refactor: initial commit

salt/ssh/README.md

@@ -0,0 +1,48 @@
+# ssh
+
+SSH remote login client in Qubes OS.
+
+## Table of Contents
+
+* [Description](#description)
+* [Installation](#installation)
+* [Usage](#usage)
+
+## Description
+
+Setup SSH client AppVM ssh and a DispVM Template "dvm-ssh".
+It's use is plain simple, SSH to servers, no extra configuration is required.
+When saving the SSH configuration is necessary, use the ssh qube. If login
+in as a one time connection or to an untrusted host use a DispVM based on
+"dvm-ssh" for disposability.
+
+## Installation
+
+- Top:
+```sh
+qubesctl top.enable ssh
+qubesctl --targets=tpl-ssh,dvm-ssh,ssh state.apply
+qubesctl top.disable ssh
+```
+
+- State:
+<!-- pkg:begin:post-install -->
+```sh
+qubesctl state.apply ssh.create
+qubesctl --skip-dom0 --targets=tpl-ssh state.apply ssh.install
+qubesctl --skip-dom0 --targets=dvm-ssh,ssh state.apply ssh.configure
+```
+<!-- pkg:end:post-install -->
+
+## Usage
+
+Create DispVMs based on the Template for DispVMs "dvm-ssh" for disposable SSH
+sessions or create AppVMs based on "tpl-ssh", such as the "ssh" qube for for
+preserving the SSH configuration client side.
+
+The client qube can enhanced by being:
+
+- sys-ssh-agent's client and not storing the SSH keys on the client; or
+- sys-git's client and fetching from qubes and push to remote servers.
+
+The server requires the OpenSSH server to be installed.

salt/ssh/clone.sls

@@ -0,0 +1,8 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% from 'utils/macros/clone-template.sls' import clone_template -%}
+{{ clone_template('debian-minimal', sls_path) }}

salt/ssh/clone.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - ssh.clone

salt/ssh/configure.sls

@@ -0,0 +1,14 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] != 'dom0' -%}
+
+include:
+  - dev.home-cleanup
+  - dotfiles.copy-x11
+  - dotfiles.copy-ssh
+
+{% endif -%}

salt/ssh/configure.top

@@ -0,0 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'ssh,dvm-ssh':
+    - ssh.configure

salt/ssh/create.sls

@@ -0,0 +1,59 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- from "qvm/template.jinja" import load -%}
+
+include:
+  - .clone
+
+{% load_yaml as defaults -%}
+name: {{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+present:
+- template: tpl-{{ slsdotpath }}
+- label: purple
+prefs:
+- template: tpl-{{ slsdotpath }}
+- label: purple
+- vcpus: 1
+- memory: 400
+- maxmem: 500
+- autostart: False
+features:
+- disable:
+  - service.cups
+  - service.cups-browsed
+  - service.tinyproxy
+{%- endload %}
+{{ load(defaults) }}
+
+{% load_yaml as defaults -%}
+name: dvm-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+present:
+- template: tpl-{{ slsdotpath }}
+- label: purple
+prefs:
+- template: tpl-{{ slsdotpath }}
+- label: purple
+- vcpus: 1
+- memory: 400
+- maxmem: 500
+- autostart: False
+- template_for_dispvms: True
+- include_in_backups: False
+features:
+- enable:
+  - appmenus-dispvm
+- disable:
+  - service.cups
+  - service.cups-browsed
+{%- endload %}
+{{ load(defaults) }}

salt/ssh/create.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - ssh.create

salt/ssh/init.top

@@ -0,0 +1,14 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - ssh.create
+  'tpl-ssh':
+    - ssh.install
+  'dvm-ssh,ssh':
+    - ssh.configure

salt/ssh/install.sls

@@ -0,0 +1,42 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] != 'dom0' -%}
+
+include:
+  - dotfiles.copy-x11
+  - dotfiles.copy-ssh
+
+"{{ slsdotpath }}-client-updated":
+  pkg.uptodate:
+    - refresh: True
+
+"{{ slsdotpath }}-client-installed":
+  pkg.installed:
+    - refresh: True
+    - install_recommends: False
+    - skip_suggestions: True
+    - pkgs:
+      - qubes-core-agent-networking
+      - ca-certificates
+
+{% set pkg = {
+    'Debian': {
+      'pkg': ['openssh-client'],
+    },
+    'RedHat': {
+      'pkg': ['openssh-clients'],
+    },
+}.get(grains.os_family) -%}
+
+"{{ slsdotpath }}-client-installed-os-specific":
+  pkg.installed:
+    - refresh: True
+    - install_recommends: False
+    - skip_suggestions: True
+    - pkgs: {{ pkg.pkg|sequence|yaml }}
+
+{% endif %}

salt/ssh/install.top

@@ -0,0 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'tpl-ssh':
+    - ssh.install