From: Andreas Glashauser <ag@andreasglashauser.com>
Date: Mon, 7 Apr 2025 18:10:45 +0000 (+0200)
Subject: ADDED: states for setting up qubes-mirage-firewall
X-Git-Url: https://git.andreasglashauser.com/?a=commitdiff_plain;h=181c130c12731d1548fbe7b2811c84853632c491;p=salt-qubes.git

ADDED: states for setting up qubes-mirage-firewall
---

diff --git a/user_salt/mirage/files/qubes-firewall.xen b/user_salt/mirage/files/qubes-firewall.xen
new file mode 100644
index 0000000..5cba2c5
Binary files /dev/null and b/user_salt/mirage/files/qubes-firewall.xen differ
diff --git a/user_salt/mirage/init.sls b/user_salt/mirage/init.sls
new file mode 100644
index 0000000..500a73f
--- /dev/null
+++ b/user_salt/mirage/init.sls
@@ -0,0 +1,3 @@
+include:
+  - mirage.mirage--deploy-kernel
+  - mirage.mirage--create-sys-qube
diff --git a/user_salt/mirage/mirage--create-sys-qube.sls b/user_salt/mirage/mirage--create-sys-qube.sls
new file mode 100644
index 0000000..3e0ee69
--- /dev/null
+++ b/user_salt/mirage/mirage--create-sys-qube.sls
@@ -0,0 +1,28 @@
+{% if grains['id'] == 'dom0' %}
+
+mirage--create-sys-qube:
+  qvm.vm:
+    - name: sys-mirage-firewall
+    - present:
+      - class. StandaloneVM
+      - label: black
+    - prefs:
+      - kernel: mirage-firewall
+      - kernelopts: 
+      - include-in-backups: False
+      - memory: 32
+      - maxmem: 32
+      - audiovm:
+      - guivm:
+      - netvm: sys-net
+      - provides-network: True
+      - vcpus: 1
+      - virt-mode: pvh
+    - features:
+      - enable:
+        - qubes-firewall
+        - no-default-kernelopts
+    - require:
+      - file: mirage--copy
+
+{% endif %}
diff --git a/user_salt/mirage/mirage--deploy-kernel.sls b/user_salt/mirage/mirage--deploy-kernel.sls
new file mode 100644
index 0000000..453dc32
--- /dev/null
+++ b/user_salt/mirage/mirage--deploy-kernel.sls
@@ -0,0 +1,19 @@
+{% if grains['id'] == 'dom0' %}
+
+mirage--create-dir:
+  file.directory:
+    - name: /var/lib/qubes/vm-kernels/mirage-firewall
+    - user: root
+    - group: root
+    - mode: 755
+    - createdirs: True
+
+mirage--copy:
+  file.managed:
+    - name: /var/lib/qubes/vm-kernels/mirage-firewall/vmlinuz
+    - source: salt://mirage/files/qubes-firewall.xen
+    - user: root
+    - group: root
+    - mode: 644
+
+{% endif %}
diff --git a/user_salt/mirage/mireage--create-qubes.sls b/user_salt/mirage/mireage--create-qubes.sls
new file mode 100644
index 0000000..e69de29