refactor: move appended states to drop-in rc.local

salt/sys-cacher/configure-browser.sls

@@ -7,9 +7,13 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 {% if grains['nodename'] != 'dom0' %}
 
 "{{ slsdotpath }}-browser-rc.local":
-  file.append:
-    - name: /rw/config/rc.local
-    - text: "qvm-connect-tcp 8082:@default:8082"
+  file.managed:
+    - name: /rw/config/rc.local.d/50-sys-cacher.rc
+    - source: salt://{{ slsdotpath }}/files/browser/rc.local.d/50-sys-cacher.rc
+    - mode: '0755'
+    - user: root
+    - group: root
+    - makedirs: True
 
 "{{ slsdotpath }}-browser-desktop-application":
   file.managed:

salt/sys-cacher/configure.sls

@@ -10,24 +10,28 @@ include:
   - dotfiles.copy-x11
 
 "{{ slsdotpath }}-install-rc.local":
-  file.append:
-    - name: /rw/config/rc.local
-    - text: |
-        chown -R apt-cacher-ng:apt-cacher-ng /var/log/apt-cacher-ng
-        chown -R apt-cacher-ng:apt-cacher-ng /var/cache/apt-cacher-ng
-        systemctl unmask qubes-apt-cacher-ng
-        systemctl --no-block restart qubes-apt-cacher-ng
-        nft 'insert rule ip filter INPUT tcp dport 8082 counter accept'
+  file.managed:
+    - name: /rw/config/rc.local.d/50-sys-cacher.rc
+    - source: salt://{{ slsdotpath }}/files/server/rc.local.d/50-sys-cacher.rc
+    - mode: '0755'
+    - user: root
+    - group: root
+    - makedirs: True
 
-"{{ slsdotpath }}-install-qubes-firewall-user-script":
-  file.append:
-    - name: /rw/config/qubes-firewall-user-script
-    - text: nft 'insert rule ip filter INPUT tcp dport 8082 counter accept'
+"{{ slsdotpath }}-install-qubes-firewall":
+  file.managed:
+    - name: /rw/config/qubes-firewall.d/50-sys-cacher
+    - source: salt://{{ slsdotpath }}/files/server/qubes-firewall.d/50-sys-cacher
+    - mode: '0755'
+    - user: root
+    - group: root
+    - makedirs: True
 
 "{{ slsdotpath }}-bind-dirs":
   file.managed:
-    - name: /rw/config/qubes-bind-dirs.d/50_cacher.conf
-    - source: salt://{{ slsdotpath }}/files/server/bind-dirs/50_cacher.conf
+    - name: /rw/config/qubes-bind-dirs.d/50-sys-cacher.conf
+    - source: salt://{{ slsdotpath }}/files/server/qubes-bind-dirs.d/50-sys-cacher.conf
+    - mode: '0644'
     - user: root
     - group: root
     - makedirs: True

salt/sys-cacher/files/browser/rc.local.d/50-sys-cacher.rc

@@ -0,0 +1,7 @@
+#!/bin/sh
+# vim: ft=sh
+# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+qvm-connect-tcp 8082:@default:8082

salt/sys-cacher/files/server/lib-qubes-bind-dirs.d/50-sys-cacher.conf

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# SPDX-FileCopyrightText: 2023 unman <unman@thirdeyesecurity.org>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+binds+=( '/etc/anacrontab' )
+
+# vim: ft=bash

salt/sys-cacher/files/server/qubes-firewall.d/50-sys-cacher

@@ -0,0 +1,7 @@
+#!/bin/sh
+# vim: ft=sh
+# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+nft 'insert rule ip filter INPUT tcp dport 8082 counter accept'

salt/sys-cacher/files/server/rc.local.d/50-sys-cacher.rc

@@ -0,0 +1,11 @@
+#!/bin/sh
+# vim: ft=sh
+# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+chown -R apt-cacher-ng:apt-cacher-ng /var/log/apt-cacher-ng
+chown -R apt-cacher-ng:apt-cacher-ng /var/cache/apt-cacher-ng
+systemctl unmask qubes-apt-cacher-ng
+systemctl --no-block restart qubes-apt-cacher-ng
+nft 'insert rule ip filter INPUT tcp dport 8082 counter accept'

salt/sys-cacher/install.sls

@@ -87,10 +87,13 @@ SPDX-License-Identifier: AGPL-3.0-or-later
     - user: root
     - group: root
 
-"{{ slsdotpath }}-qubes-bind-dirs":
-  file.append:
-    - name: /usr/lib/qubes-bind-dirs.d/30_cron.conf
-    - text: "binds+=( ' /etc/anacrontab' )"
+"{{ slsdotpath }}-lib-qubes-bind-dirs":
+  file.managed:
+    - name: /usr/lib/qubes-bind-dirs.d/50-sys-cacher.conf
+    - source: salt://{{ slsdotpath }}/files/server/lib-qubes-bind-dirs.d/50-sys-cacher.conf
+    - mode: '0644'
+    - user: root
+    - group: root
 
 "{{ slsdotpath }}-acng.conf":
   file.managed: