fix: pgp template is fedora based without salt fix

ben-grande · Jun 14, 2024 · e1a15d8 · e1a15d8
1 parent 3ece491
commit e1a15d8
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 0 deletions.
diff --git a/salt/sys-pgp/README.md b/salt/sys-pgp/README.md
@@ -22,6 +22,7 @@ and access to them is made from the client through Qrexec.
 sudo qubesctl top.enable sys-pgp
 sudo qubesctl --targets=tpl-sys-pgp,sys-pgp state.apply
 sudo qubesctl top.disable sys-pgp
+sudo qubesctl state.apply sys-pgp.prefs
 ```
 
 - State:
@@ -30,6 +31,7 @@ sudo qubesctl top.disable sys-pgp
 sudo qubesctl state.apply sys-pgp.create
 sudo qubesctl --skip-dom0 --targets=tpl-sys-pgp state.apply sys-pgp.install
 sudo qubesctl --skip-dom0 --targets=sys-pgp state.apply sys-pgp.configure
+sudo qubesctl state.apply sys-pgp.prefs
 ```
 <!-- pkg:end:post-install -->
 

diff --git a/salt/sys-pgp/create.sls b/salt/sys-pgp/create.sls
@@ -8,12 +8,14 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 
 include:
   - .clone
+  - fedora-minimal.prefs
 
 {% load_yaml as defaults -%}
 name: tpl-{{ slsdotpath }}
 force: True
 require:
 - sls: {{ slsdotpath }}.clone
+- sls: fedora-minimal.prefs
 prefs:
 - audiovm: ""
 {%- endload %}
@@ -45,3 +47,22 @@ features:
 
 {% from 'utils/macros/policy.sls' import policy_set with context -%}
 {{ policy_set(sls_path, '80') }}
+
+"{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora":
+  qvm.vm:
+    - require:
+      - qvm: dvm-fedora
+    - name: tpl-{{ slsdotpath }}
+    - prefs:
+      - management_dispvm: dvm-fedora
+
+## TODO: Remove when template with patch reaches upstream or updates enforce
+## salt-deps to be installed.
+## https://github.com/QubesOS/qubes-issues/issues/8806
+"{{ slsdotpath }}-install-salt-deps":
+  cmd.script:
+    - require:
+      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-dvm-fedora"
+    - name: salt-patch.sh
+    - source: salt://fedora-minimal/files/admin/bin/salt-patch.sh
+    - args: tpl-{{ slsdotpath }}
diff --git a/salt/sys-pgp/prefs.sls b/salt/sys-pgp/prefs.sls
@@ -0,0 +1,27 @@
+{#
+SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+include:
+  - .create
+
+"{{ slsdotpath }}-set-management_dispvm-to-default":
+  qvm.vm:
+    - require:
+      - cmd: "{{ slsdotpath }}-install-salt-deps"
+    - name: tpl-{{ slsdotpath }}
+    - prefs:
+      - management_dispvm: "*default*"
+
+## TODO: Remove when template with patch reaches upstream or updates enforce
+## salt-deps to be installed.
+## https://github.com/QubesOS/qubes-issues/issues/8806
+"{{ slsdotpath }}-shutdown-template":
+  qvm.shutdown:
+    - require:
+      - qvm: "{{ slsdotpath }}-set-management_dispvm-to-default"
+    - name: tpl-{{ slsdotpath }}
+    - flags:
+      - force
diff --git a/salt/sys-pgp/prefs.top b/salt/sys-pgp/prefs.top
@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - sys-pgp.prefs