whonix Gateway and Workstation templates as well as a Disposable
 Template based on it.
 ## Installation
 - Top:
 ```sh
 qubesctl top.enable whonix
 qubesctl --targets=whonix-workstation-17,whonix-gateway-17 state.apply
 qubesctl top.disable whonix
 qubesctl state.apply whonix.appmenus
 ```
 - State:
 <!-- pkg:begin:post-install -->
 ```sh
 qubesctl state.apply whonix.create
 qubesctl --skip-dom0 --targets=whonix-workstation-17,whonix-gateway-17 state.apply whonix.install
 qubesctl state.apply whonix.appmenus
 ```
 <!-- pkg:end:post-install -->
 ## Usage
 AppVMs and StandaloneVMs can be based on this template.
--- a/salt/whonix/clone.sls
+++ b/salt/whonix/clone.sls
@ -1,17 +0,0 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- import slsdotpath ~ "/template.jinja" as whonix -%}
 "{{ whonix.whonix_gateway_template }}-installed":
  qvm.template_installed:
    - name: {{ whonix.whonix_gateway_template }}
    - fromrepo: {{ whonix.whonix_repo }}
 "{{ whonix.whonix_workstation_template }}-installed":
  qvm.template_installed:
    - name: {{ whonix.whonix_workstation_template }}
    - fromrepo: {{ whonix.whonix_repo }}
--- a/salt/whonix/create.sls
+++ b/salt/whonix/create.sls
@ -1,136 +0,0 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- from "qvm/template.jinja" import load -%}
 {%- import slsdotpath ~ "/template.jinja" as template -%}
 include:
  - .clone
 {% load_yaml as defaults -%}
 name: {{ template.whonix_workstation_template }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
 prefs:
 - audiovm: ""
 - vcpus: 1
 - memory: 300
 - maxmem: 1500
 - include_in_backups: False
 tags:
 - add:
  - whonix-updatevm
 features:
 - enable:
  - whonix-ws
 {%- endload %}
 {{ load(defaults) }}
 {% load_yaml as defaults -%}
 name: {{ template.whonix_gateway_template }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
 prefs:
 - audiovm: ""
 - vcpus: 1
 - memory: 300
 - maxmem: 600
 - include_in_backups: False
 tags:
 - add:
  - whonix-updatevm
 features:
 - enable:
  - whonix-gw
 {%- endload %}
 {{ load(defaults) }}
 {% load_yaml as defaults -%}
 name: dvm-{{ template.whonix_workstation_clean_template }}
 force: True
 require:
 - qvm: sys-{{ slsdotpath }}
 - qvm: anon-{{ slsdotpath }}
 present:
 - template: {{ template.whonix_workstation_template }}
 - label: red
 prefs:
 - template: {{ template.whonix_workstation_template }}
 - label: red
 - netvm: sys-{{ slsdotpath }}
 - audiovm: ""
 - default_dispvm: dvm-{{ template.whonix_workstation_clean_template }}
 - vcpus: 1
 - memory: 300
 - maxmem: 1500
 - template_for_dispvms: True
 - include_in_backups: False
 - autostart: False
 features:
 - enable:
  - appmenus-dispvm
 tags:
 - add:
  - anon-vm
 {%- endload %}
 {{ load(defaults) }}
 {% load_yaml as defaults -%}
 name: sys-{{ slsdotpath }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
 - qvm: {{ template.whonix_gateway_template }}
 present:
 - template: {{ template.whonix_gateway_template }}
 - label: black
 prefs:
 - template: {{ template.whonix_gateway_template }}
 - label: black
 - audiovm: ""
 - default_dispvm: dvm-{{ template.whonix_workstation_clean_template }}
 - vcpus: 1
 - memory: 300
 - maxmem: 500
 - provides-network: True
 - include_in_backups: False
 - autostart: False
 tags:
 - add:
  - anon-gateway
 {%- endload %}
 {{ load(defaults) }}
 {% load_yaml as defaults -%}
 name: anon-{{ slsdotpath }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
 - qvm: sys-{{ slsdotpath }}
 - qvm: {{ template.whonix_workstation_template }}
 present:
 - template: {{ template.whonix_workstation_template }}
 - label: red
 prefs:
 - template: {{ template.whonix_workstation_template }}
 - label: red
 - netvm: sys-{{ slsdotpath }}
 - audiovm: ""
 - default_dispvm: dvm-{{ template.whonix_workstation_clean_template }}
 - vcpus: 1
 - memory: 300
 - maxmem: 1500
 - include_in_backups: False
 - autostart: False
 tags:
 - add:
  - anon-vm
 {%- endload %}
 {{ load(defaults) }}
--- a/salt/whonix/create.top
+++ b/salt/whonix/create.top
@ -1,10 +0,0 @@
 {#
 SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 base:
  'dom0':
    - match: nodegroup
    - whonix.create
--- a/salt/whonix/init.top
+++ b/salt/whonix/init.top
@ -1,13 +0,0 @@
 {#
 SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 base:
  'dom0':
    - match: nodegroup
    - whonix.create
  'whonix-workstation-17,whonix-gateway-17':
    - match: list
    - whonix.install
--- a/salt/whonix/install.top
+++ b/salt/whonix/install.top
@ -1,10 +0,0 @@
 {#
 SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 base:
  'whonix-workstation-17,whonix-gateway-17':
    - match: list
    - whonix.install
--- a/salt/whonix/template.jinja
+++ b/salt/whonix/template.jinja
@ -1,12 +0,0 @@
 {#
 SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {% set whonix_version = salt['pillar.get']('qvm:whonix:version', '17') -%}
 {% set whonix_repo = salt['pillar.get']('qvm:whonix:repo', 'qubes-templates-community') -%}
 {% set whonix_workstation_template = 'whonix-workstation-' ~ whonix_version -%}
 {% set whonix_gateway_template = 'whonix-gateway-' ~ whonix_version -%}
 {% set whonix_workstation_clean_template = 'whonix-workstation' -%}
 {% set whonix_gateway_clean_template = 'whonix-gateway' -%}