diff --git a/docs/BOOTSTRAP.md b/docs/BOOTSTRAP.md index 4187e03..d566319 100644 --- a/docs/BOOTSTRAP.md +++ b/docs/BOOTSTRAP.md @@ -23,9 +23,6 @@ matter in some circumstances, in those cases, it is noted in this page. ## Essential * Base (order matters): - * [dom0](../salt/dom0/README.md) - * [debian-minimal](../salt/debian-minimal/README.md) - * [fedora-minimal](../salt/fedora-minimal/README.md) * [mgmt](../salt/mgmt/README.md) * [sys-cacher](../salt/sys-cacher/README.md) diff --git a/salt/debian-minimal/template.jinja b/salt/debian-minimal/template.jinja index 6c4b200..a73ea03 100644 --- a/salt/debian-minimal/template.jinja +++ b/salt/debian-minimal/template.jinja @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} diff --git a/salt/debian-xfce/template.jinja b/salt/debian-xfce/template.jinja index 95f196a..64142a7 100644 --- a/salt/debian-xfce/template.jinja +++ b/salt/debian-xfce/template.jinja @@ -1,15 +1,16 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} -{% set base = 'debian' -%} -{% set version = salt['pillar.get']('qvm:debian:version', '12') -%} +{%- import "debian/template.jinja" as template_base -%} +{% set base = template_base.base -%} +{% set version = template_base.version -%} {% set flavor = 'xfce' -%} -{% set repo = salt['pillar.get']('qvm:debian:repo', 'qubes-templates-itl') -%} +{% set repo = template_base.repo -%} {% if flavor -%} {% set flavor = '-' ~ flavor -%} {% endif -%} -{% set template = base ~ '-' ~ version ~ flavor -%} +{% set template = base ~ '-' ~ version ~ flavor -%} {% set template_clean = base ~ flavor -%} diff --git a/salt/debian/template.jinja b/salt/debian/template.jinja index e52e7f6..4427b25 100644 --- a/salt/debian/template.jinja +++ b/salt/debian/template.jinja @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -11,5 +11,5 @@ SPDX-License-Identifier: AGPL-3.0-or-later {% if flavor -%} {% set flavor = '-' ~ flavor -%} {% endif -%} -{% set template = base ~ '-' ~ version ~ flavor -%} +{% set template = base ~ '-' ~ version ~ flavor -%} {% set template_clean = base ~ flavor -%} diff --git a/salt/fedora-minimal/README.md b/salt/fedora-minimal/README.md index 694cf83..a600ffb 100644 --- a/salt/fedora-minimal/README.md +++ b/salt/fedora-minimal/README.md @@ -19,7 +19,7 @@ it. ```sh sudo qubesctl top.enable fedora-minimal -sudo qubesctl --targets=fedora-40-minimal state.apply +sudo qubesctl --targets=fedora-41-minimal state.apply sudo qubesctl top.disable fedora-minimal sudo qubesctl state.apply fedora-minimal.prefs ``` @@ -30,7 +30,7 @@ sudo qubesctl state.apply fedora-minimal.prefs ```sh sudo qubesctl state.apply fedora-minimal.create -sudo qubesctl --skip-dom0 --targets=fedora-40-minimal state.apply fedora-minimal.install +sudo qubesctl --skip-dom0 --targets=fedora-41-minimal state.apply fedora-minimal.install sudo qubesctl state.apply fedora-minimal.prefs ``` diff --git a/salt/fedora-minimal/create.sls b/salt/fedora-minimal/create.sls index c9a00b9..0cef47a 100644 --- a/salt/fedora-minimal/create.sls +++ b/salt/fedora-minimal/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -9,7 +9,8 @@ SPDX-License-Identifier: AGPL-3.0-or-later {%- import slsdotpath ~ "/template.jinja" as template -%} include: - - fedora.create + - fedora-xfce.create + - fedora-xfce.prefs - .clone "dvm-{{ template.template }}-absent": @@ -23,6 +24,7 @@ name: {{ template.template }} force: True require: - sls: {{ template.template_clean }}.clone +- sls: fedora-xfce.create present: - label: black prefs: @@ -32,6 +34,7 @@ prefs: - memory: 300 - maxmem: 600 - include_in_backups: False +- management_dispvm: dvm-fedora-xfce features: - set: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" @@ -63,22 +66,3 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} - -"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora": - qvm.vm: - - require: - - qvm: dvm-fedora - - name: {{ template.template }} - - prefs: - - management_dispvm: dvm-fedora - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-install-salt-deps": - cmd.script: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora" - - name: salt-patch.sh - - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh - - args: {{ template.template }} diff --git a/salt/fedora-minimal/files/admin/bin/salt-patch.sh b/salt/fedora-minimal/files/admin/bin/salt-patch.sh deleted file mode 100755 index abaec32..0000000 --- a/salt/fedora-minimal/files/admin/bin/salt-patch.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -## SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. -## -## SPDX-License-Identifier: AGPL-3.0-or-later - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 - -set -eu - -qube="${1}" -dnf_min_install="dnf -q install --refresh -y --setopt=install_weak_deps=False" - -qvm-run --no-gui --user=root --pass-io --filter-escape-chars \ - --no-color-output --no-color-stderr -- "${qube}" \ - "${dnf_min_install} python3-urllib3" diff --git a/salt/fedora-minimal/init.top b/salt/fedora-minimal/init.top index 08006ac..ff2f7bf 100644 --- a/salt/fedora-minimal/init.top +++ b/salt/fedora-minimal/init.top @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} diff --git a/salt/fedora-minimal/prefs.sls b/salt/fedora-minimal/prefs.sls index b6ef9fe..b735b2a 100644 --- a/salt/fedora-minimal/prefs.sls +++ b/salt/fedora-minimal/prefs.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -9,21 +9,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .create -"{{ slsdotpath }}-set-management_dispvm-to-default": +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default": qvm.vm: - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" + - sls: {{ slsdotpath }}.create - name: {{ template.template }} - prefs: - management_dispvm: "*default*" - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-shutdown-template": - qvm.shutdown: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default" - - name: {{ template.template }} - - flags: - - force diff --git a/salt/fedora-minimal/template.jinja b/salt/fedora-minimal/template.jinja index df1c90f..9bdf7be 100644 --- a/salt/fedora-minimal/template.jinja +++ b/salt/fedora-minimal/template.jinja @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} diff --git a/salt/fedora-xfce/README.md b/salt/fedora-xfce/README.md index 696510c..962a001 100644 --- a/salt/fedora-xfce/README.md +++ b/salt/fedora-xfce/README.md @@ -18,8 +18,9 @@ Creates the Fedora Xfce template as well as a Disposable Template based on it. ```sh sudo qubesctl top.enable fedora-xfce -sudo qubesctl --targets=fedora-40-xfce state.apply +sudo qubesctl --targets=fedora-41-xfce state.apply sudo qubesctl top.disable fedora-xfce +sudo qubesctl state.apply fedora-xfce.prefs ``` * State: @@ -28,7 +29,8 @@ sudo qubesctl top.disable fedora-xfce ```sh sudo qubesctl state.apply fedora-xfce.create -sudo qubesctl --skip-dom0 --targets=fedora-40-xfce state.apply fedora-xfce.install +sudo qubesctl --skip-dom0 --targets=fedora-41-xfce state.apply fedora-xfce.install +sudo qubesctl state.apply fedora-xfce.prefs ``` diff --git a/salt/fedora-xfce/create.sls b/salt/fedora-xfce/create.sls index cc6492f..cdf289f 100644 --- a/salt/fedora-xfce/create.sls +++ b/salt/fedora-xfce/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -62,3 +62,11 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} + +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-dvm-{{ template.template_clean }}": + qvm.vm: + - require: + - qvm: dvm-{{ template.template_clean }} + - name: {{ template.template }} + - prefs: + - management_dispvm: "dvm-{{ template.template_clean }}" diff --git a/salt/fedora-xfce/prefs.sls b/salt/fedora-xfce/prefs.sls new file mode 100644 index 0000000..b735b2a --- /dev/null +++ b/salt/fedora-xfce/prefs.sls @@ -0,0 +1,18 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: {{ template.template }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/fedora-xfce/prefs.top b/salt/fedora-xfce/prefs.top new file mode 100644 index 0000000..2d3d2c8 --- /dev/null +++ b/salt/fedora-xfce/prefs.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - fedora-xfce.prefs diff --git a/salt/fedora-xfce/template.jinja b/salt/fedora-xfce/template.jinja index 609841b..d39a376 100644 --- a/salt/fedora-xfce/template.jinja +++ b/salt/fedora-xfce/template.jinja @@ -1,15 +1,16 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} -{% set base = 'fedora' -%} -{% set version = salt['pillar.get']('qvm:fedora:version', '39') -%} +{%- import "fedora/template.jinja" as template_base -%} +{% set base = template_base.base -%} +{% set version = template_base.version -%} {% set flavor = 'xfce' -%} -{% set repo = salt['pillar.get']('qvm:fedora:repo', 'qubes-templates-itl') -%} +{% set repo = template_base.repo -%} {% if flavor -%} {% set flavor = '-' ~ flavor -%} {% endif -%} -{% set template = base ~ '-' ~ version ~ flavor -%} +{% set template = base ~ '-' ~ version ~ flavor -%} {% set template_clean = base ~ flavor -%} diff --git a/salt/fedora/README.md b/salt/fedora/README.md index 262cb78..435c074 100644 --- a/salt/fedora/README.md +++ b/salt/fedora/README.md @@ -18,8 +18,9 @@ Creates the Fedora template as well as a Disposable Template based on it. ```sh sudo qubesctl top.enable fedora -sudo qubesctl --targets=fedora-40 state.apply +sudo qubesctl --targets=fedora-41 state.apply sudo qubesctl top.disable fedora +sudo qubesctl state.apply fedora.prefs ``` * State: @@ -28,7 +29,8 @@ sudo qubesctl top.disable fedora ```sh sudo qubesctl state.apply fedora.create -sudo qubesctl --skip-dom0 --targets=fedora-40 state.apply fedora.install +sudo qubesctl --skip-dom0 --targets=fedora-41 state.apply fedora.install +sudo qubesctl state.apply fedora.prefs ``` diff --git a/salt/fedora/create.sls b/salt/fedora/create.sls index d5065b4..f778b0b 100644 --- a/salt/fedora/create.sls +++ b/salt/fedora/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -62,3 +62,11 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} + +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-dvm-{{ template.template_clean }}": + qvm.vm: + - require: + - qvm: dvm-{{ template.template_clean }} + - name: {{ template.template }} + - prefs: + - management_dispvm: "dvm-{{ template.template_clean }}" diff --git a/salt/fedora/prefs.sls b/salt/fedora/prefs.sls new file mode 100644 index 0000000..b735b2a --- /dev/null +++ b/salt/fedora/prefs.sls @@ -0,0 +1,18 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: {{ template.template }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/fedora/prefs.top b/salt/fedora/prefs.top new file mode 100644 index 0000000..d43ade1 --- /dev/null +++ b/salt/fedora/prefs.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - fedora.prefs diff --git a/salt/fedora/template.jinja b/salt/fedora/template.jinja index 68f6403..2fc1f0e 100644 --- a/salt/fedora/template.jinja +++ b/salt/fedora/template.jinja @@ -1,15 +1,15 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} {% set base = 'fedora' -%} -{% set version = salt['pillar.get']('qvm:fedora:version', '40') -%} +{% set version = salt['pillar.get']('qvm:fedora:version', '41') -%} {% set flavor = '' -%} {% set repo = salt['pillar.get']('qvm:fedora:repo', 'qubes-templates-itl') -%} {% if flavor -%} {% set flavor = '-' ~ flavor -%} {% endif -%} -{% set template = base ~ '-' ~ version ~ flavor -%} +{% set template = base ~ '-' ~ version ~ flavor -%} {% set template_clean = base ~ flavor -%} diff --git a/salt/mgmt/create.sls b/salt/mgmt/create.sls index 220cb4b..6a24cce 100644 --- a/salt/mgmt/create.sls +++ b/salt/mgmt/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -7,7 +7,6 @@ SPDX-License-Identifier: AGPL-3.0-or-later {%- from "qvm/template.jinja" import load -%} include: - - fedora.create - .clone - fedora-minimal.prefs @@ -19,6 +18,7 @@ require: - sls: fedora-minimal.prefs prefs: - audiovm: "" +- management_dispvm: dvm-fedora-xfce {%- endload %} {{ load(defaults) }} @@ -48,22 +48,3 @@ features: - internal {%- endload %} {{ load(defaults) }} - -"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora": - qvm.vm: - - require: - - qvm: dvm-fedora - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: dvm-fedora - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-install-salt-deps": - cmd.script: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora" - - name: salt-patch.sh - - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh - - args: tpl-{{ slsdotpath }} diff --git a/salt/mgmt/prefs.sls b/salt/mgmt/prefs.sls index 73e491b..635858e 100644 --- a/salt/mgmt/prefs.sls +++ b/salt/mgmt/prefs.sls @@ -10,13 +10,13 @@ include: "{{ slsdotpath }}-set-qubes-prefs-management_dispvm-to-dvm-{{ slsdotpath }}": cmd.run: - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" + - sls: {{ slsdotpath }}.create - name: qubes-prefs -- management_dispvm dvm-{{ slsdotpath }} "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default": qvm.vm: - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" + - sls: {{ slsdotpath }}.create - name: tpl-{{ slsdotpath }} - prefs: - management_dispvm: "*default*" @@ -27,14 +27,3 @@ include: - cmd: "{{ slsdotpath }}-set-qubes-prefs-management_dispvm-to-dvm-{{ slsdotpath }}" - qvm: "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default" - name: default-mgmt-dvm - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-shutdown-template": - qvm.shutdown: - - require: - - qvm: "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default" - - name: tpl-{{ slsdotpath }} - - flags: - - force diff --git a/salt/qubes-builder/README.md b/salt/qubes-builder/README.md index 27cfdb4..8ea0631 100644 --- a/salt/qubes-builder/README.md +++ b/salt/qubes-builder/README.md @@ -35,9 +35,11 @@ template. * Top: ```sh -sudo qubesctl top.enable qubes-builder +sudo qubesctl top.enable mgmt qubes-builder +sudo qubesctl --targets=tpl-mgmt state.apply +sudo qubesctl state.apply qubes-builder.prefs-mgmt sudo qubesctl --targets=tpl-qubes-builder,dvm-qubes-builder,qubes-builder state.apply -sudo qubesctl top.disable qubes-builder +sudo qubesctl top.disable mgmt qubes-builder sudo qubesctl state.apply qubes-builder.prefs ``` @@ -47,8 +49,9 @@ sudo qubesctl state.apply qubes-builder.prefs ```sh sudo qubesctl state.apply qubes-builder.create +sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install +sudo qubesctl state.apply qubes-builder.prefs-mgmt sudo qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply qubes-builder.install -sudo qubesctl state.apply qubes-builder.prefs sudo qubesctl --skip-dom0 --targets=dvm-qubes-builder state.apply qubes-builder.configure-qubes-executor sudo qubesctl --skip-dom0 --targets=qubes-builder state.apply qubes-builder.configure ``` diff --git a/salt/qubes-builder/create.sls b/salt/qubes-builder/create.sls index 2c69073..7cc0519 100644 --- a/salt/qubes-builder/create.sls +++ b/salt/qubes-builder/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -8,14 +8,14 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone - - fedora-minimal.prefs + - mgmt.create {% load_yaml as defaults -%} name: tpl-{{ slsdotpath }} force: True require: - sls: {{ slsdotpath }}.clone -- sls: fedora-minimal.prefs +- sls: mgmt.create prefs: - audiovm: "" {%- endload %} @@ -89,33 +89,3 @@ features: {% from 'utils/macros/policy.sls' import policy_set with context -%} {{ policy_set(sls_path, '70') }} - -"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora": - qvm.vm: - - require: - - qvm: dvm-fedora - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: dvm-fedora - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-install-salt-deps": - cmd.script: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora" - - name: salt-patch.sh - - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh - - args: tpl-{{ slsdotpath }} - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-shutdown-template": - qvm.shutdown: - - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" - - name: tpl-{{ slsdotpath }} - - flags: - - force diff --git a/salt/qubes-builder/init.sls b/salt/qubes-builder/init.sls deleted file mode 100644 index 2a7887f..0000000 --- a/salt/qubes-builder/init.sls +++ /dev/null @@ -1,16 +0,0 @@ -{# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -include: -{% if grains['id'] == 'dom0' -%} - - .create -{% elif grains['id'] == 'tpl-' ~ slsdotpath -%} - - .install -{% elif grains['id'] == 'dvm-' ~ slsdotpath -%} - - .configure-qubes-executor -{% elif grains['id'] == slsdotpath -%} - - .configure -{% endif -%} diff --git a/salt/qubes-builder/init.top b/salt/qubes-builder/init.top index 3866ba0..4f04eef 100644 --- a/salt/qubes-builder/init.top +++ b/salt/qubes-builder/init.top @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} diff --git a/salt/qubes-builder/prefs-mgmt.sls b/salt/qubes-builder/prefs-mgmt.sls new file mode 100644 index 0000000..b67ac56 --- /dev/null +++ b/salt/qubes-builder/prefs-mgmt.sls @@ -0,0 +1,17 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +include: + - .create + - mgmt.prefs + +"{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: tpl-{{ slsdotpath }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/qubes-builder/prefs-mgmt.top b/salt/qubes-builder/prefs-mgmt.top new file mode 100644 index 0000000..1de602d --- /dev/null +++ b/salt/qubes-builder/prefs-mgmt.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - qubes-builder.prefs-mgmt diff --git a/salt/qubes-builder/prefs.sls b/salt/qubes-builder/prefs.sls deleted file mode 100644 index 9650569..0000000 --- a/salt/qubes-builder/prefs.sls +++ /dev/null @@ -1,20 +0,0 @@ -{# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 - -include: - - .create - -"{{ slsdotpath }}-set-management_dispvm-to-default": - qvm.vm: - - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: "*default*" diff --git a/salt/qubes-builder/prefs.top b/salt/qubes-builder/prefs.top deleted file mode 100644 index 3a073c3..0000000 --- a/salt/qubes-builder/prefs.top +++ /dev/null @@ -1,10 +0,0 @@ -{# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -base: - 'dom0': - - match: nodegroup - - qubes-builder.prefs diff --git a/salt/sys-gui-gpu/README.md b/salt/sys-gui-gpu/README.md index a8faddb..1ba6bee 100644 --- a/salt/sys-gui-gpu/README.md +++ b/salt/sys-gui-gpu/README.md @@ -23,9 +23,11 @@ WARNING: [unfinished formula](../../docs/TROUBLESHOOT.md#no-support-for-unfinish ```sh sudo qubesctl top.enable qvm.sys-gui-gpu pillar=True -sudo qubesctl top.enable sys-gui-gpu +sudo qubesctl top.enable mgmt sys-gui-gpu +sudo qubesctl --targets=tpl-mgmt state.apply +sudo qubesctl state.apply sys-gui.prefs-mgmt sudo qubesctl --targets=tpl-sys-gui,sys-gui-gpu state.apply -sudo qubesctl top.disable sys-gui-gpu +sudo qubesctl top.disable mgmt sys-gui-gpu sudo qubesctl state.apply sys-gui-gpu.prefs ``` @@ -36,6 +38,8 @@ sudo qubesctl state.apply sys-gui-gpu.prefs ```sh sudo qubesctl top.enable qvm.sys-gui-gpu