refactor: initial commit

2025-08-18 10:47:58 -04:00 · 2023-11-13 14:33:28 +00:00 · 2023-11-13 14:33:28 +00:00 · f6ac229306
commit f6ac229306
594 changed files with 18600 additions and 0 deletions
--- a/salt/utils/macros/clone-template.sls
+++ b/salt/utils/macros/clone-template.sls
@ -0,0 +1,30 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{#
+Usage:
+1: Import this template:
+{% from 'utils/macros/clone-template.sls' import clone_template -%}
+
+2: Set template to clone from and the clone name:
+{{ clone_template('debian-minimal', sls_path) }}
+#}
+
+{% macro clone_template(source, name) -%}
+
+{%- import source ~ "/template.jinja" as template -%}
+
+include:
+  - {{ source }}.create
+
+"tpl-{{ name }}-clone":
+  qvm.clone:
+    - require:
+      - sls: {{ source }}.create
+    - source: {{ template.template }}
+    - name: tpl-{{ name }}
+
+{% endmacro -%}
--- a/salt/utils/macros/install-repo.sls
+++ b/salt/utils/macros/install-repo.sls
@ -0,0 +1,77 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{#
+Install repositories with ease.
+
+Usage:
+1: Import this template:
+{% from 'utils/macros/install-repo.sls' import install_repo -%}
+
+2: Set template to clone from and the clone name:
+{{ install_repo(sls_path, 'chrome') }}
+
+If sls_path is 'browser', then this would install the repo from:
+  Source directory:
+    salt://browser/files/repo/
+
+  Debian:
+    chrome.sources -> /etc/apt/sources.list.d/chrome.sources
+    chrome.asc -> /usr/share/keyrings/chrome.asc
+  Fedora:
+    chrome.yum.repo -> /etc/yum.repos.d/chrome.repo
+    chrome.yum.asc -> /etc/pki/rpm-gpg/RPM-GPG-KEY-chrome
+#}
+
+{% macro install_repo(name, repo) -%}
+
+{% if grains['os_family']|lower == 'debian' -%}
+
+"{{ name }}-install-{{ repo }}-keyring":
+  file.managed:
+    - name: /usr/share/keyrings/{{ repo }}.asc
+    - source: salt://{{ name }}/files/repo/{{ repo }}.asc
+    - mode: '0644'
+    - user: root
+    - group: root
+    - makedirs: True
+
+"{{ name }}-install-{{ repo }}-repository":
+  file.managed:
+    - name: /etc/apt/sources.list.d/{{ repo }}.sources
+    - source: salt://{{ name }}/files/repo/{{ repo }}.sources
+    - mode: '0644'
+    - user: root
+    - group: root
+    - makedirs: True
+
+"{{ name }}-remove-{{ repo }}-old-format":
+  file.absent:
+    - name: /etc/apt/sources.list.d/{{ repo }}.list
+
+{% elif grains['os_family']|lower == 'redhat' -%}
+
+"{{ name }}-install-{{ repo }}-keyring":
+  file.managed:
+    - name: /etc/pki/rpm-gpg/RPM-GPG-KEY-{{ repo }}
+    - source: salt://{{ name }}/files/repo/{{ repo }}.yum.asc
+    - mode: '0644'
+    - user: root
+    - group: root
+    - makedirs: True
+
+"{{ name }}-install-{{ repo }}-repository":
+  file.managed:
+    - name: /etc/yum.repos.d/{{ repo }}.repo
+    - source: salt://{{ name }}/files/repo/{{ repo }}.yum.repo
+    - mode: '0644'
+    - user: root
+    - group: root
+    - makedirs: True
+
+{% endif -%}
+
+{% endmacro -%}
--- a/salt/utils/macros/policy.sls
+++ b/salt/utils/macros/policy.sls
@ -0,0 +1,86 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{#
+Qubes RPC Policy Template
+
+Usage:
+
+UNSET POLICY:
+------------
+{% from 'utils/macros/policy.sls' import policy_unset with context -%}
+{{ policy_unset(sls_path, '80') }}
+
+SET POLICY:
+-----------
+{% from 'utils/macros/policy.sls' import policy_set with context -%}
+{{ policy_set(sls_path, '80') }}
+
+{% from 'utils/macros/policy.sls' import policy_set_full with context -%}
+{{ policy_set_full('project', '/etc/qubes/policy.d/80-project.policy', 'salt://project/files/admin/policy/default.policy') }}
+
+If you prefer to use 'contents' instead of 'source':
+{% from 'utils/macros/policy.sls' import load_policy -%}
+{% load_yaml as defaults_policy -%}
+name: /etc/qubes/policy.d/80-{{ slsdotpath }}.policy
+contents:
+  - "## Comments need to be quoted."
