fix: generate RPM Specs for Qubes Builder V2

It doesn't checkout the current directory when querying the spec, so we provide the already modified version of the spec.
2024-10-01 02:35:49 -04:00 · 2024-06-21 17:00:06 +02:00 · 2024-06-21 17:00:06 +02:00 · c84dfea48e
commit c84dfea48e
parent 7aee0c44d8
108 changed files with 7181 additions and 58 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,3 @@
 # SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 #
 # SPDX-License-Identifier: MIT
-
-rpm_spec/*.spec
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -50,3 +50,12 @@ repos:
        entry: scripts/qubesbuilder-gen.sh test
        language: script
        description: Check if .qubesbuilder is up to date
+
+# TODO: generate temporary spec and compare against staged one.
+#       - id: spec-gen
+#         name: spec-gen
+#         language: script
+#         entry: scripts/spec-gen.sh test
+#         args: [test]
+#         # pass_filenames: true
+#         description: Check if RPM SPEC files are up to date
--- a/.reuse/dep5
+++ b/.reuse/dep5
@ -7,7 +7,7 @@ Files: README.md */README.md docs/* .github/ISSUE_TEMPLATE/*
 Copyright: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 License: CC-BY-SA-4.0

-Files: version
+Files: salt/*/version
 Copyright: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 License: CC0-1.0

