feat: bump Fedora version

Fix: https://github.com/ben-grande/qusal/issues/108
Fix: https://github.com/ben-grande/qusal/issues/57

docs/BOOTSTRAP.md

@@ -25,6 +25,7 @@ matter in some circumstances, in those cases, it is noted in this page.
 *   Base (order matters):
     *   [dom0](../salt/dom0/README.md)
     *   [debian-minimal](../salt/debian-minimal/README.md)
+    *   [fedora-xfce](../salt/fedora-xfce/README.md)
     *   [fedora-minimal](../salt/fedora-minimal/README.md)
     *   [mgmt](../salt/mgmt/README.md)
     *   [sys-cacher](../salt/sys-cacher/README.md)

salt/debian-minimal/update-admin.sls

@@ -0,0 +1,20 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] == 'dom0' -%}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-update-admin":
+  cmd.run:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }}
+
+{% endif %}

salt/debian-minimal/update-admin.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'I@qubes:type:template and E@^debian-[0-9][0-9]-minimal$':
+    - match: compound
+    - debian-minimal.update-admin

salt/debian-xfce/update-admin.sls

@@ -0,0 +1,20 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] == 'dom0' -%}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-update-admin":
+  cmd.run:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }}
+
+{% endif %}

salt/debian-xfce/update-admin.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'I@qubes:type:template and E@^debian-[0-9][0-9]-xfce$':
+    - match: compound
+    - debian-xfce.update-admin

salt/debian/update-admin.sls

@@ -0,0 +1,20 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] == 'dom0' -%}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-update-admin":
+  cmd.run:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }}
+
+{% endif %}

salt/debian/update-admin.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'I@qubes:type:template and E@^debian-[0-9][0-9]$':
+    - match: compound
+    - debian.update-admin

salt/fedora-minimal/README.md

@@ -19,7 +19,7 @@ it.
 
 ```sh
 sudo qubesctl top.enable fedora-minimal
-sudo qubesctl --targets=fedora-40-minimal state.apply
+sudo qubesctl --targets=fedora-41-minimal state.apply
 sudo qubesctl top.disable fedora-minimal
 sudo qubesctl state.apply fedora-minimal.prefs
 ```
@@ -30,7 +30,7 @@ sudo qubesctl state.apply fedora-minimal.prefs
 
 ```sh
 sudo qubesctl state.apply fedora-minimal.create
-sudo qubesctl --skip-dom0 --targets=fedora-40-minimal state.apply fedora-minimal.install
+sudo qubesctl --skip-dom0 --targets=fedora-41-minimal state.apply fedora-minimal.install
 sudo qubesctl state.apply fedora-minimal.prefs
 ```
 

salt/fedora-minimal/create.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -9,7 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 {%- import slsdotpath ~ "/template.jinja" as template -%}
 
 include:
-  - fedora.create
+  - fedora-xfce.create
   - .clone
 
 "dvm-{{ template.template }}-absent":
@@ -23,6 +23,7 @@ name: {{ template.template }}
 force: True
 require:
 - sls: {{ template.template_clean }}.clone
+- sls: fedora-xfce.create
 present:
 - label: black
 prefs:
@@ -32,6 +33,7 @@ prefs:
 - memory: 300
 - maxmem: 600
 - include_in_backups: False
+- management_dispvm: dvm-fedora-xfce
 features:
 - set:
   - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
@@ -63,22 +65,3 @@ features:
   - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
 {%- endload %}
 {{ load(defaults) }}
-
-"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora":
-  qvm.vm:
-    - require:
-      - qvm: dvm-fedora
-    - name: {{ template.template }}
-    - prefs:
-      - management_dispvm: dvm-fedora
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-install-salt-deps":
-  cmd.script:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora"
-    - name: salt-patch.sh
-    - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh
-    - args: {{ template.template }}

salt/fedora-minimal/files/admin/bin/salt-patch.sh

@@ -1,18 +0,0 @@
-#!/bin/sh
-
-## SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-##
-## SPDX-License-Identifier: AGPL-3.0-or-later
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-
-set -eu
-
-qube="${1}"
-dnf_min_install="dnf -q install --refresh -y --setopt=install_weak_deps=False"
-
-qvm-run --no-gui --user=root --pass-io --filter-escape-chars \
-  --no-color-output --no-color-stderr -- "${qube}" \
-  "${dnf_min_install} python3-urllib3"

salt/fedora-minimal/prefs.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -9,21 +9,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 include:
   - .create
 
