diff --git a/docs/BOOTSTRAP.md b/docs/BOOTSTRAP.md index 4187e03b..9acd633e 100644 --- a/docs/BOOTSTRAP.md +++ b/docs/BOOTSTRAP.md @@ -25,6 +25,7 @@ matter in some circumstances, in those cases, it is noted in this page. * Base (order matters): * [dom0](../salt/dom0/README.md) * [debian-minimal](../salt/debian-minimal/README.md) + * [fedora-xfce](../salt/fedora-xfce/README.md) * [fedora-minimal](../salt/fedora-minimal/README.md) * [mgmt](../salt/mgmt/README.md) * [sys-cacher](../salt/sys-cacher/README.md) diff --git a/salt/debian-minimal/update-admin.sls b/salt/debian-minimal/update-admin.sls new file mode 100644 index 00000000..ae76515f --- /dev/null +++ b/salt/debian-minimal/update-admin.sls @@ -0,0 +1,20 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if grains['nodename'] == 'dom0' -%} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-update-admin": + cmd.run: + - require: + - sls: {{ slsdotpath }}.create + - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }} + +{% endif %} diff --git a/salt/debian-minimal/update-admin.top b/salt/debian-minimal/update-admin.top new file mode 100644 index 00000000..f776e5a9 --- /dev/null +++ b/salt/debian-minimal/update-admin.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'I@qubes:type:template and E@^debian-[0-9][0-9]-minimal$': + - match: compound + - debian-minimal.update-admin diff --git a/salt/debian-xfce/update-admin.sls b/salt/debian-xfce/update-admin.sls new file mode 100644 index 00000000..ae76515f --- /dev/null +++ b/salt/debian-xfce/update-admin.sls @@ -0,0 +1,20 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if grains['nodename'] == 'dom0' -%} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-update-admin": + cmd.run: + - require: + - sls: {{ slsdotpath }}.create + - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }} + +{% endif %} diff --git a/salt/debian-xfce/update-admin.top b/salt/debian-xfce/update-admin.top new file mode 100644 index 00000000..d7601250 --- /dev/null +++ b/salt/debian-xfce/update-admin.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'I@qubes:type:template and E@^debian-[0-9][0-9]-xfce$': + - match: compound + - debian-xfce.update-admin diff --git a/salt/debian/update-admin.sls b/salt/debian/update-admin.sls new file mode 100644 index 00000000..ae76515f --- /dev/null +++ b/salt/debian/update-admin.sls @@ -0,0 +1,20 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if grains['nodename'] == 'dom0' -%} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-update-admin": + cmd.run: + - require: + - sls: {{ slsdotpath }}.create + - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }} + +{% endif %} diff --git a/salt/debian/update-admin.top b/salt/debian/update-admin.top new file mode 100644 index 00000000..b5255214 --- /dev/null +++ b/salt/debian/update-admin.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'I@qubes:type:template and E@^debian-[0-9][0-9]$': + - match: compound + - debian.update-admin diff --git a/salt/fedora-minimal/README.md b/salt/fedora-minimal/README.md index 694cf83c..a600ffb8 100644 --- a/salt/fedora-minimal/README.md +++ b/salt/fedora-minimal/README.md @@ -19,7 +19,7 @@ it. ```sh sudo qubesctl top.enable fedora-minimal -sudo qubesctl --targets=fedora-40-minimal state.apply +sudo qubesctl --targets=fedora-41-minimal state.apply sudo qubesctl top.disable fedora-minimal sudo qubesctl state.apply fedora-minimal.prefs ``` @@ -30,7 +30,7 @@ sudo qubesctl state.apply fedora-minimal.prefs ```sh sudo qubesctl state.apply fedora-minimal.create -sudo qubesctl --skip-dom0 --targets=fedora-40-minimal state.apply fedora-minimal.install +sudo qubesctl --skip-dom0 --targets=fedora-41-minimal state.apply fedora-minimal.install sudo qubesctl state.apply fedora-minimal.prefs ``` diff --git a/salt/fedora-minimal/create.sls b/salt/fedora-minimal/create.sls index c9a00b90..8e4313ef 100644 --- a/salt/fedora-minimal/create.sls +++ b/salt/fedora-minimal/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -9,7 +9,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later {%- import slsdotpath ~ "/template.jinja" as template -%} include: - - fedora.create + - fedora-xfce.create - .clone "dvm-{{ template.template }}-absent": @@ -23,6 +23,7 @@ name: {{ template.template }} force: True require: - sls: {{ template.template_clean }}.clone +- sls: fedora-xfce.create present: - label: black prefs: @@ -32,6 +33,7 @@ prefs: - memory: 300 - maxmem: 600 - include_in_backups: False +- management_dispvm: dvm-fedora-xfce features: - set: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" @@ -63,22 +65,3 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} - -"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora": - qvm.vm: - - require: - - qvm: dvm-fedora - - name: {{ template.template }} - - prefs: - - management_dispvm: dvm-fedora - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-install-salt-deps": - cmd.script: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora" - - name: salt-patch.sh - - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh - - args: {{ template.template }} diff --git a/salt/fedora-minimal/files/admin/bin/salt-patch.sh b/salt/fedora-minimal/files/admin/bin/salt-patch.sh deleted file mode 100755 index abaec32e..00000000 --- a/salt/fedora-minimal/files/admin/bin/salt-patch.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -## SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. -## -## SPDX-License-Identifier: AGPL-3.0-or-later - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 - -set -eu - -qube="${1}" -dnf_min_install="dnf -q install --refresh -y --setopt=install_weak_deps=False" - -qvm-run --no-gui --user=root --pass-io --filter-escape-chars \ - --no-color-output --no-color-stderr -- "${qube}" \ - "${dnf_min_install} python3-urllib3" diff --git a/salt/fedora-minimal/prefs.sls b/salt/fedora-minimal/prefs.sls index b6ef9fe0..b735b2a1 100644 --- a/salt/fedora-minimal/prefs.sls +++ b/salt/fedora-minimal/prefs.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -9,21 +9,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later include: - .create -"{{ slsdotpath }}-set-management_dispvm-to-default": +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default": qvm.vm: - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" + - sls: {{ slsdotpath }}.create - name: {{ template.template }} - prefs: - management_dispvm: "*default*" - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-shutdown-template": - qvm.shutdown: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default" - - name: {{ template.template }} - - flags: - - force diff --git a/salt/fedora-minimal/update-admin.sls b/salt/fedora-minimal/update-admin.sls new file mode 100644 index 00000000..ae76515f --- /dev/null +++ b/salt/fedora-minimal/update-admin.sls @@ -0,0 +1,20 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if grains['nodename'] == 'dom0' -%} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-update-admin": + cmd.run: + - require: + - sls: {{ slsdotpath }}.create + - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }} + +{% endif %} diff --git a/salt/fedora-minimal/update-admin.top b/salt/fedora-minimal/update-admin.top new file mode 100644 index 00000000..1cfea8d0 --- /dev/null +++ b/salt/fedora-minimal/update-admin.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'I@qubes:type:template and E@^fedora-[0-9][0-9]-minimal$': + - match: compound + - fedora-minimal.update-admin diff --git a/salt/fedora-xfce/README.md b/salt/fedora-xfce/README.md index 696510cc..962a001b 100644 --- a/salt/fedora-xfce/README.md +++ b/salt/fedora-xfce/README.md @@ -18,8 +18,9 @@ Creates the Fedora Xfce template as well as a Disposable Template based on it. ```sh sudo qubesctl top.enable fedora-xfce -sudo qubesctl --targets=fedora-40-xfce state.apply +sudo qubesctl --targets=fedora-41-xfce state.apply sudo qubesctl top.disable fedora-xfce +sudo qubesctl state.apply fedora-xfce.prefs ``` * State: @@ -28,7 +29,8 @@ sudo qubesctl top.disable fedora-xfce ```sh sudo qubesctl state.apply fedora-xfce.create -sudo qubesctl --skip-dom0 --targets=fedora-40-xfce state.apply fedora-xfce.install +sudo qubesctl --skip-dom0 --targets=fedora-41-xfce state.apply fedora-xfce.install +sudo qubesctl state.apply fedora-xfce.prefs ``` diff --git a/salt/fedora-xfce/create.sls b/salt/fedora-xfce/create.sls index cc6492f5..cdf289f1 100644 --- a/salt/fedora-xfce/create.sls +++ b/salt/fedora-xfce/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -62,3 +62,11 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} + +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-dvm-{{ template.template_clean }}": + qvm.vm: + - require: + - qvm: dvm-{{ template.template_clean }} + - name: {{ template.template }} + - prefs: + - management_dispvm: "dvm-{{ template.template_clean }}" diff --git a/salt/fedora-xfce/prefs.sls b/salt/fedora-xfce/prefs.sls new file mode 100644 index 00000000..b735b2a1 --- /dev/null +++ b/salt/fedora-xfce/prefs.sls @@ -0,0 +1,18 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: {{ template.template }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/fedora-xfce/prefs.top b/salt/fedora-xfce/prefs.top new file mode 100644 index 00000000..2d3d2c87 --- /dev/null +++ b/salt/fedora-xfce/prefs.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - fedora-xfce.prefs diff --git a/salt/fedora-xfce/update-admin.sls b/salt/fedora-xfce/update-admin.sls new file mode 100644 index 00000000..ae76515f --- /dev/null +++ b/salt/fedora-xfce/update-admin.sls @@ -0,0 +1,20 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if grains['nodename'] == 'dom0' -%} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-update-admin": + cmd.run: + - require: + - sls: {{ slsdotpath }}.create + - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }} + +{% endif %} diff --git a/salt/fedora-xfce/update-admin.top b/salt/fedora-xfce/update-admin.top new file mode 100644 index 00000000..855498b9 --- /dev/null +++ b/salt/fedora-xfce/update-admin.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'I@qubes:type:template and E@^fedora-[0-9][0-9]-xfce$': + - match: compound + - fedora-xfce.update-admin diff --git a/salt/fedora/README.md b/salt/fedora/README.md index 262cb782..435c0744 100644 --- a/salt/fedora/README.md +++ b/salt/fedora/README.md @@ -18,8 +18,9 @@ Creates the Fedora template as well as a Disposable Template based on it. ```sh sudo qubesctl top.enable fedora -sudo qubesctl --targets=fedora-40 state.apply +sudo qubesctl --targets=fedora-41 state.apply sudo qubesctl top.disable fedora +sudo qubesctl state.apply fedora.prefs ``` * State: @@ -28,7 +29,8 @@ sudo qubesctl top.disable fedora ```sh sudo qubesctl state.apply fedora.create -sudo qubesctl --skip-dom0 --targets=fedora-40 state.apply fedora.install +sudo qubesctl --skip-dom0 --targets=fedora-41 state.apply fedora.install +sudo qubesctl state.apply fedora.prefs ``` diff --git a/salt/fedora/create.sls b/salt/fedora/create.sls index d5065b41..f778b0b3 100644 --- a/salt/fedora/create.sls +++ b/salt/fedora/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -62,3 +62,11 @@ features: - menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop" {%- endload %} {{ load(defaults) }} + +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-dvm-{{ template.template_clean }}": + qvm.vm: + - require: + - qvm: dvm-{{ template.template_clean }} + - name: {{ template.template }} + - prefs: + - management_dispvm: "dvm-{{ template.template_clean }}" diff --git a/salt/fedora/prefs.sls b/salt/fedora/prefs.sls new file mode 100644 index 00000000..b735b2a1 --- /dev/null +++ b/salt/fedora/prefs.sls @@ -0,0 +1,18 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-set-{{ template.template }}-management_dispvm-to-default": + qvm.vm: + - require: + - sls: {{ slsdotpath }}.create + - name: {{ template.template }} + - prefs: + - management_dispvm: "*default*" diff --git a/salt/fedora/prefs.top b/salt/fedora/prefs.top new file mode 100644 index 00000000..d43ade17 --- /dev/null +++ b/salt/fedora/prefs.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'dom0': + - match: nodegroup + - fedora.prefs diff --git a/salt/fedora/template.jinja b/salt/fedora/template.jinja index 68f64039..fdbabdb8 100644 --- a/salt/fedora/template.jinja +++ b/salt/fedora/template.jinja @@ -1,11 +1,11 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} {% set base = 'fedora' -%} -{% set version = salt['pillar.get']('qvm:fedora:version', '40') -%} +{% set version = salt['pillar.get']('qvm:fedora:version', '41') -%} {% set flavor = '' -%} {% set repo = salt['pillar.get']('qvm:fedora:repo', 'qubes-templates-itl') -%} {% if flavor -%} diff --git a/salt/fedora/update-admin.sls b/salt/fedora/update-admin.sls new file mode 100644 index 00000000..ae76515f --- /dev/null +++ b/salt/fedora/update-admin.sls @@ -0,0 +1,20 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if grains['nodename'] == 'dom0' -%} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-update-admin": + cmd.run: + - require: + - sls: {{ slsdotpath }}.create + - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }} + +{% endif %} diff --git a/salt/fedora/update-admin.top b/salt/fedora/update-admin.top new file mode 100644 index 00000000..e16a0f45 --- /dev/null +++ b/salt/fedora/update-admin.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'I@qubes:type:template and E@^fedora-[0-9][0-9]$': + - match: compound + - fedora.update-admin diff --git a/salt/kicksecure-minimal/update-admin.sls b/salt/kicksecure-minimal/update-admin.sls new file mode 100644 index 00000000..ae76515f --- /dev/null +++ b/salt/kicksecure-minimal/update-admin.sls @@ -0,0 +1,20 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if grains['nodename'] == 'dom0' -%} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-update-admin": + cmd.run: + - require: + - sls: {{ slsdotpath }}.create + - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }} + +{% endif %} diff --git a/salt/kicksecure-minimal/update-admin.top b/salt/kicksecure-minimal/update-admin.top new file mode 100644 index 00000000..b1b9c839 --- /dev/null +++ b/salt/kicksecure-minimal/update-admin.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'I@qubes:type:template and E@^kicksecure-[0-9][0-9]-minimal$': + - match: compound + - kicksecure-minimal.update-admin diff --git a/salt/mgmt/create.sls b/salt/mgmt/create.sls index 220cb4bc..f8bbbe3c 100644 --- a/salt/mgmt/create.sls +++ b/salt/mgmt/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -7,7 +7,8 @@ SPDX-License-Identifier: AGPL-3.0-or-later {%- from "qvm/template.jinja" import load -%} include: - - fedora.create + - fedora-xfce.create + - fedora-xfce.update-admin - .clone - fedora-minimal.prefs @@ -15,10 +16,13 @@ include: name: tpl-{{ slsdotpath }} force: True require: +- sls: fedora-xfce.create +- sls: fedora-xfce.update-admin - sls: {{ slsdotpath }}.clone - sls: fedora-minimal.prefs prefs: - audiovm: "" +- management_dispvm: dvm-fedora-xfce {%- endload %} {{ load(defaults) }} @@ -48,22 +52,3 @@ features: - internal {%- endload %} {{ load(defaults) }} - -"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora": - qvm.vm: - - require: - - qvm: dvm-fedora - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: dvm-fedora - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-install-salt-deps": - cmd.script: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora" - - name: salt-patch.sh - - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh - - args: tpl-{{ slsdotpath }} diff --git a/salt/mgmt/prefs.sls b/salt/mgmt/prefs.sls index 73e491b5..635858e2 100644 --- a/salt/mgmt/prefs.sls +++ b/salt/mgmt/prefs.sls @@ -10,13 +10,13 @@ include: "{{ slsdotpath }}-set-qubes-prefs-management_dispvm-to-dvm-{{ slsdotpath }}": cmd.run: - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" + - sls: {{ slsdotpath }}.create - name: qubes-prefs -- management_dispvm dvm-{{ slsdotpath }} "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default": qvm.vm: - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" + - sls: {{ slsdotpath }}.create - name: tpl-{{ slsdotpath }} - prefs: - management_dispvm: "*default*" @@ -27,14 +27,3 @@ include: - cmd: "{{ slsdotpath }}-set-qubes-prefs-management_dispvm-to-dvm-{{ slsdotpath }}" - qvm: "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default" - name: default-mgmt-dvm - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-shutdown-template": - qvm.shutdown: - - require: - - qvm: "{{ slsdotpath }}-set-tpl-{{ slsdotpath }}-management_dispvm-to-default" - - name: tpl-{{ slsdotpath }} - - flags: - - force diff --git a/salt/qubes-builder/README.md b/salt/qubes-builder/README.md index 27cfdb46..19e21f52 100644 --- a/salt/qubes-builder/README.md +++ b/salt/qubes-builder/README.md @@ -38,7 +38,6 @@ template. sudo qubesctl top.enable qubes-builder sudo qubesctl --targets=tpl-qubes-builder,dvm-qubes-builder,qubes-builder state.apply sudo qubesctl top.disable qubes-builder -sudo qubesctl state.apply qubes-builder.prefs ``` * State: @@ -48,7 +47,6 @@ sudo qubesctl state.apply qubes-builder.prefs ```sh sudo qubesctl state.apply qubes-builder.create sudo qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply qubes-builder.install -sudo qubesctl state.apply qubes-builder.prefs sudo qubesctl --skip-dom0 --targets=dvm-qubes-builder state.apply qubes-builder.configure-qubes-executor sudo qubesctl --skip-dom0 --targets=qubes-builder state.apply qubes-builder.configure ``` diff --git a/salt/qubes-builder/create.sls b/salt/qubes-builder/create.sls index 2c690730..dea0068e 100644 --- a/salt/qubes-builder/create.sls +++ b/salt/qubes-builder/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -89,33 +89,3 @@ features: {% from 'utils/macros/policy.sls' import policy_set with context -%} {{ policy_set(sls_path, '70') }} - -"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora": - qvm.vm: - - require: - - qvm: dvm-fedora - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: dvm-fedora - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-install-salt-deps": - cmd.script: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora" - - name: salt-patch.sh - - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh - - args: tpl-{{ slsdotpath }} - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-shutdown-template": - qvm.shutdown: - - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" - - name: tpl-{{ slsdotpath }} - - flags: - - force diff --git a/salt/qubes-builder/prefs.sls b/salt/qubes-builder/prefs.sls deleted file mode 100644 index 9650569c..00000000 --- a/salt/qubes-builder/prefs.sls +++ /dev/null @@ -1,20 +0,0 @@ -{# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 - -include: - - .create - -"{{ slsdotpath }}-set-management_dispvm-to-default": - qvm.vm: - - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: "*default*" diff --git a/salt/qubes-builder/prefs.top b/salt/qubes-builder/prefs.top deleted file mode 100644 index 3a073c34..00000000 --- a/salt/qubes-builder/prefs.top +++ /dev/null @@ -1,10 +0,0 @@ -{# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -base: - 'dom0': - - match: nodegroup - - qubes-builder.prefs diff --git a/salt/sys-gui/create.sls b/salt/sys-gui/create.sls index ea7a50f8..6d0b26b3 100644 --- a/salt/sys-gui/create.sls +++ b/salt/sys-gui/create.sls @@ -1,7 +1,7 @@ {# SPDX-FileCopyrightText: 2019 - 2020 Frederic Pierret SPDX-FileCopyrightText: 2020 - 2024 Marmarek Marczykowski-Gorecki -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: GPL-2.0-only #} @@ -11,6 +11,7 @@ SPDX-License-Identifier: GPL-2.0-only include: - .clone + - fedora-minimal.prefs {% if 'psu' in salt['pillar.get']('qvm:sys-gui:dummy-modules', []) or 'backlight' in salt['pillar.get']('qvm:sys-gui:dummy-modules', []) %} "{{ slsdotpath }}-installed": @@ -32,6 +33,7 @@ name: tpl-{{ slsdotpath }} force: True require: - sls: {{ slsdotpath }}.clone +- sls: fedora-minimal.prefs prefs: - audiovm: "" {%- endload %} diff --git a/salt/sys-pgp/README.md b/salt/sys-pgp/README.md index c9999249..7d45747d 100644 --- a/salt/sys-pgp/README.md +++ b/salt/sys-pgp/README.md @@ -31,7 +31,6 @@ and access to them is made from the client through Qrexec. sudo qubesctl top.enable sys-pgp sudo qubesctl --targets=tpl-sys-pgp,sys-pgp state.apply sudo qubesctl top.disable sys-pgp -sudo qubesctl state.apply sys-pgp.prefs ``` * State: @@ -42,7 +41,6 @@ sudo qubesctl state.apply sys-pgp.prefs sudo qubesctl state.apply sys-pgp.create sudo qubesctl --skip-dom0 --targets=tpl-sys-pgp state.apply sys-pgp.install sudo qubesctl --skip-dom0 --targets=sys-pgp state.apply sys-pgp.configure -sudo qubesctl state.apply sys-pgp.prefs ``` diff --git a/salt/sys-pgp/create.sls b/salt/sys-pgp/create.sls index 8fddeee5..6acd66ed 100644 --- a/salt/sys-pgp/create.sls +++ b/salt/sys-pgp/create.sls @@ -1,5 +1,5 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. SPDX-License-Identifier: AGPL-3.0-or-later #} @@ -47,22 +47,3 @@ features: {% from 'utils/macros/policy.sls' import policy_set with context -%} {{ policy_set(sls_path, '80') }} - -"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora": - qvm.vm: - - require: - - qvm: dvm-fedora - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: dvm-fedora - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-install-salt-deps": - cmd.script: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora" - - name: salt-patch.sh - - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh - - args: tpl-{{ slsdotpath }} diff --git a/salt/sys-pgp/prefs.sls b/salt/sys-pgp/prefs.sls deleted file mode 100644 index 74627a71..00000000 --- a/salt/sys-pgp/prefs.sls +++ /dev/null @@ -1,27 +0,0 @@ -{# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -include: - - .create - -"{{ slsdotpath }}-set-management_dispvm-to-default": - qvm.vm: - - require: - - cmd: "{{ slsdotpath }}-install-salt-deps" - - name: tpl-{{ slsdotpath }} - - prefs: - - management_dispvm: "*default*" - -## TODO: Remove when template with patch reaches upstream or updates enforce -## salt-deps to be installed. -## https://github.com/QubesOS/qubes-issues/issues/8806 -"{{ slsdotpath }}-shutdown-template": - qvm.shutdown: - - require: - - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default" - - name: tpl-{{ slsdotpath }} - - flags: - - force diff --git a/salt/sys-pgp/prefs.top b/salt/sys-pgp/prefs.top deleted file mode 100644 index 9cc84b38..00000000 --- a/salt/sys-pgp/prefs.top +++ /dev/null @@ -1,10 +0,0 @@ -{# -SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. - -SPDX-License-Identifier: AGPL-3.0-or-later -#} - -base: - 'dom0': - - match: nodegroup - - sys-pgp.prefs diff --git a/salt/whonix-gateway/update-admin.sls b/salt/whonix-gateway/update-admin.sls new file mode 100644 index 00000000..ae76515f --- /dev/null +++ b/salt/whonix-gateway/update-admin.sls @@ -0,0 +1,20 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if grains['nodename'] == 'dom0' -%} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-update-admin": + cmd.run: + - require: + - sls: {{ slsdotpath }}.create + - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }} + +{% endif %} diff --git a/salt/whonix-gateway/update-admin.top b/salt/whonix-gateway/update-admin.top new file mode 100644 index 00000000..d3c7db3e --- /dev/null +++ b/salt/whonix-gateway/update-admin.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'I@qubes:type:template and E@^whonix-[0-9][0-9]-gateway$': + - match: compound + - whonix-gateway.update-admin diff --git a/salt/whonix-workstation/update-admin.sls b/salt/whonix-workstation/update-admin.sls new file mode 100644 index 00000000..ae76515f --- /dev/null +++ b/salt/whonix-workstation/update-admin.sls @@ -0,0 +1,20 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +{% if grains['nodename'] == 'dom0' -%} + +{%- import slsdotpath ~ "/template.jinja" as template -%} + +include: + - .create + +"{{ slsdotpath }}-update-admin": + cmd.run: + - require: + - sls: {{ slsdotpath }}.create + - name: qubes-vm-update --no-progress --show-output --targets={{ template.template }} + +{% endif %} diff --git a/salt/whonix-workstation/update-admin.top b/salt/whonix-workstation/update-admin.top new file mode 100644 index 00000000..cf15666c --- /dev/null +++ b/salt/whonix-workstation/update-admin.top @@ -0,0 +1,10 @@ +{# +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: AGPL-3.0-or-later +#} + +base: + 'I@qubes:type:template and E@^whonix-[0-9][0-9]-workstation$': + - match: compound + - whonix-workstation.update-admin