From d9b55248fb29773b81d78e57291e6aef93f4e03e Mon Sep 17 00:00:00 2001
From: Ben Grande <ben.grande.b@gmail.com>
Date: Sun, 27 Jul 2025 20:09:03 +0200
Subject: [PATCH 1/3] feat: bump Fedora version

Fixes: https://github.com/ben-grande/qusal/issues/139
---
 salt/fedora-minimal/README.md |  4 ++--
 salt/fedora-xfce/README.md    |  4 ++--
 salt/fedora/README.md         |  4 ++--
 salt/fedora/template.jinja    |  2 +-
 salt/sys-pgp/install.sls      |  7 +++----
 scripts/version-update.sh     | 33 +++++++++++++++++++++++++++++++++
 6 files changed, 43 insertions(+), 11 deletions(-)
 create mode 100755 scripts/version-update.sh

diff --git a/salt/fedora-minimal/README.md b/salt/fedora-minimal/README.md
index a600ffb..d954ebc 100644
--- a/salt/fedora-minimal/README.md
+++ b/salt/fedora-minimal/README.md
@@ -19,7 +19,7 @@ it.
 
 ```sh
 sudo qubesctl top.enable fedora-minimal
-sudo qubesctl --targets=fedora-41-minimal state.apply
+sudo qubesctl --targets=fedora-42-minimal state.apply
 sudo qubesctl top.disable fedora-minimal
 sudo qubesctl state.apply fedora-minimal.prefs
 ```
@@ -30,7 +30,7 @@ sudo qubesctl state.apply fedora-minimal.prefs
 
 ```sh
 sudo qubesctl state.apply fedora-minimal.create
-sudo qubesctl --skip-dom0 --targets=fedora-41-minimal state.apply fedora-minimal.install
+sudo qubesctl --skip-dom0 --targets=fedora-42-minimal state.apply fedora-minimal.install
 sudo qubesctl state.apply fedora-minimal.prefs
 ```
 
diff --git a/salt/fedora-xfce/README.md b/salt/fedora-xfce/README.md
index 962a001..56a3b2f 100644
--- a/salt/fedora-xfce/README.md
+++ b/salt/fedora-xfce/README.md
@@ -18,7 +18,7 @@ Creates the Fedora Xfce template as well as a Disposable Template based on it.
 
 ```sh
 sudo qubesctl top.enable fedora-xfce
-sudo qubesctl --targets=fedora-41-xfce state.apply
+sudo qubesctl --targets=fedora-42-xfce state.apply
 sudo qubesctl top.disable fedora-xfce
 sudo qubesctl state.apply fedora-xfce.prefs
 ```
@@ -29,7 +29,7 @@ sudo qubesctl state.apply fedora-xfce.prefs
 
 ```sh
 sudo qubesctl state.apply fedora-xfce.create
-sudo qubesctl --skip-dom0 --targets=fedora-41-xfce state.apply fedora-xfce.install
+sudo qubesctl --skip-dom0 --targets=fedora-42-xfce state.apply fedora-xfce.install
 sudo qubesctl state.apply fedora-xfce.prefs
 ```
 
diff --git a/salt/fedora/README.md b/salt/fedora/README.md
index 435c074..71b70e2 100644
--- a/salt/fedora/README.md
+++ b/salt/fedora/README.md
@@ -18,7 +18,7 @@ Creates the Fedora template as well as a Disposable Template based on it.
 
 ```sh
 sudo qubesctl top.enable fedora
-sudo qubesctl --targets=fedora-41 state.apply
+sudo qubesctl --targets=fedora-42 state.apply
 sudo qubesctl top.disable fedora
 sudo qubesctl state.apply fedora.prefs
 ```
@@ -29,7 +29,7 @@ sudo qubesctl state.apply fedora.prefs
 
 ```sh
 sudo qubesctl state.apply fedora.create
-sudo qubesctl --skip-dom0 --targets=fedora-41 state.apply fedora.install
+sudo qubesctl --skip-dom0 --targets=fedora-42 state.apply fedora.install
 sudo qubesctl state.apply fedora.prefs
 ```
 