-"{{ slsdotpath }}-set-management_dispvm-to-default":
+"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default":
   qvm.vm:
     - require:
-      - cmd: "{{ slsdotpath }}-install-salt-deps"
+      - sls: {{ slsdotpath }}.create
     - name: {{ template.template }}
     - prefs:
       - management_dispvm: "*default*"
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-shutdown-template":
-  qvm.shutdown:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default"
-    - name: {{ template.template }}
-    - flags:
-      - force

salt/fedora-minimal/update-admin.sls

@@ -0,0 +1,20 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] == 'dom0' -%}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-update-admin":
+  cmd.run:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }}
+
+{% endif %}

salt/fedora-minimal/update-admin.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'I@qubes:type:template and E@^fedora-[0-9][0-9]-minimal$':
+    - match: compound
+    - fedora-minimal.update-admin

salt/fedora-xfce/README.md

@@ -18,8 +18,9 @@ Creates the Fedora Xfce template as well as a Disposable Template based on it.
 
 ```sh
 sudo qubesctl top.enable fedora-xfce
-sudo qubesctl --targets=fedora-40-xfce state.apply
+sudo qubesctl --targets=fedora-41-xfce state.apply
 sudo qubesctl top.disable fedora-xfce
+sudo qubesctl state.apply fedora-xfce.prefs
 ```
 
 *   State:
@@ -28,7 +29,8 @@ sudo qubesctl top.disable fedora-xfce
 
 ```sh
 sudo qubesctl state.apply fedora-xfce.create
-sudo qubesctl --skip-dom0 --targets=fedora-40-xfce state.apply fedora-xfce.install
+sudo qubesctl --skip-dom0 --targets=fedora-41-xfce state.apply fedora-xfce.install
+sudo qubesctl state.apply fedora-xfce.prefs
 ```
 
 <!-- pkg:end:post-install -->

salt/fedora-xfce/create.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -62,3 +62,11 @@ features:
   - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
 {%- endload %}
 {{ load(defaults) }}
+
+"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-dvm-{{ template.template_clean }}":
+  qvm.vm:
+    - require:
+      - qvm: dvm-{{ template.template_clean }}
+    - name: {{ template.template }}
+    - prefs:
+      - management_dispvm: "dvm-{{ template.template_clean }}"

salt/fedora-xfce/prefs.sls

@@ -0,0 +1,18 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default":
+  qvm.vm:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: {{ template.template }}
+    - prefs:
+      - management_dispvm: "*default*"

salt/fedora-xfce/prefs.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - fedora-xfce.prefs

salt/fedora-xfce/update-admin.sls

@@ -0,0 +1,20 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] == 'dom0' -%}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-update-admin":
+  cmd.run:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }}
+
+{% endif %}

salt/fedora-xfce/update-admin.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'I@qubes:type:template and E@^fedora-[0-9][0-9]-xfce$':
+    - match: compound
+    - fedora-xfce.update-admin

salt/fedora/README.md

@@ -18,8 +18,9 @@ Creates the Fedora template as well as a Disposable Template based on it.
 
 ```sh
 sudo qubesctl top.enable fedora
-sudo qubesctl --targets=fedora-40 state.apply
+sudo qubesctl --targets=fedora-41 state.apply
 sudo qubesctl top.disable fedora
+sudo qubesctl state.apply fedora.prefs
 ```
 
 *   State:
@@ -28,7 +29,8 @@ sudo qubesctl top.disable fedora
 
 ```sh
 sudo qubesctl state.apply fedora.create
-sudo qubesctl --skip-dom0 --targets=fedora-40 state.apply fedora.install
+sudo qubesctl --skip-dom0 --targets=fedora-41 state.apply fedora.install
+sudo qubesctl state.apply fedora.prefs
 ```
 
 <!-- pkg:end:post-install -->

salt/fedora/create.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -62,3 +62,11 @@ features:
   - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
 {%- endload %}
 {{ load(defaults) }}
+
+"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-dvm-{{ template.template_clean }}":
+  qvm.vm:
+    - require:
+      - qvm: dvm-{{ template.template_clean }}
+    - name: {{ template.template }}
+    - prefs:
+      - management_dispvm: "dvm-{{ template.template_clean }}"

salt/fedora/prefs.sls

@@ -0,0 +1,18 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default":
+  qvm.vm:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: {{ template.template }}
+    - prefs:
+      - management_dispvm: "*default*"

salt/fedora/prefs.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - fedora.prefs

salt/fedora/template.jinja

@@ -1,11 +1,11 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
 {% set base = 'fedora' -%}
-{% set version = salt['pillar.get']('qvm:fedora:version', '40') -%}
+{% set version = salt['pillar.get']('qvm:fedora:version', '41') -%}
 {% set flavor = '' -%}
 {% set repo = salt['pillar.get']('qvm:fedora:repo', 'qubes-templates-itl') -%}
 {% if flavor -%}

salt/fedora/update-admin.sls

@@ -0,0 +1,20 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] == 'dom0' -%}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-update-admin":
+  cmd.run:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }}
+
+{% endif %}

