From 06167b3e52e5b21832f3a327a04566c08871e996 Mon Sep 17 00:00:00 2001
From: unman <unman@thirdeyesecurity.org>
Date: Mon, 5 Aug 2019 11:18:03 +0000
Subject: [PATCH] Salt - caching proxy

---
 README               | 16 ++++++++++++++++
 change_templates.sls | 15 +++++++++++++++
 use.sls              |  9 +++++++++
 use.top              |  4 ++++
 4 files changed, 44 insertions(+)
 create mode 100644 README
 create mode 100644 change_templates.sls
 create mode 100644 use.sls
 create mode 100644 use.top

diff --git a/README b/README
new file mode 100644
index 0000000..0bf0918
--- /dev/null
+++ b/README
@@ -0,0 +1,16 @@
+This is a caching proxy, based on apt-cacher-ng.
+Note that it expects a netvm called "tor" - you should change this to whatever netvm you want to use.
+Edit the netvm entry in create.sls
+
+Config files are included, which will work out of the box for Debian,Ubuntu and Fedora.
+The cache and log directories are bind-mounted in /rw in the cacher qube.
+
+apt-cacher-ng will cache HTTPS requests if you change https:// to http://HTTPS/// in repo source lists.
+Look at change_templates.sls for a suggestion how to do this across all templates.
+
+Copy directory to /srv/salt
+qubesctl state.apply cacher.create
+qubesctl --skip-dom0 --targets=template-cacher state.apply cacher.install
+qubesctl --skip-dom0 --targets=cacher state.apply cacher.configure
+
+
diff --git a/change_templates.sls b/change_templates.sls
new file mode 100644
index 0000000..4f3eb9c
--- /dev/null
+++ b/change_templates.sls
@@ -0,0 +1,15 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+#
+#
+#
+/etc/apt/sources.list:
+  file.replace:
+    - pattern: 'https:'
+    - repl: 'http://HTTPS/'
+    - flags: [ 'IGNORECASE', 'MULTILINE' ]
+
+/etc/apt/sources.list.d/qubes-r4.list:
+  file.replace:
+    - pattern: 'https:'
+    - repl: 'http://HTTPS/'
+    - flags: [ 'IGNORECASE', 'MULTILINE' ]
diff --git a/use.sls b/use.sls
new file mode 100644
index 0000000..f3c8788
--- /dev/null
+++ b/use.sls
@@ -0,0 +1,9 @@
+qvm-present-id:
+  qvm.present:
+    - name: cacher
+    - template: template-cacher
+    - label: gray
+
+/etc/qubes-rpc/policy/qubes.UpdatesProxy:
+  file.prepend:
+    - text: $type:TemplateVM $default allow,target=cacher
diff --git a/use.top b/use.top
new file mode 100644
index 0000000..5e3121c
--- /dev/null
+++ b/use.top
@@ -0,0 +1,4 @@
+base:
+  dom0:
+    - match: nodegroup
+    - cacher.use