Mullvad - update to debian-12

Use Mullvad GUI for VPN choice. Install Mullvad browser Make mullvad qube a disposable template
2024-10-01 01:25:41 -04:00 · 2024-02-11 15:42:52 +00:00 · 2024-02-11 15:42:52 +00:00 · ffc57008ca
commit ffc57008ca
parent 409c2a1e1f
13 changed files with 187 additions and 62 deletions
--- a/mullvad/browser.sls
+++ b/mullvad/browser.sls
@ -0,0 +1,47 @@
+/etc/skel/Downloads/mullvad_browser-linux-x86_64-13.0.9.tar.xz:
+  file.managed:
+    - source: 
+      - salt://mullvad/mullvad-browser-linux-x86_64-13.0.9.tar.xz
+    - user: root
+    - group: root
+    - makedirs: True
+
+mullvad-browser-linux-x86_64-13.0.9.tar.xz:
+  archive.extracted:
+    - name: /etc/skel
+    - source: /etc/skel/Downloads/mullvad_browser-linux-x86_64-13.0.9.tar.xz
+    - user: user
+
+/etc/skel/.local/share/applications/start-mullvad-browser.desktop:
+  file.managed:
+    - source: salt://mullvad/start-mullvad-browser.desktop
+    - makedirs: True
+    - user: user
+
+/etc/skel/.local/share/applications/mimeinfo.cache:
+  file.managed:
+    - source: salt://mullvad/mimeinfo.cache
+    - makedirs: True
+    - user: user
+
+/home/user/.local/share/applications/start-mullvad-browser.desktop:
+  file.managed:
+    - source: salt://mullvad/start-mullvad-browser.desktop
+    - makedirs: True
+    - user: user
+
+/home/user/.local/share/applications/mimeinfo.cache:
+  file.managed:
+    - source: salt://mullvad/mimeinfo.cache
+    - makedirs: True
+    - user: user
+
+browser_dependencies:
+  pkg.installed:
+    - skip_suggestions: True
+    - install_recommends: False
+    - pkgs:
+      - libdbus-glib-1-2
+      - libnss3
+      - desktop-file-utils
+      - kdialog
--- a/mullvad/browser.top
+++ b/mullvad/browser.top
@ -0,0 +1,3 @@
+base:
+ template-mullvad :
+    - mullvad.browser
--- a/mullvad/clone.sls
+++ b/mullvad/clone.sls
@ -1,8 +1,17 @@
 mullvad_precursor:
  qvm.template_installed:
-    - name: debian-11-minimal
+    - name: debian-12-minimal

-qvm-clone-id:
+mullvad_clone:
  qvm.clone:
    - name: template-mullvad
-    - source: debian-11-minimal
+    - source: debian-12-minimal
+
+mullvad_menu:
+  qvm.features:
+    - name: template-mullvad
+    - set:
+      - menu-items: "start-mullvad-browser.desktop mullvad-vpn.desktop debian-xterm.desktop"
+      - default-menu-items: "start-mullvad-browser.desktop mullvad-vpn.desktop debian-xterm.desktop" 
+
+
--- a/mullvad/clone.top
+++ b/mullvad/clone.top
@ -1,8 +1,4 @@
-mullvad_precursor:
-  qvm.template_installed:
-    - name: debian-11-minimal
-
-qvm-clone-id:
-  qvm.clone:
-    - name: template-mullvad
-    - source: debian-11-minimal
+base:
+  dom0:
+    - match: nodegroup
+    - mullvad.clone
--- a/mullvad/configure.sls
+++ b/mullvad/configure.sls
@ -1,37 +1,17 @@
-/rw/config/rc.local:
-  file.append:
-    - text: wg-quick up /rw/config/wireguard.conf
-
-/rw/config/qubes-firewall-user-script:
-  file.append:
-    - text:
-      - nft insert rule filter FORWARD tcp flags syn tcp option maxseg size set rt mtu
-      - nft insert rule filter FORWARD oifname eth0 drop
-      - nft insert rule filter FORWARD iifname eth0 drop
-
-/rw/config/network-hooks.d/flush.sh:
+/etc/skel/Downloads/mullvad_browser-linux-x86_64-13.0.9.tar.xz:
  file.managed:
-    - source:
-      - salt://mullvad/flush.sh
+    - source: 
+      - salt://mullvad/mullvad-browser-linux-x86_64-13.0.9.tar.xz
    - user: root
    - group: root
    - makedirs: True
-    - mode: 755

-/rw/config/network-hooks.d/flush:
-  file.managed:
-    - source:
-      - salt://mullvad/flush
-    - user: root
-    - group: root
-    - makedirs: True
-    - mode: 755
+mullvad-browser-linux-x86_64-13.0.9.tar.xz:
+  module.run:
+    - name: archive.tar
+    - tarfile: /etc/skel/Downloads/mullvad_browser-linux-x86_64-13.0.9.tar.xz
+    - options: -x -f
+    - runas: root
+    - dest: /etc/skel

-/home/user/install.sh:
-  file.managed:
-    - source:
-      - salt://mullvad/install.sh
-    - user: root
-    - mode: '0755'
-    - replace: True

--- a/mullvad/create.sls
+++ b/mullvad/create.sls
@ -23,3 +23,5 @@ qvm-features-id:
      - service.cups
      - service.cups-browsed
      - service.tinyproxy
+    - set:
+      - menu-items: "start-mullvad-browser.desktop mullvad-vpn.desktop debian-xterm.desktop"
--- a/mullvad/create_disposable.sls
+++ b/mullvad/create_disposable.sls
@ -0,0 +1,29 @@
+include:
+  - mullvad.clone
+
+create_mullvad:
+  qvm.present:
+    - name: Mullvad
+    - class: AppVM
+    - template: template-mullvad
+    - label: green
+
+mullvad-prefs:
+  qvm.prefs:
+    - name: Mullvad
+    - memory: 400
+    - maxmem: 800
+    - vcpus: 2
+    - template_for_dispvms: True
+
+mullvad-features:
+  qvm.features:
+    - name: Mullvad
+    - disable:
+      - service.cups
+      - service.cups-browsed
+      - service.tinyproxy
+    - set:
+      - menu-items: "start-mullvad-browser.desktop mullvad-vpn.desktop debian-xterm.desktop"
+      - appmenus-dispvm: True
+
--- a/mullvad/create_disposable.top
+++ b/mullvad/create_disposable.top
@ -0,0 +1,4 @@
+base:
+  dom0:
+    - match: nodegroup
+    - mullvad.create_disposable
--- a/mullvad/install.sls
+++ b/mullvad/install.sls
@ -38,6 +38,7 @@ mullvad_installed:
      - qubes-core-agent-networking
      - qubes-core-agent-passwordless-root
      - iproute2
+      - libdbus-glib2.0-cil
      - libnotify-bin
      - mate-notification-daemon
      - resolvconf
--- a/mullvad/mimeinfo.cache
+++ b/mullvad/mimeinfo.cache
@ -0,0 +1 @@
+[MIME Cache]
--- a/mullvad/mullvad-browser-linux-x86_64-13.0.9.tar.xz
+++ b/mullvad/mullvad-browser-linux-x86_64-13.0.9.tar.xz
--- a/mullvad/repo.sls
+++ b/mullvad/repo.sls
@ -3,16 +3,14 @@
 #
 #

