Commit 35016f1d authored by Michał Woźniak's avatar Michał Woźniak

initial commit

parents
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
debian-9-desktop:
qvm.clone:
- source: debian-9
- label: black
#debian-9-desktop.prefs:
# qvm.prefs:
# - name: debian-9-desktop
# - netvm:
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
base:
dom0:
- rysieks-qubes.debian-9-desktop
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
"dnf list updates --refresh >/dev/null":
cmd.run
[Desktop Entry]
Version=1.0
Name=btmouse
GenericName=Connect Bluetooth Mouse
X-GNOME-FullName=Connect a Bluetooth Mouse
Comment=Very rysiek-specific way of connecting a Bluetooth mouse in sys-usb
Type=Application
Exec=sh -c "( sleep 1; echo 'scan on'; sleep 10; echo 'pair 98:FD:B4:70:44:49'; sleep 10; echo 'trust 98:FD:B4:70:44:49'; sleep 2; echo 'connect 98:FD:B4:70:44:49'; sleep 5 ) | sudo bluetoothctl"
Categories=Network;HID
StartupNotify=false
Icon=/usr/share/icons/HighContrast/scalable/devices/input-mouse.svg
# pinning the unstable repository
Package: *
Pin: release a=unstable
Pin-Priority: 90
{
"graph":"/rw/var/lib/docker/"
}
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFit5IEBEADDt86QpYKz5flnCsOyZ/fk3WwBKxfDjwHf/GIflo+4GWAXS7wJ
1PSzPsvSDATV10J44i5WQzh99q+lZvFCVRFiNhRmlmcXG+rk1QmDh3fsCCj9Q/yP
w8jn3Hx0zDtz8PIB/18ReftYJzUo34COLiHn8WiY20uGCF2pjdPgfxE+K454c4G7
gKFqVUFYgPug2CS0quaBB5b0rpFUdzTeI5RCStd27nHCpuSDCvRYAfdv+4Y1yiVh
KKdoe3Smj+RnXeVMgDxtH9FJibZ3DK7WnMN2yeob6VqXox+FvKYJCCLkbQgQmE50
uVK0uN71A1mQDcTRKQ2q3fFGlMTqJbbzr3LwnCBE6hV0a36t+DABtZTmz5O69xdJ
WGdBeePCnWVqtDb/BdEYz7hPKskcZBarygCCe2Xi7sZieoFZuq6ltPoCsdfEdfbO
+VBVKJnExqNZCcFUTEnbH4CldWROOzMS8BGUlkGpa59Sl1t0QcmWlw1EbkeMQNrN
spdR8lobcdNS9bpAJQqSHRZh3cAM9mA3Yq/bssUS/P2quRXLjJ9mIv3dky9C3udM
+q2unvnbNpPtIUly76FJ3s8g8sHeOnmYcKqNGqHq2Q3kMdA2eIbI0MqfOIo2+Xk0
rNt3ctq3g+cQiorcN3rdHPsTRSAcp+NCz1QF9TwXYtH1XV24A6QMO0+CZwARAQAB
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgcnBtKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
BBMBCgAhBQJYrep4AhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMUv62ti
Hp816C0P/iP+1uhSa6Qq3TIc5sIFE5JHxOO6y0R97cUdAmCbEqBiJHUPNQDQaaRG