pillar=True sudo qubesctl state.apply sys-gui-gpu.create +sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install +sudo qubesctl state.apply sys-gui.prefs-mgmt sudo qubesctl --skip-dom0 --targets=tpl-sys-gui state.apply sys-gui-gpu.install sudo qubesctl --skip-dom0 --targets=sys-gui-gpu state.apply sys-gui-gpu.configure sudo qubesctl state.apply sys-gui-gpu.prefs diff --git a/salt/sys-gui-gpu/create.sls b/salt/sys-gui-gpu/create.sls index af59907..7aece6a 100644 --- a/salt/sys-gui-gpu/create.sls +++ b/salt/sys-gui-gpu/create.sls @@ -12,6 +12,7 @@ SPDX-License-Identifier: GPL-2.0-only include: - .clone + - sys-gui.create "{{ slsdotpath }}-gpu-installed": pkg.installed: diff --git a/salt/sys-gui-vnc/README.md b/salt/sys-gui-vnc/README.md index 5485f1f..a541443 100644 --- a/salt/sys-gui-vnc/README.md +++ b/salt/sys-gui-vnc/README.md @@ -23,7 +23,9 @@ WARNING: [unfinished formula](../../docs/TROUBLESHOOT.md#no-support-for-unfinish ```sh sudo qubesctl top.enable qvm.sys-gui-vnc pillar=True -sudo qubesctl top.enable sys-gui-vnc +sudo qubesctl top.enable mgmt sys-gui-vnc +sudo qubesctl --targets=tpl-mgmt state.apply +sudo qubesctl state.apply sys-gui.prefs-mgmt sudo qubesctl --targets=tpl-sys-gui,sys-gui-vnc state.apply sudo qubesctl top.disable sys-gui-vnc sudo qubesctl state.apply sys-gui-vnc.prefs @@ -36,6 +38,8 @@ sudo qubesctl state.apply sys-gui-vnc.prefs ```sh sudo qubesctl top.enable qvm.sys-gui-vnc pillar=True sudo qubesctl state.apply sys-gui-vnc.create +sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install +sudo qubesctl state.apply sys-gui.prefs-mgmt sudo qubesctl --skip-dom0 --targets=tpl-sys-gui state.apply sys-gui-vnc.install sudo qubesctl --skip-dom0 --targets=sys-gui-vnc state.apply sys-gui-vnc.configure sudo qubesctl state.apply sys-gui-vnc.prefs diff --git a/salt/sys-gui-vnc/create.sls b/salt/sys-gui-vnc/create.sls index c6b41af..c4b1af4 100644 --- a/salt/sys-gui-vnc/create.sls +++ b/salt/sys-gui-vnc/create.sls @@ -11,6 +11,7 @@ SPDX-License-Identifier: GPL-2.0-only include: - .clone + - sys-gui.create {% if 'psu' in salt['pillar.get']('qvm:sys-gui-vnc:dummy-modules', []) or 'backlight' in salt['pillar.get']('qvm:sys-gui-vnc:dummy-modules', []) %} "{{ slsdotpath }}-vnc-installed": diff --git a/salt/sys-gui/README.md b/salt/sys-gui/README.md index 1476418..2a33b32 100644 --- a/salt/sys-gui/README.md +++ b/salt/sys-gui/README.md @@ -23,9 +23,11 @@ WARNING: [unfinished formula](../../docs/TROUBLESHOOT.md#no-support-for-unfinish ```sh sudo qubesctl top.enable qvm.sys-gui pillar=True -sudo qubesctl top.enable sys-gui +sudo qubesctl top.enable mgmt sys-gui +sudo qubesctl --targets=tpl-mgmt state.apply +sudo qubesctl state.apply sys-gui.prefs-mgmt sudo qubesctl --targets=tpl-sys-gui,sys-gui state.apply -sudo qubesctl top.disable sys-gui +sudo qubesctl top.disable mgmt sys-gui sudo qubesctl state.apply sys-gui.prefs ``` @@ -36,6 +38,8 @@ sudo qubesctl state.apply sys-gui.prefs ```sh sudo qubesctl top.enable qvm.sys-gui pillar=True sudo qubesctl state.apply sys-gui.create +sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install +sudo qubesctl state.apply sys-gui.prefs-mgmt sudo qubesctl --skip-dom0 --targets=tpl-sys-gui state.apply sys-gui.install sudo qubesctl --skip-dom0 --targets=sys-gui state.apply sys-gui.configure sudo qubesctl state.apply sys-gui.prefs diff --git a/salt/sys-gui/create.sls b/salt/sys-gui/create.sls index ea7a50f..5ca2b7b 100644 --- a/salt/sys-gui/create.sls +++ b/salt/sys-gui/create.sls @@ -1,7 +1,7 @@ {# SPDX-FileCopyrightText: 2019 - 2020 Frederic Pierret SPDX-FileCopyrightText: 2020 - 2024 Marmarek Marczykowski-Gorecki -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: GPL-2.0-only #} @@ -11,6 +11,7 @@ SPDX-License-Identifier: GPL-2.0-only include: - .clone + - mgmt.create {% if 'psu' in salt['pillar.get']('qvm:sys-gui:dummy-modules', []) or 'backlight' in salt['pillar.get']('qvm:sys-gui:dummy-modules', []) %} "{{ slsdotpath }}-installed": @@ -32,6 +33,7 @@ name: tpl-{{ slsdotpath }} force: True require: - sls: {{ slsdotpath }}.clone +- sls: mgmt.create prefs: - audiovm: "" {%- endload %} diff --git a/salt/sys-gui/prefs-mgmt.sls b/salt/sys-gui/prefs-mgmt.sls new file mode 100644 index 0000000..f9a5109 --- /dev/null +++ b/salt/sys-gui/prefs-mgmt.sls @@ -0,0 +1,16 @@ +{# +SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +include: + - mgmt.prefs + +"{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: tpl-{{ slsdotpath }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/sys-gui/prefs-mgmt.top b/salt/sys-gui/prefs-mgmt.top new file mode 100644 index 0000000..7a6d8f8 --- /dev/null +++ b/salt/sys-gui/prefs-mgmt.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - sys-gui.prefs-mgmt diff --git a/salt/sys-gui/prefs.sls b/salt/sys-gui/prefs.sls index edaa347..18b08df 100644 --- a/salt/sys-gui/prefs.sls +++ b/salt/sys-gui/prefs.sls @@ -14,3 +14,11 @@ SPDX-License-Identifier: AGPL-3.0-or-later - require: - qvm: "{{ slsdotpath }}-autostart" - name: qubes-prefs -- default_guivm {{ slsdotpath }} + +"{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: tpl-{{ slsdotpath }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/sys-pgp/README.md b/salt/sys-pgp/README.md index c999924..93c98a4 100644 --- a/salt/sys-pgp/README.md +++ b/salt/sys-pgp/README.md @@ -28,9 +28,11 @@ and access to them is made from the client through Qrexec. * Top: ```sh -sudo qubesctl top.enable sys-pgp +sudo qubesctl top.enable mgmt sys-pgp +sudo qubesctl --targets=tpl-mgmt state.apply +sudo qubesctl state.apply sys-pgp.prefs-mgmt sudo qubesctl --targets=tpl-sys-pgp,sys-pgp state.apply -sudo qubesctl top.disable sys-pgp +sudo qubesctl top.disable mgmt sys-pgp sudo qubesctl state.apply sys-pgp.prefs ``` @@ -40,9 +42,10 @@ sudo qubesctl state.apply sys-pgp.prefs ```sh sudo qubesctl state.apply sys-pgp.create +sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install +sudo qubesctl state.apply sys-pgp.prefs-mgmt sudo qubesctl --skip-dom0 --targets=tpl-sys-pgp state.apply sys-pgp.install sudo qubesctl --skip-dom0 --targets=sys-pgp state.apply sys-pgp.configure -sudo qubesctl state.apply sys-pgp.prefs ``` diff --git a/salt/sys-pgp/create.sls b/salt/sys-pgp/create.sls index 8fddeee..b2accc2 100644 --- a/salt/sys-pgp/create.sls +++ b/salt/sys-pgp/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -8,14 +8,14 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .clone - - fedora-minimal.prefs + - mgmt.create {% load_yaml as defaults -%} name: tpl-{{ slsdotpath }} force: True require: - sls: {{ slsdotpath }}.clone -- sls: fedora-minimal.prefs +- sls: mgmt.create prefs: - audiovm: "" {%- endload %} @@ -47,22 +47,3 @@ features: {% from 'utils/macros/policy.sls' import policy_set with context -%} {{ policy_set(sls_path, '80') }} - -"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora": - qvm.vm: - - require: - - qvm: dvm-fedora - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: dvm-fedora - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-install-salt-deps": - cmd.script: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora" - - name: salt-patch.sh - - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh - - args: tpl-{{ slsdotpath }} diff --git a/salt/sys-pgp/install.sls b/salt/sys-pgp/install.sls index 14c6744..b582bd9 100644 --- a/salt/sys-pgp/install.sls +++ b/salt/sys-pgp/install.