qubes-apply

python script to automate qubes saltstack

git clone https://9o.is/git/qubes-apply.git

client.sls

(2550B)

      1 {% set sshfs = salt['pillar.get']('sshfs-sync') %}
      2 
      3 ~user/.ssh/id_ed25519:
      4   file.managed:
      5     - contents_pillar: sshfs-sync:key
      6     - user: user
      7     - group: user
      8     - mode: 0600
      9     - dir_mode: 0700
     10     - makedirs: True
     11     - show_changes: False
     12 
     13 ~user/.ssh/known_hosts:
     14   file.managed:
     15     - user: user
     16     - group: user
     17     - mode: 0600
     18     - dir_mode: 0700
     19     - makedirs: True
     20     - contents: |
     21         {%- for _, server in sshfs.servers.items() %}
     22         [localhost]:{{ server.port }} ssh-ed25519 {{ server.key }}
     23         {%- endfor %}
     24 
     25 {% for name, server in sshfs.servers.items() %}
     26 {% set mount_file = server.dir | replace('/', '-') | lower | regex_replace('^-', '') + '.mount' %}
     27 
     28 {{ server.dir }}:
     29   file.directory:
     30     - user: user
     31     - group: user
     32     - mode: 0755
     33 
     34 ~user/.config/systemd/user/sshfs-{{ name }}.socket:
     35   file.managed:
     36     - user: user
     37     - group: user
     38     - makedirs: True
     39     - contents: |
     40         [Unit]
     41         Description=Forward sshfs connection for {{ name }}
     42         ConditionPathExists=/var/run/qubes-service/sshfs-{{ name }}
     43 
     44         [Socket]
     45         ListenStream=127.0.0.1:{{ server.port }}
     46         BindToDevice=lo
     47         Accept=true
     48 
     49         [Install]
     50         WantedBy=default.target
     51 
     52 ~user/.config/systemd/user/sshfs-{{ name }}@.service
     53   file.managed:
     54     - user: user
     55     - group: user
     56     - makedirs: True
     57     - contents: |
     58         [Unit]
     59         Description=Forward sshfs connection for {{ name }}
     60 
     61         [Service]
     62         ExecStart=/usr/bin/qrexec-client-vm '{{ name }}' qubes.ConnectSSH
     63         StandardInput=socket
     64         StandardOutput=inherit
     65 
     66 ~user/.config/systemd/user/{{ mount_file }}:
     67   file.managed:
     68     - user: user
     69     - group: user
     70     - makedirs: True
     71     - contents: |
     72         [Unit]
     73         Description=Mount SSHFS {{ server.dir }}
     74         ConditionPathExists=/var/run/qubes-service/sshfs-{{ name }}
     75 
     76         [Mount]
     77         What=sync-{{ sshfs.name }}@localhost:/sync
     78         Where={{ server.dir }}
     79         Type=fuse.sshfs
     80         Options=port={{ server.port }},uid=1000,gid=1000,follow_symlinks,reconnect
     81 
     82         [Install]
     83         WantedBy=default.target
     84 
     85 ~user/.config/systemd/user/default.target.wants/sshfs-{{ name }}.socket:
     86   file.symlink:
     87     - target: ~user/.config/systemd/user/sshfs-{{ name }}.socket
     88     - user: user
     89     - group: user
     90     - makedirs: True
     91 
     92 ~user/.config/systemd/user/default.target.wants/{{ mount_file }}:
     93   file.symlink:
     94     - target: ~user/.config/systemd/user/{{ mount_file }}
     95     - user: user
     96     - group: user
     97     - makedirs: True
     98 
     99 {% endfor %}
    100