VYBm0K013Q1gcJeUJvS32gthmIvhkstw7KTodwOM8Kl11CCqZ07NPFef1b2SaJ7l
TYpyUsT9+e343ph+O4C1oUQw6flaAJe+8ATCmI/4KxfhIjD2a/Q1voR5tUIxfexC
/LZTx05gyf2mAgEWlRm/cGTStNfqDN1uoKMlV+WFuB1j2oTUuO1/dr8mL+FgZAM3
ntWFo9gQCllNV9ahYOON2gkoZoNuPUnHsf4Bj6BQJnIXbAhMk9H2sZzwUi9bgObZ
XO8+OrP4D4B9kCAKqqaQqA+O46LzO2vhN74lm/Fy6PumHuviqDBdN+HgtRPMUuao
xnuVJSvBu9sPdgT/pR1N9u/KnfAnnLtR6g+fx4mWz+ts/riB/KRHzXd+44jGKZra
IhTMfniguMJNsyEOO0AN8Tqcl0eRBxcOArcri7xu8HFvvl+e+ILymu4buusbYEVL
GBkYP5YMmScfKn+jnDVN4mWoN1Bq2yMhMGx6PA3hOvzPNsUoYy2BwDxNZyflzuAi
g59mgJm2NXtzNbSRJbMamKpQ69mzLWGdFNsRd4aH7PT7uPAURaf7B5BVp3UyjERW
5alSGnBqsZmvlRnVH5BDUhYsWZMPRQS9rRr4iGW0l+TH+O2VJ8aQ
=0Zqq
-----END PGP PUBLIC KEY BLOCK-----
/*
* sane policies for Firefox pre-60
*/
pref("browser.rights.3.shown", true)
{
"policies": {
"SearchEngines": {
"Default": "DuckDuckGo"
},
"OverrideFirstRunPage": "",
"OverridePostUpdatePage": "",
"DisablePocket": true,
"DisableTelemetry": true,
"Extensions": {
"Install": [
"https://addons.mozilla.org/firefox/downloads/file/920364/privacy_badger.xpi"
]
},
"OfferToSaveLogins": false,
"FlashPlugin": {
"Default": false,
"Locked": true
}
}
}
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFmDON0BEADJyW/bz1qk/EqaJfXlWh1wON8ntVfSo309klt2PN/mkbTnOL5d
Qc8UA3aVzgwITHybagTOTrxyooTbmY3bo0vF1bZ97Ojj+YCSXkAP33iCKZ0gMCbY
mqnyGH+uc3UwDEekU15m+KGM9oP1DTBos0IF/kyLQBKQOvTSuQmwLmv39gI5apW2
qiVFgZamdX1FB5uAY/FcbfCBmpD0JLT7Fb/DLarlWXSzQ/Rx14Aq+XhDkaaxmrWM
0K7xyTCEOpDoy1M3hD/BFYl++3D2ep4Br+qdywyaRC14cYS+ppjZ/BcU/KHYz8F3
qdsNNGOdZBJXuYftMFnJAHE20ij7GDB2mVvHDfig7QOmmZW7q8JfVWwOGtdhTaT7
ez5Ot0wvx50/eZJdezspogmos6jxuMbzXyB0ua7tYCh4y/eGmKG6nQ5HEJLcpir6
m+7SeZ0l6WYRzTEhY0lNSOpi7RmttEGVjDBQ3OZyy1zhLKuY0lzOgTT7eVPa/v7m
xiL6J1nZJ/BSsZMACre7SgHNThnIV5dBDgjPb5gbq2ZUAdQ0enwF4oAWYyhtYQ1f
Qh96NQa5wXnaBEhEum/opnUYmWSwAmpAEBGNxQomQhWe3R397KUnLAu3P/r5kuTB
2SiEz4BAJxfScQQZ+CpcLT0neg+W+ZOZTcdpqQ19F/qSMzgzysX9ZFjPSQARAQAB
tChNYWlscGlsZSBQYWNrYWdlcyA8cGFja2FnZXNAbWFpbHBpbGUuaXM+iQI4BBMB
AgAiBQJZgzjdAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCQURiQyusb
FfksEACBpwRwLQ90OpUnjiHXCzH74UOB66ld1/jx2dlGIS/Fkj0ScmP11rtyaaix