--- a/rpm_spec/qusal-ansible.spec
+++ b/rpm_spec/qusal-ansible.spec
@ -0,0 +1,129 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-ansible
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Ansible environment in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-ssh
+Requires:       qusal-utils
+
+
+%description
+Install Ansible and use it on the "ansible" app qube.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply ansible.create
+  qubesctl --skip-dom0 --targets=tpl-ansible state.apply ansible.install
+  qubesctl --skip-dom0 --targets=ansible state.apply ansible.configure,zsh.touch-zshrc
+  qubesctl --skip-dom0 --targets=ansible-minion state.apply ansible.configure-minion,zsh.touch-zshrc
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - a564b3a
+- feat: add TCP proxy for remote hosts
+
+* Wed May 29 2024 Ben Grande <ben.grande.b@gmail.com> - df698b4
+- fix: bump Ansible repository codename
+
+* Wed May 29 2024 Ben Grande <ben.grande.b@gmail.com> - 8accc47
+- fix: remove old deb repository list format
+
+* Thu May 16 2024 Ben Grande <ben.grande.b@gmail.com> - b2c9479
+- fix: enforce https on repository installation
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b4d142b
+- refactor: move appended states to drop-in rc.local
+
+* Mon Nov 20 2023 Ben Grande <ben.grande.b@gmail.com> - 5e3c790
+- fix: mode ansible linter to correct project
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-browser.spec
+++ b/rpm_spec/qusal-browser.spec
@ -0,0 +1,161 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-browser
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Browser environment in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-audio
+Requires:       qusal-sys-usb
+Requires:       qusal-utils
+
+
+%description
+Create environment for browsing. By default it creates a disposable template
+called "dvm-browser", so when clicking the icon/launcher, it opens a
+disposable qube. If you want to save your session, you can also clone the
+template and create app qubes.
+
+Default browser to install is Chromium, but you can choose to install Chrome,
+Firefox-ESR, W3M or Lynx.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply browser.create
+  qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install
+  qubesctl --skip-dom0 --targets=dvm-browser state.apply browser.configure
+  qubesctl state.apply browser.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Sun Jun 16 2024 Ben Grande <ben.grande.b@gmail.com> - faa00fb
+- doc: update table of contents
+
+* Sun Jun 09 2024 Ben Grande <ben.grande.b@gmail.com> - 899f7e4
+- fix: add Fedora 40 Firefox desktop file to appmenu
+
+* Wed May 29 2024 Ben Grande <ben.grande.b@gmail.com> - 8accc47
+- fix: remove old deb repository list format
+
+* Fri May 24 2024 Ben Grande <ben.grande.b@gmail.com> - cbf61e6
+- feat: add Firefox browser from Mozilla repository
+
+* Thu May 16 2024 Ben Grande <ben.grande.b@gmail.com> - b2c9479
+- fix: enforce https on repository installation
+
+* Thu May 16 2024 Ben Grande <ben.grande.b@gmail.com> - d4c3fb1
+- feat: add terraform and chrome fedora repositories
+
+* Wed May 15 2024 Ben Grande <ben.grande.b@gmail.com> - 3adc241
+- fix: renew keys and delete expired ones
+
+* Tue May 14 2024 Ben Grande <ben.grande.b@gmail.com> - d148599
+- doc: nested list indentation
+
+* Mon Mar 25 2024 Ben Grande <ben.grande.b@gmail.com> - fb7db5d
+- fix: browser requires a state and not a package
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Wed Jan 31 2024 Ben Grande <ben.grande.b@gmail.com> - b5d7371
+- fix: thunar requires xfce helpers to find terminal
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Tue Jan 09 2024 Ben Grande <ben.grande.b@gmail.com> - a3829e4
+- feat: policy support for multiple sys-usb qubes
+
+* Sun Dec 31 2023 Ben Grande <ben.grande.b@gmail.com> - 81f8c56
+- fix: install missing packages to audio client
+
+* Wed Dec 27 2023 Ben Grande <ben.grande.b@gmail.com> - a617c3d
+- fix: modify package names to match Qubes 4.2
+
+* Tue Dec 26 2023 Ben Grande <ben.grande.b@gmail.com> - 06393fc
+- fix: browser cli install tool switches to fetcher
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-debian-minimal.spec
+++ b/rpm_spec/qusal-debian-minimal.spec
@ -0,0 +1,120 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-debian-minimal
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Debian Minimal Template in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-dotfiles
+Requires:       qusal-utils
+
+
+%description
+Creates the Debian Minimal template as well as a Disposable Template based on
+it.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply debian-minimal.create
+  qubesctl --skip-dom0 --targets=debian-12-minimal state.apply debian-minimal.install
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Wed Jan 10 2024 Ben Grande <ben.grande.b@gmail.com> - 040594a
+- fix: do not remove created dvm
+
+* Thu Jan 04 2024 Ben Grande <ben.grande.b@gmail.com> - 8a8252d
+- fix: changes default template flavor to Xfce
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b0626bd
+- fix: template name must specify version
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-debian-xfce.spec
+++ b/rpm_spec/qusal-debian-xfce.spec
@ -0,0 +1,111 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-debian-xfce
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Debian Xfce Template in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-utils
+
+
+%description
+Creates the Debian Xfce Template as well as a Disposable Template based on it.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply debian-xfce.create
+  qubesctl --skip-dom0 --targets=debian-12-xfce state.apply debian-xfce.install
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed Jun 12 2024 Ben Grande <ben.grande.b@gmail.com> - fc22726
+- feat: build and sign RPM packages
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - 5502103
+- fix: separate template formula per flavor
--- a/rpm_spec/qusal-debian.spec
+++ b/rpm_spec/qusal-debian.spec
@ -0,0 +1,120 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-debian
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Debian Template in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-utils
+
+
+%description
+Creates the Debian template as well as a Disposable Template based on it.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply debian.create
+  qubesctl --skip-dom0 --targets=debian-12 state.apply debian.install
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - 5502103
+- fix: separate template formula per flavor
+
+* Wed Jan 10 2024 Ben Grande <ben.grande.b@gmail.com> - 040594a
+- fix: do not remove created dvm
+
+* Thu Jan 04 2024 Ben Grande <ben.grande.b@gmail.com> - 8a8252d
+- fix: changes default template flavor to Xfce
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b0626bd
+- fix: template name must specify version
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-dev.spec
+++ b/rpm_spec/qusal-dev.spec
@ -0,0 +1,141 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-dev
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Development environment in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-git
+Requires:       qusal-sys-pgp
+Requires:       qusal-sys-ssh-agent
+Requires:       qusal-utils
+
+
+%description
+Setup a development qube named "dev". Defines the user interactive shell,
+installing goodies, applying dotfiles, being client of sys-pgp, sys-git and
+sys-ssh-agent. The qube has netvm but can reach remote servers if the policy
+allows.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply dev.create
+  qubesctl --skip-dom0 --targets=tpl-dev state.apply dev.install
+  qubesctl --skip-dom0 --targets=dvm-dev state.apply dev.configure-dvm
+  qubesctl --skip-dom0 --targets=dev state.apply dev.configure
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Mon Jun 17 2024 Ben Grande <ben.grande.b@gmail.com> - 534db96
+- doc: qusal proxy service requires configuration
+
+* Fri Jun 14 2024 Ben Grande <ben.grande.b@gmail.com> - afcb730
+- doc: document usage of qusal TCP proxy
+
+* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - a564b3a
+- feat: add TCP proxy for remote hosts
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Sat Feb 17 2024 Ben Grande <ben.grande.b@gmail.com> - dbed18d
+- feat: Bitcoin Core and Electrum servers and wallet
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Fri Jan 26 2024 Ben Grande <ben.grande.b@gmail.com> - a04960c
+- feat: initial split-mail setup
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Wed Dec 20 2023 Ben Grande <ben.grande.b@gmail.com> - dbaa386
+- chore: inline dev install documentation
+
+* Mon Dec 18 2023 Ben Grande <ben.grande.b@gmail.com> - 9fc2c03
+- doc: top method must not skip dom0
+
+* Mon Nov 20 2023 Ben Grande <ben.grande.b@gmail.com> - 5e3c790
+- fix: mode ansible linter to correct project
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-docker.spec
+++ b/rpm_spec/qusal-docker.spec
@ -0,0 +1,118 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-docker
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Docker installation in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-docker
+Requires:       qusal-utils
+
+
+%description
+Setup docker in Qubes OS with the Docker repository.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply docker.install
+  qubesctl --skip-dom0 --targets=qubes-builder state.apply docker.configure
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed May 29 2024 Ben Grande <ben.grande.b@gmail.com> - 8accc47
+- fix: remove old deb repository list format
+
+* Thu May 16 2024 Ben Grande <ben.grande.b@gmail.com> - b2c9479
+- fix: enforce https on repository installation
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Fri Jan 05 2024 Ben Grande <ben.grande.b@gmail.com> - c109404
+- fix: add user to mock group
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b4d142b
+- refactor: move appended states to drop-in rc.local
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-dom0.spec
+++ b/rpm_spec/qusal-dom0.spec
@ -0,0 +1,195 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-dom0
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Dom0 environment in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later AND GPL-2.0-only AND GPL-3.0-or-later AND MIT
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-git
+Requires:       qusal-utils
+
+
+%description
+Configure Dom0 window manager, install packages, backup scripts and profile
+etc.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply dom0
+  qubesctl --skip-dom0 --templates --standalones state.apply update.qubes-vm
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Tue Jun 18 2024 Ben Grande <ben.grande.b@gmail.com> - 8d5c1c9
+- chore: typo in date command
+
+* Sun Jun 09 2024 Ben Grande <ben.grande.b@gmail.com> - fcf7fe9
+- fix: guarantee a fully updated system on bootstrap
+
+* Sat Jun 08 2024 Ben Grande <ben.grande.b@gmail.com> - 1003d62
+- fix: KDE with outdated require id
+
+* Fri Jun 07 2024 Ben Grande <ben.grande.b@gmail.com> - efc3984
+- feat: allow terminal and file manager choice
+
+* Tue Jun 04 2024 Ben Grande <ben.grande.b@gmail.com> - 34d5d36
+- feat: add state for desktop i3 and AwesomeWM
+
+* Fri May 24 2024 Ben Grande <ben.grande.b@gmail.com> - efcf8c7
+- fix: unify screenshot tool existence logic
+
+* Fri May 24 2024 Ben Grande <ben.grande.b@gmail.com> - 444672e
+- fix: prefer maim for screenshot
+
+* Tue May 14 2024 Ben Grande <ben.grande.b@gmail.com> - d148599
+- doc: nested list indentation
+
+* Wed May 01 2024 Ben Grande <ben.grande.b@gmail.com> - 18204da
+- fix: import jinja template to dom0 kde state
+
+* Tue Apr 30 2024 Ben Grande <ben.grande.b@gmail.com> - 5722a25
+- fix: discover non-root username at runtime
+
+* Fri Mar 22 2024 Ben Grande <ben.grande.b@gmail.com> - 81bf77c
+- fix: missing load import
+
+* Wed Mar 20 2024 Ben Grande <ben.grande.b@gmail.com> - 004cb73
+- fix: restrict supported screenshot tools
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - fc2af9b
+- fix: remove colors from output of backup file
+
+* Fri Mar 15 2024 Ben Grande <ben.grande.b@gmail.com> - 425748a
+- fix: install screenshot dependencies
+
+* Wed Mar 13 2024 Ben Grande <ben.grande.b@gmail.com> - 134a26a
+- feat: add screenshot helper
+
+* Mon Feb 26 2024 Ben Grande <ben.grande.b@gmail.com> - e7a7649
+- fix: remove dom0 port forwarding default install
+
+* Sat Feb 24 2024 Ben Grande <ben.grande.b@gmail.com> - f3953eb
+- fix: convert backup profile to example type
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 766a430
+- fix: typo in file name
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - f513f64
+- feat: better dom0 terminal usability
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - b01f2d2
+- chore: move port forward to dom0 formula
+
+* Thu Jan 18 2024 Ben Grande <ben.grande.b@gmail.com> - 0887c24
+- fix: remove unicode from used files
+
+* Thu Jan 18 2024 Ben Grande <ben.grande.b@gmail.com> - 23bcceb
+- fix: dom0 as sys-git client
+
+* Tue Jan 02 2024 Ben Grande <ben.grande.b@gmail.com> - b86486a
+- feat: qubes-vm-update global settings
+
+* Sun Dec 31 2023 Ben Grande <ben.grande.b@gmail.com> - ec9142b
+- fix: pci regain with invalid syntax
+
+* Wed Dec 27 2023 Ben Grande <ben.grande.b@gmail.com> - 250c877
+- fix: regain pci script not managed
+
+* Wed Dec 20 2023 Ben Grande <ben.grande.b@gmail.com> - c2f2584
+- feat: provide development environment for dom0
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b4b7f27
+- fix: qubes-update superseded by qubes-vm-update
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - bcc8165
+- fix: salt syntax with missing characters
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 963e72c
+- chore: Fix unman copyright contact
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-dotfiles.spec
+++ b/rpm_spec/qusal-dotfiles.spec
@ -0,0 +1,191 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-dotfiles
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Ben Grande's Dotfiles
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later AND BSD-2-Clause AND CC-BY-SA-3.0 AND CC-BY-SA-4.0 AND GFDL-1.3-or-later AND GPL-2.0-only AND GPL-3.0-only AND GPL-3.0-or-later AND MIT AND Vim
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+
+
+%description
+Configuration and scripts targeting:
+
+-   Usability:
+    -   Vi keybindings for application movement
+    -   Emacs keybindings for command-line editing
+    -   XDG Specification to not clutter $HOME
+-   Portability:
+    -   POSIX compliant code
+    -   Drop-in configuration files
+    -   Tested in Qubes OS Dom0, Debian, Fedora, OpenBSD
+-   Tasks:
+    -   GUI: x11, gtk
+    -   SCM: git, tig, git-shell
+    -   Keys: gpg, ssh
+    -   Networking: curl, urlview, wget, w3m
+    -   Productivity: tmux, vim
+    -   Shell: sh, bash, zsh, less, dircolors
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  true
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Thu Jun 20 2024 Ben Grande <ben.grande.b@gmail.com> - 0e2bb5b
+- fix: update dotfiles module
+
+* Mon Jun 17 2024 Ben Grande <ben.grande.b@gmail.com> - b5ae221
+- fix: update dotfiles module
+
+* Mon Jun 17 2024 Ben Grande <ben.grande.b@gmail.com> - 1a72665
+- feat: add split-gpg2 configuration
+
+* Fri Jun 14 2024 Ben Grande <ben.grande.b@gmail.com> - fcad8cb
+- feat: update dotfiles module
+
+* Tue Jun 04 2024 Ben Grande <ben.grande.b@gmail.com> - a4848e1
+- fix: update dotfiles module
+
+* Tue May 14 2024 Ben Grande <ben.grande.b@gmail.com> - d148599
+- doc: nested list indentation
+
+* Tue Apr 30 2024 Ben Grande <ben.grande.b@gmail.com> - 5722a25
+- fix: discover non-root username at runtime
+
+* Tue Apr 23 2024 Ben Grande <ben.grande.b@gmail.com> - 69745df
+- fix: update dotfiles module
+
+* Tue Mar 19 2024 Ben Grande <ben.grande.b@gmail.com> - 4097af2
+- fix: update dotfiles module
+
+* Thu Mar 14 2024 Ben Grande <ben.grande.b@gmail.com> - 8a0c004
+- fix: update dotfiles module
+
+* Mon Mar 11 2024 Ben Grande <ben.grande.b@gmail.com> - 49fb733
+- fix: update dotfiles module
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - f513f64
+- feat: better dom0 terminal usability
+
+* Sun Feb 18 2024 Ben Grande <ben.grande.b@gmail.com> - f735474
+- fix: update dotfiles module
+
+* Sun Feb 18 2024 Ben Grande <ben.grande.b@gmail.com> - a91f488
+- fix: update dotfiles module
+
+* Sun Feb 04 2024 Ben Grande <ben.grande.b@gmail.com> - f27db69
+- fix: update dotfiles module
+
+* Wed Jan 31 2024 Ben Grande <ben.grande.b@gmail.com> - b5d7371
+- fix: thunar requires xfce helpers to find terminal
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Fri Jan 26 2024 Ben Grande <ben.grande.b@gmail.com> - a04960c
+- feat: initial split-mail setup
+
+* Sun Jan 21 2024 Ben Grande <ben.grande.b@gmail.com> - d75a59f
+- fix: update dotfiles module
+
+* Thu Jan 18 2024 Ben Grande <ben.grande.b@gmail.com> - 0dd627b
+- fix: update dotfiles module
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - 6828e83
+- fix: update dotfiles module
+
+* Thu Dec 28 2023 Ben Grande <ben.grande.b@gmail.com> - bd54499
+- fix: update dotfiles module
+
+* Wed Dec 27 2023 Ben Grande <ben.grande.b@gmail.com> - 652b4f0
+- fix: update dotfiles module
+
+* Thu Dec 21 2023 Ben Grande <ben.grande.b@gmail.com> - a27493c
+- fix: update dotfiles module
+
+* Tue Nov 21 2023 Ben Grande <ben.grande.b@gmail.com> - 20115a2
+- fix: udpate dotfiles module
+
+* Mon Nov 20 2023 Ben Grande <ben.grande.b@gmail.com> - 83c17c4
+- fix: update dotfiles module
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-electrum.spec
+++ b/rpm_spec/qusal-electrum.spec
@ -0,0 +1,142 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-electrum
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Electrum Bitcoin Wallet in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-bitcoin
+Requires:       qusal-sys-pgp
+Requires:       qusal-utils
+Requires:       qusal-whonix-workstation
+
+
+%description
+Setup multiple lightweights Electrum Bitcoin Wallets, one offline qube named
+"electrum" and one online qube based on Whonix-Workstation named
+"electrum-hot".
+
+You can use either wallet or both together depending on your setup. Use the
+"electrum" to sign transactions and the "electrum-hot" to broadcast them.
+
+By default, the installation verify and fetch the tarball from upstream
+sources, avoiding using outdated distribution package versions that lack
+important security fixes. The fetching will occur over Tor and on a disposable
+qube "disp-electrum-builder", which will then upload the files to the template
+"tpl-electrum". The installation on a disposable helps separate the wallet
+usage from ever connecting to the internet.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply electrum.create
+  qubesctl --skip-dom0 --targets=tpl-electrum-builder state.apply electrum.install-builder
+  qubesctl --skip-dom0 --targets=tpl-electrum state.apply electrum.install
+  qubesctl --skip-dom0 --targets=disp-electrum-builder state.apply electrum.configure-builder
+  qubesctl --skip-dom0 --targets=electrum state.apply electrum.configure
+  qubesctl --skip-dom0 --targets=electrum-hot state.apply electrum.configure-hot
+  qubesctl state.apply electrum.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Tue Jun 04 2024 Ben Grande <ben.grande.b@gmail.com> - 6e85416
+- feat: add disposable qubes to bitcoin clients
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Sun Feb 18 2024 Ben Grande <ben.grande.b@gmail.com> - 7d6e2bf
+- fix: less menu items for bitcoin qubes
+
+* Sun Feb 18 2024 Ben Grande <ben.grande.b@gmail.com> - 2409d8a
+- fix: better electrum GUI resolution and tabs
+