diff --git a/salt/fedora/template.jinja b/salt/fedora/template.jinja
index 2fc1f0e..4b0f843 100644
--- a/salt/fedora/template.jinja
+++ b/salt/fedora/template.jinja
@@ -5,7 +5,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
 {% set base = 'fedora' -%}
-{% set version = salt['pillar.get']('qvm:fedora:version', '41') -%}
+{% set version = salt['pillar.get']('qvm:fedora:version', '42') -%}
 {% set flavor = '' -%}
 {% set repo = salt['pillar.get']('qvm:fedora:repo', 'qubes-templates-itl') -%}
 {% if flavor -%}
diff --git a/salt/sys-pgp/install.sls b/salt/sys-pgp/install.sls
index b582bd9..8041ce3 100644
--- a/salt/sys-pgp/install.sls
+++ b/salt/sys-pgp/install.sls
@@ -22,15 +22,14 @@ include:
       - gnupg2
       - man-db
 
-{# TODO: sequoia-wot can't be installed on fedora-41 #}
+{# TODO: sequoia-wot and sequoia-keyring-linter can't be installed on fedora-42 #}
 {% set pkg = {
   'Debian': {
     'pkg': ['sq', 'sq-keyring-linter', 'sq-wot', 'sqop', 'sqv'],
   },
   'RedHat': {
-    'pkg': ['sequoia-sq', 'sequoia-keyring-linter', 'sequoia-sop',
-            'sequoia-sqv', 'sequoia-policy-config',
-            'sequoia-chameleon-gnupg'],
+    'pkg': ['sequoia-sq', 'sequoia-sop', 'sequoia-sqv',
+            'sequoia-policy-config', 'sequoia-chameleon-gnupg'],
   },
 }.get(grains.os_family) -%}
 
diff --git a/scripts/version-update.sh b/scripts/version-update.sh
new file mode 100755
index 0000000..15708f8
--- /dev/null
+++ b/scripts/version-update.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+## SPDX-FileCopyrightText: 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+##
+## SPDX-License-Identifier: AGPL-3.0-or-later
+
+set -eu
+
+usage(){
+  printf '%s\n' "Usage: ${0##*/} TEMPLATE OLD_VERSION NEW_VERSION
+Example: ${0##*/} fedora 41 42" >&2
+  exit 1
+}
+
+case "${1-}" in
+  ""|-h|--?help) usage;;
+  *) ;;
+esac
+
+command -v git >/dev/null ||
+  { printf '%s\n' "Missing program: git" >&2; exit 1; }
+repo_toplevel="$(git rev-parse --show-toplevel)"
+test -d "${repo_toplevel}" || exit 1
+cd "${repo_toplevel}"
+unset repo_toplevel
+
+template="${1}"
+old_version="${2}"
+new_version="${3}"
+
+sed -i "s/${old_version}/${new_version}/" salt/"${template}"*/template.jinja
+sed -i "s/${template}-${old_version}/${template}-${new_version}/" \
+  salt/"${template}"*/README.md

From 8ecfc095523f224aa4d336f234cc500763380b5a Mon Sep 17 00:00:00 2001
From: Ben Grande <ben.grande.b@gmail.com>
Date: Mon, 4 Aug 2025 07:56:46 +0200
Subject: [PATCH 2/3] fix: GUI formulas misses prefs-mgmt state

Fixes: https://github.com/ben-grande/qusal/issues/139
---
 salt/sys-gui-gpu/README.md      |  4 ++--
 salt/sys-gui-gpu/prefs-mgmt.sls | 17 +++++++++++++++++
 salt/sys-gui-gpu/prefs-mgmt.top | 10 ++++++++++
 salt/sys-gui-vnc/install.sls    |  4 ----
 salt/sys-gui/prefs-mgmt.sls     |  1 +
 5 files changed, 30 insertions(+), 6 deletions(-)
 create mode 100644 salt/sys-gui-gpu/prefs-mgmt.sls
 create mode 100644 salt/sys-gui-gpu/prefs-mgmt.top