yrFEVP7OKzJAdsBazMc20R0kgGFGI0doObmn8aa7hzTEzXlIHyz/N4S+tITL3wyL
pkPNAPIeU4T0dMgOpKoiu6PadE3AeLZywonp4jYEp3VG7LPp+jib6WktjHE4Vwh6
317Uml89tP3pRqCo8PmWzQ70HoDSMt518bFTomy7vmAxw6g+/FCC3GNEiS/WXIHC
hHu1jVJ5sFNcfXo9Q3zR90goAt43D9JVuyib0nfNAtB4wN+Art1eyeyhkrh45CXW
xKOYJdbrtf4mfj1+xSMXnB1VulVAEAgwR3ArQElH76ArTHMqjfCO71mFSyyvldpf
c6Wa6l62QCaBTN4WBxwx1v3fiMnEtqzkXUpmXFqZeGeLZAyVcHTwFnYqkloaIEo1
IDEIliOBCIlr7tKyRl/RPt1LWYTWoArDkcfCIOoGG3enSg2UYK4bflaCVhBgzAot
ODz0MKXXxRYT+7oDcsgVrIz3NtrXNrIXNp+yuGqfmoU1bXIBL4egRcr9ZpJ/2DBX
5TDT5jxm/R+U4RrUMpY2U7CsptvTOjXmHIfNYEC+rhKXKgN/TWYkgaz/T0lEZZos
BmOWE7wDE9rQ96ns8g5diFbrpRl58mFN+xgaU0xnRAOX4FTZrrkCDQRZgzjdARAA
tnDdiPI8Aw5MFCTwGnZtLAD8Ovl6wsfsDYlxxz6HMZqJEHVPnbab8DLBMRbmPNTC
ToBi/UQ5EHSmoeCq5zWw/9CPn3XrFM6Xa53Hv8XyqcIwAMe4FHmVX0PoXgItSACn
YJlAh6z2aeOa4F5dCeP3pv6wjhmnSCZP97p7RuiIj+W3wOjVjjssKPY5sTdARr7C
LIwUW6DAnjXv2ssp2nwbULrF1w0tmt2/rCE3uBSR8BLvfmtVWToxORWgXtS9ZCdB
c8BNV7hOvc2s8Jt92QbzF6Ji7DppJid1voZgq948bhuFeBsPT2t8shL/lFjbdsIy
R3aX79kQC+ifMYCiRJjdRzcEm9VjwMIeWdQLfgAtJLDJS1Y2CyS3nSVgWvMq54dt
FqCrTEUa55fz0EqjB5f1n/v5ny5Bj3bPNpq9R68XD57oTyWsl/y3C3ck5aAPDTHG
JLczDT8SNUg4QcapZdIoJI79qy+ATCTAZCer4FKyBf57kwd8nMtmrqaH5WgzhxIh
evV69XqjVcQxrZ0KmPrtF9TiTCp/gRAEUc6UmgHZJGMG7CsxQpY0jekISPXd1f89
Gm/QfReB4OTEvWCBGnoeksWlKcYymG4dY6ZJezVi/bQ+vPcqHSYLI5bCxP7aPAQR
lIimqnUEJru7mJ54na5PEyYkMMsudiJzpe17TqNBI90AEQEAAYkCHwQYAQIACQUC
WYM43QIbDAAKCRCQURiQyusbFYRXD/9d97kv4xDk0MTPj13hKPBILsr7mUJr6qoo
4o0SiLpOUNIrH/ILo7lT7zAx4hKPiz0uw+h9/VeosskASCa2/TP6kt0UBdFqJm+v
GrVCKC6kfNVujjqiCEMZ/Armo25BAAVdmRibMXSORW8HT3qJoEdVPQ2XBbaSh0Xz
zS7X3JEqYvvSBf715EM4qROJCYVG5NVmRLguqyl2jRTeQWM2e02vAQhTRkwTQTe4
K3UITX5eIhQH735M3OKOliqIAeTNWWeAlgGPeZvDYbvM3oqX2X3oDFNGuMzLLmQm
4p3C4hPJGXo1yoDI0l2BiW5vBNf0ZIkekCHOGdrK1H+SW6ljW0F6MtZ8o81HO7CU
3vUzQXUiK1VWdRgP9nO691/tx3XwAEe1XNvnmM9z4EZTlk0Hz0LPp4bglj3ehNum
hjmrB6f5biLf95ulhfi0TVSXJMUp6jrPEzK+FrWm6MArOwKXIRRadk8NZjHs8ZJK
672K+gFIPTbO1t9eUFNTlipvWLK5YG6BnamhU30rRnC9NP1Du5xNn0kE3sjCR+ZN
wXlyfUBWwjZs05Rrb4PWlMLVR5coziEDvzNWZEVJ/MSzmu156d+G8Cxyr2vwNMNe
1R2RmffRfE/We6hhZmTie78L36kkXvXPZR20Zdmp9HefYxIx3rHgiSFiwG/9ISUY
DTfLO3rGfw==
=xu53
-----END PGP PUBLIC KEY BLOCK-----
[Desktop Entry]