+* Sun Feb 18 2024 Ben Grande <ben.grande.b@gmail.com> - 3ef02df
+- fix: electrum install zbar and protobuf
+
+* Sat Feb 17 2024 Ben Grande <ben.grande.b@gmail.com> - 275178f
+- fix: add missing dependency for qvm-connect-tcp
+
+* Sat Feb 17 2024 Ben Grande <ben.grande.b@gmail.com> - dbed18d
+- feat: Bitcoin Core and Electrum servers and wallet
+
+* Wed Jan 31 2024 Ben Grande <ben.grande.b@gmail.com> - 174af08
+- feat: electrum bitcoin wallet
--- a/rpm_spec/qusal-element.spec
+++ b/rpm_spec/qusal-element.spec
@ -0,0 +1,102 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-element
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Element Matrix client installation in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-sys-audio
+Requires:       qusal-utils
+
+
+%description
+Install Element and use it on the "element" app qube to connect to your
+Matrix account.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply element.create
+  qubesctl --skip-dom0 --targets=tpl-element state.apply element.install
+  qubesctl state.apply element.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed May 29 2024 Ben Grande <ben.grande.b@gmail.com> - 8accc47
+- fix: remove old deb repository list format
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 26a35b8
+- feat: add Element formula
--- a/rpm_spec/qusal-fedora-minimal.spec
+++ b/rpm_spec/qusal-fedora-minimal.spec
@ -0,0 +1,130 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-fedora-minimal
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Fedora Minimal Template in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dotfiles
+Requires:       qusal-fedora
+Requires:       qusal-utils
+
+
+%description
+Creates the Fedora Minimal template as well as a Disposable Template based on
+it.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply fedora-minimal.create
+  qubesctl --skip-dom0 --targets=fedora-40-minimal state.apply fedora-minimal.install
+  qubesctl state.apply fedora-minimal.prefs
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed Jun 12 2024 Ben Grande <ben.grande.b@gmail.com> - 6e7774a
+- feat: bump Fedora version
+
+* Sat Mar 23 2024 Ben Grande <ben.grande.b@gmail.com> - cf88ad1
+- fix: install salt depends in fedora-39-minimal
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Fri Feb 16 2024 Ben Grande <ben.grande.b@gmail.com> - e6fb72c
+- feat: update template to fedora-39
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Wed Jan 10 2024 Ben Grande <ben.grande.b@gmail.com> - 040594a
+- fix: do not remove created dvm
+
+* Thu Jan 04 2024 Ben Grande <ben.grande.b@gmail.com> - 8a8252d
+- fix: changes default template flavor to Xfce
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b0626bd
+- fix: template name must specify version
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-fedora-xfce.spec
+++ b/rpm_spec/qusal-fedora-xfce.spec
@ -0,0 +1,117 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-fedora-xfce
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Fedora Xfce Template in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-utils
+
+
+%description
+Creates the Fedora Xfce template as well as a Disposable Template based on it.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply fedora-xfce.create
+  qubesctl --skip-dom0 --targets=fedora-40-xfce state.apply fedora-xfce.install
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed Jun 12 2024 Ben Grande <ben.grande.b@gmail.com> - 6e7774a
+- feat: bump Fedora version
+
+* Wed Jun 12 2024 Ben Grande <ben.grande.b@gmail.com> - fc22726
+- feat: build and sign RPM packages
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Fri Feb 16 2024 Ben Grande <ben.grande.b@gmail.com> - e6fb72c
+- feat: update template to fedora-39
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - 5502103
+- fix: separate template formula per flavor
--- a/rpm_spec/qusal-fedora.spec
+++ b/rpm_spec/qusal-fedora.spec
@ -0,0 +1,126 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-fedora
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Fedora Template in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-utils
+
+
+%description
+Creates the Fedora template as well as a Disposable Template based on it.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply fedora.create
+  qubesctl --skip-dom0 --targets=fedora-40 state.apply fedora.install
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed Jun 12 2024 Ben Grande <ben.grande.b@gmail.com> - 6e7774a
+- feat: bump Fedora version
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Fri Feb 16 2024 Ben Grande <ben.grande.b@gmail.com> - e6fb72c
+- feat: update template to fedora-39
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - 5502103
+- fix: separate template formula per flavor
+
+* Wed Jan 10 2024 Ben Grande <ben.grande.b@gmail.com> - 040594a
+- fix: do not remove created dvm
+
+* Thu Jan 04 2024 Ben Grande <ben.grande.b@gmail.com> - 8a8252d
+- fix: changes default template flavor to Xfce
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b0626bd
+- fix: template name must specify version
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-fetcher.spec
+++ b/rpm_spec/qusal-fetcher.spec
@ -0,0 +1,128 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-fetcher
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Fetch publicly accessible files over the internet in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-pgp
+Requires:       qusal-utils
+
+
+%description
+A Template for DispVMs will be created and named "dvm-fetcher", from this qube
+you will create others that can connect to the internet to download files. You
+will be able to download from many protocol as long as the installed tools
+accepts them.
+
+Supported protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS,
+ IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP,
+ SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS, WSS, RSYNC, BitTorrent.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply fetcher.create
+  qubesctl --skip-dom0 --targets=tpl-fetcher state.apply fetcher.install
+  qubesctl --skip-dom0 --targets=dvm-fetcher state.apply fetcher.configure-dvm
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - 7a70535
+- fix: Fedora 40 only has wget2
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Tue Jan 30 2024 Ben Grande <ben.grande.b@gmail.com> - c08b39d
+- feat: add torrent client to fetcher
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Mon Dec 18 2023 Ben Grande <ben.grande.b@gmail.com> - f16bfdd
+- feat: fetcher
--- a/rpm_spec/qusal-kicksecure-minimal.spec
+++ b/rpm_spec/qusal-kicksecure-minimal.spec
@ -0,0 +1,133 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-kicksecure-minimal
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Kicksecure Minimal Template in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-kicksecure-minimal
+Requires:       qusal-sys-cacher
+Requires:       qusal-utils
+
+
+%description
+Creates the Kicksecure Minimal template as well as a Disposable Template based
+on it.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply kicksecure-minimal.create
+  qubesctl --skip-dom0 --targets=kicksecure-17-minimal state.apply kicksecure-minimal.install
+  qubesctl state.apply kicksecure-minimal.prefs
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Sun Jun 16 2024 Ben Grande <ben.grande.b@gmail.com> - faa00fb
+- doc: update table of contents
+
+* Thu May 16 2024 Ben Grande <ben.grande.b@gmail.com> - b2c9479
+- fix: enforce https on repository installation
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Sat Feb 03 2024 Ben Grande <ben.grande.b@gmail.com> - 56ecc25
+- fix: vm kernel only applies to developers
+
+* Fri Feb 02 2024 Ben Grande <ben.grande.b@gmail.com> - 76c9cd0
+- fix: move custom kicksecure settings to dev state
+
+* Thu Feb 01 2024 Ben Grande <ben.grande.b@gmail.com> - 4596198
+- fix: less intrusive kicksecure default install
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Fri Jan 26 2024 Ben Grande <ben.grande.b@gmail.com> - a04960c
+- feat: initial split-mail setup
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Sun Jan 14 2024 Ben Grande <ben.grande.b@gmail.com> - ff4773b
+- doc: kicksecure missing minimal flavor
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - a97e3c0
+- feat: kicksecure minimal template
--- a/rpm_spec/qusal-mail.spec
+++ b/rpm_spec/qusal-mail.spec
@ -0,0 +1,138 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-mail
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Mail operations in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-pgp
+Requires:       qusal-utils
+
+
+%description
+Create a mail fetcher qube named "mail-fetcher", a mail reader qube names
+"mail-reader" and a mail sender qube named "mail-sender".
+
+The online "mail-fetcher" qube will fetch messages with POP3. After being
+fetched, you can copy them to the offline "mail-reader" qube, where you will
+be reading emails. After composing a message, the "mail-reader" qube will
+save the messages to a queue, which can be forwarded to the online
+"mail-sender" qube. You can review messages to be sent from the "mail-sender"
+qube and them send them via SMTP.
+
+By default, the protocols used required SSL, POP3 on port 995, IMAP on port
+995 and SMTP on port 587. You can always override any configuration via
+included files.
+
+This formula is based on Unman's SplitMutt guide, using POP3 and/or IMAP to
+get mail, not considering SSH access to the mail server. We are using
+qfile-agent and not Rsync to synchronize mails between qubes to avoid a higher
+attack surface, but Rsync may be considered in the future in case qfile-agent
+causes problems.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply mail.create
+  qubesctl --skip-dom0 --targets=tpl-reader state.apply reader.install
+  qubesctl --skip-dom0 --targets=tpl-mail-fetcher state.apply mail.install-fetcher
+  qubesctl --skip-dom0 --targets=tpl-mail-reader state.apply mail.install-reader
+  qubesctl --skip-dom0 --targets=tpl-mail-sender state.apply mail.install-sender
+  qubesctl --skip-dom0 --targets=dvm-mail-fetcher state.apply mail.configure-fetcher
+  qubesctl --skip-dom0 --targets=mail-reader state.apply mail.configure-reader
+  qubesctl --skip-dom0 --targets=dvm-mail-sender state.apply mail.configure-sender
+  qubesctl state.apply mail.appmenus,reader.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Tue May 14 2024 Ben Grande <ben.grande.b@gmail.com> - d148599
+- doc: nested list indentation
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 27 2024 Ben Grande <ben.grande.b@gmail.com> - dab2979
+- fix: mail qrexec policy missing disp in name
+
+* Fri Jan 26 2024 Ben Grande <ben.grande.b@gmail.com> - a04960c
+- feat: initial split-mail setup
--- a/rpm_spec/qusal-media.spec
+++ b/rpm_spec/qusal-media.spec
@ -0,0 +1,130 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-media
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Media opener through disposables in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later AND CC0-1.0
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-browser
+Requires:       qusal-sys-audio
+Requires:       qusal-utils
+
+
+%description
+Creates the offline "media" qube for storing multimedia files and open the
+files in a named disposable "disp-media" via MIME configuration.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply media.create
+  qubesctl --skip-dom0 --targets=tpl-media state.apply media.install
+  qubesctl --skip-dom0 --targets=media state.apply media.configure
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - d984da5
+- feat: enhance mpv performance
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Thu Feb 22 2024 Ben Grande <ben.grande.b@gmail.com> - 858aba8
+- doc: inform how to get a better mpv performance
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Fri Jan 26 2024 Ben Grande <ben.grande.b@gmail.com> - aec644b
+- feat: add qubes img and pdf converter media qubes
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Sun Dec 31 2023 Ben Grande <ben.grande.b@gmail.com> - 81f8c56
+- fix: install missing packages to audio client
+
+* Wed Dec 27 2023 Ben Grande <ben.grande.b@gmail.com> - a617c3d
+- fix: modify package names to match Qubes 4.2
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-mgmt.spec
+++ b/rpm_spec/qusal-mgmt.spec
@ -0,0 +1,128 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-mgmt
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Management environment in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-fedora
+Requires:       qusal-fedora-minimal
+Requires:       qusal-utils
+
+
+%description
+A Template for DispVMs will be created and named "dvm-mgmt" and become the
+global "management_dispvm". It will be used when opening a disposable console
+of a qube or for Salt Management on DomUs.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply mgmt.create
+  qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install
+  qubesctl state.apply mgmt.prefs
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Mon Jun 10 2024 Ben Grande <ben.grande.b@gmail.com> - ffe03ba
+- fix: set global prefs for management_dispvm
+
+* Sat Mar 23 2024 Ben Grande <ben.grande.b@gmail.com> - cf88ad1
+- fix: install salt depends in fedora-39-minimal
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Sun Mar 10 2024 Ben Grande <ben.grande.b@gmail.com> - 3dca623
+- fix: change mgmt template to fedora
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Fri Jan 05 2024 Ben Grande <ben.grande.b@gmail.com> - 417843b
+- feat: remove extraneous passwordless root
+
+* Mon Dec 18 2023 Ben Grande <ben.grande.b@gmail.com> - 9fc2c03
+- doc: top method must not skip dom0
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-mirage-builder.spec
+++ b/rpm_spec/qusal-mirage-builder.spec
@ -0,0 +1,129 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-mirage-builder
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Mirage Builder environment in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-docker
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-git
+Requires:       qusal-sys-pgp
+Requires:       qusal-sys-ssh-agent
+Requires:       qusal-utils
+
+
+%description
+Setup a builder qube for Mirage Unikernel named "mirage-builder". The tool
+necessary to build Mirage with docker or directly with Opam will also be
+installed.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply mirage-builder.create
+  qubesctl --skip-dom0 --targets=tpl-mirage-builder state.apply mirage-builder.install
+  qubesctl --skip-dom0 --targets=mirage-builder state.apply mirage-builder.configure
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Tue May 14 2024 Ben Grande <ben.grande.b@gmail.com> - d148599
+- doc: nested list indentation
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Fri Jan 05 2024 Ben Grande <ben.grande.b@gmail.com> - 417843b
+- feat: remove extraneous passwordless root
+
+* Wed Jan 03 2024 Ben Grande <ben.grande.b@gmail.com> - 6bb426a
+- refactor: import armored gpg keys instead of db
+
+* Thu Dec 28 2023 Ben Grande <ben.grande.b@gmail.com> - b52e4b1
+- fix: strict split-gpg2 service
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-opentofu.spec
+++ b/rpm_spec/qusal-opentofu.spec
@ -0,0 +1,110 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-opentofu
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        OpenTofu installation in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-sys-ssh-agent
+Requires:       qusal-utils
+
+
+%description
+Installs OpenTofu and use it on the "opentofu" app qube. An open-source fork
+of Terraform.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply opentofu.create
+  qubesctl --skip-dom0 --targets=tpl-opentofu state.apply opentofu.install
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed May 29 2024 Ben Grande <ben.grande.b@gmail.com> - 8accc47
+- fix: remove old deb repository list format
+
+* Thu May 16 2024 Ben Grande <ben.grande.b@gmail.com> - b2c9479
+- fix: enforce https on repository installation
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Feb 19 2024 Ben Grande <ben.grande.b@gmail.com> - 89bd760
+- feat: add OpenTofu
--- a/rpm_spec/qusal-qubes-builder.spec
+++ b/rpm_spec/qusal-qubes-builder.spec
@ -0,0 +1,181 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-qubes-builder
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Setup Qubes OS Builder V2 in Qubes OS itself
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later AND GPL-2.0-only
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-docker
+Requires:       qusal-dotfiles
+Requires:       qusal-fedora-minimal
+Requires:       qusal-sys-git
+Requires:       qusal-sys-pgp
+Requires:       qusal-sys-ssh-agent
+Requires:       qusal-utils
+
+
+%description
+Setup a Builder qube named "qubes-builder" and a disposable template for Qubes
+Executor named "dvm-qubes-builder". It is possible to use any of the available
+executors: docker, podman, qubes-executor.
+
+During installation, after cloning the qubes-builderv2 repository, signatures
+will be verified and the installation will fail if the signatures couldn't be
+verified. Packages necessary for split operations such as split-gpg2, spit-git
+and split-ssh-agent will also be installed.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply qubes-builder.create
+  qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply qubes-builder.install
+  qubesctl state.apply qubes-builder.prefs
+  qubesctl --skip-dom0 --targets=dvm-qubes-builder state.apply qubes-builder.configure-qubes-executor
+  qubesctl --skip-dom0 --targets=qubes-builder state.apply qubes-builder.configure
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed Jun 19 2024 Ben Grande <ben.grande.b@gmail.com> - 99fb138
+- fix: correct git repository name in policy
+
+* Mon Jun 17 2024 Ben Grande <ben.grande.b@gmail.com> - 1a72665
+- feat: add split-gpg2 configuration
+
+* Fri Jun 14 2024 Ben Grande <ben.grande.b@gmail.com> - ba5b481
+- fix: signature check breaks qubes-builder update
+
+* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - 7a70535
+- fix: Fedora 40 only has wget2
+
+* Wed Jun 12 2024 Ben Grande <ben.grande.b@gmail.com> - 10200f6
+- fix: rpmmacros is unnecessary with split-gpg2
+
+* Sat Mar 23 2024 Ben Grande <ben.grande.b@gmail.com> - cf88ad1
+- fix: install salt depends in fedora-39-minimal
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Sun Feb 04 2024 Ben Grande <ben.grande.b@gmail.com> - c35ec15
+- fix: create directories when necessary
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 97c644a
+- fix: invert builder memory and vcpus
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Thu Jan 18 2024 Ben Grande <ben.grande.b@gmail.com> - 0887c24
+- fix: remove unicode from used files
+
+* Mon Jan 08 2024 Ben Grande <ben.grande.b@gmail.com> - f5894dc
+- doc: cleaner usage sections for qubes-builder
+
+* Sun Jan 07 2024 Ben Grande <ben.grande.b@gmail.com> - 42a9309
+- fix: rpc service copy to dvm
+
+* Fri Jan 05 2024 Ben Grande <ben.grande.b@gmail.com> - a17f9f5
+- feat: unattended qubes-builder build
+
+* Fri Jan 05 2024 Ben Grande <ben.grande.b@gmail.com> - c109404
+- fix: add user to mock group
+
+* Wed Jan 03 2024 Ben Grande <ben.grande.b@gmail.com> - 6bb426a
+- refactor: import armored gpg keys instead of db
+
+* Wed Jan 03 2024 Ben Grande <ben.grande.b@gmail.com> - 0eecbcf
+- fix: unconfined qfile-unpacker
+
+* Wed Jan 03 2024 Ben Grande <ben.grande.b@gmail.com> - 0832859
+- fix: remove old split-gpg from qubes-builder
+
+* Thu Dec 28 2023 Ben Grande <ben.grande.b@gmail.com> - f8953c6
+- doc: better usage of split-gpg2 in qubes-builder
+
+* Thu Dec 28 2023 Ben Grande <ben.grande.b@gmail.com> - b52e4b1