diff --git a/salt/sys-gui-gpu/README.md b/salt/sys-gui-gpu/README.md
index 21c3c07..12f7669 100644
--- a/salt/sys-gui-gpu/README.md
+++ b/salt/sys-gui-gpu/README.md
@@ -25,7 +25,7 @@ WARNING: [unfinished formula](../../docs/TROUBLESHOOT.md#no-support-for-unfinish
 sudo qubesctl top.enable qvm.sys-gui-gpu pillar=True
 sudo qubesctl top.enable mgmt sys-gui-gpu
 sudo qubesctl --targets=tpl-mgmt state.apply
-sudo qubesctl state.apply sys-gui.prefs-mgmt
+sudo qubesctl state.apply sys-gui-gpu.prefs-mgmt
 sudo qubesctl --targets=tpl-sys-gui-gpu,sys-gui-gpu state.apply
 sudo qubesctl top.disable mgmt sys-gui-gpu
 sudo qubesctl state.apply sys-gui-gpu.prefs
@@ -39,7 +39,7 @@ sudo qubesctl state.apply sys-gui-gpu.prefs
 sudo qubesctl top.enable qvm.sys-gui-gpu pillar=True
 sudo qubesctl state.apply sys-gui-gpu.create
 sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install
-sudo qubesctl state.apply sys-gui.prefs-mgmt
+sudo qubesctl state.apply sys-gui-gpu.prefs-mgmt
 sudo qubesctl --skip-dom0 --targets=tpl-sys-gui-gpu state.apply sys-gui-gpu.install
 sudo qubesctl --skip-dom0 --targets=sys-gui-gpu state.apply sys-gui-gpu.configure
 sudo qubesctl state.apply sys-gui-gpu.prefs
diff --git a/salt/sys-gui-gpu/prefs-mgmt.sls b/salt/sys-gui-gpu/prefs-mgmt.sls
new file mode 100644
index 0000000..9bf3bb5
--- /dev/null
+++ b/salt/sys-gui-gpu/prefs-mgmt.sls
@@ -0,0 +1,17 @@
+{#
+SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+include:
+  - .create
+  - mgmt.prefs
+
+"{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default":
+  qvm.vm:
+    - require:
+      - sls: {{ slsdotpath }}.create
+    - name: tpl-{{ slsdotpath }}
+    - prefs:
+      - management_dispvm: "*default*"
diff --git a/salt/sys-gui-gpu/prefs-mgmt.top b/salt/sys-gui-gpu/prefs-mgmt.top
new file mode 100644
index 0000000..87f5bc6
--- /dev/null
+++ b/salt/sys-gui-gpu/prefs-mgmt.top
@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - sys-gui-gpu.prefs-mgmt
diff --git a/salt/sys-gui-vnc/install.sls b/salt/sys-gui-vnc/install.sls
index a54ba17..9302e9c 100644
--- a/salt/sys-gui-vnc/install.sls
+++ b/salt/sys-gui-vnc/install.sls
@@ -1,11 +1,7 @@
 {#
-SPDX-FileCopyrightText: 2019 Frederic Pierret <frederic.pierret@qubes-os.org>
-SPDX-FileCopyrightText: 2020 - 2024 Marmarek Marczykowski-Gorecki <marmarek@invisiblethingslab.com>
 SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: GPL-2.0-only
-
-Upstream pkg.installed install weak_deps/recommends.
 #}
 
 {% if grains['nodename'] != 'dom0' -%}
diff --git a/salt/sys-gui/prefs-mgmt.sls b/salt/sys-gui/prefs-mgmt.sls
index f9a5109..9bf3bb5 100644
--- a/salt/sys-gui/prefs-mgmt.sls
+++ b/salt/sys-gui/prefs-mgmt.sls
@@ -5,6 +5,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
 include:
+  - .create
   - mgmt.prefs
 
 "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default":

From 5cb6350e225acb87fa703c55b285227092a36d1d Mon Sep 17 00:00:00 2001
From: Ben Grande <ben.grande.b@gmail.com>
Date: Mon, 4 Aug 2025 08:03:16 +0200
Subject: [PATCH 3/3] feat: add Qubes development formula

Contributing to Qubes OS using Debian is possible, but there are edge
cases with linter versions, GUI editor versions, test packages in
run-tests that are better supported on Fedora, as this is the template
that Qubes OS developers most use.

