--- /dev/null
+{% if grains['id'] == 'dom0' %}
+
+dev-python--create-qube:
+ qvm.vm:
+ - name: q-dev-python
+ - present:
+ - template: template-dev-python
+ - label: orange
+ - prefs:
+ - label: orange
+ - netvm: sys-vpn-mullvad
+ - features:
+ - set:
+ - menu-items: xterm.desktop
+ - service:
+ - enable:
+ - shutdown-idle
+ - require:
+ - qvm: dev-python--create-template
+
+{% endif %}
--- /dev/null
+{% import "templates/versions.jinja" as version %}
+
+include:
+ - templates.templates--install-fedora-minimal
+
+{% if grains['id'] == 'dom0' %}
+
+dev-python--create-template:
+ qvm.clone:
+ - name: template-dev-python
+ - source: fedora-{{ version.fedora }}-minimal
+ - class: TemplateVM
+ - require:
+ - qvm: templates--install-fedora-{{ version.fedora }}-minimal
+
+dev-python--template-prefs:
+ qvm.prefs:
+ - name: template-dev-python
+ - label: orange
+ - audiovm:
+ - guivm:
+ - netvm:
+ - require:
+ - qvm: dev-python--create-template
+
+{% endif %}
--- /dev/null
+{% if grains['id'] == 'dom0' %}
+
+dev-python--firewall:
+ cmd.run:
+ - name: |
+ qvm-firewall q-dev-python reset
+ qvm-firewall q-dev-python del accept
+ qvm-firewall q-dev-python add accept specialtarget=dns
+ qvm-firewall q-dev-python add accept proto=icmp
+ qvm-firewall q-dev-python add accept github.com proto=tcp
+ qvm-firewall q-dev-python add accept git.andreasglashauser.com proto=tcp
+ qvm-firewall q-dev-python add drop
+ - unless: |
+ CURRENT=$(qvm-firewall --raw q-dev-python list)
+ DESIRED=$(echo -e 'action=accept specialtarget=dns
+ action=accept proto=icmp
+ action=accept proto=tcp dsthost=github.com
+ action=accept proto=tcp dsthost=git.andreasglashauser.com
+ action=drop')
+ [ "$CURRENT" = "$DESIRED" ]
+ - output_loglevel: quiet
+
+{% endif %}
--- /dev/null
+{% if grains['id'] == 'template-dev-python' %}
+
+dev-phyton--install-packages:
+ pkg.installed:
+ - refresh: True
+ - pkgs:
+ - qubes-core-agent-networking
+ - qubes-app-shutdown-idle
+ - tmux
+ - neovim
+ - git
+ - git-delta
+ - python3-virtualenvwrapper
+ - tree
+
+{% endif %}
--- /dev/null
+include:
+ - dev-python.dev-python--create-template
+ - dev-python.dev-python--install-packages
+ - dev-python.dev-python--create-qube
+ - dev-python.dev-python--firewall
--- /dev/null
+dev-python--firewall:
+ cmd.run:
+ - name: |
+ # Delete all existing rules (safer than reset + manual adds)
+ qvm-firewall q-dev-python reset
+ # Add new rules in order
+ qvm-firewall q-dev-python add accept specialtarget=dns
+ qvm-firewall q-dev-python add accept proto=icmp
+ qvm-firewall q-dev-python add accept github.com proto=tcp
+ qvm-firewall q-dev-python add accept git.example.com proto=tcp
+ qvm-firewall q-dev-python add drop
+ - unless: |
+ # Capture current firewall rules in raw format
+ CURRENT=$(qvm-firewall --raw q-dev-python list)
+ # Define EXACT desired output (including formatting)
+ DESIRED='accept specialtarget=dns
+ accept proto=icmp
+ accept dsthost=github.com proto=tcp
+ accept dsthost=git.example.com proto=tcp
+ drop'
+ # Compare without trailing newlines
+ [ "$(echo "$CURRENT" | tr -d '\n')" = "$(echo "$DESIRED" | tr -d '\n')" ]
+ - output_loglevel: quiet
projects / salt-qubes.git / commitdiff