From: Andreas Glashauser <ag@andreasglashauser.com>
Date: Tue, 1 Apr 2025 08:13:40 +0000 (+0200)
Subject: ADDED: dedicated qube for python development
X-Git-Url: https://git.andreasglashauser.com/?a=commitdiff_plain;h=4b88d4a18f794b84b66a43f286055ce1c6cc3b3f;p=salt-qubes.git

ADDED: dedicated qube for python development
---

diff --git a/user_salt/dev-python/dev-python--create-qube.sls b/user_salt/dev-python/dev-python--create-qube.sls
new file mode 100644
index 0000000..0979ca6
--- /dev/null
+++ b/user_salt/dev-python/dev-python--create-qube.sls
@@ -0,0 +1,21 @@
+{% if grains['id'] == 'dom0' %}
+
+dev-python--create-qube:
+  qvm.vm:
+    - name: q-dev-python
+    - present:
+      - template: template-dev-python
+      - label: orange
+    - prefs:
+      - label: orange
+      - netvm: sys-vpn-mullvad
+    - features:
+      - set:
+        - menu-items: xterm.desktop
+    - service:
+      - enable:
+        - shutdown-idle
+    - require:
+      - qvm: dev-python--create-template
+
+{% endif %}
diff --git a/user_salt/dev-python/dev-python--create-template.sls b/user_salt/dev-python/dev-python--create-template.sls
new file mode 100644
index 0000000..7fc8ef0
--- /dev/null
+++ b/user_salt/dev-python/dev-python--create-template.sls
@@ -0,0 +1,26 @@
+{% import "templates/versions.jinja" as version %}
+
+include:
+  - templates.templates--install-fedora-minimal
+
+{% if grains['id'] == 'dom0' %}
+
+dev-python--create-template:
+  qvm.clone:
+    - name: template-dev-python
+    - source: fedora-{{ version.fedora }}-minimal
+    - class: TemplateVM
+    - require:
+      - qvm: templates--install-fedora-{{ version.fedora }}-minimal
+
+dev-python--template-prefs:
+  qvm.prefs:
+    - name: template-dev-python
+    - label: orange
+    - audiovm:
+    - guivm:
+    - netvm: 
+    - require:
+      - qvm: dev-python--create-template
+
+{% endif %}
diff --git a/user_salt/dev-python/dev-python--firewall.sls b/user_salt/dev-python/dev-python--firewall.sls
new file mode 100644
index 0000000..22143eb
--- /dev/null
+++ b/user_salt/dev-python/dev-python--firewall.sls
@@ -0,0 +1,23 @@
+{% if grains['id'] == 'dom0' %}
+
+dev-python--firewall:
+  cmd.run:
+    - name: |
+        qvm-firewall q-dev-python reset
+        qvm-firewall q-dev-python del accept
+        qvm-firewall q-dev-python add accept specialtarget=dns
+        qvm-firewall q-dev-python add accept proto=icmp
+        qvm-firewall q-dev-python add accept github.com proto=tcp
+        qvm-firewall q-dev-python add accept git.andreasglashauser.com proto=tcp
+        qvm-firewall q-dev-python add drop
+    - unless: |
+        CURRENT=$(qvm-firewall --raw q-dev-python list)
+        DESIRED=$(echo -e 'action=accept specialtarget=dns
+        action=accept proto=icmp
+        action=accept proto=tcp dsthost=github.com
+        action=accept proto=tcp dsthost=git.andreasglashauser.com
+        action=drop')
+        [ "$CURRENT" = "$DESIRED" ]
+    - output_loglevel: quiet
+
+{% endif %}
diff --git a/user_salt/dev-python/dev-python--install-packages.sls b/user_salt/dev-python/dev-python--install-packages.sls
new file mode 100644
index 0000000..6d13b22
--- /dev/null
+++ b/user_salt/dev-python/dev-python--install-packages.sls
@@ -0,0 +1,16 @@
+{% if grains['id'] == 'template-dev-python' %}
+
+dev-phyton--install-packages:
+  pkg.installed:
+    - refresh: True
+    - pkgs:
+      - qubes-core-agent-networking
+      - qubes-app-shutdown-idle
+      - tmux
+      - neovim
+      - git
+      - git-delta
+      - python3-virtualenvwrapper
+      - tree
+
+{% endif %}
diff --git a/user_salt/dev-python/init.sls b/user_salt/dev-python/init.sls
new file mode 100644
index 0000000..1d22dc9
--- /dev/null
+++ b/user_salt/dev-python/init.sls
@@ -0,0 +1,5 @@
+include:
+  - dev-python.dev-python--create-template
+  - dev-python.dev-python--install-packages
+  - dev-python.dev-python--create-qube
+  - dev-python.dev-python--firewall
diff --git a/user_salt/dev-python/test b/user_salt/dev-python/test
new file mode 100644
index 0000000..db46141
--- /dev/null
+++ b/user_salt/dev-python/test
@@ -0,0 +1,23 @@
+dev-python--firewall:
+  cmd.run:
+    - name: |
+        # Delete all existing rules (safer than reset + manual adds)
+        qvm-firewall q-dev-python reset
+        # Add new rules in order
+        qvm-firewall q-dev-python add accept specialtarget=dns
+        qvm-firewall q-dev-python add accept proto=icmp
+        qvm-firewall q-dev-python add accept github.com proto=tcp
+        qvm-firewall q-dev-python add accept git.example.com proto=tcp
+        qvm-firewall q-dev-python add drop
+    - unless: |
+        # Capture current firewall rules in raw format
+        CURRENT=$(qvm-firewall --raw q-dev-python list)
+        # Define EXACT desired output (including formatting)
+        DESIRED='accept specialtarget=dns
+        accept proto=icmp
+        accept dsthost=github.com proto=tcp
+        accept dsthost=git.example.com proto=tcp
+        drop'
+        # Compare without trailing newlines
+        [ "$(echo "$CURRENT" | tr -d '\n')" = "$(echo "$DESIRED" | tr -d '\n')" ]
+    - output_loglevel: quiet