mirror of
https://github.com/ben-grande/qusal.git
synced 2024-12-30 09:56:13 -05:00
9c280689d8
- Document preferred method for socket use depending on use case; - Fix Github web-flow key; - Standardize naming of services; - Use sys-ssh in ansible formula; - Start services conditionally with Qubes Service and evaluated by systemd ConditionPathExists= instead of installing on a per qube basis with rc.local scripts; - Change Qusal services to "qusal-" prefix instead of "qubes-" prefix. Fixes: https://github.com/ben-grande/qusal/issues/80 Fixes: https://github.com/ben-grande/qusal/issues/79
101 lines
2.2 KiB
Plaintext
101 lines
2.2 KiB
Plaintext
{#
|
|
SPDX-FileCopyrightText: 2022 - 2023 unman <unman@thirdeyesecurity.org>
|
|
SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-or-later
|
|
#}
|
|
|
|
{%- from "qvm/template.jinja" import load -%}
|
|
|
|
{%- import "debian-minimal/template.jinja" as template -%}
|
|
|
|
{# Use the netvm of the default_netvm. #}
|
|
{% set default_netvm = salt['cmd.shell']('qubes-prefs default_netvm') -%}
|
|
{% set netvm = salt['cmd.shell']('qvm-prefs ' + default_netvm + ' netvm') -%}
|
|
{#
|
|
If netvm of default_netvm is empty, user's default_netvm is the first in
|
|
the chain (sys-net).
|
|
#}
|
|
{% if netvm == '' %}
|
|
{% set netvm = default_netvm %}
|
|
{% endif %}
|
|
|
|
include:
|
|
- debian-minimal.create
|
|
- browser.create
|
|
|
|
{% load_yaml as defaults -%}
|
|
name: {{ slsdotpath }}
|
|
force: True
|
|
require:
|
|
- sls: {{ template.template_clean }}.create
|
|
present:
|
|
- template: {{ template.template }}
|
|
- label: orange
|
|
- class: StandaloneVM
|
|
prefs:
|
|
- label: orange
|
|
- audiovm: ""
|
|
- vcpus: 1
|
|
- memory: 300
|
|
- maxmem: 400
|
|
- netvm: {{ netvm }}
|
|
- provides-network: true
|
|
features:
|
|
- enable:
|
|
- servicevm
|
|
- service.qubes-firewall
|
|
- service.clocksync
|
|
- disable:
|
|
- service.cups
|
|
- service.cups-browsed
|
|
- service.tracker
|
|
- service.evolution-data-server
|
|
- service.updates-proxy-setup
|
|
- set:
|
|
- menu-items: "pihole-browser.desktop qubes-run-terminal.desktop qubes-start.desktop"
|
|
tags:
|
|
- del:
|
|
- updatevm-sys-cacher
|
|
{%- endload %}
|
|
{{ load(defaults) }}
|
|
|
|
{% load_yaml as defaults -%}
|
|
name: {{ slsdotpath }}-browser
|
|
force: True
|
|
require:
|
|
- sls: browser.create
|
|
present:
|
|
- template: tpl-browser
|
|
- label: orange
|
|
prefs:
|
|
- template: tpl-browser
|
|
- label: orange
|
|
- netvm: ""
|
|
- audiovm: ""
|
|
- vcpus: 1
|
|
- memory: 300
|
|
- maxmem: 600
|
|
- include_in_backups: False
|
|
features:
|
|
- enable:
|
|
- service.http-client
|
|
- disable:
|
|
- service.cups
|
|
- service.cups-browsed
|
|
- service.tracker
|
|
- service.evolution-data-server
|
|
- set:
|
|
- menu-items: "pihole-browser.desktop qubes-run-terminal.desktop qubes-start.desktop"
|
|
{%- endload %}
|
|
{{ load(defaults) }}
|
|
|
|
"{{ slsdotpath }}-resize-private-volume":
|
|
cmd.run:
|
|
- name: qvm-volume resize {{ slsdotpath }}:private 20Gi
|
|
- require:
|
|
- qvm: {{ slsdotpath }}
|
|
|
|
{% from 'utils/macros/policy.sls' import policy_set with context -%}
|
|
{{ policy_set(sls_path, '80') }}
|