Version=1.0
Name=Mailpile
GenericName=E-mail Client
X-GNOME-FullName=Mailpile Personal Web-mail Client
Comment=A privacy-focused e-mail client with a web-based user interface
Type=Application
Exec=mailpile
TryExec=mailpile
# this is necessary, sadly; Mailpile needs a terminal window...
Terminal=true
Categories=Network;Email;GTK
StartupNotify=true
Icon=/usr/share/mailpile/default-theme/img/logo-color.svg
[Desktop Entry]
Version=1.0
Name=n900pa
GenericName=PulseAudio Shenanigans
X-GNOME-FullName=Point PulseAudio to the N900
Comment=Very rysiek-specific way of pushing audio out to a particular PulseAudio server
Type=Application
Exec=sh -c "pactl load-module module-tunnel-sink-new server=192.168.0.11 sink_name=n900 sink_properties=device.description=N900 && pacmd set-default-sink 1"
Categories=Network;Audio
StartupNotify=false
Icon=/usr/share/gnome-control-center/icons/hicolor/scalable/devices/audio-subwoofer.svg
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFjlSicBEACgho//0EzxuvuCn01LwFqGAgwPKcSSl4L+AWws5/YbsZZvmTBk
ggIiVOCIMh+d3cmGu5W3ydaeUbWbFGNsxO44EB5YBZcuLa5EzRKbNPVaOXKXmhp+
w0mEbkoKbF+3mz3lifwBnzcBpukyJDgcJSq8cXfq5JsDPR1KAL6ph/kwKeiDNg+8
oFgqfboukK56yPTYc9iM8hkTFdx9L6JCJaZGaDMfihoQm2caKAmqc+TlpgtKbBL0
t5hrzDpCPpJvCddu1NRysTcqfACSSocvoqY0dlbNPMN8j04LH8hcKGFipuLdI8qx
BFqlMIQJCVJhr05E8rEsI4nYEyG44YoPopTFLuQa+wewZsQkLwcfYeCecU1KxlpE
OI3xRtALJjA/C/AzUXVXsWn7Xpcble8i3CKkm5LgX5zvR6OxTbmBUmpNgKQiyxD6
TrP3uADm+0P6e8sJQtA7DlxZLA6HuSi+SQ2WNcuyLL3Q/lJE0qBRWVJ08nI9vvxR
vAs20LKxq+D1NDhZ2jfG2+5agY661fkx66CZNFdz5OgxJih1UXlwiHpn6qhP7Rub
OJ54CFb+EwyzDVVKj3EyIZ1FeN/0I8a0WZV6+Y/p08DsDLcKgqcDtK01ydWYP0tA
o1S2Z7Jsgya50W7ZuP/VkobDqhOmE0HDPggX3zEpXrZKuMnRAcz6Bgi6lwARAQAB
tDFPcGVuIFdoaXNwZXIgU3lzdGVtcyA8c3VwcG9ydEB3aGlzcGVyc3lzdGVtcy5v
cmc+iQI3BBMBCgAhBQJY5UonAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
ENmAoXRX9vsGU00P/RBPPc5qx1EljTW3nnTtgugORrJhYl1CxNvrohVovAF4oP1b
UIGT5/3FoDsxJHSEIvorPFSaG2+3CBhMB1k950Ig2c2n+PTnNk6D0YIUbbEI0KTX
nLbCskdpy/+ICiaLfJZMe11wcQpkoNbG587JdQwnGegbQoo580CTSsYMdnvGzC8A
l1F7r37RVZToJMGgfMKK3oz8xIDXqOe5oiiKcV36tZ5V/PCDAu0hXYBRchtqHlHP
cKWeRTb1aDkbQ7SPlJ2bSvUjFdB6KahlSGJl3nIU5zAH2LA/tUQY16Z1QaJmfkEb
RY61B/LPv1TaA1SIUW32ej0NmeF09Ze4Cggdkacxv6E+CaBVbz5rLh6m91acBibm
pJdGWdZyQU90wYFRbSsqdDNB+0DvJy6AUg4e5f79JYDWT/Szdr0TLKmdPXOxa1Mb
i34UebYI7WF7q22e7AphpO/JbHcD+N6yYtN6FkUAmJskGkkgYzsM/G8OEbBRS7A+
eg3+NdQRFhKa7D7nIuufXDOTMUUkUqNYLC+qvZVPJrWnK9ZsGKsP0EUZTfEGkmEN
UzmASxyMMe6JHmm5Alk4evJeQ31U5jy7ntZSWEV1pSGmSEJLRNJtycciFJpsEp/p
LkL0iFb30R9bHBp6cg7gjXbqZ9ZpEsxtZMBuqS70ZZyQdu2yGDQCBk7eLKCjuQIN
BFjlSicBEACsxCLVUE7UuxsEjNblTpSEysoTD6ojc2nWP/eCiII5g6SwA/tQKiQI
ZcGZsTZB9kTbCw4T3hVEmzPl6u2G6sY9Kh1NHKMR3jXvMC+FHODhOGyAOPERjHCJ
g20XF2/Gg462iW8e3lS7CQBzbplUCW/oMajj2Qkc61NLtxxzsssXjCKExub2HxCQ
AYtenuDtLU73G75BoghWJ19dIkodnEI0/fzccsgiP5xeVgmkWJPo9xKJtrBS5gcS
s7yaGY9YYo71RFzkpJpeAeLrJJqt+2KqH1u0EJUbs8YVGXKlnYeSNisg4OaRsldW
