Doc - states to produce documentataion builder

qubes-doc/README.md

@@ -0,0 +1,46 @@
+# Introduction
+These salt files can be used to set-up a template for building the Qubes website and documentation.
+The template is a clone of the fedora-40 template.
+A qubes-doc qube is created and configured to use git and split-gpg.
+
+# Installation
+Copy the qubes-doc directory to /srv/salt, then run:
+```
+sudo qubesctl state.apply qubes-doc.create
+sudo qubesctl --skip-dom0 --targets=template-qubes-doc state.apply qubes-doc.install  
+sudo qubesctl --skip-dom0 --targets=qubes-doc state.apply qubes-doc.config
+```
+
+If you want to use git, a boilerplate `~.gitconfig` is included in qubes-doc.
+Remember to edit this file with your details.
+split-gpg is automatically configured to use sys-gpg as the backend qube holding the PGP key.
+Edit the policy if you want to use a different backend qube to store your gpg key.
+
+## Building the site
+```
+cd qubesos.github.io
+bundle exec jekyll serve
+```
+You may need to edit `Gemfile` to include `gem webrick`
+
+## Notes
+
+`create.sls` uses *include* to call `clone.sls`. This state ensures that a fedora-40 template is installed, and will install it if not: the template is cloned to create a template for qubes-doc. The remainder of the state creates the qubes-doc qube, and creates the split-gpg policy.
+
+`install.sls` configures qubes-doc repositories to use the caching proxy if present. (Look at the use of the *if* statement checking for the existence of the relevant pillar.)
+`pkg.installed` is used to install the needed packages.
+
+`config.sls` is applied to the new *qubes-doc* qube.
+`file.managed` is used to transfer configuration files for split-gpg to the qube.
+`git.latest` is used to clone the git repository - `submodules: True` is used to pull in all submodules.
+
+There *is* a salt gem state, which could be used to install gems:  
+```
+qubes_doc_gems:
+  gem.installed:
+    - names:
+      - jekyll
+```
+But the results are variable, and some gems cannot be installed by this method.
+So we fall back to using `cmd.run` again to get gems installed.
+

qubes-doc/clone.sls

@@ -0,0 +1,8 @@
+qubes-doc_requisite:
+  qvm.template_installed:
+    - name: fedora-40
+
+qvm-qubes-doc-clone-id:
+  qvm.clone:
+    - name: template-qubes-doc
+    - source: fedora-40

qubes-doc/clone.top

@@ -0,0 +1,4 @@
+base:
+  dom0:
+    - match: nodegroup
+    - qubes-doc.clone

qubes-doc/config.sls

@@ -0,0 +1,41 @@
+/home/user/.gitconfig:
+  file.managed:
+    - source:
+      - salt://qubes-doc/doc-gitconfig
+    - user: user
+    - group: user
+
+/rw/config/gpg-split-domain:
+  file.managed:
+    - source:
+      - salt://qubes-doc/split-gpg-config
+    - user: root
+    - group: root
+
+https://github.com/QubesOS/qubesos.github.io.git:
+  git.latest:
+    - name: https://github.com/QubesOS/qubesos.github.io.git
+    - target: /home/user/qubesos.github.io
+    - user: user
+    - submodules: True
+
+'gem update --system':
+  cmd.run:
+    - user: root
+
+'gem install jekyll bundler':
+  cmd.run:
+    - user: user
+
+'gem install sass --force':
+  cmd.run:
+    - user: user
+
+'gem install github-pages':
+  cmd.run:
+    - user: user
+
+add_webrick:
+  file.append:
+    - name: /home/user/qubesos.github.io/Gemfile
+    - text: 'gem: webrick'

qubes-doc/config.top

@@ -0,0 +1,3 @@
+base:
+  qubes-doc:
+    - qubes-doc.config

qubes-doc/create.sls

@@ -0,0 +1,34 @@
+include:
+  - qubes-doc.clone
+
+qubes-doc-present-id:
+  qvm.present:
+    - name: qubes-doc
+    - template: template-qubes-doc
+    - label: gray
+
+qubes-doc-prefs-id:
+  qvm.prefs:
+    - name: qubes-doc
+    - memory: 800
+    - maxmem: 8000
+    - vcpus: 4
+
+qubes-doc-features-id:
+  qvm.features:
+    - name: qubes-doc
+    - disable:
+      - service.cups
+
+'qvm-volume extend qubes-doc:private 50G' :
+  cmd.run
+
+qubes-doc_update_policy_file:
+  file.blockreplace:
+    - name: /etc/qubes/policy.d/50-config-splitgpg.policy
+    - marker_start: '# Start zone for qubes-doc'
+    - marker_end: '# End zone for qubes-doc'
+    - insert_after_match: '# Any changes made manually may be overwritten by Qubes Configuration Tools.'
+    - content: |
+        qubes.Gpg	*	qubes-doc	@default	allow target=sys-gpg
+        qubes.Gpg	*	qubes-doc	sys-gpg	allow

qubes-doc/create.top

@@ -0,0 +1,4 @@
+base:
+  dom0:
+    - match: nodegroup
+    - qubes-doc.create

qubes-doc/doc-gitconfig

@@ -0,0 +1,17 @@
+[user]
+	name = NAME
+	email = EMAIL
+	signingkey = KEY
+
+[credential]
+	helper = cache
+
+[commit]
+	gpgsign = true
+
+[gpg]
+	program = qubes-gpg-client-wrapper
+
+[alias]
+  hist = log --pretty=format:\"%h %ad | %s%d [%an]\" --graph --date=short
+

qubes-doc/install.sls

@@ -0,0 +1,38 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+{% if salt['pillar.get']('update_proxy:caching') %}
+
+{% for repo in salt['file.find']('/etc/yum.repos.d/', name='*repo*') %}
+{{ repo }}_baseurl:
+    file.replace:
+      - name: {{ repo }}
+      - pattern: 'baseurl.*=.*https://'
+      - repl: 'baseurl=http://HTTPS///'
+      - flags: [ 'IGNORECASE', 'MULTILINE' ]
+      - backup: False
+{{ repo }}_metalink:
+    file.replace:
+      - name: {{ repo }}
+      - pattern: 'metalink.*=.*https://(.*)basearch'
+      - repl: 'metalink=http://HTTPS///\1basearch&protocol=http'
+      - flags: [ 'IGNORECASE', 'MULTILINE' ]
+      - backup: False
+
+{% endfor %}
+
+
+{% endif %}
+
+qubes-doc_install:
+  pkg.installed:
+    - pkgs:
+      - qubes-core-agent-networking
+      - qubes-core-agent-passwordless-root
+      - qubes-gpg-split
+      - podman
+      - podman-compose
+      - redhat-rpm-config
+      - ruby
+      - ruby-devel
+      - zlib-ng-compat-devel
+      - nodejs

qubes-doc/install.top

@@ -0,0 +1,5 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+base:
+  template-qubes-doc:
+    - qubes-doc.install

qubes-doc/split-gpg-config

@@ -0,0 +1 @@
+sys-gpg