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -22,13 +22,14 @@ include: - gnupg2 - man-db +{# TODO: sequoia-wot can't be installed on fedora-41 #} {% set pkg = { 'Debian': { 'pkg': ['sq', 'sq-keyring-linter', 'sq-wot', 'sqop', 'sqv'], }, 'RedHat': { - 'pkg': ['sequoia-sq', 'sequoia-keyring-linter', 'sequoia-wot', - 'sequoia-sop', 'sequoia-sqv', 'sequoia-policy-config', + 'pkg': ['sequoia-sq', 'sequoia-keyring-linter', 'sequoia-sop', + 'sequoia-sqv', 'sequoia-policy-config', 'sequoia-chameleon-gnupg'], }, }.get(grains.os_family) -%} diff --git a/salt/sys-pgp/prefs-mgmt.sls b/salt/sys-pgp/prefs-mgmt.sls new file mode 100644 index 0000000..b67ac56 --- /dev/null +++ b/salt/sys-pgp/prefs-mgmt.sls @@ -0,0 +1,17 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +include: + - .create + - mgmt.prefs + +"{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: tpl-{{ slsdotpath }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/sys-pgp/prefs-mgmt.top b/salt/sys-pgp/prefs-mgmt.top new file mode 100644 index 0000000..08d3eda --- /dev/null +++ b/salt/sys-pgp/prefs-mgmt.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - sys-pgp.prefs-mgmt diff --git a/salt/sys-pgp/prefs.sls b/salt/sys-pgp/prefs.sls deleted file mode 100644 index 74627a7..0000000 --- a/salt/sys-pgp/prefs.sls +++ /dev/null @@ -1,27 +0,0 @@ -{# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -include: - - .create - -"{{ slsdotpath }}-set-management_dispvm-to-default": - qvm.vm: - - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: "*default*" - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-shutdown-template": - qvm.shutdown: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default" - - name: tpl-{{ slsdotpath }} - - flags: - - force diff --git a/salt/sys-pgp/prefs.top b/salt/sys-pgp/prefs.top deleted file mode 100644 index 9cc84b3..0000000 --- a/salt/sys-pgp/prefs.top +++ /dev/null @@ -1,10 +0,0 @@ -{# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -base: - 'dom0': - - match: nodegroup - - sys-pgp.prefs diff --git a/salt/utils/macros/clone-template.sls b/salt/utils/macros/clone-template.sls index 329bd90..a66020e 100644 --- a/salt/utils/macros/clone-template.sls +++ b/salt/utils/macros/clone-template.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -35,6 +35,9 @@ include: {% endif %} +{% from 'utils/macros/update-admin.sls' import update_admin -%} +{{ update_admin(source, prefix + name) }} + "{{ prefix }}{{ name }}-clone": qvm.clone: - require: diff --git a/salt/utils/macros/update-admin.sls b/salt/utils/macros/update-admin.sls new file mode 100644 index 0000000..0f6082f --- /dev/null +++ b/salt/utils/macros/update-admin.sls @@ -0,0 +1,48 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{# +Usage: +1: Import this template: +{% from 'utils/macros/update-admin.sls' import update_admin -%} + +2: Set template base to update and the reason for it: +{{ update_admin('fedora-minimal', 'tpl-sys-pgp') }} + +The 'reason' is only used for creating a globally unique ID. +#} + +{% macro update_admin(source, reason, shutdown=True, include_create=False) -%} +{% import source ~ "/template.jinja" as template -%} +{% import "dom0/gui-user.jinja" as gui_user -%} + +{% if include_create -%} +include: + - {{ source }}.create +{% endif -%} + +"{{ reason }}-{{ source }}-update-admin": + cmd.run: + - require: + - sls: {{ source }}.create + - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }} + - runas: {{ gui_user.gui_user }} + +{% if shutdown -%} +{# +Shutdown is necessary for cloned templates to have the newer state. +Even if 'qubes-vm-update' tries to shutdown a qube that was not previously +running, it does not wait for the shutdown to complete: + https://github.com/qubesos/qubes-issues/issues/9814 +#} +"{{ reason }}-{{ source }}-update-admin-shutdown": + qvm.shutdown: + - name: {{ template.template }} + - flags: + - wait +{% endif -%} + +{% endmacro -%}