Fixes: https://github.com/ben-grande/qusal/issues/139
Fixes: https://github.com/ben-grande/qusal/issues/126
---
 .qubesbuilder                    |   1 +
 rpm_spec/qusal-qubes-dev.spec    | 118 +++++++++++++++++++++++++++++++
 salt/dev/install-common.sls      |  64 +++++++++++++++++
 salt/dev/install-common.top      |  10 +++
 salt/dev/install-qusal.sls       |  45 ++++++++++++
 salt/dev/install-qusal.top       |  10 +++
 salt/dev/install.sls             |  64 +----------------
 salt/qubes-dev/README.md         |  83 ++++++++++++++++++++++
 salt/qubes-dev/clone.sls         |   8 +++
 salt/qubes-dev/clone.top         |  10 +++
 salt/qubes-dev/configure-dvm.sls |  12 ++++
 salt/qubes-dev/configure-dvm.top |  10 +++
 salt/qubes-dev/configure.sls     |  13 ++++
 salt/qubes-dev/configure.top     |  10 +++
 salt/qubes-dev/create.sls        | 103 +++++++++++++++++++++++++++
 salt/qubes-dev/create.top        |  10 +++
 salt/qubes-dev/init.top          |  19 +++++
 salt/qubes-dev/install.sls       |  25 +++++++
 salt/qubes-dev/install.top       |  10 +++
 salt/qubes-dev/version           |   1 +
 20 files changed, 564 insertions(+), 62 deletions(-)
 create mode 100644 rpm_spec/qusal-qubes-dev.spec
 create mode 100644 salt/dev/install-common.sls
 create mode 100644 salt/dev/install-common.top
 create mode 100644 salt/dev/install-qusal.sls
 create mode 100644 salt/dev/install-qusal.top
 create mode 100644 salt/qubes-dev/README.md
 create mode 100644 salt/qubes-dev/clone.sls
 create mode 100644 salt/qubes-dev/clone.top
 create mode 100644 salt/qubes-dev/configure-dvm.sls
 create mode 100644 salt/qubes-dev/configure-dvm.top
 create mode 100644 salt/qubes-dev/configure.sls
 create mode 100644 salt/qubes-dev/configure.top
 create mode 100644 salt/qubes-dev/create.sls
 create mode 100644 salt/qubes-dev/create.top
 create mode 100644 salt/qubes-dev/init.top
 create mode 100644 salt/qubes-dev/install.sls
 create mode 100644 salt/qubes-dev/install.top
 create mode 100644 salt/qubes-dev/version