salt/fedora/update-admin.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'I@qubes:type:template and E@^fedora-[0-9][0-9]$':
+    - match: compound
+    - fedora.update-admin

salt/kicksecure-minimal/update-admin.sls

@@ -0,0 +1,20 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] == 'dom0' -%}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-update-admin":
+  cmd.run:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }}
+
+{% endif %}

salt/kicksecure-minimal/update-admin.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'I@qubes:type:template and E@^kicksecure-[0-9][0-9]-minimal$':
+    - match: compound
+    - kicksecure-minimal.update-admin

salt/mgmt/create.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -7,7 +7,8 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 {%- from "qvm/template.jinja" import load -%}
 
 include:
-  - fedora.create
+  - fedora-xfce.create
+  - fedora-xfce.update-admin
   - .clone
   - fedora-minimal.prefs
 
@@ -15,10 +16,13 @@ include:
 name: tpl-{{ slsdotpath }}
 force: True
 require:
+- sls: fedora-xfce.create
+- sls: fedora-xfce.update-admin
 - sls: {{ slsdotpath }}.clone
 - sls: fedora-minimal.prefs
 prefs:
 - audiovm: ""
+- management_dispvm: dvm-fedora-xfce
 {%- endload %}
 {{ load(defaults) }}
 
@@ -48,22 +52,3 @@ features:
   - internal
 {%- endload %}
 {{ load(defaults) }}
-
-"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora":
-  qvm.vm:
-    - require:
-      - qvm: dvm-fedora
-    - name: tpl-{{ slsdotpath }}
-    - prefs:
-      - management_dispvm: dvm-fedora
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-install-salt-deps":
-  cmd.script:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora"
-    - name: salt-patch.sh
-    - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh
-    - args: tpl-{{ slsdotpath }}

salt/mgmt/prefs.sls

@@ -10,13 +10,13 @@ include:
 "{{ slsdotpath }}-set-qubes-prefs-management_dispvm-to-dvm-{{ slsdotpath }}":
   cmd.run:
     - require:
-      - cmd: "{{ slsdotpath }}-install-salt-deps"
+      - sls: {{ slsdotpath }}.create
     - name: qubes-prefs -- management_dispvm dvm-{{ slsdotpath }}
 
 "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default":
   qvm.vm:
     - require:
-      - cmd: "{{ slsdotpath }}-install-salt-deps"
+      - sls: {{ slsdotpath }}.create
     - name: tpl-{{ slsdotpath }}
     - prefs:
       - management_dispvm: "*default*"
@@ -27,14 +27,3 @@ include:
       - cmd: "{{ slsdotpath }}-set-qubes-prefs-management_dispvm-to-dvm-{{ slsdotpath }}"
       - qvm: "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default"
     - name: default-mgmt-dvm
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-shutdown-template":
-  qvm.shutdown:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default"
-    - name: tpl-{{ slsdotpath }}
-    - flags:
-      - force

salt/qubes-builder/README.md

@@ -38,7 +38,6 @@ template.
 sudo qubesctl top.enable qubes-builder
 sudo qubesctl --targets=tpl-qubes-builder,dvm-qubes-builder,qubes-builder state.apply
 sudo qubesctl top.disable qubes-builder
-sudo qubesctl state.apply qubes-builder.prefs
 ```
 
 *   State:
@@ -48,7 +47,6 @@ sudo qubesctl state.apply qubes-builder.prefs
 ```sh
 sudo qubesctl state.apply qubes-builder.create
 sudo qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply qubes-builder.install
-sudo qubesctl state.apply qubes-builder.prefs
 sudo qubesctl --skip-dom0 --targets=dvm-qubes-builder state.apply qubes-builder.configure-qubes-executor
 sudo qubesctl --skip-dom0 --targets=qubes-builder state.apply qubes-builder.configure
 ```

salt/qubes-builder/create.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -89,33 +89,3 @@ features:
 
 {% from 'utils/macros/policy.sls' import policy_set with context -%}
 {{ policy_set(sls_path, '70') }}
-
-"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora":
-  qvm.vm:
-    - require:
-      - qvm: dvm-fedora
-    - name: tpl-{{ slsdotpath }}
-    - prefs:
-      - management_dispvm: dvm-fedora
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-install-salt-deps":
-  cmd.script:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora"
-    - name: salt-patch.sh
-    - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh
-    - args: tpl-{{ slsdotpath }}
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-shutdown-template":
-  qvm.shutdown:
-    - require:
-      - cmd: "{{ slsdotpath }}-install-salt-deps"
-    - name: tpl-{{ slsdotpath }}
-    - flags:
-      - force

salt/qubes-builder/prefs.sls

@@ -1,20 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-
-include:
-  - .create
-
-"{{ slsdotpath }}-set-management_dispvm-to-default":
-  qvm.vm:
-    - require:
-      - cmd: "{{ slsdotpath }}-install-salt-deps"
-    - name: tpl-{{ slsdotpath }}
-    - prefs:
-      - management_dispvm: "*default*"

salt/qubes-builder/prefs.top

@@ -1,10 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-base:
-  'dom0':
-    - match: nodegroup
-    - qubes-builder.prefs

salt/sys-gui/create.sls

@@ -1,7 +1,7 @@
 {#
 SPDX-FileCopyrightText: 2019 - 2020 Frederic Pierret <frederic.pierret@qubes-os.org>
 SPDX-FileCopyrightText: 2020 - 2024 Marmarek Marczykowski-Gorecki <marmarek@invisiblethingslab.com>
-SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: GPL-2.0-only
 #}
@@ -11,6 +11,7 @@ SPDX-License-Identifier: GPL-2.0-only
 
 include:
   - .clone
+  - fedora-minimal.prefs
 
 {% if 'psu' in salt['pillar.get']('qvm:sys-gui:dummy-modules', []) or 'backlight' in salt['pillar.get']('qvm:sys-gui:dummy-modules', []) %}
 "{{ slsdotpath }}-installed":
@@ -32,6 +33,7 @@ name: tpl-{{ slsdotpath }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
+- sls: fedora-minimal.prefs
 prefs:
 - audiovm: ""
 {%- endload %}

salt/sys-pgp/README.md

@@ -31,7 +31,6 @@ and access to them is made from the client through Qrexec.
 sudo qubesctl top.enable sys-pgp
 sudo qubesctl --targets=tpl-sys-pgp,sys-pgp state.apply
 sudo qubesctl top.disable sys-pgp
-sudo qubesctl state.apply sys-pgp.prefs
 ```
 