+- fix: strict split-gpg2 service
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b4d142b
+- refactor: move appended states to drop-in rc.local
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-reader.spec
+++ b/rpm_spec/qusal-reader.spec
@ -0,0 +1,138 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-reader
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Reader environment as the default_dispvm in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dotfiles
+Requires:       qusal-utils
+
+
+%description
+Create a disposable template for reading documents and viewing images called
+"dvm-reader". It is designated to be the "default_dispvm", because of this,
+there is no "netvm", but if you assign one, you will get networking as the
+necessary packages will be installed in the template.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply reader.create
+  qubesctl --skip-dom0 --targets=tpl-reader state.apply reader.install
+  qubesctl --skip-dom0 --targets=dvm-reader state.apply reader.configure
+  qubesctl state.apply reader.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Sun Jun 09 2024 Ben Grande <ben.grande.b@gmail.com> - 899f7e4
+- fix: add Fedora 40 Firefox desktop file to appmenu
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Wed Jan 31 2024 Ben Grande <ben.grande.b@gmail.com> - b5d7371
+- fix: thunar requires xfce helpers to find terminal
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Fri Jan 26 2024 Ben Grande <ben.grande.b@gmail.com> - aec644b
+- feat: add qubes img and pdf converter media qubes
+
+* Tue Jan 23 2024 Ben Grande <ben.grande.b@gmail.com> - 7ec20f1
+- fix: add file browser to reader
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - 23a569d
+- fix: install less browser packages in reader
+
+* Wed Dec 20 2023 Ben Grande <ben.grande.b@gmail.com> - 80aeb36
+- fix: sync reader appmenus
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 963e72c
+- chore: Fix unman copyright contact
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-remmina.spec
+++ b/rpm_spec/qusal-remmina.spec
@ -0,0 +1,111 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-remmina
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Remmina Remote Desktop Client in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-utils
+
+
+%description
+Creates a disposable template named "dvm-remmina". From it, you can create
+disposables for Remmina usage for SSH, VNC, SPICE, HTTP(S), X2Go and more. If
+you prefer to use an app qube, a qube named "remmina" will also be created.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply remmina.create
+  qubesctl --skip-dom0 --targets=tpl-remmina state.apply remmina.install
+  qubesctl state.apply remmina.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-signal.spec
+++ b/rpm_spec/qusal-signal.spec
@ -0,0 +1,136 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-signal
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Signal messaging app in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-audio
+Requires:       qusal-utils
+
+
+%description
+Install Signal Desktop and creates an app qube named "signal".
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply signal.create
+  qubesctl --skip-dom0 --targets=tpl-signal state.apply signal.install
+  qubesctl --skip-dom0 --targets=signal state.apply signal.configure
+  qubesctl state.apply signal.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed Jun 19 2024 Ben Grande <ben.grande.b@gmail.com> - bf0a4bc
+- fix: terminate option parsing for qvm commands
+
+* Wed May 29 2024 Ben Grande <ben.grande.b@gmail.com> - 8accc47
+- fix: remove old deb repository list format
+
+* Thu May 16 2024 Ben Grande <ben.grande.b@gmail.com> - b2c9479
+- fix: enforce https on repository installation
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Wed Jan 31 2024 Ben Grande <ben.grande.b@gmail.com> - b5d7371
+- fix: thunar requires xfce helpers to find terminal
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Tue Jan 02 2024 Ben Grande <ben.grande.b@gmail.com> - d939d4a
+- fix: signal state uses idempotent state
+
+* Sun Dec 31 2023 Ben Grande <ben.grande.b@gmail.com> - 81f8c56
+- fix: install missing packages to audio client
+
+* Wed Dec 27 2023 Ben Grande <ben.grande.b@gmail.com> - a617c3d
+- fix: modify package names to match Qubes 4.2
+
+* Thu Dec 21 2023 Ben Grande <ben.grande.b@gmail.com> - ff34a8a
+- fix: add missing appmenus sync
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-ssh.spec
+++ b/rpm_spec/qusal-ssh.spec
@ -0,0 +1,128 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-ssh
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        SSH remote login client in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-ssh-agent
+Requires:       qusal-utils
+
+
+%description
+Setup SSH client AppVM ssh and a DispVM Template "dvm-ssh".
+It's use is plain simple, SSH to servers, no extra configuration is required.
+When saving the SSH configuration is necessary, use the ssh qube. If login
+in as a one time connection or to an untrusted host use a DispVM based on
+"dvm-ssh" for disposability.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply ssh.create
+  qubesctl --skip-dom0 --targets=tpl-ssh state.apply ssh.install
+  qubesctl --skip-dom0 --targets=dvm-ssh,ssh state.apply ssh.configure
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - a564b3a
+- feat: add TCP proxy for remote hosts
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sun Jan 21 2024 Ben Grande <ben.grande.b@gmail.com> - 3e6ba8f
+- fix: client install the ssh-agent client packages
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Wed Dec 20 2023 Ben Grande <ben.grande.b@gmail.com> - 015019a
+- fix: ssh top files missing list type matcher
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-audio.spec
+++ b/rpm_spec/qusal-sys-audio.spec
@ -0,0 +1,159 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-audio
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Audio operations in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-sys-usb
+Requires:       qusal-utils
+
+
+%description
+Creates the named disposable "disp-sys-audio" qube for providing audio
+operations such as microphone and speakers to and from qubes. By default, you
+can use the builtin stereo, JACK and  USB , but if you want, you can install
+the necessary packages for bluetooth with the provided state.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-audio.create
+  qubesctl --skip-dom0 --targets=tpl-sys-audio state.apply sys-audio.install
+  qubesctl --skip-dom0 --targets=dvm-sys-audio state.apply sys-audio.configure-dvm
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Fri Jun 07 2024 Ben Grande <ben.grande.b@gmail.com> - c7c85fb
+- fix: more restrictive Qrexec audio policy
+
+* Tue Jun 04 2024 Ben Grande <ben.grande.b@gmail.com> - 29601d8
+- doc: refer to video-companion for sys-usb webcam
+
+* Sat Mar 23 2024 Ben Grande <ben.grande.b@gmail.com> - fcc155f
+- feat: optional state to autostart AudioVM
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Wed Feb 28 2024 Ben Grande <ben.grande.b@gmail.com> - ead4073
+- feat: allow disp-sys-usb to be an AudioVM
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Mon Jan 22 2024 Ben Grande <ben.grande.b@gmail.com> - bd255af
+- fix: cleanup audio home directory
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Fri Jan 19 2024 Ben Grande <ben.grande.b@gmail.com> - 71dd9a5
+- doc: bluetooth system tray
+
+* Fri Jan 19 2024 Ben Grande <ben.grande.b@gmail.com> - 4ef0d05
+- feat: seamless audio integration with bluetooth
+
+* Fri Jan 19 2024 Ben Grande <ben.grande.b@gmail.com> - b95cc6d
+- feat: pavucontrol in sys-audio
+
+* Wed Jan 17 2024 Ben Grande <ben.grande.b@gmail.com> - 3faa523
+- feat: usb devices in sys-audio
+
+* Sun Jan 14 2024 Ben Grande <ben.grande.b@gmail.com> - c3937e8
+- fix: disposable sys-audio name with disp prefix
+
+* Thu Jan 04 2024 Ben Grande <ben.grande.b@gmail.com> - e167879
+- doc: sys-audio usage
+
+* Thu Jan 04 2024 Ben Grande <ben.grande.b@gmail.com> - 767fc42
+- fix: allow to attach mic with sys-audio
+
+* Wed Jan 03 2024 Ben Grande <ben.grande.b@gmail.com> - 2283b33
+- fix: sys-audio policy and autostart pacat daemon
+
+* Tue Jan 02 2024 Ben Grande <ben.grande.b@gmail.com> - f32a14c
+- fix: autostart volumeicon
+
+* Sun Dec 31 2023 Ben Grande <ben.grande.b@gmail.com> - 81f8c56
+- fix: install missing packages to audio client
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-bitcoin.spec
+++ b/rpm_spec/qusal-sys-bitcoin.spec
@ -0,0 +1,162 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-bitcoin
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Bitcoin Core in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-git
+Requires:       qusal-utils
+Requires:       qusal-whonix-workstation
+
+
+%description
+Setup a Bitcoin Daemon full-node qube named "sys-bitcoin", where you will
+index the Bitcoin blockchain. A second non-networked qube named "bitcoin" can
+manage a wallet and sign transactions.
+
+By default, installation from upstream binaries will be used, but you can
+choose to build from source if you prefer. Compiling from source will not have
+the default configuration flags, but will be optimized to our use case.
+
+The download of the Bitcoin source code or binaries as well as the connections
+to the Bitcoin P2P network will happen over the Tor network.
+
+If you already have a node on your network that has indexed the blockchain
+already and has RPC enabled for remote clients, you can also connect to it,
+preferably if it has transport encryption when connecting to the Bitcoin node
+with an encrypted tunnel.
+
+A disposable qube "disp-bitcoin-builder" will be created, based on
+Whonix-Workstation, it will server to install and verify Bitcoin Core. After
+the verification succeeds, files are copied to the template "tpl-sys-bitcoin".
+This method was chosen so the client can be always offline and the build
+artifacts are built on a machine that is not running the daemon and thus can
+be copied to the template with a higher degree of trust.
+
+At least `1TB` of disk space is required. At block `829054` (2024-02-05),
+`642G` are used.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-bitcoin.create
+  qubesctl --skip-dom0 --targets=sys-bitcoin-gateway state.apply sys-bitcoin.configure-gateway
+  qubesctl --skip-dom0 --targets=tpl-sys-bitcoin state.apply sys-bitcoin.install
+  qubesctl --skip-dom0 --targets=disp-bitcoin-builder state.apply sys-bitcoin.configure-builder
+  qubesctl --skip-dom0 --targets=sys-bitcoin state.apply sys-bitcoin.configure
+  qubesctl --skip-dom0 --targets=bitcoin state.apply sys-bitcoin.configure-client
+  qubesctl state.apply sys-bitcoin.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Mon Jun 17 2024 Ben Grande <ben.grande.b@gmail.com> - 43e1e32
+- feat: bump Bitcoin version
+
+* Mon Jun 17 2024 Ben Grande <ben.grande.b@gmail.com> - 59e8fc3
+- fix: GUI Global Config precedes packaged policies
+
+* Tue Jun 04 2024 Ben Grande <ben.grande.b@gmail.com> - 7873dd8
+- fix: remove undesired appmenus from builder qubes
+
+* Tue Jun 04 2024 Ben Grande <ben.grande.b@gmail.com> - 6e85416
+- feat: add disposable qubes to bitcoin clients
+
+* Wed May 15 2024 Ben Grande <ben.grande.b@gmail.com> - 3adc241
+- fix: renew keys and delete expired ones
+
+* Wed Apr 17 2024 Ben Grande <ben.grande.b@gmail.com> - ec7f62f
+- feat: bump Bitcoin version
+
+* Fri Apr 12 2024 Ben Grande <ben.grande.b@gmail.com> - a8e9188
+- feat: bump Pi-Hole and Bitcoin version
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Thu Feb 22 2024 Ben Grande <ben.grande.b@gmail.com> - 9a4790f
+- doc: inform how to reduce bitcoind memory usage
+
+* Sun Feb 18 2024 Ben Grande <ben.grande.b@gmail.com> - 7d6e2bf
+- fix: less menu items for bitcoin qubes
+
+* Sat Feb 17 2024 Ben Grande <ben.grande.b@gmail.com> - dbed18d
+- feat: Bitcoin Core and Electrum servers and wallet
--- a/rpm_spec/qusal-sys-cacher.spec
+++ b/rpm_spec/qusal-sys-cacher.spec
@ -0,0 +1,266 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-cacher
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Caching proxy server for software repositories in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later AND GPL-2.0-only
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-browser
+Requires:       qusal-dotfiles
+Requires:       qusal-utils
+
+
+%description
+The caching proxy is "sys-cacher" based on apt-cacher-ng, it stores downloaded
+packages, so that you need only download a package once and fetch locally the
+next time you want to upgrade your system packages.
+
+When you install this package, qubes will be tagged with "updatevm-sys-cacher"
+and they will be altered to use the proxy by default. When there is "https://"
+in your repository definitions, the entries will be changed in the templates
+from to "http://HTTPS///". This is so that the request to the proxy is plain
+text, and the proxy will then make the request via https.
+
+This change will be done automatically for every template that exists and is
+not Whonix based. No changes are made to Whonix templates, and updates to
+those templates will not be cached.
+
+The caching proxy supports:
+
+- Debian and derivatives (but not Whonix)
+- Fedora and derivatives
+- Arch Linux and derivatives
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-cacher.create
+  qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install
+  qubesctl --skip-dom0 --targets=tpl-sys-cacher state.apply sys-cacher.install
+  qubesctl --skip-dom0 --targets=sys-cacher state.apply sys-cacher.configure
+  qubesctl --skip-dom0 --targets=sys-cacher-browser state.apply sys-cacher.configure-browser
+  qubesctl state.apply sys-cacher.appmenus,sys-cacher.tag
+  qubesctl --skip-dom0 --targets="$(qvm-ls --no-spinner --raw-list --tags updatevm-sys-cacher | tr "
+  " ",")" state.apply sys-cacher.install-client
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Mon Jun 17 2024 Ben Grande <ben.grande.b@gmail.com> - 59e8fc3
+- fix: GUI Global Config precedes packaged policies
+
+* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - 75d992b
+- fix: use Admin API for fast queries
+
+* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - 13c5793
+- fix: uninstall cacher client with tag in pillar
+
+* Mon Jun 10 2024 Ben Grande <ben.grande.b@gmail.com> - c456af2
+- fix: remove duplicated Fedora mirrors
+
+* Mon Jun 10 2024 Ben Grande <ben.grande.b@gmail.com> - 8ae815d
+- fix: run repo rewriter after upstream proxy update
+
+* Mon Jun 10 2024 Ben Grande <ben.grande.b@gmail.com> - b4de619
+- fix: update Debian and Fedora mirrors
+
+* Mon Jun 10 2024 Ben Grande <ben.grande.b@gmail.com> - 2b181f8
+- fix: merge Qubes OS repositories
+
+* Sun Jun 09 2024 Ben Grande <ben.grande.b@gmail.com> - d2771d5
+- fix: guarantee states order dependent on browser
+
+* Fri Jun 07 2024 Ben Grande <ben.grande.b@gmail.com> - bb38440
+- feat: revive caching of Fedora qubes
+
+* Wed May 29 2024 Ben Grande <ben.grande.b@gmail.com> - bb4dcbb
+- fix: cacher: restrict install to supported clients
+
+* Wed May 29 2024 Ben Grande <ben.grande.b@gmail.com> - 9cb7d72
+- fix: cacher: use systemd service drop-in directory
+
+* Wed May 29 2024 Ben Grande <ben.grande.b@gmail.com> - a2e1972
+- fix: cache Mozilla and Element repository
+
+* Thu May 16 2024 Ben Grande <ben.grande.b@gmail.com> - b2c9479
+- fix: enforce https on repository installation
+
+* Tue Apr 30 2024 Ben Grande <ben.grande.b@gmail.com> - e84959b
+- fix: update fedora mirror list with upstream
+
+* Tue Apr 30 2024 Ben Grande <ben.grande.b@gmail.com> - 760fdd9
+- doc: cacher documentation duplicates sections
+
+* Mon Apr 29 2024 Ben Grande <ben.grande.b@gmail.com> - bfd7b22
+- fix: incorrect path to repo rewriter service
+
+* Fri Apr 26 2024 Ben Grande <ben.grande.b@gmail.com> - 234afc3
+- doc: update cacher table of contents
+
+* Fri Apr 26 2024 Ben Grande <ben.grande.b@gmail.com> - 1ede2e1
+- fix: allow update check to work on cacher clients
+
+* Thu Apr 25 2024 Ben Grande <ben.grande.b@gmail.com> - a6f7d23
+- doc: wrong cacher header position
+
+* Thu Apr 25 2024 Ben Grande <ben.grande.b@gmail.com> - 648bdad
+- fix: remove updatevm tag after DomU uninstallation
+
+* Sat Apr 13 2024 Ben Grande <ben.grande.b@gmail.com> - 63e93be
+- fix: GUI policy precedes sys-cacher policy
+
+* Mon Mar 25 2024 Ben Grande <ben.grande.b@gmail.com> - 084d08f
+- doc: uninstall cacher client based on tag
+
+* Thu Mar 21 2024 Ben Grande <ben.grande.b@gmail.com> - 4ac0ec9
+- fix: cacher jinja fails to split words
+
+* Thu Mar 21 2024 Ben Grande <ben.grande.b@gmail.com> - 7faf944
+- feat: apply URI changes in qube
+
+* Thu Mar 21 2024 Ben Grande <ben.grande.b@gmail.com> - 9e96d80
+- fix: add missing archlinux mirror
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Thu Feb 22 2024 Ben Grande <ben.grande.b@gmail.com> - 0cd3e66
+- fix: remove hardcoded fedora versions from cacher
+
+* Thu Feb 22 2024 Ben Grande <ben.grande.b@gmail.com> - 908a077
+- fix: allow apt-cacher-ng cronjob to run
+
+* Thu Feb 22 2024 Ben Grande <ben.grande.b@gmail.com> - 23dbc72
+- fix: update apt-cacher-ng mirror list
+
+* Mon Feb 19 2024 Ben Grande <ben.grande.b@gmail.com> - 89bd760
+- feat: add OpenTofu
+
+* Wed Jan 31 2024 Ben Grande <ben.grande.b@gmail.com> - b5d7371
+- fix: thunar requires xfce helpers to find terminal
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Thu Jan 18 2024 Ben Grande <ben.grande.b@gmail.com> - 0887c24
+- fix: remove unicode from used files
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - 8d7c0a2
+- fix: sys-cacher policy with the new tag name
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - 233ac76
+- fix: sys-cacher tag compliance with default tags
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - a97e3c0
+- feat: kicksecure minimal template
+
+* Wed Jan 10 2024 Ben Grande <ben.grande.b@gmail.com> - 2b6daac
+- fix: shellcheck
+
+* Wed Dec 20 2023 Ben Grande <ben.grande.b@gmail.com> - 38d98ec
+- fix: nft shebang and table names
+
+* Wed Dec 20 2023 Ben Grande <ben.grande.b@gmail.com> - d3ae662
+- fix: cacher client installation indentation
+
+* Wed Dec 20 2023 Ben Grande <ben.grande.b@gmail.com> - a78b90e
+- fix: better output for cacher tag assignment
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - 71d22c5
+- refactor: reorder states to avoid race condition
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b4d142b
+- refactor: move appended states to drop-in rc.local
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - e670d02
+- fix: skip client setup on cacher initialization
+
+* Tue Nov 21 2023 Ben Grande <ben.grande.b@gmail.com> - ec2dab3
+- fix: stop modifying distribution package files
+
+* Tue Nov 14 2023 Ben Grande <ben.grande.b@gmail.com> - 41c5418
+- fix: cacher shuting down on long running updates
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 963e72c
+- chore: Fix unman copyright contact
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-electrs.spec
+++ b/rpm_spec/qusal-sys-electrs.spec
@ -0,0 +1,145 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-electrs
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Electrs in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-bitcoin
+Requires:       qusal-sys-git
+Requires:       qusal-sys-pgp
+Requires:       qusal-utils
+Requires:       qusal-whonix-workstation
+
+
+%description
+Setup an offline Electrs (Electrum Server) qube named "sys-electrs",
+connected to your own full node running on "sys-bitcoin" to index the
+blockchain to allow for efficient query of the history of arbitrary addresses.
+
+A disposable qube "disp-electrs-builder" will be created, it will serve to
