From 41de6fd213afabadbe69b7af656c57f70491f786 Mon Sep 17 00:00:00 2001
From: unman <unman@thirdeyesecurity.org>
Date: Thu, 18 Jul 2019 13:19:37 +0000
Subject: [PATCH 1/5] Salt - add example to create qubes-builder

---
 clone.sls                      |  9 +++++++++
 clone.top                      |  4 ++++
 create.sls                     | 30 ++++++++++++++++++++++++++++++
 create.top                     |  4 ++++
 template-fedora-30-minimal.sls | 17 +++++++++++++++++
 5 files changed, 64 insertions(+)
 create mode 100644 clone.sls
 create mode 100644 clone.top
 create mode 100644 create.sls
 create mode 100644 create.top
 create mode 100644 template-fedora-30-minimal.sls

diff --git a/clone.sls b/clone.sls
new file mode 100644
index 0000000..0db4172
--- /dev/null
+++ b/clone.sls
@@ -0,0 +1,9 @@
+include:
+  - build.template-fedora-30-minimal
+
+qvm-clone-id:
+  qvm.clone:
+    - require:
+      - sls: build.template-fedora-30-minimal 
+    - name: template-builder
+    - source: fedora-30-minimal
diff --git a/clone.top b/clone.top
new file mode 100644
index 0000000..477238a
--- /dev/null
+++ b/clone.top
@@ -0,0 +1,4 @@
+base:
+  dom0:
+    - match: nodegroup
+    - build.clone
diff --git a/create.sls b/create.sls
new file mode 100644
index 0000000..ce2b603
--- /dev/null
+++ b/create.sls
@@ -0,0 +1,30 @@
+include:
+  - build.clone
+
+qvm-present-id:
+  qvm.present:
+    - name: builder
+    - template: template-builder
+    - label: gray
+
+qvm-prefs-id:
+  qvm.prefs:
+    - name: builder
+    - netvm: tor
+    - memory: 800
+    - maxmem: 8000
+    - vcpus: 4
+
+qvm-features-id:
+  qvm.features:
+    - name: builder
+    - disable:
+      - service.cups
+
+'qvm-volume extend builder:private 20G' :
+  cmd.run
+
+update_file:
+  file.prepend:
+    - name: /etc/qubes-rpc/policy/qubes.Gpg
+    - text: builder gpg allow
diff --git a/create.top b/create.top
new file mode 100644
index 0000000..32bf4e0
--- /dev/null
+++ b/create.top
@@ -0,0 +1,4 @@
+base:
+  dom0:
+    - match: nodegroup
+    - build.create
diff --git a/template-fedora-30-minimal.sls b/template-fedora-30-minimal.sls
new file mode 100644
index 0000000..9a8c8f1
--- /dev/null
+++ b/template-fedora-30-minimal.sls
@@ -0,0 +1,17 @@
+# -*- coding: utf-8 -*-
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+##
+# qvm.template-fedora-30-minimal
+# ======================
+#
+# Installs 'fedora-30-minimal' template.
+#
+# Execute:
+#   qubesctl state.sls qvm.template-fedora-30-minimal dom0
+##
+
+template-fedora-30-minimal:
+  pkg.installed:
+    - name:     qubes-template-fedora-30-minimal
+    - fromrepo: qubes-templates-itl

From dec18c8195f3b210d0b6519cd14b4fb4ce19566a Mon Sep 17 00:00:00 2001
From: unman <unman@thirdeyesecurity.org>
Date: Thu, 18 Jul 2019 13:40:34 +0000
Subject: [PATCH 2/5] Salt - add example to install required software in to
 builder template

---
 install.sls | 27 +++++++++++++++++++++++++++
 install.top |  5 +++++
 2 files changed, 32 insertions(+)
 create mode 100644 install.sls
 create mode 100644 install.top

diff --git a/install.sls b/install.sls
new file mode 100644
index 0000000..abb7446
--- /dev/null
+++ b/install.sls
@@ -0,0 +1,27 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+installed:
+  pkg.installed:
+    - pkgs:
+      - qubes-core-agent-networking
+      - qubes-core-agent-passwordless-root
+      - qubes-gpg-split
+      - reprepro
+      - gnupg
+      - git
+      - createrepo
+      - rpm-build
+      - make
+      - wget
+      - rpmdevtools
+      - python2-sh
+      - dialog
+      - rpm-sign
+      - dpkg-dev
+      - debootstrap
+      - PyYAML
+      - devscripts
+      - perl-Digest-MD5
+      - perl-Digest-SHA
+      - createrepo_c
+      - createrepo_c-libs
diff --git a/install.top b/install.top
new file mode 100644
index 0000000..c915ee8
--- /dev/null
+++ b/install.top
@@ -0,0 +1,5 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+base:
+  builder:
+  - build.install

From c860c1745eb972a1f7de32e03d020b0ebf7d9ec6 Mon Sep 17 00:00:00 2001
From: unman <unman@thirdeyesecurity.org>
Date: Thu, 18 Jul 2019 13:49:05 +0000
Subject: [PATCH 3/5] Salt - add example to configure builder qube