JmDDCD5WUdFq2LNdVisfwirgjmwYpLrzVMbmzPvdmxQ1NYzJsX4ARSL/wuKCvEub
gh1AR5oV7mUEA9I3KRH0TIDOnH4nGG3kqArzrV2E1WtnNzFII0IN9/48xY7Vkxs7
Oil+E+wCpzUv/tF4ALx5TAXoPd66ddEOxzDrtBpEzsouszt7uUyncyT3X6ip5l9f
mI4uxbsjwkLVfd1WpD1uvp869oyx6wtHluswr1VY/cbnHO8J6J35JVMhYQdMOaTZ
rX6npe/YOHJ4a7YzLMfdrxyzK1wq5xu/9LgclMTdIhAKvnaXBg41jsid5n0GdIeW
ek8WAVNyvuvoTwm3GG6+/pkTwu0J79lAMD1mhJsuSca6SFNgYnd+PQARAQABiQIf
BBgBCgAJBQJY5UonAhsMAAoJENmAoXRX9vsGvRgQAJ4tWnK2TncCpu5nTCxYMXjW
LuvwORq8EBWczHS6SjLdwmSVKGKSYtl2n6nCkloVY6tONMoiCWmtcq7SJMJoyZw3
XIf82Z39tzn/conjQcP0aIOFzww1XG7YiaTAhsDZ62kchukI52jUYm2w8cTZMEZB
oIwIWBpmLlyaDhjIM5neY5RuL7IbIpS/fdk2lwfAwcNq6z/ri2E5RWl3AEINdLUO
gAiVMagNJaJ+ap7kMcwOLoI2GD84mmbtDWemdUZ3HnqLHv0mb1djsWL6LwjCuOgK
l2GDrWCh18mE+9mVB1Lo7jzYXNSHXQP6FlDE6FhGO1nNBs2IJzDvmewpnO+a/0pw
dCerATHWtrCKwMOHrbGLSiTKEjnNt/74gKjXxdFKQkpaEfMFCeiAOFP93tKjRRhP
5wf1JHBZ1r1+pgfZlS5F20XnM2+f/K1dWmgh+4Grx8pEHGQGLP+A22O7iWjg9pS+
LD3yikgyGGyQxgcN3sJBQ4yxakOUDZiljm3uNyklUMCiMjTvT/F02PalQMapvA5w
7Gwg5mSI8NDs3RtiG1rKl9Ytpdq7uHaStlHwGXBVfvayDDKnlpmndee2GBiU/hc2
ZsYHzEWKXME/ru6EZofUFxeVdev5+9ztYJBBZCGMug5Xp3Gxh/9JUWi6F1+9qAyz
N+O606NOXLwcmq5KZL0g
=zyVo
-----END PGP PUBLIC KEY BLOCK-----
[Desktop Entry]
Version=1.0
Name=un900pa
GenericName=PulseAudio Shenanigans
X-GNOME-FullName=Point PulseAudio back from the N900
Comment=Very rysiek-specific way of unpushing audio out to a particular PulseAudio server
Type=Application
Exec=sh -c "pactl list | egrep '(N900|Owner)' | grep -A 1 'Description: N900' | grep Owner | sed -r -e 's/Owner Module: //g' | xargs pactl unload-module"
Categories=Network;Audio
StartupNotify=false
Icon=/usr/share/gnome-control-center/icons/hicolor/scalable/devices/audio-speaker-mono.svg
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
qube.uptodate:
pkg.uptodate:
- refresh: True
# ID: dnf list updates --refresh >/dev/null
# Function: cmd.run
# Result: True
# Comment: Command "dnf list updates --refresh >/dev/null" run
# Started: 09:58:52.249058
# Duration: 128886.931 ms
# Changes:
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
#
# split-ssh *client* qube config (not template!)
#
"/rw/config/rc.local":
file.append:
- source: /opt/qubes-app-split-ssh/rc.local_client
"/home/user/.bashrc":
file.append:
- source: /opt/qubes-app-split-ssh/bashrc_client
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
#
# split-ssh *vault* qube config (not template!)
#
"/home/user/.config/autostart/ssh-add.desktop":
file.managed:
- source: /opt/qubes-app-split-ssh/ssh-add.desktop_ssh_vault
- user: user
- group: user
- mode: 755
- makedirs: True
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
base:
ssh-vault:
- rysieks-qubes.split-ssh-vault
'L@personal,work,comms':
- rysieks-qubes.split-ssh-client
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
wireguard-pcap:
pkg.installed:
- pkgs:
- tcpdump
- ngrep
- wireshark
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
include:
