ADDED: states for setting up qubes-mirage-firewall

author Andreas Glashauser <ag@andreasglashauser.com>

Mon, 7 Apr 2025 18:10:45 +0000 (20:10 +0200)

committer Andreas Glashauser <ag@andreasglashauser.com>

Mon, 7 Apr 2025 18:10:45 +0000 (20:10 +0200)
author Andreas Glashauser <ag@andreasglashauser.com>
Mon, 7 Apr 2025 18:10:45 +0000 (20:10 +0200)
committer Andreas Glashauser <ag@andreasglashauser.com>
Mon, 7 Apr 2025 18:10:45 +0000 (20:10 +0200)
diff --git a/user_salt/mirage/files/qubes-firewall.xen b/user_salt/mirage/files/qubes-firewall.xen

new file mode 100644 (file)

index 0000000..5cba2c5

Binary files /dev/null and b/user_salt/mirage/files/qubes-firewall.xen differ
diff --git a/user_salt/mirage/init.sls b/user_salt/mirage/init.sls

new file mode 100644 (file)

index 0000000..500a73f
--- /dev/null
+++ b/user_salt/mirage/init.sls
@@ -0,0 +1,3 @@
+include:
+  - mirage.mirage--deploy-kernel
+  - mirage.mirage--create-sys-qube
diff --git a/user_salt/mirage/mirage--create-sys-qube.sls b/user_salt/mirage/mirage--create-sys-qube.sls

new file mode 100644 (file)

index 0000000..3e0ee69
--- /dev/null
+++ b/user_salt/mirage/mirage--create-sys-qube.sls
@@ -0,0 +1,28 @@
+{% if grains['id'] == 'dom0' %}
+
+mirage--create-sys-qube:
+  qvm.vm:
+    - name: sys-mirage-firewall
+    - present:
+      - class. StandaloneVM
+      - label: black
+    - prefs:
+      - kernel: mirage-firewall
+      - kernelopts: 
+      - include-in-backups: False
+      - memory: 32
+      - maxmem: 32
+      - audiovm:
+      - guivm:
+      - netvm: sys-net
+      - provides-network: True
+      - vcpus: 1
+      - virt-mode: pvh
+    - features:
+      - enable:
+        - qubes-firewall
+        - no-default-kernelopts
+    - require:
+      - file: mirage--copy
+
+{% endif %}
diff --git a/user_salt/mirage/mirage--deploy-kernel.sls b/user_salt/mirage/mirage--deploy-kernel.sls

new file mode 100644 (file)

index 0000000..453dc32
--- /dev/null
+++ b/user_salt/mirage/mirage--deploy-kernel.sls
@@ -0,0 +1,19 @@
+{% if grains['id'] == 'dom0' %}
+
+mirage--create-dir:
+  file.directory:
+    - name: /var/lib/qubes/vm-kernels/mirage-firewall
+    - user: root
+    - group: root
+    - mode: 755
+    - createdirs: True
+
+mirage--copy:
+  file.managed:
+    - name: /var/lib/qubes/vm-kernels/mirage-firewall/vmlinuz
+    - source: salt://mirage/files/qubes-firewall.xen
+    - user: root
+    - group: root
+    - mode: 644
+
+{% endif %}
diff --git a/user_salt/mirage/mireage--create-qubes.sls b/user_salt/mirage/mireage--create-qubes.sls

new file mode 100644 (file)

index 0000000..e69de29
author	Andreas Glashauser <ag@andreasglashauser.com>
	Mon, 7 Apr 2025 18:10:45 +0000 (20:10 +0200)
committer	Andreas Glashauser <ag@andreasglashauser.com>
	Mon, 7 Apr 2025 18:10:45 +0000 (20:10 +0200)
user_salt/mirage/files/qubes-firewall.xen	[new file with mode: 0644]	patch \| blob
user_salt/mirage/init.sls	[new file with mode: 0644]	patch \| blob
user_salt/mirage/mirage--create-sys-qube.sls	[new file with mode: 0644]	patch \| blob
user_salt/mirage/mirage--deploy-kernel.sls	[new file with mode: 0644]	patch \| blob
user_salt/mirage/mireage--create-qubes.sls	[new file with mode: 0644]	patch \| blob