Doc - states to produce documentataion builder

This commit is contained in:
unman 2024-07-15 01:10:53 +00:00
parent 87f4b244b9
commit 740097264e
No known key found for this signature in database
GPG Key ID: FDD1B8244731B36C
11 changed files with 201 additions and 0 deletions

46
qubes-doc/README.md Normal file
View File

@ -0,0 +1,46 @@
# Introduction
These salt files can be used to set-up a template for building the Qubes website and documentation.
The template is a clone of the fedora-40 template.
A qubes-doc qube is created and configured to use git and split-gpg.
# Installation
Copy the qubes-doc directory to /srv/salt, then run:
```
sudo qubesctl state.apply qubes-doc.create
sudo qubesctl --skip-dom0 --targets=template-qubes-doc state.apply qubes-doc.install
sudo qubesctl --skip-dom0 --targets=qubes-doc state.apply qubes-doc.config
```
If you want to use git, a boilerplate `~.gitconfig` is included in qubes-doc.
Remember to edit this file with your details.
split-gpg is automatically configured to use sys-gpg as the backend qube holding the PGP key.
Edit the policy if you want to use a different backend qube to store your gpg key.
## Building the site
```
cd qubesos.github.io
bundle exec jekyll serve
```
You may need to edit `Gemfile` to include `gem webrick`
## Notes
`create.sls` uses *include* to call `clone.sls`. This state ensures that a fedora-40 template is installed, and will install it if not: the template is cloned to create a template for qubes-doc. The remainder of the state creates the qubes-doc qube, and creates the split-gpg policy.
`install.sls` configures qubes-doc repositories to use the caching proxy if present. (Look at the use of the *if* statement checking for the existence of the relevant pillar.)
`pkg.installed` is used to install the needed packages.
`config.sls` is applied to the new *qubes-doc* qube.
`file.managed` is used to transfer configuration files for split-gpg to the qube.
`git.latest` is used to clone the git repository - `submodules: True` is used to pull in all submodules.
There *is* a salt gem state, which could be used to install gems:
```
qubes_doc_gems:
gem.installed:
- names:
- jekyll
```
But the results are variable, and some gems cannot be installed by this method.
So we fall back to using `cmd.run` again to get gems installed.

8
qubes-doc/clone.sls Normal file
View File

@ -0,0 +1,8 @@
qubes-doc_requisite:
qvm.template_installed:
- name: fedora-40
qvm-qubes-doc-clone-id:
qvm.clone:
- name: template-qubes-doc
- source: fedora-40

4
qubes-doc/clone.top Normal file
View File

@ -0,0 +1,4 @@
base:
dom0:
- match: nodegroup
- qubes-doc.clone

41
qubes-doc/config.sls Normal file
View File

@ -0,0 +1,41 @@
/home/user/.gitconfig:
file.managed:
- source:
- salt://qubes-doc/doc-gitconfig
- user: user
- group: user
/rw/config/gpg-split-domain:
file.managed:
- source:
- salt://qubes-doc/split-gpg-config
- user: root
- group: root
https://github.com/QubesOS/qubesos.github.io.git:
git.latest:
- name: https://github.com/QubesOS/qubesos.github.io.git
- target: /home/user/qubesos.github.io
- user: user
- submodules: True
'gem update --system':
cmd.run:
- user: root
'gem install jekyll bundler':
cmd.run:
- user: user
'gem install sass --force':
cmd.run:
- user: user
'gem install github-pages':
cmd.run:
- user: user
add_webrick:
file.append:
- name: /home/user/qubesos.github.io/Gemfile
- text: 'gem: webrick'

3
qubes-doc/config.top Normal file
View File

@ -0,0 +1,3 @@
base:
qubes-doc:
- qubes-doc.config

34
qubes-doc/create.sls Normal file
View File

@ -0,0 +1,34 @@
include:
- qubes-doc.clone
qubes-doc-present-id:
qvm.present:
- name: qubes-doc
- template: template-qubes-doc
- label: gray
qubes-doc-prefs-id:
qvm.prefs:
- name: qubes-doc
- memory: 800
- maxmem: 8000
- vcpus: 4
qubes-doc-features-id:
qvm.features:
- name: qubes-doc
- disable:
- service.cups
'qvm-volume extend qubes-doc:private 50G' :
cmd.run
qubes-doc_update_policy_file:
file.blockreplace:
- name: /etc/qubes/policy.d/50-config-splitgpg.policy
- marker_start: '# Start zone for qubes-doc'
- marker_end: '# End zone for qubes-doc'
- insert_after_match: '# Any changes made manually may be overwritten by Qubes Configuration Tools.'
- content: |
qubes.Gpg * qubes-doc @default allow target=sys-gpg
qubes.Gpg * qubes-doc sys-gpg allow

4
qubes-doc/create.top Normal file
View File

@ -0,0 +1,4 @@
base:
dom0:
- match: nodegroup
- qubes-doc.create

17
qubes-doc/doc-gitconfig Normal file
View File

@ -0,0 +1,17 @@
[user]
name = NAME
email = EMAIL
signingkey = KEY
[credential]
helper = cache
[commit]
gpgsign = true
[gpg]
program = qubes-gpg-client-wrapper
[alias]
hist = log --pretty=format:\"%h %ad | %s%d [%an]\" --graph --date=short

38
qubes-doc/install.sls Normal file
View File

@ -0,0 +1,38 @@
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
{% if salt['pillar.get']('update_proxy:caching') %}
{% for repo in salt['file.find']('/etc/yum.repos.d/', name='*repo*') %}
{{ repo }}_baseurl:
file.replace:
- name: {{ repo }}
- pattern: 'baseurl.*=.*https://'
- repl: 'baseurl=http://HTTPS///'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
- backup: False
{{ repo }}_metalink:
file.replace:
- name: {{ repo }}
- pattern: 'metalink.*=.*https://(.*)basearch'
- repl: 'metalink=http://HTTPS///\1basearch&protocol=http'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
- backup: False
{% endfor %}
{% endif %}
qubes-doc_install:
pkg.installed:
- pkgs:
- qubes-core-agent-networking
- qubes-core-agent-passwordless-root
- qubes-gpg-split
- podman
- podman-compose
- redhat-rpm-config
- ruby
- ruby-devel
- zlib-ng-compat-devel
- nodejs

5
qubes-doc/install.top Normal file
View File

@ -0,0 +1,5 @@
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
base:
template-qubes-doc:
- qubes-doc.install

View File

@ -0,0 +1 @@
sys-gpg