- rysieks-qubes.templates-basic-utils-common
- rysieks-qubes.templates-basic-utils-debian
debian-unstable.repo:
pkgrepo.managed:
- humanname: Debian Unstable
- name: deb http://deb.debian.org/debian/ unstable main
- dist: unstable
- file: /etc/apt/sources.list.d/debian-unstable.list
/etc/apt/preferences.d/debian-unstable.pref:
file.managed:
- source: salt://rysieks-qubes/files/debian-unstable.pref
- user: root
- group: root
- mode: 600
sys-wireguard.uptodate:
pkg.uptodate:
- refresh: True
wireguard:
pkg.installed:
- fromrepo: unstable
wireguard.loaded:
kmod.present:
- name: wireguard
- persist: True
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
sys-wireguard.present:
qvm.present:
- name: sys-wireguard
- template: debian-9
- label: gray
- flags:
- proxy
- standalone
- hvm
- net
sys-wireguard.prefs:
qvm.prefs:
- name: sys-wireguard
- netvm: sys-outline
- kernel: ""
- autostart: true
- provides-network: true
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
base:
dom0:
- rysieks-qubes.sys-wireguard
sys-wireguard:
- rysieks-qubes.sys-wireguard-setup
- rysieks-qubes.sys-wireguard-pcap
#- rysieks-qubes.sys-wireguard-config
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
sys-usb:
qvm.prefs:
- label: gray
sys-net:
qvm.prefs:
- label: gray
sys-firewall:
qvm.prefs:
- label: gray
sys-whonix:
qvm.prefs:
- label: gray
sys-wireguard:
qvm.prefs:
- label: gray
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
base:
dom0:
- rysieks-qubes.sys
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
'uname -a':
cmd.run
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
base:
#'fedora-29':
# - rysieks-qubes.targeting-test
'I@qubes:type:template and debian*':
- rysieks-qubes.targeting-test
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
templates-basic-utils-common.packages:
pkg.installed:
- pkgs:
- mc
- screen
- mosh
- pwgen
- curl
- gnupg
- diceware
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
templates-basic-utils-debian.packages:
pkg.installed:
- pkgs:
- vim
- apt-transport-https
- nmap
- ssh-askpass-gnome
- git
- knot-dnsutils
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
templates-basic-utils-fedora.packages:
pkg.installed:
- pkgs:
- vim-enhanced
- nmap-ncat
- git-core
- bind-utils
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
blueman:
pkg.installed
"/usr/share/applications/btmouse.desktop":
file.managed:
- source: salt://rysieks-qubes/files/btmouse.desktop
- user: root
- group: root
- mode: 644
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
templates-desktop-tools-common.packages:
pkg.installed:
- pkgs:
- kate
- kwrite
- libreoffice
- vlc
- xclip
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
templates-desktop-tools-debian.packages:
pkg.installed:
- pkgs:
- konsole
- basket
- owncloud-client
- nautilus
- keyringer
- libreoffice-l10n-pl
- libreoffice-l10n-ru
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