+  - qubes.Example * {{ slsdotpath }} @default ask target=sys-test
+  - qubes.Example * {{ slsdotpath }} sys-test ask
+{%- endload %}
+{{ load_policy(defaults_policy) }}
+
+#}
+
+{% set policy_mode = '0644' -%}
+{% set policy_user = 'root' -%}
+{% set policy_group = 'qubes' -%}
+
+{% macro policy_unset(project, number) -%}
+"{{ project }}-absent-rpc-policy":
+  file.absent:
+    - name: /etc/qubes/policy.d/{{ number ~ '-' ~ project }}.policy
+{%- endmacro %}
+
+{% macro policy_set(project, number) -%}
+"{{ project }}-set-rpc-policy":
+  file.managed:
+    - name: /etc/qubes/policy.d/{{ number ~ '-' ~ project }}.policy
+    - source: salt://{{ project }}/files/admin/policy/default.policy
+    - template: jinja
+    - context:
+        sls_path: {{ project }}
+    - mode: {{ policy_mode }}
+    - user: {{ policy_user }}
+    - group: {{ policy_group }}
+{% endmacro -%}
+
+{% macro policy_set_full(project, name, source) -%}
+"{{ project }}-set-full-rpc-policy":
+  file.managed:
+    - name: {{ name }}
+    - source: {{ source }}
+    - template: jinja
+    - context:
+        sls_path: {{ project }}
+    - mode: {{ policy_mode }}
+    - user: {{ policy_user }}
+    - group: {{ policy_group }}
+{% endmacro -%}
+
+{% macro state_policy(name, contents) -%}
+"{{ name }}-rpc-policy":
+  file.managed:
+    - name: {{ name }}
+    - contents: {{ contents }}
+    - mode: {{ policy_mode }}
+    - user: {{ policy_user }}
+    - group: {{ policy_group }}
+{%- endmacro %}
+
+{% macro load_policy(policy) -%}
+  {{- state_policy(policy.name, policy.contents) }}
+{%- endmacro %}
--- a/salt/utils/macros/switch-template.sls
+++ b/salt/utils/macros/switch-template.sls
@ -0,0 +1,26 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{#
+Switch Template to Default Template
+
+Usage:
+1: Import this template:
+{% from 'utils/macros/switch-template.sls' import switch_template -%}
+
+2: Set list of qubes to set default template:
+{{ switch_template([sls_path, 'example']) }}
+#}
+
+{% set default_template = salt['cmd.shell']('qubes-prefs default_template') -%}
+
+{% macro switch_template(qubes) -%}
+{% for qube in qubes -%}
+"{{ slsdotpath }}-reset-{{ qube }}-template-to-default_template":
+  cmd.run:
+    - name: qvm-prefs {{ qube }} template {{ default_template }}
+{% endfor -%}
+{% endmacro -%}
--- a/salt/utils/macros/sync-appmenus.sls
+++ b/salt/utils/macros/sync-appmenus.sls
@ -0,0 +1,46 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{#
+Qubes Sync Appmenus
+
+Usage:
+1: Import this template:
+{% from 'utils/macros/sync-appmenus.sls' import sync_appmenus -%}
+
+2: Set qube to sync the appmenus:
+{{ sync_appmenus('tpl-' ~ sls_path) }}
+{{ sync_appmenus('tpl-ssh') }}
+#}
+
+{% macro sync_appmenus(qube) -%}
+
+{% set running = 0 -%}
+{% if salt['cmd.shell']('qvm-ls --no-spinner --raw-list --running ' ~ qube) == qube -%}
+  {% set running = 1 -%}
+{% endif -%}
+
+"{{ qube }}-start":
+  qvm.start:
+    - name: {{ qube }}
+
+{% set gui_user = salt['cmd.shell']('groupmems -l -g qubes') -%}
+"{{ qube }}-sync-appmenus":
+  cmd.run:
+    - require:
+      - qvm: {{ qube }}-start
+    - name: qvm-sync-appmenus {{ qube }}
+    - runas: {{ gui_user }}
+
+{% if running == 0 -%}
+"{{ qube }}-shutdown":
+  qvm.shutdown:
+    - require:
+      - cmd: {{ qube }}-sync-appmenus
+    - name: {{ qube }}
+{% endif -%}
+
+{% endmacro -%}