---
 builder-gitconfig        | 16 ++++++++++++++++
 builder-split-gpg-config |  1 +
 config.sls               | 26 ++++++++++++++++++++++++++
 config.top               |  3 +++
 4 files changed, 46 insertions(+)
 create mode 100644 builder-gitconfig
 create mode 100644 builder-split-gpg-config
 create mode 100644 config.sls
 create mode 100644 config.top

diff --git a/builder-gitconfig b/builder-gitconfig
new file mode 100644
index 0000000..887b6a2
--- /dev/null
+++ b/builder-gitconfig
@@ -0,0 +1,16 @@
+[user]
+	name = NAME
+	email = EMAIL
+	signingkey = KEY
+
+[credential]
+	helper = cache
+
+[commit]
+	gpgsign = true
+
+[gpg]
+	program = qubes-gpg-client-wrapper
+
+[alias]
+  hist = log --pretty=format:\"%h %ad | %s%d [%an]\" --graph --date=short
diff --git a/builder-split-gpg-config b/builder-split-gpg-config
new file mode 100644
index 0000000..37ca8be
--- /dev/null
+++ b/builder-split-gpg-config
@@ -0,0 +1 @@
+gpg
diff --git a/config.sls b/config.sls
new file mode 100644
index 0000000..e509116
--- /dev/null
+++ b/config.sls
@@ -0,0 +1,26 @@
+/home/user/.gitconfig:
+  file.managed:
+    - source:
+      - salt://build/builder-gitconfig
+    - user: user
+    - group: user
+
+/rw/config/gpg-split-domain:
+  file.managed:
+    - source:
+      - salt://build/builder-split-gpg-config
+    - user: root
+    - group: root
+
+/home/user/.rpmmacros:
+  file.managed:
+    - source:
+      - salt://build/builder-rpmmacros
+    - user: user
+    - group: user
+
+https://github.com/QubesOS/qubes-builder.git:
+  git.latest:
+    - name: https://github.com/QubesOS/qubes-builder.git
+    - user: user
+    - target: /home/user/qubes-builder
diff --git a/config.top b/config.top
new file mode 100644
index 0000000..4afd10d
--- /dev/null
+++ b/config.top
@@ -0,0 +1,3 @@
+base:
+  builder:
+    - build.config

From 5acdad7b85750e6c4814e1ee5229039098df6825 Mon Sep 17 00:00:00 2001
From: unman <unman@thirdeyesecurity.org>
Date: Thu, 18 Jul 2019 14:43:09 +0000
Subject: [PATCH 4/5] Salt - example - fix target for package install

---
 install.top | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install.top b/install.top
index c915ee8..42d5a0e 100644
--- a/install.top
+++ b/install.top
@@ -1,5 +1,5 @@
 # vim: set syntax=yaml ts=2 sw=2 sts=2 et :
 
 base:
-  builder:
+  template-builder:
   - build.install

From e54562b9f427178ba13e7422d021416fc5c2768a Mon Sep 17 00:00:00 2001
From: unman <unman@thirdeyesecurity.org>
Date: Tue, 2 Feb 2021 04:53:33 +0000
Subject: [PATCH 5/5] Moved builder files to new subdirectory

---
 builder-gitconfig => builder/builder-gitconfig                    | 0
 builder-split-gpg-config => builder/builder-split-gpg-config      | 0
 clone.sls => builder/clone.sls                                    | 0
 clone.top => builder/clone.top                                    | 0
 config.sls => builder/config.sls                                  | 0
 config.top => builder/config.top                                  | 0
 create.sls => builder/create.sls                                  | 0
 create.top => builder/create.top                                  | 0
 install.sls => builder/install.sls                                | 0
 install.top => builder/install.top                                | 0
 .../template-fedora-30-minimal.sls                                | 0
 11 files changed, 0 insertions(+), 0 deletions(-)
 rename builder-gitconfig => builder/builder-gitconfig (100%)
 rename builder-split-gpg-config => builder/builder-split-gpg-config (100%)
 rename clone.sls => builder/clone.sls (100%)
 rename clone.top => builder/clone.top (100%)
 rename config.sls => builder/config.sls (100%)
 rename config.top => builder/config.top (100%)
 rename create.sls => builder/create.sls (100%)
 rename create.top => builder/create.top (100%)
 rename install.sls => builder/install.sls (100%)
 rename install.top => builder/install.top (100%)
 rename template-fedora-30-minimal.sls => builder/template-fedora-30-minimal.sls (100%)

diff --git a/builder-gitconfig b/builder/builder-gitconfig
similarity index 100%
rename from builder-gitconfig
rename to builder/builder-gitconfig
diff --git a/builder-split-gpg-config b/builder/builder-split-gpg-config
similarity index 100%
rename from builder-split-gpg-config
rename to builder/builder-split-gpg-config
diff --git a/clone.sls b/builder/clone.sls
similarity index 100%
rename from clone.sls
rename to builder/clone.sls
diff --git a/clone.top b/builder/clone.top
similarity index 100%
rename from clone.top
rename to builder/clone.top
diff --git a/config.sls b/builder/config.sls
similarity index 100%
rename from config.sls
rename to builder/config.sls
diff --git a/config.top b/builder/config.top
similarity index 100%
rename from config.top
rename to builder/config.top
diff --git a/create.sls b/builder/create.sls
similarity index 100%
rename from create.sls
rename to builder/create.sls
diff --git a/create.top b/builder/create.top
similarity index 100%
rename from create.top
rename to builder/create.top
diff --git a/install.sls b/builder/install.sls
similarity index 100%
rename from install.sls
rename to builder/install.sls
diff --git a/install.top b/builder/install.top
similarity index 100%
rename from install.top
rename to builder/install.top
diff --git a/template-fedora-30-minimal.sls b/builder/template-fedora-30-minimal.sls
similarity index 100%
rename from template-fedora-30-minimal.sls
rename to builder/template-fedora-30-minimal.sls