diff --git a/.qubesbuilder b/.qubesbuilder
index f4c708d..85100d6 100644
--- a/.qubesbuilder
+++ b/.qubesbuilder
@@ -28,6 +28,7 @@ host:
       - rpm_spec/qusal-mirage-builder.spec
       - rpm_spec/qusal-opentofu.spec
       - rpm_spec/qusal-qubes-builder.spec
+      - rpm_spec/qusal-qubes-dev.spec
       - rpm_spec/qusal-reader.spec
       - rpm_spec/qusal-remmina.spec
       - rpm_spec/qusal-signal.spec
diff --git a/rpm_spec/qusal-qubes-dev.spec b/rpm_spec/qusal-qubes-dev.spec
new file mode 100644
index 0000000..c17d70d
--- /dev/null
+++ b/rpm_spec/qusal-qubes-dev.spec
@@ -0,0 +1,118 @@
+# SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+%define project         qubes-dev
+%define license_csv     AGPL-3.0-or-later
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+## Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+## Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-qubes-dev
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Development environment for Qubes OS
+Group:          qusal
+Packager:       %{?_packager}%{!?_packager:Ben Grande <ben.grande.b@gmail.com>}
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-dev
+Requires:       qusal-dotfiles
+Requires:       qusal-sys-net
+Requires:       qusal-utils
+
+
+%description
+Setup a development qube named "qubes-dev", dedicated to contributing to Qubes
+OS repositories. As there there is a very broad set of repositories, only
+common packages will be installed. The qube has netvm but can reach remote
+servers if the policy allows.
+
+%prep
+%setup -q
+
+%build
+
+%check
+
+%pre
+
+%install
+rm -rf -- %{buildroot}
+install -m 755 -d -- \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+
+for license in $(printf '%s\n' "%{license_csv}" | tr "," " "); do
+  license_dir="LICENSES"
+  if test -d "salt/%{project}/LICENSES"; then
+    license_dir="salt/%{project}/LICENSES"
+  fi
+  install -m 644 -- \
+    "${license_dir}/${license}.txt" %{buildroot}%{_defaultlicensedir}/%{name}/
+done
+
+install -m 644 -- salt/%{project}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rf -- \
+  salt/%{project}/LICENSES \
+  salt/%{project}/README.md \
+  salt/%{project}/.*
+cp -rv -- salt/%{project} %{buildroot}/srv/salt/qusal/%{name}
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply qubes-dev.create
+  qubesctl --skip-dom0 --targets=tpl-qubes-dev state.apply qubes-dev.install
+  qubesctl --skip-dom0 --targets=dvm-qubes-dev state.apply qubes-dev.configure-dvm
+  qubesctl --skip-dom0 --targets=qubes-dev state.apply qubes-dev.configure
+  if test -n "${proxy_target}"; then
+    sudo qubesctl --skip-dom0 --targets="${proxy_target}" state.apply sys-net.install-proxy
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+
diff --git a/salt/dev/install-common.sls b/salt/dev/install-common.sls
new file mode 100644
index 0000000..295bccf
--- /dev/null
+++ b/salt/dev/install-common.sls
@@ -0,0 +1,64 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] != 'dom0' -%}
+
+include:
+  - utils.tools.common.update
+  - {{ slsdotpath }}.home-cleanup
+  - dotfiles.copy-all
+  - utils.tools.zsh
+  - sys-pgp.install-client
+  - sys-git.install-client
+  - sys-ssh-agent.install-client
+
+"{{ slsdotpath }}-installed-common":
+  pkg.installed:
+    - require:
+      - sls: utils.tools.common.update
+    - install_recommends: False
+    - skip_suggestions: True
+    - setopt: "install_weak_deps=False"
+    - pkgs:
+      ## Necessary
+      - qubes-core-agent-passwordless-root
+      - ca-certificates
+      ## Usability
+      - tmux
+      - xclip
+      - bash-completion
+      ## Reading documentation
+      - man-db
+      - info
+      - texinfo
+      ## Searching files
+      - file
+      - tree
+      - ripgrep
+      - fzf
+      ## Lint
+      - gitlint
+
+## Fedora doesn't have: ruby-mdl (markdownlint, mdl)
+{% set pkg = {
+    'Debian': {
+      'pkg': ['shellcheck', 'vim-nox', 'fd-find', 'ruby-mdl'],
+    },
+    'RedHat': {
+      'pkg': ['ShellCheck', 'vim-enhanced', 'fd-find', 'passwd'],
+    },
+}.get(grains.os_family) -%}
+
+"{{ slsdotpath }}-installed-os-specific-common":
+  pkg.installed:
+    - require:
+      - sls: utils.tools.common.update
+    - install_recommends: False
+    - skip_suggestions: True
+    - setopt: "install_weak_deps=False"
+    - pkgs: {{ pkg.pkg|sequence|yaml }}
+
+{% endif -%}
diff --git a/salt/dev/install-common.top b/salt/dev/install-common.top
new file mode 100644
index 0000000..0123493
--- /dev/null
+++ b/salt/dev/install-common.top
@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'tpl-dev':
+    - match: list
+    - dev.install-common
diff --git a/salt/dev/install-qusal.sls b/salt/dev/install-qusal.sls
new file mode 100644
index 0000000..ac14dda
--- /dev/null
+++ b/salt/dev/install-qusal.sls
@@ -0,0 +1,45 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] != 'dom0' -%}
+
+include:
+  - dev.install-common
+  - dev.install-python
+
+"{{ slsdotpath }}-installed-qusal":
+  pkg.installed:
+    - require:
+      - sls: utils.tools.common.update
+    - install_recommends: False
+    - skip_suggestions: True
+    - setopt: "install_weak_deps=False"
+    - pkgs:
+      - yamllint
+      - codespell
+      - pre-commit
+      - reuse
+
+## Debian doesn't have: salt-lint
+{% set pkg = {
+    'Debian': {
+      'pkg': [],
+    },
+    'RedHat': {
+      'pkg': ['salt-lint'],
+    },
+}.get(grains.os_family) -%}
+
+"{{ slsdotpath }}-installed-os-specific-qusal":
+  pkg.installed:
+    - require:
+      - sls: utils.tools.common.update
+    - install_recommends: False
+    - skip_suggestions: True
+    - setopt: "install_weak_deps=False"
+    - pkgs: {{ pkg.pkg|sequence|yaml }}
+
+{% endif -%}
diff --git a/salt/dev/install-qusal.top b/salt/dev/install-qusal.top
new file mode 100644
index 0000000..962c8cc
--- /dev/null
+++ b/salt/dev/install-qusal.top
@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'tpl-dev':
+    - match: list
+    - dev.install-qusal
diff --git a/salt/dev/install.sls b/salt/dev/install.sls
index 5392541..472c63d 100644
--- a/salt/dev/install.sls
+++ b/salt/dev/install.sls
@@ -1,5 +1,5 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
@@ -7,66 +7,6 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 {% if grains['nodename'] != 'dom0' -%}
 