templates-desktop-tools-fedora.packages:
pkg.installed:
- pkgs:
- kate-plugins
- konsole5
- libgnome-keyring
- nextcloud-client
- openssh-askpass
- libreoffice-langpack-pl
- libreoffice-langpack-ru
- virt-manager
- pandoc
- texlive-latex
- texlive-collection-fontsrecommended
- quassel-client
- chromium
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
/etc/docker/daemon.json:
file.managed:
- source: salt://rysieks-qubes/files/docker/daemon.json
- user: root
- group: root
- mode: 644
- makedirs: True
/etc/pki/rpm-gpg/docker-ce-repo-key:
file.managed:
- source: salt://rysieks-qubes/files/docker/docker-ce-repo-key.asc
- user: root
- group: root
- mode: 644
docker-ce-stable:
pkgrepo.managed:
- humanname: Docker CE Stable - Fedora
- baseurl: https://download.docker.com/linux/fedora/$releasever/$basearch/stable
- gpgcheck: 1
- gpgkey: file:///etc/pki/rpm-gpg/docker-ce-repo-key
templates-docker-fedora.packages:
pkg.installed:
- refresh: True
- pkgs:
- docker-ce
- docker-compose
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
base:
'I@qubes:type:template and fedora-*':
- rysieks-qubes.templates-docker-fedora
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
templates-firefox-setup-debian.packages:
pkg.installed:
- pkgs:
- xul-ext-ublock-origin
- xul-ext-https-everywhere
- xul-ext-noscript
/usr/lib64/firefox/distribution/policies.json:
file.managed:
- source: salt://rysieks-qubes/files/firefox/policies.json
- user: root
- group: root
- mode: 644
- makedirs: True
/usr/lib64/firefox/defaults/pref/policies.js:
file.managed:
- source: salt://rysieks-qubes/files/firefox/policies.js
- user: root
- group: root
- mode: 644
- makedirs: True
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
templates-firefox-setup-fedora.packages:
pkg.installed:
- pkgs:
- mozilla-ublock-origin
- mozilla-https-everywhere
- mozilla-noscript
/usr/lib64/firefox/distribution/policies.json:
file.managed:
- source: salt://rysieks-qubes/files/firefox/policies.json
- user: root
- group: root
- mode: 644
- makedirs: True
/usr/lib64/firefox/defaults/pref/policies.js:
file.managed:
- source: salt://rysieks-qubes/files/firefox/policies.js
- user: root
- group: root
- mode: 644
- makedirs: True
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
mailpile-nightly.repo:
pkgrepo.managed:
- humanname: Mailpile Nightly
- name: deb https://packages.mailpile.is/deb nightly main
- dist: nightly
- file: /etc/apt/sources.list.d/000-mailpile.list
- key_url: salt://rysieks-qubes/files/mailpile-repo-key.asc
mailpile:
pkg.installed
"/usr/share/applications/mailpile.desktop":
file.managed:
- source: salt://rysieks-qubes/files/mailpile.desktop
- user: root
- group: root
- mode: 644
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
templates-media-setup-fedora.packages:
pkg.installed:
- pkgs:
- clementine
- ffmpeg-libs
- gstreamer1-plugins-base
- gstreamer1-plugins-good
