Skip to content
This repository has been archived by the owner on Mar 8, 2024. It is now read-only.

drkhsh/salt-n-pepper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

197 Commits

common

common

 
 

template-admin

template-admin

 
 

template-browser

template-browser

 
 

template-cacher

template-cacher

 
 

template-dev

template-dev

 
 

template-mail

template-mail

 
 

template-media

template-media

 
 

template-music

template-music

 
 

template-openvpn

template-openvpn

 
 

template-pentest

template-pentest

 
 

template-snap

template-snap

 
 

template-syncthing

template-syncthing

 
 

template-sys

template-sys

 
 

template-vault

template-vault

 
 

template-wireguard

template-wireguard

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

template-admin.top

template-admin.top

 
 

template-browser.top

template-browser.top

 
 

template-cacher.top

template-cacher.top

 
 

template-dev.top

template-dev.top

 
 

template-mail.top

template-mail.top

 
 

template-media.top

template-media.top

 
 

template-music.top

template-music.top

 
 

template-openvpn.top

template-openvpn.top

 
 

template-pentest.top

template-pentest.top

 
 

template-snap.top

template-snap.top

 
 

template-syncthing.top

template-syncthing.top

 
 

template-sys.top

template-sys.top

 
 

template-vault.top

template-vault.top

 
 

template-wireguard.top

template-wireguard.top

 
 

Repository files navigation

        █
        █   █     █
███ ███ █  ███   █ █   ███ ███ ███ ███ ███ ███
█     █ █   █     █    █ █ ███ █ █ █ █ ███ █
  █ ███ █   █    █ █   █ █ █   █ █ █ █ █   █
███ ███ ██  ██    ██   ███ ███ ███ ███ ███ █
                       █       █   █
                       █       █   █

Salt & Pepper

My Qubes SaltStack configuration for automated template deployments. This repository mostly exists for personal reference and sharing between machines, however feel free to steal some salt.

Contains a lot of templates, specifically configured for my usecases, used on two Qubes OS machines for personal and work use. Work-related templates are stripped out (NDA blabla).

Beware that some stuff may be very hacky, works on my machine(s).

Install

First, enable user-directories for Salt on Qubes OS (to separate from pre-installed formulas):

qubesctl top.enable qubes.user-dirs
qubesctl state.apply

Clone repository contents in a regular qube, then copy it to dom0, by using git bundle.

WARNING: You are going to copy files from a qube directly into dom0! This is considered unsafe and can compromise the security of your whole Qubes system. You have been warned.

qvm-run --pass-io <target-qube> 'cd /path/to/salt-repo/ && git bundle create -
--all' > /tmp/salt.bundle

Finally, clone the bundle into the salt user dir (/srv/user_salt/):

cd /srv/user_salt/
git clone /tmp/salt.bundle .

Git's origin is now set to the bundle file, it can be deleted for now.

Binaries / Dotfiles

  • Place static st binary in /srv/user_salt/bin/
  • Clone dotfiles repository in /srv/user_salt/dotfiles/

(both are ignored by git)

Deploy

Use qubesctl to enable and deploy states.

qubesctl top.enable template-example
qubesctl --targets template-example state.highstate

To apply all changed states, use:

qubesctl --all state.highstate

Update

To dom0

Since the origin in the cloned repository in dom0 is set to the bundle file, it's enough to get the newest bundle and git pull from it:

cd /srv/user_salt/
qvm-run --pass-io <target-qube> 'cd /path/to/salt-repo/ && git bundle create -
--all' > /tmp/salt.bundle
git pull # use --rebase if necessary

From dom0

Commit the changes in dom0, and generate a patch bundle per commit:

git bundle create /tmp/salt.bundle --all -1 HEAD # or <sha>

Use qvm-copy-to-vm to get the bundle back to the target qube:

qvm-move-to-vm <target-qube> /tmp/salt.bundle

Then, in the relevant qube, check and apply the patch, and push to the upstream repo:

cd /path/to/salt-repo
git pull ~/QuebesIncoming/dom0/salt.bundle # use --rebase if necessary

Pillars

theme.sls:

theme:
  gtk: Dracula
  icons: Dracula

shell.sls:

shell: mksh

Include in top-file accordingly:

user:
  '*':
    - shell
    - theme

About

My Qubes OS SaltStack configuration for automated template deployments.

git.drkhsh.at/salt-n-pepper

Topics

salt saltstack qubes-os qubes

Resources

Readme

License

ISC license
Activity

Stars

6 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases

No releases published

Languages