+install and verify Electrs. After the verification succeeds, files are copied
+to the template "tpl-sys-electrs". This method was chosen so the server can be
+always offline.
+
+At least `200GB` of disk space is required.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-electrs.create
+  qubesctl --skip-dom0 --targets=tpl-electrs-builder state.apply sys-electrs.install-builder
+  qubesctl --skip-dom0 --targets=tpl-sys-electrs state.apply sys-electrs.install
+  qubesctl --skip-dom0 --targets=disp-electrs-builder state.apply sys-electrs.configure-builder
+  qubesctl --skip-dom0 --targets=sys-electrs state.apply sys-electrs.configure
+  qubesctl state.apply sys-electrs.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed Jun 19 2024 Ben Grande <ben.grande.b@gmail.com> - 97b2496
+- fix: start service after Qubes Service setup
+
+* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - e65b0bf
+- fix: feature check statement missing key
+
+* Tue Jun 04 2024 Ben Grande <ben.grande.b@gmail.com> - 7873dd8
+- fix: remove undesired appmenus from builder qubes
+
+* Thu May 23 2024 Ben Grande <ben.grande.b@gmail.com> - c8b9bb3
+- feat: bump Electrs version
+
+* Tue May 14 2024 Ben Grande <ben.grande.b@gmail.com> - d148599
+- doc: nested list indentation
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Mar 15 2024 Ben Grande <ben.grande.b@gmail.com> - db86c2d
+- feat: bump electrs version
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Sun Feb 18 2024 Ben Grande <ben.grande.b@gmail.com> - 7d6e2bf
+- fix: less menu items for bitcoin qubes
+
+* Sat Feb 17 2024 Ben Grande <ben.grande.b@gmail.com> - 275178f
+- fix: add missing dependency for qvm-connect-tcp
+
+* Sat Feb 17 2024 Ben Grande <ben.grande.b@gmail.com> - dbed18d
+- feat: Bitcoin Core and Electrum servers and wallet
--- a/rpm_spec/qusal-sys-electrumx.spec
+++ b/rpm_spec/qusal-sys-electrumx.spec
@ -0,0 +1,130 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-electrumx
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        ElectrumX in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-bitcoin
+Requires:       qusal-sys-git
+Requires:       qusal-sys-pgp
+Requires:       qusal-utils
+Requires:       qusal-whonix-workstation
+
+
+%description
+Setup an offline Electrumx (Electrum Server) qube named "sys-electrumx",
+connected to your own full node running on "sys-bitcoin" to index the
+blockchain to allow for efficient query of the history of arbitrary addresses.
+
+A disposable qube "disp-electrumx-builder" will be created, based on
+Whonix-Workstation, it will server to install and verify ElectrumX. After the
+verification succeeds, files are copied to the template "tpl-sys-electrumx".
+This method was chosen so the server can be always offline.
+
+At least `200GB` of disk space is required.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-electrumx.create
+  qubesctl --skip-dom0 --targets=tpl-electrumx-builder state.apply sys-electrumx.install-builder
+  qubesctl --skip-dom0 --targets=tpl-sys-electrumx state.apply sys-electrumx.install
+  qubesctl --skip-dom0 --targets=disp-electrumx-builder state.apply sys-electrumx.configure-builder
+  qubesctl --skip-dom0 --targets=sys-electrumx state.apply sys-electrumx.configure
+  qubesctl state.apply sys-electrumx.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Tue Jun 04 2024 Ben Grande <ben.grande.b@gmail.com> - 7873dd8
+- fix: remove undesired appmenus from builder qubes
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Sun Feb 18 2024 Ben Grande <ben.grande.b@gmail.com> - 7d6e2bf
+- fix: less menu items for bitcoin qubes
+
+* Sat Feb 17 2024 Ben Grande <ben.grande.b@gmail.com> - 275178f
+- fix: add missing dependency for qvm-connect-tcp
+
+* Sat Feb 17 2024 Ben Grande <ben.grande.b@gmail.com> - dbed18d
+- feat: Bitcoin Core and Electrum servers and wallet
--- a/rpm_spec/qusal-sys-firewall.spec
+++ b/rpm_spec/qusal-sys-firewall.spec
@ -0,0 +1,133 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-firewall
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Firewall in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-sys-net
+Requires:       qusal-utils
+
+
+%description
+Creates firewall qube, an App qube "sys-firewall" and a Disposable qube
+"disp-sys-firewall". By default, "disp-sys-firewall" will be the "updatevm",
+the "clockvm" and the "default_netvm".
+
+If you want an easy to configure firewall with ad blocking, checkout
+sys-pihole instead.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-firewall.create
+  qubesctl --skip-dom0 --targets=tpl-sys-firewall state.apply sys-firewall.install
+  qubesctl state.apply sys-firewall.prefs-disp
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - a564b3a
+- feat: add TCP proxy for remote hosts
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Sat May 11 2024 Ben Grande <ben.grande.b@gmail.com> - 72f61bb
+- fix: install fwupd qubes plugin to updatevm
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Thu Jan 04 2024 Ben Grande <ben.grande.b@gmail.com> - 0216297
+- feat: default to disposable netvm
+
+* Thu Jan 04 2024 Ben Grande <ben.grande.b@gmail.com> - e0b11b3
+- fix: do not install net debug tools by default
+
+* Thu Dec 21 2023 Ben Grande <ben.grande.b@gmail.com> - ad6f5e2
+- feat: move clockvm out of sys-net to sys-firewall
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-git.spec
+++ b/rpm_spec/qusal-sys-git.spec
@ -0,0 +1,148 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-git
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Git operations through Qrexec in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-pgp
+Requires:       qusal-utils
+
+
+%description
+Setup a Git server called "sys-git", an offline Git Server that can be
+accessed from client qubes via Qrexec. Access control via Qrexec policy can
+restrict access to certain repositories, set of git actions for Fetch, Push
+and Init. This is an implementation of split-git.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-git.create
+  qubesctl --skip-dom0 --targets=tpl-sys-git state.apply sys-git.install
+  qubesctl --skip-dom0 --targets=sys-git state.apply sys-git.configure
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed Jun 19 2024 Ben Grande <ben.grande.b@gmail.com> - bf0a4bc
+- fix: terminate option parsing for qvm commands
+
+* Tue Jun 04 2024 Ben Grande <ben.grande.b@gmail.com> - 8d9ad74
+- fix: correct man-db typo
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Mon Mar 11 2024 Ben Grande <ben.grande.b@gmail.com> - beb5c04
+- fix: start qube before running qrexec-client
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Thu Jan 18 2024 Ben Grande <ben.grande.b@gmail.com> - 04a016e
+- doc: attacker can display a large byte set
+
+* Thu Jan 18 2024 Ben Grande <ben.grande.b@gmail.com> - f8ea066
+- doc: how to update the repository
+
+* Thu Jan 18 2024 Ben Grande <ben.grande.b@gmail.com> - 23bcceb
+- fix: dom0 as sys-git client
+
+* Thu Dec 28 2023 Ben Grande <ben.grande.b@gmail.com> - b52e4b1
+- fix: strict split-gpg2 service
+
+* Thu Dec 21 2023 Ben Grande <ben.grande.b@gmail.com> - f21f676
+- fix: dom0 qrexec call target qube
+
+* Thu Dec 21 2023 Ben Grande <ben.grande.b@gmail.com> - a820751
+- refactor: git Qrexec helper with drop-in commands
+
+* Tue Nov 21 2023 Ben Grande <ben.grande.b@gmail.com> - 10b3bcd
+- fix: unstrusted input marking and sanitization
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-mirage-firewall.spec
+++ b/rpm_spec/qusal-sys-mirage-firewall.spec
@ -0,0 +1,135 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-mirage-firewall
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Mirage Firewall in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later AND MIT
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+
+
+%description
+Creates a Mirage Firewall qube named "disp-sys-mirage-firewall". It is an
+OCaml program compiled to run as an operating system kernel, in this case, a
+MirageOS unikernel replacement for the default firewall (sys-firewall). It
+pulls in just the code it needs as libraries.
+
+Contrary to a standard Linux Firewall, Mirage Firewall doesn't need a full
+system to run an excessive resources.
+
+You can't use Mirage Firewall to be the updatevm, use another qube instead.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-mirage-firewall.create
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Tue May 14 2024 Ben Grande <ben.grande.b@gmail.com> - d148599
+- doc: nested list indentation
+
+* Sat May 11 2024 Ben Grande <ben.grande.b@gmail.com> - bfb3026
+- fix: update mirage firewall version
+
+* Wed Apr 24 2024 Ben Grande <ben.grande.b@gmail.com> - 7ec71cc
+- feat: bump Mirage Firewall version
+
+* Tue Mar 19 2024 Ben Grande <ben.grande.b@gmail.com> - cb59a9a
+- feat: fetch mirage tarball
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Wed Jan 31 2024 Ben Grande <ben.grande.b@gmail.com> - c98b8b3
+- fix: do not include mirage firewall in backup
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sun Jan 28 2024 Ben Grande <ben.grande.b@gmail.com> - cb4ff00
+- doc: typo in mirage firewall usage
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - 7eb1f34
+- feat: disposable mirage firewall
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 963e72c
+- chore: Fix unman copyright contact
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-net.spec
+++ b/rpm_spec/qusal-sys-net.spec
@ -0,0 +1,145 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-net
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        PCI handler of network devices in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later AND MIT
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-net
+Requires:       qusal-utils
+
+
+%description
+Creates and configure qubes for handling the network devices. Qubes OS
+provides the state "qvm.sys-net", but it will create only "sys-net", which can
+be a disposable or not. This package takes a different approach, it will
+create an AppVM "sys-net" and a DispVM "disp-sys-net".
+
+By default, the chosen one is "disp-sys-net", but you can choose which qube
+type becomes the upstream net qube "default_netvm" and the fallback target for
+the "qubes.UpdatesProxy" service in case no rule matched before.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-net.create
+  qubesctl --skip-dom0 --targets=tpl-sys-net state.apply sys-net.install
+  qubesctl state.apply sys-net.prefs-disp
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Mon Jun 17 2024 Ben Grande <ben.grande.b@gmail.com> - 534db96
+- doc: qusal proxy service requires configuration
+
+* Sun Jun 16 2024 Ben Grande <ben.grande.b@gmail.com> - faa00fb
+- doc: update table of contents
+
+* Fri Jun 14 2024 Ben Grande <ben.grande.b@gmail.com> - afcb730
+- doc: document usage of qusal TCP proxy
+
+* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - a564b3a
+- feat: add TCP proxy for remote hosts
+
+* Thu May 02 2024 Ben Grande <ben.grande.b@gmail.com> - 972ac77
+- fix: install libpci by default on sys-net
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Thu Jan 04 2024 Ben Grande <ben.grande.b@gmail.com> - 0216297
+- feat: default to disposable netvm
+
+* Thu Jan 04 2024 Ben Grande <ben.grande.b@gmail.com> - e0b11b3
+- fix: do not install net debug tools by default
+
+* Thu Dec 21 2023 Ben Grande <ben.grande.b@gmail.com> - ad6f5e2
+- feat: move clockvm out of sys-net to sys-firewall
+
+* Mon Nov 20 2023 Ben Grande <ben.grande.b@gmail.com> - 2702768
+- fix: add required package to sync clockvm time
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-pgp.spec
+++ b/rpm_spec/qusal-sys-pgp.spec
@ -0,0 +1,139 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-pgp
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        PGP operations through Qrexec in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-dotfiles
+Requires:       qusal-fedora-minimal
+Requires:       qusal-utils
+
+
+%description
+Creates a PGP key holder named "sys-pgp", it will be the default target for
+split-gpg and split-gpg2 calls for all qubes. Keys are stored in "sys-pgp",
+and access to them is made from the client through Qrexec.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-pgp.create
+  qubesctl --skip-dom0 --targets=tpl-sys-pgp state.apply sys-pgp.install
+  qubesctl --skip-dom0 --targets=sys-pgp state.apply sys-pgp.configure
+  qubesctl state.apply sys-pgp.prefs
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Thu Jun 20 2024 Ben Grande <ben.grande.b@gmail.com> - 7ab3b93
+- fix: correct upstream repository owner
+
+* Mon Jun 17 2024 Ben Grande <ben.grande.b@gmail.com> - 1a72665
+- feat: add split-gpg2 configuration
+
+* Fri Jun 14 2024 Ben Grande <ben.grande.b@gmail.com> - e1a15d8
+- fix: pgp template is fedora based without salt fix
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - bc8213b
+- fix: split-gpg2 fedora clashes with debian agent
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Wed Jan 31 2024 Ben Grande <ben.grande.b@gmail.com> - 8ff1998
+- feat: install available sequoia-pgp tools
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Thu Dec 28 2023 Ben Grande <ben.grande.b@gmail.com> - b52e4b1
+- fix: strict split-gpg2 service
+
+* Wed Dec 27 2023 Ben Grande <ben.grande.b@gmail.com> - a617c3d
+- fix: modify package names to match Qubes 4.2
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-pihole.spec
+++ b/rpm_spec/qusal-sys-pihole.spec
@ -0,0 +1,183 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-pihole
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Pi-hole DNS Sinkhole in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-browser
+Requires:       qusal-debian-minimal
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-cacher
+Requires:       qusal-sys-net
+Requires:       qusal-utils
+
+
+%description
+The package will create a standalone qube "sys-pihole". It blocks
+advertisements and internet trackers by providing a DNS sinkhole. It is a drop
+in replacement for sys-firewall.
+
+The qube will be attached to the "netvm" of the "default_netvm", in other
+words, if you are using Qubes OS default setup, it will use "sys-net" as the
+"netvm", else it will try to figure out what is your upstream link and attach
+to it.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-pihole.create
+  qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install
+  qubesctl --skip-dom0 --targets=sys-pihole state.apply sys-pihole.install
+  qubesctl --skip-dom0 --targets=sys-pihole-browser state.apply sys-pihole.configure-browser
+  qubesctl state.apply sys-pihole.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - a564b3a
+- feat: add TCP proxy for remote hosts
+
+* Sun Jun 09 2024 Ben Grande <ben.grande.b@gmail.com> - d2771d5
+- fix: guarantee states order dependent on browser
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Tue May 14 2024 Ben Grande <ben.grande.b@gmail.com> - d148599
+- doc: nested list indentation
+
+* Sat May 11 2024 Ben Grande <ben.grande.b@gmail.com> - 72f61bb
+- fix: install fwupd qubes plugin to updatevm
+
+* Fri Apr 12 2024 Ben Grande <ben.grande.b@gmail.com> - a8e9188
+- feat: bump Pi-Hole and Bitcoin version
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Thu Mar 14 2024 Ben Grande <ben.grande.b@gmail.com> - 7c3d6ac
+- fix: remove cacher proxy from updatevm
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Tue Jan 09 2024 Ben Grande <ben.grande.b@gmail.com> - 567e36d
+- fix: prefer qvm-features for uniformity
+
+* Fri Jan 05 2024 Ben Grande <ben.grande.b@gmail.com> - 762f8be
+- fix: make sys-pihole fully replace sys-firewall
+
+* Fri Jan 05 2024 Ben Grande <ben.grande.b@gmail.com> - 705808d
+- feat: allow sys-pihole to use pi-hole for queries
+
+* Fri Jan 05 2024 Ben Grande <ben.grande.b@gmail.com> - 692659e
+- feat: passwordless pihole admin interface
+
+* Wed Jan 03 2024 Ben Grande <ben.grande.b@gmail.com> - 6bb426a
+- refactor: import armored gpg keys instead of db
+
+* Tue Dec 26 2023 Ben Grande <ben.grande.b@gmail.com> - 6a551eb
+- refactor: pihole nft rules for Qubes 4.2
+
+* Sun Dec 24 2023 Ben Grande <ben.grande.b@gmail.com> - 224d2d5
+- fix: pihole lighttpd link
+
+* Sat Dec 23 2023 Ben Grande <ben.grande.b@gmail.com> - 6fc173d
+- feat: clockvm also present in sys-pihole
+
+* Wed Dec 20 2023 Ben Grande <ben.grande.b@gmail.com> - 38d98ec
+- fix: nft shebang and table names
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - 71d22c5
+- refactor: reorder states to avoid race condition
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b4d142b
+- refactor: move appended states to drop-in rc.local
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - 0751aff
+- refactor: organize pihole directory structure
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 963e72c
+- chore: Fix unman copyright contact
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-print.spec
+++ b/rpm_spec/qusal-sys-print.spec
@ -0,0 +1,121 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-print
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Printer environment in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-print
+Requires:       qusal-sys-usb
+Requires:       qusal-utils
+
+
+%description
+Creates a print server named "sys-print" and a named disposable
+"disp-sys-print" qube for sending files to your configured printer, which can
+be done over the network or with IPP-over-USB.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-print.create
+  qubesctl --skip-dom0 --targets=tpl-sys-print state.apply sys-print.install
+  qubesctl state.apply sys-print.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Thu Jun 20 2024 Ben Grande <ben.grande.b@gmail.com> - ab56b5f
+- feat: allow print calls from qubes with tag
+
+* Wed Jun 19 2024 Ben Grande <ben.grande.b@gmail.com> - 97b2496
+- fix: start service after Qubes Service setup
+
+* Wed Jun 19 2024 Ben Grande <ben.grande.b@gmail.com> - f30bd20
+- fix: Print server without RPC service
+
+* Wed Jun 19 2024 Ben Grande <ben.grande.b@gmail.com> - f86e30a
+- fix: add simple-scan to printer appmenus
+
+* Wed Jun 19 2024 Ben Grande <ben.grande.b@gmail.com> - 49a295d
+- fix: printer formula with conflicting IDs
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Fri May 24 2024 Ben Grande <ben.grande.b@gmail.com> - b09ecdc
+- feat: add Print formula
--- a/rpm_spec/qusal-sys-rsync.spec
+++ b/rpm_spec/qusal-sys-rsync.spec
@ -0,0 +1,136 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-rsync
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Rsync over Qrexec in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-utils
+
+
+%description
+Creates a Rsync server qube named "sys-rsync" to be a central document
+store to which other qubes have access. This is a simple tool that allows
+individual qubes read/write access to the store using Rsync, rather than using
+`qvm-copy` or `qvm-move`.
+
+The greatest problem with SSH is that with large file system, it can freeze
+or be very slow to navigate the directories (not so much with Qrexec as the
+connection does not go over the network) and chroots need to be configured by
+the user.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-rsync.create
+  qubesctl --skip-dom0 --targets=tpl-sys-rsync state.apply sys-rsync.install
+  qubesctl --skip-dom0 --targets=sys-rsync state.apply sys-rsync.configure
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed Jun 19 2024 Ben Grande <ben.grande.b@gmail.com> - 97b2496
+- fix: start service after Qubes Service setup
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Thu Mar 21 2024 Ben Grande <ben.grande.b@gmail.com> - af27eb1
+- fix: wrong port in rsync client forwarder