-{% if grains['nodename'] != 'dom0' %}
-
-mullvad_repo:
-  file.append:
-    - name: /etc/apt/sources.list.d/mullvad.list
-    - text: "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main"
-
 {% if salt['pillar.get']('update_proxy:caching') %}
+{% set proxy = 'cacher' %}
+{% endif %}
+
+{% if grains['nodename'] != 'dom0' %}
 {% if grains['os_family']|lower == 'debian' %}
 {% if grains['nodename']|lower != 'host' %}
+{% if proxy  == 'cacher' %}
 {% for repo in salt['file.find']('/etc/apt/sources.list.d/', name='*list') %}
 {{ repo }}_baseurl:
  file.replace:
@ -33,26 +31,47 @@ mullvad_repo:
    - backup: False

 {% endif %}
-{% endif %}
-{% endif %}

-mullvad_update:
-  pkg.uptodate:
-    - refresh: True
-
-installed:
+requirements_installed:
  pkg.installed:
+    - refresh: True
    - pkgs:
      - qubes-core-agent-networking
      - qubes-core-agent-passwordless-root
      - iproute2
      - libnotify-bin
-      - mate-notification-daemon
-      - resolvconf
-      - unzip
-      - mullvad-vpn
-      - wireguard
-      - wireguard-tools
-      - zenity
+      - lsb-release
+
+echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" > /etc/apt/sources.list.d/mullvad.list :
+  cmd.run
+
+/usr/share/keyrings/mullvad-keyring.asc:
+  file.managed:
+    - source:
+      - salt://mullvad/mullvad-keyring.asc
+    - user: root
+    - group: root
+    - makedirs: True
+
+{% if proxy == 'cacher' %}
+/etc/apt/sources.list.d/mullvad.list:
+  file.replace:
+    - name: /etc/apt/sources.list.d/mullvad.list
+    - pattern: 'https:'
+    - repl: 'http://HTTPS/'
+    - flags: [ 'IGNORECASE', 'MULTILINE' ]
+    - backup: False

 {% endif %}
+
+mullvad_installed:
+  pkg.installed:
+    - refresh: True
+    - pkgs:
+      - mullvad-vpn
+
+{% endif %}
+{% endif %}
+
+{% endif %}
+
--- a/mullvad/start-mullvad-browser.desktop
+++ b/mullvad/start-mullvad-browser.desktop
@ -0,0 +1,34 @@
+#!/usr/bin/env ./Browser/execdesktop
+#
+# This file is a self-modifying .desktop file that can be run from the shell.
+# It preserves arguments and environment for the start-mullvad-browser script.
+#
+# Run './start-mullvad-browser.desktop --help' to display the full set of options.
+#
+# When invoked from the shell, this file must always be in a Mullvad Browser root
+# directory. When run from the file manager or desktop GUI, it is relocatable.
+#
+# After first invocation, it will update itself with the absolute path to the
+# current Mullvad Browser location, to support relocation of this .desktop file for GUI
+# invocation. You can also add Mullvad Browser to your desktop's application menu
+# by running './start-mullvad-browser.desktop --register-app'
+#
+# If you use --register-app, and then relocate your Mullvad Browser directory, Mullvad Browser
+# will no longer launch from your desktop's app launcher/dock. However, if you
+# re-run --register-app from inside that new directory, the script
+# will correct the absolute paths and re-register itself.
+#
+# This file will also still function if the path changes when Mullvad Browser is used as a
+# portable app, so long as it is run directly from that new directory, either
+# via the shell or via the file manager.
+
+[Desktop Entry]
+Type=Application
+Name=Mullvad Browser
+GenericName=Web Browser
+Comment=Mullvad Browser  is +1 for privacy and −1 for mass surveillance
+Categories=Network;WebBrowser;Security;
+Exec=sh -c '"/home/user/mullvad-browser/Browser/start-mullvad-browser" || ([ !  -x "/home/user/mullvad-browser/Browser/start-mullvad-browser" ] && "$(dirname "$*")"/Browser/start-mullvad-browser --detach)' dummy %k
+X-MullvadBrowser-ExecShell=./Browser/start-mullvad-browser 
+Icon=/home/user/mullvad-browser/Browser/browser/chrome/icons/default/default128.png
+StartupWMClass=Mullvad Browser