 include:
-  - utils.tools.common.update
-  - {{ slsdotpath }}.home-cleanup
-  - dotfiles.copy-all
-  - utils.tools.zsh
-  - sys-pgp.install-client
-  - sys-git.install-client
-  - sys-ssh-agent.install-client
-
-"{{ slsdotpath }}-installed":
-  pkg.installed:
-    - require:
-      - sls: utils.tools.common.update
-    - install_recommends: False
-    - skip_suggestions: True
-    - setopt: "install_weak_deps=False"
-    - pkgs:
-      ## Necessary
-      - qubes-core-agent-passwordless-root
-      - ca-certificates
-      ## Usability
-      - tmux
-      - xclip
-      - bash-completion
-      ## Reading documentation
-      - man-db
-      - info
-      - texinfo
-      ## Searching files
-      - file
-      - tree
-      - ripgrep
-      - fzf
-      ## Lint
-      - pre-commit
-      - precious
-      - reuse
-      - gitlint
-      - pylint
-      - yamllint
-      - ruby-mdl
-      - codespell
-
-## Fedora doesn't have: ruby-mdl (markdownlint, mdl)
-## Debian doesn't have: salt-lint
-{% set pkg = {
-    'Debian': {
-      'pkg': ['shellcheck', 'vim-nox', 'fd-find'],
-    },
-    'RedHat': {
-      'pkg': ['ShellCheck', 'vim-enhanced', 'fd-find', 'salt-lint', 'passwd'],
-    },
-}.get(grains.os_family) -%}
-
-"{{ slsdotpath }}-installed-os-specific":
-  pkg.installed:
-    - require:
-      - sls: utils.tools.common.update
-    - install_recommends: False
-    - skip_suggestions: True
-    - setopt: "install_weak_deps=False"
-    - pkgs: {{ pkg.pkg|sequence|yaml }}
+  - dev.install-qusal
 
 {% endif -%}
diff --git a/salt/qubes-dev/README.md b/salt/qubes-dev/README.md
new file mode 100644
index 0000000..d7ebfd1
--- /dev/null
+++ b/salt/qubes-dev/README.md
@@ -0,0 +1,83 @@
+# qubes-dev
+
+Development environment for Qubes OS.
+
+## Table of Contents
+
+*   [Description](#description)
+*   [Installation](#installation)
+*   [Access Control](#access-control)
+*   [Usage](#usage)
+
+## Description
+
+Setup a development qube named "qubes-dev", dedicated to contributing to Qubes
+OS repositories. As there there is a very broad set of repositories, only
+common packages will be installed. The qube has netvm but can reach remote
+servers if the policy allows.
+
+## Installation
+
+*   Top:
+
+```sh
+sudo qubesctl top.enable qubes-dev
+sudo qubesctl --targets=tpl-qubes-dev,dvm-qubes-dev,qubes-dev state.apply
+sudo qubesctl top.disable qubes-dev
+proxy_target="$(qusal-report-updatevm-origin)"
+if test -n "${proxy_target}"; then
+  sudo qubesctl --skip-dom0 --targets="${proxy_target}" state.apply sys-net.install-proxy
+fi
+```
+
+*   State:
+
+<!-- pkg:begin:post-install -->
+
+```sh
+sudo qubesctl state.apply qubes-dev.create
+sudo qubesctl --skip-dom0 --targets=tpl-qubes-dev state.apply qubes-dev.install
+sudo qubesctl --skip-dom0 --targets=dvm-qubes-dev state.apply qubes-dev.configure-dvm
+sudo qubesctl --skip-dom0 --targets=qubes-dev state.apply qubes-dev.configure
+proxy_target="$(qusal-report-updatevm-origin)"
+if test -n "${proxy_target}"; then
+  sudo qubesctl --skip-dom0 --targets="${proxy_target}" state.apply sys-net.install-proxy
+fi
+```
+
+<!-- pkg:end:post-install -->
+
+The installation will make the Qusal TCP Proxy available in the `updatevm`
+(after it is restarted in case it is template based). If you want to have the
+proxy available on a `netvm` that is not deployed by Qusal, install the Qusal
+TCP proxy on the templates of your `netvm`:
+
+```sh
+sudo qubesctl --skip-dom0 --targets=TEMPLATE state.apply sys-net.install-proxy
+```
+
+Remember to restart the `netvms` after the proxy installation for the changes
+to take effect.
+
+## Access Control
+
+_Default policy_: `denies` `all` qubes from calling `qusal.ConnectTCP`
+
+Allow qube `qubes-dev` to `connect` to `github.com:22` via `disp-sys-net` but
+not to any other host or via any other qube:
+
+```qrexecpolicy
+qusal.ConnectTCP +github.com+22 qubes-dev @default allow target=disp-sys-net
+qusal.ConnectTCP *              qubes-dev @anyvm   deny
+```
+
+## Usage
+
+The development qube `qubes-dev` can be used for:
+
+*   everything the [dev](../dev/README.md) qube can do;
+*   contributing to Qubes OS
+
+As the `qubes-dev` qube has no netvm, configure the Qrexec policy to allow or
+ask calls to the `qusal.ConnectTCP` RPC service, so the qube can communicate
+with a remote repository for example.
diff --git a/salt/qubes-dev/clone.sls b/salt/qubes-dev/clone.sls
new file mode 100644
index 0000000..5c7bd65
--- /dev/null
+++ b/salt/qubes-dev/clone.sls
@@ -0,0 +1,8 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% from 'utils/macros/clone-template.sls' import clone_template -%}
+{{ clone_template('fedora-minimal', sls_path) }}
diff --git a/salt/qubes-dev/clone.top b/salt/qubes-dev/clone.top
new file mode 100644
index 0000000..e97d26a
--- /dev/null
+++ b/salt/qubes-dev/clone.top
@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - qubes-dev.clone
diff --git a/salt/qubes-dev/configure-dvm.sls b/salt/qubes-dev/configure-dvm.sls
new file mode 100644
index 0000000..ac947b9
--- /dev/null
+++ b/salt/qubes-dev/configure-dvm.sls
@@ -0,0 +1,12 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] != 'dom0' -%}
+
+include:
+  - utils.tools.zsh.touch-zshrc
+
+{% endif -%}
diff --git a/salt/qubes-dev/configure-dvm.top b/salt/qubes-dev/configure-dvm.top
new file mode 100644
index 0000000..182897c
--- /dev/null
+++ b/salt/qubes-dev/configure-dvm.top
@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  '*':
+    - match: nodegroup
+    - qubes-dev.configure-dvm
diff --git a/salt/qubes-dev/configure.sls b/salt/qubes-dev/configure.sls
new file mode 100644
index 0000000..c5c1b57
--- /dev/null
+++ b/salt/qubes-dev/configure.sls
