From 740097264e4cdc3d43133a308178a6d512efeee6 Mon Sep 17 00:00:00 2001 From: unman Date: Mon, 15 Jul 2024 01:10:53 +0000 Subject: [PATCH] Doc - states to produce documentataion builder --- qubes-doc/README.md | 46 ++++++++++++++++++++++++++++++++++++++ qubes-doc/clone.sls | 8 +++++++ qubes-doc/clone.top | 4 ++++ qubes-doc/config.sls | 41 +++++++++++++++++++++++++++++++++ qubes-doc/config.top | 3 +++ qubes-doc/create.sls | 34 ++++++++++++++++++++++++++++ qubes-doc/create.top | 4 ++++ qubes-doc/doc-gitconfig | 17 ++++++++++++++ qubes-doc/install.sls | 38 +++++++++++++++++++++++++++++++ qubes-doc/install.top | 5 +++++ qubes-doc/split-gpg-config | 1 + 11 files changed, 201 insertions(+) create mode 100644 qubes-doc/README.md create mode 100644 qubes-doc/clone.sls create mode 100644 qubes-doc/clone.top create mode 100644 qubes-doc/config.sls create mode 100644 qubes-doc/config.top create mode 100644 qubes-doc/create.sls create mode 100644 qubes-doc/create.top create mode 100644 qubes-doc/doc-gitconfig create mode 100644 qubes-doc/install.sls create mode 100644 qubes-doc/install.top create mode 100644 qubes-doc/split-gpg-config diff --git a/qubes-doc/README.md b/qubes-doc/README.md new file mode 100644 index 0000000..a987522 --- /dev/null +++ b/qubes-doc/README.md @@ -0,0 +1,46 @@ +# Introduction +These salt files can be used to set-up a template for building the Qubes website and documentation. +The template is a clone of the fedora-40 template. +A qubes-doc qube is created and configured to use git and split-gpg. + +# Installation +Copy the qubes-doc directory to /srv/salt, then run: +``` +sudo qubesctl state.apply qubes-doc.create +sudo qubesctl --skip-dom0 --targets=template-qubes-doc state.apply qubes-doc.install +sudo qubesctl --skip-dom0 --targets=qubes-doc state.apply qubes-doc.config +``` + +If you want to use git, a boilerplate `~.gitconfig` is included in qubes-doc. +Remember to edit this file with your details. +split-gpg is automatically configured to use sys-gpg as the backend qube holding the PGP key. +Edit the policy if you want to use a different backend qube to store your gpg key. + +## Building the site +``` +cd qubesos.github.io +bundle exec jekyll serve +``` +You may need to edit `Gemfile` to include `gem webrick` + +## Notes + +`create.sls` uses *include* to call `clone.sls`. This state ensures that a fedora-40 template is installed, and will install it if not: the template is cloned to create a template for qubes-doc. The remainder of the state creates the qubes-doc qube, and creates the split-gpg policy. + +`install.sls` configures qubes-doc repositories to use the caching proxy if present. (Look at the use of the *if* statement checking for the existence of the relevant pillar.) +`pkg.installed` is used to install the needed packages. + +`config.sls` is applied to the new *qubes-doc* qube. +`file.managed` is used to transfer configuration files for split-gpg to the qube. +`git.latest` is used to clone the git repository - `submodules: True` is used to pull in all submodules. + +There *is* a salt gem state, which could be used to install gems: +``` +qubes_doc_gems: + gem.installed: + - names: + - jekyll +``` +But the results are variable, and some gems cannot be installed by this method. +So we fall back to using `cmd.run` again to get gems installed. + diff --git a/qubes-doc/clone.sls b/qubes-doc/clone.sls new file mode 100644 index 0000000..a82b0b0 --- /dev/null +++ b/qubes-doc/clone.sls @@ -0,0 +1,8 @@ +qubes-doc_requisite: + qvm.template_installed: + - name: fedora-40 + +qvm-qubes-doc-clone-id: + qvm.clone: + - name: template-qubes-doc + - source: fedora-40 diff --git a/qubes-doc/clone.top b/qubes-doc/clone.top new file mode 100644 index 0000000..1c716d9 --- /dev/null +++ b/qubes-doc/clone.top @@ -0,0 +1,4 @@ +base: + dom0: + - match: nodegroup + - qubes-doc.clone diff --git a/qubes-doc/config.sls b/qubes-doc/config.sls new file mode 100644 index 0000000..40f4879 --- /dev/null +++ b/qubes-doc/config.sls @@ -0,0 +1,41 @@ +/home/user/.gitconfig: + file.managed: + - source: + - salt://qubes-doc/doc-gitconfig + - user: user + - group: user + +/rw/config/gpg-split-domain: + file.managed: + - source: + - salt://qubes-doc/split-gpg-config + - user: root + - group: root + +https://github.com/QubesOS/qubesos.github.io.git: + git.latest: + - name: https://github.com/QubesOS/qubesos.github.io.git + - target: /home/user/qubesos.github.io + - user: user + - submodules: True + +'gem update --system': + cmd.run: + - user: root + +'gem install jekyll bundler': + cmd.run: + - user: user + +'gem install sass --force': + cmd.run: + - user: user + +'gem install github-pages': + cmd.run: + - user: user + +add_webrick: + file.append: + - name: /home/user/qubesos.github.io/Gemfile + - text: 'gem: webrick' diff --git a/qubes-doc/config.top b/qubes-doc/config.top new file mode 100644 index 0000000..0476833 --- /dev/null +++ b/qubes-doc/config.top @@ -0,0 +1,3 @@ +base: + qubes-doc: + - qubes-doc.config diff --git a/qubes-doc/create.sls b/qubes-doc/create.sls new file mode 100644 index 0000000..a24883f --- /dev/null +++ b/qubes-doc/create.sls @@ -0,0 +1,34 @@ +include: + - qubes-doc.clone + +qubes-doc-present-id: + qvm.present: + - name: qubes-doc + - template: template-qubes-doc + - label: gray + +qubes-doc-prefs-id: + qvm.prefs: + - name: qubes-doc + - memory: 800 + - maxmem: 8000 + - vcpus: 4 + +qubes-doc-features-id: + qvm.features: + - name: qubes-doc + - disable: + - service.cups + +'qvm-volume extend qubes-doc:private 50G' : + cmd.run + +qubes-doc_update_policy_file: + file.blockreplace: + - name: /etc/qubes/policy.d/50-config-splitgpg.policy + - marker_start: '# Start zone for qubes-doc' + - marker_end: '# End zone for qubes-doc' + - insert_after_match: '# Any changes made manually may be overwritten by Qubes Configuration Tools.' + - content: | + qubes.Gpg * qubes-doc @default allow target=sys-gpg + qubes.Gpg * qubes-doc sys-gpg allow diff --git a/qubes-doc/create.top b/qubes-doc/create.top new file mode 100644 index 0000000..4655bef --- /dev/null +++ b/qubes-doc/create.top @@ -0,0 +1,4 @@ +base: + dom0: + - match: nodegroup + - qubes-doc.create diff --git a/qubes-doc/doc-gitconfig b/qubes-doc/doc-gitconfig new file mode 100644 index 0000000..cd3ca84 --- /dev/null +++ b/qubes-doc/doc-gitconfig @@ -0,0 +1,17 @@ +[user] + name = NAME + email = EMAIL + signingkey = KEY + +[credential] + helper = cache + +[commit] + gpgsign = true + +[gpg] + program = qubes-gpg-client-wrapper + +[alias] + hist = log --pretty=format:\"%h %ad | %s%d [%an]\" --graph --date=short + diff --git a/qubes-doc/install.sls b/qubes-doc/install.sls new file mode 100644 index 0000000..6375357 --- /dev/null +++ b/qubes-doc/install.sls @@ -0,0 +1,38 @@ +# vim: set syntax=yaml ts=2 sw=2 sts=2 et : + +{% if salt['pillar.get']('update_proxy:caching') %} + +{% for repo in salt['file.find']('/etc/yum.repos.d/', name='*repo*') %} +{{ repo }}_baseurl: + file.replace: + - name: {{ repo }} + - pattern: 'baseurl.*=.*https://' + - repl: 'baseurl=http://HTTPS///' + - flags: [ 'IGNORECASE', 'MULTILINE' ] + - backup: False +{{ repo }}_metalink: + file.replace: + - name: {{ repo }} + - pattern: 'metalink.*=.*https://(.*)basearch' + - repl: 'metalink=http://HTTPS///\1basearch&protocol=http' + - flags: [ 'IGNORECASE', 'MULTILINE' ] + - backup: False + +{% endfor %} + + +{% endif %} + +qubes-doc_install: + pkg.installed: + - pkgs: + - qubes-core-agent-networking + - qubes-core-agent-passwordless-root + - qubes-gpg-split + - podman + - podman-compose + - redhat-rpm-config + - ruby + - ruby-devel + - zlib-ng-compat-devel + - nodejs diff --git a/qubes-doc/install.top b/qubes-doc/install.top new file mode 100644 index 0000000..59da775 --- /dev/null +++ b/qubes-doc/install.top @@ -0,0 +1,5 @@ +# vim: set syntax=yaml ts=2 sw=2 sts=2 et : + +base: + template-qubes-doc: + - qubes-doc.install diff --git a/qubes-doc/split-gpg-config b/qubes-doc/split-gpg-config new file mode 100644 index 0000000..accc01d --- /dev/null +++ b/qubes-doc/split-gpg-config @@ -0,0 +1 @@ +sys-gpg