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Sun Dec 31 2023 Ben Grande <ben.grande.b@gmail.com> - e2c24ec
+- style: client state ID must conform to order
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b4d142b
+- refactor: move appended states to drop-in rc.local
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 963e72c
+- chore: Fix unman copyright contact
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-ssh-agent.spec
+++ b/rpm_spec/qusal-sys-ssh-agent.spec
@ -0,0 +1,139 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-ssh-agent
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        SSH Agent through Qrexec in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-dotfiles
+Requires:       qusal-utils
+
+
+%description
+The key pairs are stored on the offline ssh-agent server named
+"sys-ssh-agent", and requests are passed from clients to the server via
+Qrexec. Clients may access the same ssh-agent of a qube, or access different
+agents. In other words, this is an implementation of split-ssh-agent.
+
+The client does not know the identity of the ssh-agent server, nor are keys
+kept in memory in the client. This method is ideal for cases where you have a
+number of key pairs, which are used by different qubes.
+
+A centralized SSH server is very useful not only for keeping your private keys
+safe, but also for keeping your workflow organized. You can delete qubes that
+are SSH clients without loosing access to your remote server, because the
+authentication keys are on the sys-ssh-agent server, your client qube should
+only hold the SSH configuration, which can be reconstructed.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-ssh-agent.create
+  qubesctl --skip-dom0 --targets=tpl-sys-ssh-agent state.apply sys-ssh-agent.install
+  qubesctl --skip-dom0 --targets=sys-ssh-agent state.apply sys-ssh-agent.configure
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - a564b3a
+- feat: add TCP proxy for remote hosts
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Tue Feb 20 2024 Ben Grande <ben.grande.b@gmail.com> - 2b46500
+- doc: remove outdated ssh agent server instructions
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sun Jan 21 2024 Ben Grande <ben.grande.b@gmail.com> - 3e6ba8f
+- fix: client install the ssh-agent client packages
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Tue Nov 21 2023 Ben Grande <ben.grande.b@gmail.com> - 10b3bcd
+- fix: unstrusted input marking and sanitization
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-ssh.spec
+++ b/rpm_spec/qusal-sys-ssh.spec
@ -0,0 +1,138 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-ssh
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        SSH over Qrexec in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-sys-ssh-agent
+Requires:       qusal-utils
+
+
+%description
+Creates a SSH server qube named "sys-ssh" to be a central document
+store to which other qubes have access with SSH File Transfer Protocol, using
+the tool sshfs. This is a simple tool that allows individual qubes to mount a
+another qube's filesystem rather than using `qvm-copy` or `qvm-move`.
+
+The greatest problem with the Rsync solution is that it makes copies of the
+files or directories. This may be fine with a small amount of data, but with
+large files, or large numbers of files, there's a significant overhead. SSH
+File Transfer Protocol provides a way for clients to access files on the
+server qube directly.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-ssh.create
+  qubesctl --skip-dom0 --targets=tpl-sys-ssh state.apply sys-ssh.install
+  qubesctl --skip-dom0 --targets=sys-ssh state.apply sys-ssh.configure
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed Jun 19 2024 Ben Grande <ben.grande.b@gmail.com> - 97b2496
+- fix: start service after Qubes Service setup
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Sun Dec 31 2023 Ben Grande <ben.grande.b@gmail.com> - e2c24ec
+- style: client state ID must conform to order
+
+* Wed Dec 27 2023 Ben Grande <ben.grande.b@gmail.com> - 76079d2
+- fix: wrong source paths
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b4d142b
+- refactor: move appended states to drop-in rc.local
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 963e72c
+- chore: Fix unman copyright contact
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-syncthing.spec
+++ b/rpm_spec/qusal-sys-syncthing.spec
@ -0,0 +1,182 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-syncthing
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Syncthing through Qrexec in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-browser
+Requires:       qusal-dom0
+Requires:       qusal-dotfiles
+Requires:       qusal-utils
+
+
+%description
+Creates a Syncthing qube named "sys-syncthing", it will be attached to the
+"default_netvm". It makes no sense to run this with "sys-syncthing" attached
+to a VPN or Tor proxy.
+
+This package opens up the qubes-firewall, so that the "sys-syncthing" qube is
+accessible externally.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-syncthing.create
+  qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install
+  qubesctl --skip-dom0 --targets=tpl-sys-syncthing state.apply sys-syncthing.install
+  qubesctl --skip-dom0 --targets=sys-syncthing state.apply sys-syncthing.configure
+  qubesctl --skip-dom0 --targets=sys-syncthing-browser state.apply sys-syncthing.configure-browser
+  qubesctl state.apply sys-syncthing.appmenus
+  qvm-port-forward -a add -q sys-syncthing -n tcp -p 22000
+  qvm-port-forward -a add -q sys-syncthing -n udp -p 22000
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  qvm-port-forward -a del -q sys-syncthing -n tcp -p 22000
+  qvm-port-forward -a del -q sys-syncthing -n udp -p 22000
+  qubesctl --skip-dom0 --targets=sys-syncthing state.apply sys-syncthing.cancel
+  qubesctl state.apply sys-syncthing.clean
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed Jun 19 2024 Ben Grande <ben.grande.b@gmail.com> - 97b2496
+- fix: start service after Qubes Service setup
+
+* Sun Jun 09 2024 Ben Grande <ben.grande.b@gmail.com> - d2771d5
+- fix: guarantee states order dependent on browser
+
+* Wed May 29 2024 Ben Grande <ben.grande.b@gmail.com> - 8accc47
+- fix: remove old deb repository list format
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Thu May 16 2024 Ben Grande <ben.grande.b@gmail.com> - b2c9479
+- fix: enforce https on repository installation
+
+* Thu May 16 2024 Ben Grande <ben.grande.b@gmail.com> - d4c3fb1
+- feat: add terraform and chrome fedora repositories
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Wed Jan 31 2024 Ben Grande <ben.grande.b@gmail.com> - b5d7371
+- fix: thunar requires xfce helpers to find terminal
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - b01f2d2
+- chore: move port forward to dom0 formula
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 30f2ebe
+- fix: port forward validate values from DomUs
+
+* Sun Jan 28 2024 Ben Grande <ben.grande.b@gmail.com> - 9183828
+- fix: fail early when qubes.VMShell is unsupported
+
+* Sat Jan 27 2024 Ben Grande <ben.grande.b@gmail.com> - 03cb70c
+- fix: port forwarder missing short options usage
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Tue Jan 16 2024 Ben Grande <ben.grande.b@gmail.com> - 6bf9b97
+- fix: help option for port forwarder
+
+* Tue Jan 16 2024 Ben Grande <ben.grande.b@gmail.com> - 80638d6
+- feat: port forwarder
+
+* Wed Dec 27 2023 Ben Grande <ben.grande.b@gmail.com> - 76079d2
+- fix: wrong source paths
+
+* Tue Dec 26 2023 Ben Grande <ben.grande.b@gmail.com> - e650dea
+- fix: port forwarder script with custom rc
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - 71d22c5
+- refactor: reorder states to avoid race condition
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b4d142b
+- refactor: move appended states to drop-in rc.local
+
+* Tue Nov 21 2023 Ben Grande <ben.grande.b@gmail.com> - 10b3bcd
+- fix: unstrusted input marking and sanitization
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 963e72c
+- chore: Fix unman copyright contact
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-usb.spec
+++ b/rpm_spec/qusal-sys-usb.spec
@ -0,0 +1,145 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-usb
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        PCI handler of USB devices in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later AND GPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-utils
+
+
+%description
+Setup named disposables for USB qubes. During creation, it tries to separate
+the USB controllers to different qubes is possible.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-usb.create
+  qubesctl --skip-dom0 --targets=tpl-sys-usb state.apply sys-usb.install
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Tue Jun 04 2024 Ben Grande <ben.grande.b@gmail.com> - 29601d8
+- doc: refer to video-companion for sys-usb webcam
+
+* Tue Jun 04 2024 Ben Grande <ben.grande.b@gmail.com> - 8d9ad74
+- fix: correct man-db typo
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Wed Feb 28 2024 Ben Grande <ben.grande.b@gmail.com> - ead4073
+- feat: allow disp-sys-usb to be an AudioVM
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - ac25ef6
+- fix: sys-usb hide-usb-from-dom0 in keyboard state
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - 6eefced
+- fix: sys-usb disposables must have name prefix
+
+* Wed Jan 10 2024 Ben Grande <ben.grande.b@gmail.com> - 040594a
+- fix: do not remove created dvm
+
+* Wed Jan 10 2024 Ben Grande <ben.grande.b@gmail.com> - 5b9b0bb
+- doc: missing access control for sys-usb
+
+* Wed Jan 10 2024 Ben Grande <ben.grande.b@gmail.com> - 76e9234
+- fix: organize sys-usb policy per service
+
+* Tue Jan 09 2024 Ben Grande <ben.grande.b@gmail.com> - a3829e4
+- feat: policy support for multiple sys-usb qubes
+
+* Wed Dec 27 2023 Ben Grande <ben.grande.b@gmail.com> - a617c3d
+- fix: modify package names to match Qubes 4.2
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 963e72c
+- chore: Fix unman copyright contact
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-sys-wireguard.spec
+++ b/rpm_spec/qusal-sys-wireguard.spec
@ -0,0 +1,136 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-wireguard
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Wireguard VPN in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later AND GPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-sys-net
+Requires:       qusal-utils
+
+
+%description
+Setup a Wireguard VPN qube named "sys-wireguard" to provide network access to
+other qubes through the VPN with fail closed mechanism.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-wireguard.create
+  qubesctl --skip-dom0 --targets=tpl-sys-wireguard state.apply sys-wireguard.install
+  qubesctl --skip-dom0 --targets=sys-wireguard state.apply sys-wireguard.configure
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed Jun 19 2024 Ben Grande <ben.grande.b@gmail.com> - 6ec0768
+- fix: clean Wireguard rules
+
+* Thu Jun 13 2024 Ben Grande <ben.grande.b@gmail.com> - a564b3a
+- feat: add TCP proxy for remote hosts
+
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Mon Jan 08 2024 Ben Grande <ben.grande.b@gmail.com> - c306047
+- fix: sys-wireguard compatible with Qubes 4.2
+
+* Fri Jan 05 2024 Ben Grande <ben.grande.b@gmail.com> - 417843b
+- feat: remove extraneous passwordless root
+
+* Wed Dec 20 2023 Ben Grande <ben.grande.b@gmail.com> - 38d98ec
+- fix: nft shebang and table names
+
+* Tue Dec 19 2023 Ben Grande <ben.grande.b@gmail.com> - b4d142b
+- refactor: move appended states to drop-in rc.local
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 963e72c
+- chore: Fix unman copyright contact
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-terraform.spec
+++ b/rpm_spec/qusal-terraform.spec
@ -0,0 +1,118 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-terraform
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Terraform installation in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-sys-ssh-agent
+Requires:       qusal-utils
+
+
+%description
+Install Terraform and use it on the "terraform" app qube.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply terraform.create
+  qubesctl --skip-dom0 --targets=tpl-terraform state.apply terraform.install
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Wed May 29 2024 Ben Grande <ben.grande.b@gmail.com> - 8accc47
+- fix: remove old deb repository list format
+
+* Thu May 16 2024 Ben Grande <ben.grande.b@gmail.com> - b2c9479
+- fix: enforce https on repository installation
+
+* Thu May 16 2024 Ben Grande <ben.grande.b@gmail.com> - d4c3fb1
+- feat: add terraform and chrome fedora repositories
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-usb.spec
+++ b/rpm_spec/qusal-usb.spec
@ -0,0 +1,108 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-usb
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        USB client in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-sys-usb
+Requires:       qusal-utils
+
+
+%description
+A Template for DispVMs will be created and named "dvm-usb", from this qube,
+you can base disposable qubes, geared towards USB client usage.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply usb.create
+  qubesctl --skip-dom0 --targets=tpl-usb state.apply usb.install
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Mon Dec 18 2023 Ben Grande <ben.grande.b@gmail.com> - bcb65a2
+- feat: usb client
--- a/rpm_spec/qusal-utils.spec
+++ b/rpm_spec/qusal-utils.spec
@ -0,0 +1,134 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-utils
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Utilities library for Qusal
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+
+
+%description
+Utils is a SaltStack Qubes library for certain operations shared by multiple
+projects such as macros and common tools to be installed.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  true
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Fri May 24 2024 Ben Grande <ben.grande.b@gmail.com> - cbf61e6
+- feat: add Firefox browser from Mozilla repository
+
+* Thu May 16 2024 Ben Grande <ben.grande.b@gmail.com> - b2c9479
+- fix: enforce https on repository installation
+
+* Tue May 14 2024 Ben Grande <ben.grande.b@gmail.com> - d148599
+- doc: nested list indentation
+
+* Tue Apr 30 2024 Ben Grande <ben.grande.b@gmail.com> - 5722a25
+- fix: discover non-root username at runtime
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Sat Feb 17 2024 Ben Grande <ben.grande.b@gmail.com> - dbed18d
+- feat: Bitcoin Core and Electrum servers and wallet
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Fri Jan 26 2024 Ben Grande <ben.grande.b@gmail.com> - a04960c
+- feat: initial split-mail setup
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - 2576d14
+- fix: policy file mode not allowing group to write
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - 2063a43
+- fix: clone macro support for optional argument
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - 5e5ae2f
+- fix: zsh state import with relative path
+
+* Fri Jan 12 2024 Ben Grande <ben.grande.b@gmail.com> - a97e3c0
+- feat: kicksecure minimal template
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-vault.spec
+++ b/rpm_spec/qusal-vault.spec
@ -0,0 +1,118 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-vault
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Vault environment in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-utils
+
+
+%description
+An offline qube will be created and named "vault", it will have a password
+manager for high entropy passwords, PGP and SSH client for creating private
+keys.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply vault.create
+  qubesctl --skip-dom0 --targets=tpl-vault state.apply vault.install
+  qubesctl state.apply vault.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Tue May 28 2024 Ben Grande <ben.grande.b@gmail.com> - 44ea4c5
+- feat: add manual page reader
+
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Mon Jan 29 2024 Ben Grande <ben.grande.b@gmail.com> - 6efcc1d
+- chore: copyright update
+
+* Sat Jan 20 2024 Ben Grande <ben.grande.b@gmail.com> - 422b01e
+- feat: remove audiovm setting when unnecessary
+
+* Thu Dec 21 2023 Ben Grande <ben.grande.b@gmail.com> - ff34a8a
+- fix: add missing appmenus sync
+
+* Mon Nov 13 2023 Ben Grande <ben.grande.b@gmail.com> - 5eebd78
+- refactor: initial commit
--- a/rpm_spec/qusal-video-companion.spec
+++ b/rpm_spec/qusal-video-companion.spec
@ -0,0 +1,100 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-video-companion
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Stream webcams and share screens in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-utils
+
+
+%description
+Installation procedures to stream webcams and share screens across qubes. The
+sender/server owns the screen or webcam and the receiver/client wants to
+access them without compromising the domains.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply video-companion.create
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Fri Jun 14 2024 Ben Grande <ben.grande.b@gmail.com> - 3ece491
+- fix: wrong video-companion package name for dom0
+
+* Thu May 30 2024 Ben Grande <ben.grande.b@gmail.com> - 0c9b173
+- feat: add Qubes Video Companion formula
--- a/rpm_spec/qusal-whonix-gateway.spec
+++ b/rpm_spec/qusal-whonix-gateway.spec
@ -0,0 +1,104 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-whonix-gateway
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Whonix Gateway Template in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-utils
+
+
+%description
+Creates the Whonix Gateway templates as well as a Disposable Template based on
+it.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply whonix-gateway.create
+  qubesctl --skip-dom0 --targets=whonix-gateway-17 state.apply whonix-gateway.install
+  qubesctl state.apply whonix-gateway.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Thu Feb 08 2024 Ben Grande <ben.grande.b@gmail.com> - 7331b19
+- refactor: distinct whonix formulas
--- a/rpm_spec/qusal-whonix-workstation.spec
+++ b/rpm_spec/qusal-whonix-workstation.spec
@ -0,0 +1,108 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+# Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+# Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-whonix-workstation
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Whonix Workstation Template in Qubes OS
+
+Group:          qusal
+Packager:       Ben Grande
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-utils
+Requires:       qusal-whonix-gateway
+
+
+%description
+Creates the Whonix Workstation templates as well as a Disposable Template
+based on it.
+
+%prep
+%setup -q
+
+%build
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}/srv/salt/qusal/%{name}
+
+%check
+
+%dnl %pre
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply whonix-workstation.create
+  qubesctl --skip-dom0 --targets=whonix-workstation-17 state.apply whonix-workstation.install
+  qubesctl state.apply whonix-workstation.appmenus
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+* Mon Mar 18 2024 Ben Grande <ben.grande.b@gmail.com> - f9ead06
+- fix: remove extraneous package repository updates
+
+* Fri Feb 23 2024 Ben Grande <ben.grande.b@gmail.com> - 5605ec7
+- doc: prefix qubesctl with sudo
+
+* Sat Feb 17 2024 Ben Grande <ben.grande.b@gmail.com> - dbed18d
+- feat: Bitcoin Core and Electrum servers and wallet
+
+* Thu Feb 08 2024 Ben Grande <ben.grande.b@gmail.com> - 7331b19
+- refactor: distinct whonix formulas
--- a/rpm_spec/template/template.spec
+++ b/rpm_spec/template/template.spec
@ -2,20 +2,6 @@
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later

