Split GPG - back end template and 'gpg' qube

gpg/clone.sls

@@ -0,0 +1,12 @@
+include:
+  - template-debian-10-minimal
+
+qvm-clone-id:
+  qvm.clone:
+    - require:
+      - sls: template-debian-10-minimal 
+    - name: template-gpg
+    - source: debian-10-minimal
+
+'sudo qubes-dom0-update qubes-gpg-split-dom0':
+  cmd.run

gpg/clone.top

@@ -0,0 +1,4 @@
+base:
+  dom0:
+    - match: nodegroup
+    - gpg.clone

gpg/create.sls

@@ -0,0 +1,32 @@
+include:
+  - gpg.clone
+
+qvm-present-id:
+  qvm.present:
+    - name: gpg
+    - template: template-gpg
+    - label: gray
+
+qvm-prefs-id:
+  qvm.prefs:
+    - name: gpg
+    - netvm: none
+    - memory: 400
+    - maxmem: 800
+    - vcpus: 2
+
+qvm-features-id:
+  qvm.features:
+    - name: gpg
+    - disable:
+      - service.cups
+      - service.cups-browsed
+
+'qvm-volume extend gpg:private 10G' :
+  cmd.run
+
+update_file:
+  file.prepend:
+    - name: '/etc/qubes-rpc/policy/qubes.Gpg'
+    - text: '@anyvm @anyvm ask,default_target=gpg'
+

gpg/create.top

@@ -0,0 +1,4 @@
+base:
+  dom0:
+    - match: nodegroup
+    - gpg.create

gpg/install.sls

@@ -0,0 +1,26 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+/etc/apt/sources.list:
+  file.replace:
+    - pattern: 'https:'
+    - repl: 'http://HTTPS/'
+    - flags: [ 'IGNORECASE', 'MULTILINE' ]
+
+/etc/apt/sources.list.d/qubes-r4.list:
+  file.replace:
+    - pattern: 'https:'
+    - repl: 'http://HTTPS/'
+    - flags: [ 'IGNORECASE', 'MULTILINE' ]
+
+allow-testing:
+  file.uncomment:
+    - name: /etc/apt/sources.list.d/qubes-r4.list
+    - regex: ^deb\s.*qubes-os.org.*-testing
+    - backup: false
+
+installed:
+  pkg.installed:
+    - pkgs:
+      - qubes-gpg-split
+      - gnupg
+      - keepassxc

gpg/install.top

@@ -0,0 +1,5 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+base:
+  template-gpg:
+  - gpg.install