fix: remove undesired appmenus from builder qubes

docs/DESIGN.md

@@ -5,13 +5,15 @@ Qusal design document.
 ## Table of Contents
 
 * [Goal](#goal)
+* [Documentation](#documentation)
 * [Format](#format)
+  * [Readme](#readme)
   * [File naming](#file-naming)
   * [State ID](#state-id)
-  * [Readme](#readme)
   * [Qube preferences](#qube-preferences)
     * [Qube naming](#qube-naming)
     * [Qube label](#qube-label)
+    * [Qube menu](#qube-menu)
   * [Qube connections](#qube-connections)
   * [Qrexec call and policy](#qrexec-call-and-policy)
 
@@ -151,6 +153,20 @@ related to trustworthiness of the data it is dealing with.
         programs, disposables for opening untrusted files or web pages).
     -   **Examples**: sys-net, sys-usb, dvm-browser.
 
+#### Qube menu
+
+The Qubes App Menu is used by GUI users, always add the `.desktop` files to
+the qube feature `menu-items`, if it is a template, also add to the feature
+`default-menu-items`. Remember to sync the App Menus after the installation of
+software in the desired qube.
+
+Explicitly setting menu item avoids the user clicking on a software not
+intended to be run in the selected qube or trying to run software that is not
+installed. The user opening Tor Browser in a Whonix qube that is intended for
+building software is risky, the user trying to open a file manager on a qube
+that doesn't have one is less risky but for the user the behavior is
+unexpected.
+
 ### Qube connections
 
 There are several ways a qube can connect to another, either directly with

salt/sys-bitcoin/appmenus.sls

@@ -5,4 +5,4 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
 {% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%}
-{{ sync_appmenus('bitcoin') }}
+{{ sync_appmenus('tpl-sys-bitcoin') }}

salt/sys-electrs/README.md

@@ -31,6 +31,7 @@ This formula depends on [sys-bitcoin](../sys-bitcoin/README.md).
 sudo qubesctl top.enable sys-electrs
 sudo qubesctl --targets=tpl-electrs-builder,tpl-sys-electrs,disp-electrs-builder,sys-electrs state.apply
 sudo qubesctl top.disable sys-electrs
+sudo qubesctl state.apply sys-electrs.appmenus
 ```
 
 - State:
@@ -41,6 +42,7 @@ sudo qubesctl --skip-dom0 --targets=tpl-electrs-builder state.apply sys-electrs.
 sudo qubesctl --skip-dom0 --targets=tpl-sys-electrs state.apply sys-electrs.install
 sudo qubesctl --skip-dom0 --targets=disp-electrs-builder state.apply sys-electrs.configure-builder
 sudo qubesctl --skip-dom0 --targets=sys-electrs state.apply sys-electrs.configure
+sudo qubesctl state.apply sys-electrs.appmenus
 ```
 <!-- pkg:end:post-install -->
 

salt/sys-electrs/appmenus.sls

@@ -0,0 +1,11 @@
+{#
+SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%}
+{{ sync_appmenus('tpl-sys-electrs') }}
+
+{% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%}
+{{ sync_appmenus('tpl-electrs-builder') }}

salt/sys-electrs/appmenus.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - sys-electrs.appmenus

salt/sys-electrs/create.sls

@@ -67,6 +67,7 @@ prefs:
 - default_dispvm: ""
 features:
 - set:
+  - default-menu-items: "qubes-run-terminal.desktop qubes-start.desktop"
   - menu-items: "qubes-run-terminal.desktop qubes-start.desktop"
 ## See comment in clone.sls.
 {% if salt['cmd.shell']('qvm-features tpl-electrs-builder') == "whonix-ws" %}

salt/sys-electrumx/README.md

@@ -31,6 +31,7 @@ This formula depends on [sys-bitcoin](../sys-bitcoin/README.md).
 sudo qubesctl top.enable sys-electrumx
 sudo qubesctl --targets=tpl-electrumx-builder,tpl-sys-electrumx,disp-electrumx-builder,sys-electrumx state.apply
 sudo qubesctl top.disable sys-electrumx
+sudo qubesctl state.apply sys-electrumx.appmenus
 ```
 
 - State
@@ -41,6 +42,7 @@ sudo qubesctl --skip-dom0 --targets=tpl-electrumx-builder state.apply sys-electr
 sudo qubesctl --skip-dom0 --targets=tpl-sys-electrumx state.apply sys-electrumx.install
 sudo qubesctl --skip-dom0 --targets=disp-electrumx-builder state.apply sys-electrumx.configure-builder
 sudo qubesctl --skip-dom0 --targets=sys-electrumx state.apply sys-electrumx.configure
+sudo qubesctl state.apply sys-electrumx.appmenus
 ```
 <!-- pkg:end:post-install -->
 

salt/sys-electrumx/appmenus.sls

@@ -0,0 +1,11 @@
+{#
+SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%}
+{{ sync_appmenus('tpl-sys-electrumx') }}
+
+{% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%}
+{{ sync_appmenus('tpl-electrumx-builder') }}

salt/sys-electrumx/appmenus.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - sys-electrumx.appmenus