-%define file_roots     %(./scripts/spec-get.sh @PROJECT@ file_roots)
-%define my_name        %(./scripts/spec-get.sh @PROJECT@ name)
-%define branch         %(./scripts/spec-get.sh @PROJECT@ branch)
-%define project        %(./scripts/spec-get.sh @PROJECT@ project)
-%define summary        %(./scripts/spec-get.sh @PROJECT@ summary)
-%define group          %(./scripts/spec-get.sh @PROJECT@ group)
-%define packager       %(./scripts/spec-get.sh @PROJECT@ packager)
-%define vendor         %(./scripts/spec-get.sh @PROJECT@ vendor)
-%define license_csv    %(./scripts/spec-get.sh @PROJECT@ license_csv)
-%define license        %(./scripts/spec-get.sh @PROJECT@ license)
-%define url            %(./scripts/spec-get.sh @PROJECT@ url)
-%define bug_url        %(./scripts/spec-get.sh @PROJECT@ bug_url)
-%define my_description %(./scripts/spec-get.sh @PROJECT@ description)
-
 ## Reproducibility.
 %define source_date_epoch_from_changelog 1
 %define use_source_date_epoch_as_buildtime 1
@ -27,18 +13,18 @@
 # Python bytecode interferes when updates occur and restart is not done.
 %undefine __brp_python_bytecompile