@@ -0,0 +1,13 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] != 'dom0' -%}
+
+include:
+  - {{ slsdotpath }}.home-cleanup
+  - dotfiles.copy-all
+
+{% endif -%}
diff --git a/salt/qubes-dev/configure.top b/salt/qubes-dev/configure.top
new file mode 100644
index 0000000..b0b4cbf
--- /dev/null
+++ b/salt/qubes-dev/configure.top
@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  '*':
+    - match: nodegroup
+    - qubes-dev.configure
diff --git a/salt/qubes-dev/create.sls b/salt/qubes-dev/create.sls
new file mode 100644
index 0000000..51ce958
--- /dev/null
+++ b/salt/qubes-dev/create.sls
@@ -0,0 +1,103 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- from "qvm/template.jinja" import load -%}
+
+include:
+  - {{ slsdotpath }}.clone
+  - sys-net.show-updatevm-origin
+
+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+{%- endload %}
+{{ load(defaults) }}
+
+{% load_yaml as defaults -%}
+name: {{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+present:
+- template: tpl-{{ slsdotpath }}
+- label: purple
+prefs:
+- template: tpl-{{ slsdotpath }}
+- label: purple
+- netvm: ""
+- audiovm: ""
+- vcpus: 1
+- memory: 400
+- maxmem: 600
+- autostart: False
+- include_in_backups: True
+features:
+- enable:
+  - service.split-gpg2-client
+  - service.qusal-proxy-client
+  - service.crond
+- disable:
+  - service.cups
+  - service.cups-browsed
+{%- endload %}
+{{ load(defaults) }}
+
+{% load_yaml as defaults -%}
+name: dvm-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+present:
+- template: tpl-{{ slsdotpath }}
+- label: red
+prefs:
+- template: tpl-{{ slsdotpath }}
+- label: red
+- audiovm: ""
+- vcpus: 1
+- memory: 400
+- maxmem: 600
+- autostart: False
+- template_for_dispvms: True
+- include_in_backups: False
+features:
+- enable:
+  - appmenus-dispvm
+- disable:
+  - service.cups
+  - service.cups-browsed
+{%- endload %}
+{{ load(defaults) }}
+
+{% load_yaml as defaults -%}
+name: disp-{{ slsdotpath }}
+force: True
+require:
+- qvm: dvm-{{ slsdotpath }}
+present:
+- template: dvm-{{ slsdotpath }}
+- label: red
+- class: DispVM
+prefs:
+- template: dvm-{{ slsdotpath }}
+- label: red
+- audiovm: ""
+- vcpus: 1
+- memory: 400
+- maxmem: 600
+- autostart: False
+- include_in_backups: False
+features:
+- disable:
+  - appmenus-dispvm
+  - service.cups
+  - service.cups-browsed
+{%- endload %}
+{{ load(defaults) }}
diff --git a/salt/qubes-dev/create.top b/salt/qubes-dev/create.top
new file mode 100644
index 0000000..c7a3c85
--- /dev/null
+++ b/salt/qubes-dev/create.top
@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - qubes-dev.create
diff --git a/salt/qubes-dev/init.top b/salt/qubes-dev/init.top
new file mode 100644
index 0000000..746fdf0
--- /dev/null
+++ b/salt/qubes-dev/init.top
@@ -0,0 +1,19 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - qubes-dev.create
+  'tpl-qubes-dev':
+    - qubes-dev.install
+  'dvm-qubes-dev':
+    - qubes-dev.configure-dvm
+  'qubes-dev':
+    - qubes-dev.configure
+  '(I@qubes:type:template or I@qubes:type:standalone) and (G@kernel:Linux or G@kernel:*BSD)':
+    - match: compound
+    - sys-net.install-proxy
diff --git a/salt/qubes-dev/install.sls b/salt/qubes-dev/install.sls
new file mode 100644
index 0000000..0b9cf1e
--- /dev/null
+++ b/salt/qubes-dev/install.sls
@@ -0,0 +1,25 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] != 'dom0' -%}
+
+include:
+  - dev.install-common
+  - dev.install-python
+
+"{{ slsdotpath }}-installed":
+  pkg.installed:
+    - require:
+      - sls: utils.tools.common.update
+    - install_recommends: False
+    - skip_suggestions: True
+    - setopt: "install_weak_deps=False"
+    - pkgs:
+      - glade
+      - qt6-designer
+      # TODO: reboot vm and test missing packages on tests
+
+{% endif -%}
diff --git a/salt/qubes-dev/install.top b/salt/qubes-dev/install.top
new file mode 100644
index 0000000..7157580
--- /dev/null
+++ b/salt/qubes-dev/install.top
@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'tpl-qubes-dev':
+    - match: list
+    - qubes-dev.install
diff --git a/salt/qubes-dev/version b/salt/qubes-dev/version
new file mode 100644
index 0000000..8acdd82
--- /dev/null
+++ b/salt/qubes-dev/version
@@ -0,0 +1 @@
+0.0.1