 *   State:
@@ -42,7 +41,6 @@ sudo qubesctl state.apply sys-pgp.prefs
 sudo qubesctl state.apply sys-pgp.create
 sudo qubesctl --skip-dom0 --targets=tpl-sys-pgp state.apply sys-pgp.install
 sudo qubesctl --skip-dom0 --targets=sys-pgp state.apply sys-pgp.configure
-sudo qubesctl state.apply sys-pgp.prefs
 ```
 
 <!-- pkg:end:post-install -->

salt/sys-pgp/create.sls

@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -47,22 +47,3 @@ features:
 
 {% from 'utils/macros/policy.sls' import policy_set with context -%}
 {{ policy_set(sls_path, '80') }}
-
-"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora":
-  qvm.vm:
-    - require:
-      - qvm: dvm-fedora
-    - name: tpl-{{ slsdotpath }}
-    - prefs:
-      - management_dispvm: dvm-fedora
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-install-salt-deps":
-  cmd.script:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora"
-    - name: salt-patch.sh
-    - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh
-    - args: tpl-{{ slsdotpath }}

salt/sys-pgp/prefs.sls

@@ -1,27 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-include:
-  - .create
-
-"{{ slsdotpath }}-set-management_dispvm-to-default":
-  qvm.vm:
-    - require:
-      - cmd: "{{ slsdotpath }}-install-salt-deps"
-    - name: tpl-{{ slsdotpath }}
-    - prefs:
-      - management_dispvm: "*default*"
-
-## TODO: Remove when template with patch reaches upstream or updates enforce
-## salt-deps to be installed.
-## https://github.com/QubesOS/qubes-issues/issues/8806
-"{{ slsdotpath }}-shutdown-template":
-  qvm.shutdown:
-    - require:
-      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default"
-    - name: tpl-{{ slsdotpath }}
-    - flags:
-      - force

salt/sys-pgp/prefs.top

@@ -1,10 +0,0 @@
-{#
-SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
-
-SPDX-License-Identifier: AGPL-3.0-or-later
-#}
-
-base:
-  'dom0':
-    - match: nodegroup
-    - sys-pgp.prefs

salt/whonix-gateway/update-admin.sls

@@ -0,0 +1,20 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] == 'dom0' -%}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-update-admin":
+  cmd.run:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }}
+
+{% endif %}

salt/whonix-gateway/update-admin.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'I@qubes:type:template and E@^whonix-[0-9][0-9]-gateway$':
+    - match: compound
+    - whonix-gateway.update-admin

salt/whonix-workstation/update-admin.sls

@@ -0,0 +1,20 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] == 'dom0' -%}
+
+{%- import slsdotpath ~ "/template.jinja" as template -%}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-update-admin":
+  cmd.run:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }}
+
+{% endif %}

salt/whonix-workstation/update-admin.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'I@qubes:type:template and E@^whonix-[0-9][0-9]-workstation$':
+    - match: compound
+    - whonix-workstation.update-admin