-Name:           %{project}
+Name:           @PROJECT@
 Version:        @VERSION@
 Release:        1%{?dist}
-Summary:        %{summary}
+Summary:        @SUMMARY@

-Group:          %{group}
-Packager:       %{packager}
-Vendor:         %{vendor}
-License:        %{license}
-URL:            %{url}
-BugURL:         %{bug_url}
-Source0:        %{project}
+Group:          @GROUP@
+Packager:       @PACKAGER@
+Vendor:         @VENDOR@
+License:        @LICENSE@
+URL:            @URL@
+BugURL:         @BUG_URL@
+Source0:        %{name}-%{version}.tar.gz
 BuildArch:      noarch

 Requires:       qubes-mgmt-salt
@ -46,22 +32,23 @@ Requires:       qubes-mgmt-salt-dom0
@REQUIRES@

 %description
-%{my_description}
+@DESCRIPTION@

 %prep
+%setup -q

 %build

 %install
 rm -rf %{buildroot}
 install -m 755 -d \
-  %{buildroot}%{file_roots} \
-  %{buildroot}%{_docdir}/%{project} \
-  %{buildroot}%{_defaultlicensedir}/%{project}
-install -m 644 %{project}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{project}/
-install -m 644 %{project}/README.md %{buildroot}%{_docdir}/%{project}/
-rm -rv %{project}/LICENSES %{project}/README.md
-cp -rv %{project} %{buildroot}%{file_roots}/%{my_name}
+  %{buildroot}@FILE_ROOTS@ \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+install -m 644 %{name}/LICENSES/* %{buildroot}%{_defaultlicensedir}/%{name}/
+install -m 644 %{name}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rv %{name}/LICENSES %{name}/README.md
+cp -rv %{name} %{buildroot}@FILE_ROOTS@/%{name}

 %check

@ -96,10 +83,10 @@ fi

 %files
 %defattr(-,root,root,-)
-%license %{_defaultlicensedir}/%{project}/*
-%doc %{_docdir}/%{project}/README.md
-%dir %{file_roots}/%{my_name}
-%{file_roots}/%{my_name}/*
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir @FILE_ROOTS@/%{name}
+@FILE_ROOTS@/%{name}/*
 %dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.

 %changelog
--- a/salt/ansible/version
+++ b/salt/ansible/version
--- a/salt/browser/version
+++ b/salt/browser/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/debian-minimal/version
+++ b/salt/debian-minimal/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/debian-xfce/version
+++ b/salt/debian-xfce/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/debian/version
+++ b/salt/debian/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/dev/version
+++ b/salt/dev/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/docker/version
+++ b/salt/docker/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/dom0/version
+++ b/salt/dom0/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/electrum/version
+++ b/salt/electrum/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/element/version
+++ b/salt/element/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/fedora-minimal/version
+++ b/salt/fedora-minimal/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/fedora-xfce/version
+++ b/salt/fedora-xfce/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/fedora/version
+++ b/salt/fedora/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/fetcher/version
+++ b/salt/fetcher/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/kicksecure-minimal/version
+++ b/salt/kicksecure-minimal/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/mail/version
+++ b/salt/mail/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/media/version
+++ b/salt/media/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/mgmt/version
+++ b/salt/mgmt/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/mirage-builder/version
+++ b/salt/mirage-builder/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/opentofu/version
+++ b/salt/opentofu/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/qubes-builder/version
+++ b/salt/qubes-builder/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/reader/version
+++ b/salt/reader/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/remmina/version
+++ b/salt/remmina/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/signal/version
+++ b/salt/signal/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/ssh/version
+++ b/salt/ssh/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-audio/version
+++ b/salt/sys-audio/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-bitcoin/version
+++ b/salt/sys-bitcoin/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-cacher/version
+++ b/salt/sys-cacher/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-electrs/version
+++ b/salt/sys-electrs/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-electrumx/version
+++ b/salt/sys-electrumx/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-firewall/version
+++ b/salt/sys-firewall/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-git/version
+++ b/salt/sys-git/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-mirage-firewall/version
+++ b/salt/sys-mirage-firewall/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-net/version
+++ b/salt/sys-net/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-pgp/version
+++ b/salt/sys-pgp/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-pihole/version
+++ b/salt/sys-pihole/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-print/version
+++ b/salt/sys-print/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-rsync/version
+++ b/salt/sys-rsync/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-ssh-agent/version
+++ b/salt/sys-ssh-agent/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-ssh/version
+++ b/salt/sys-ssh/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-syncthing/version
+++ b/salt/sys-syncthing/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-usb/version
+++ b/salt/sys-usb/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/sys-wireguard/version
+++ b/salt/sys-wireguard/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/terraform/version
+++ b/salt/terraform/version
@ -0,0 +1 @@
+0.0.1
--- a/salt/usb/version
+++ b/salt/usb/version
@ -0,0 +1 @@
+0.0.1
--- a/Show More
+++ b/Show More