ADDED: dedicated qube for website development

diff --git a/user_salt/dev-website/dev-website--create-qube.sls b/user_salt/dev-website/dev-website--create-qube.sls
new file mode 100644 (file)
index 0000000..db2a382
--- /dev/null
+++ b/user_salt/dev-website/dev-website--create-qube.sls
@@ -0,0 +1,21 @@
+{% if grains['id'] == 'dom0' %}
+
+dev-website--create-qube:
+  qvm.vm:
+    - name: q-dev-website
+    - present:
+      - template: template-dev-website
+      - label: orange
+    - prefs:
+      - label: orange
+      - netvm: sys-vpn-mullvad
+    - features:
+      - set:
+        - menu-items: xterm.desktop
+    - service:
+      - enable:
+        - shutdown-idle
+    - require:
+      - qvm: dev-website--create-template
+
+{% endif %}

diff --git a/user_salt/dev-website/dev-website--create-template.sls b/user_salt/dev-website/dev-website--create-template.sls
new file mode 100644 (file)
index 0000000..aaa973b
--- /dev/null
+++ b/user_salt/dev-website/dev-website--create-template.sls
@@ -0,0 +1,26 @@
+{% import "templates/versions.jinja" as version %}
+
+include:
+  - templates.templates--install-fedora-minimal
+
+{% if grains['id'] == 'dom0' %}
+
+dev-website--create-template:
+  qvm.clone:
+    - name: template-dev-website
+    - source: fedora-{{ version.fedora }}-minimal
+    - class: TemplateVM
+    - require:
+      - qvm: templates--install-fedora-{{ version.fedora }}-minimal
+
+dev-website--template-prefs:
+  qvm.prefs:
+    - name: template-dev-website
+    - label: orange
+    - audiovm:
+    - guivm:
+    - netvm: 
+    - require:
+      - qvm: dev-website--create-template
+
+{% endif %}

diff --git a/user_salt/dev-website/dev-website--firewall.sls b/user_salt/dev-website/dev-website--firewall.sls
new file mode 100644 (file)
index 0000000..3ede223
--- /dev/null
+++ b/user_salt/dev-website/dev-website--firewall.sls
@@ -0,0 +1,25 @@
+{% if grains['id'] == 'dom0' %}
+
+dev-website--firewall:
+  cmd.run:
+    - name: |
+        qvm-firewall q-dev-website reset
+        qvm-firewall q-dev-website del accept
+        qvm-firewall q-dev-website add accept specialtarget=dns
+        qvm-firewall q-dev-website add accept proto=icmp
+        qvm-firewall q-dev-website add accept github.com proto=tcp
+        qvm-firewall q-dev-website add accept git.andreasglashauser.com proto=tcp
+        qvm-firewall q-dev-website add drop
+    - unless: |
+        CURRENT=$(qvm-firewall --raw q-dev-website list)
+        DESIRED=$(echo -e 'action=accept specialtarget=dns
+        action=accept proto=icmp
+        action=accept proto=tcp dsthost=github.com
+        action=accept proto=tcp dsthost=git.andreasglashauser.com
+        action=drop')
+        [ "$CURRENT" = "$DESIRED" ]
+    - output_loglevel: quiet
+    - require:
+      - qvm: dev-website--create-qube
+
+{% endif %}

diff --git a/user_salt/dev-website/dev-website--install-packages.sls b/user_salt/dev-website/dev-website--install-packages.sls
new file mode 100644 (file)
index 0000000..706216d
--- /dev/null
+++ b/user_salt/dev-website/dev-website--install-packages.sls
@@ -0,0 +1,17 @@
+{% if grains['id'] == 'template-dev-website' %}
+
+dev-website--install-packages:
+  pkg.installed:
+    - refresh: True
+    - pkgs:
+      - qubes-core-agent-networking
+      - qubes-app-shutdown-idle
+      - neovim
+      - tmux
+      - git
+      - git-delta
+      - python3-virtualenvwrapper
+      - tree
+      - firefox
+
+{% endif %}

diff --git a/user_salt/dev-website/init.sls b/user_salt/dev-website/init.sls
new file mode 100644 (file)
index 0000000..3667b5b
--- /dev/null
+++ b/user_salt/dev-website/init.sls
@@ -0,0 +1,5 @@
+include:
+  - dev-website.dev-website--create-template
+  - dev-website.dev-website--install-packages
+  - dev-website.dev-website--create-qube
+  - dev-website.dev-website--firewall