- gstreamer1-plugins-bad-free
- gstreamer1-plugins-ugly-free
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
simple-mtpfs:
pkg.installed
gvfs-mtp:
pkg.installed
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
pavucontrol:
pkg.installed
"/usr/share/applications/n900pa.desktop":
file.managed:
- source: salt://rysieks-qubes/files/n900pa.desktop
- user: root
- group: root
- mode: 644
"/usr/share/applications/un900pa.desktop":
file.managed:
- source: salt://rysieks-qubes/files/un900pa.desktop
- user: root
- group: root
- mode: 644
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
signal-desktop.repo:
pkgrepo.managed:
- humanname: Signal Desktop
- name: deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main
- dist: xenial
- file: /etc/apt/sources.list.d/000-signal.list
- key_url: salt://rysieks-qubes/files/signal-repo-key.asc
signal-desktop:
pkg.installed
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
#
# split-ssh *code* in templates
#
"https://github.com/henn/qubes-app-split-ssh.git":
git.latest:
- target: "/opt/qubes-app-split-ssh/"
- branch: master
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
#
# split-ssh *vault* template config
#
"/etc/qubes-rpc/qubes.SshAgent":
file.managed:
- source: /opt/qubes-app-split-ssh/qubes.SshAgent
- user: root
- group: root
- mode: 644
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
#
# ToDo: better matching!
# i.e. functionality-based (templates-only, etc)
base:
# because dnf sux I guess?
'fedora-* and I@qubes:type:template':
- rysieks-qubes.fedora-uptodate
# all templates
'I@qubes:type:template':
- rysieks-qubes.qube-uptodate
- rysieks-qubes.templates-basic-utils-common
# all debian-based templates
'I@qubes:type:template and ( debian-* or ( whonix-ws-* and not *-dvm ) )':
- rysieks-qubes.templates-basic-utils-debian
- rysieks-qubes.templates-split-ssh-code
# debian-based desktop templates
'I@qubes:type:template and ( debian-*-desktop or whonix-ws-* )':
- rysieks-qubes.templates-desktop-tools-common
- rysieks-qubes.templates-desktop-tools-debian
# the debian desktop template
'I@qubes:type:template and debian-*-desktop':
- rysieks-qubes.templates-firefox-setup-debian
- rysieks-qubes.templates-mailpile-debian
- rysieks-qubes.templates-signal-debian
# the template used for split-ssh vault
'I@qubes:type:template and E@^debian-[0-9]$':
- rysieks-qubes.templates-split-ssh-vault
# fedora templates
'I@qubes:type:template and fedora-*':
- rysieks-qubes.templates-basic-utils-fedora
- rysieks-qubes.templates-split-ssh-code
- rysieks-qubes.templates-desktop-tools-common
- rysieks-qubes.templates-desktop-tools-fedora
- rysieks-qubes.templates-bluetooth-fedora
- rysieks-qubes.templates-media-setup-fedora
- rysieks-qubes.templates-mtp-fedora
- rysieks-qubes.templates-firefox-setup-fedora
- rysieks-qubes.templates-n900pa
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :