qubes-apply

python script to automate qubes saltstack
git clone https://9o.is/git/qubes-apply.git
init.sls

(1326B)
      1 {% set wg = salt['pillar.get']('wireguard') %}
      2 
      3 /rw/config/wireguard:
      4   file.directory:
      5     - dir_mode: 0700
      6     - file_mode: 0600
      7 
      8 /rw/config/rc.local.d/290-wireguard-symlink.rc:
      9   file.managed:
     10     - mode: 0755
     11     - makedirs: True
     12     - contents: |
     13         #!/usr/bin/bash
     14         rm -rf /etc/wireguard
     15         ln -s /rw/config/wireguard /etc/wireguard
     16 
     17 {% for name in wg.imports %}
     18 
     19 {% set config = wg.config.default %}
     20 {% set _ = config.update(wg.config[name]) %}
     21 
     22 /rw/config/wireguard/{{ name }}.conf:
     23   file.managed:
     24     - mode: 0600
     25   ini.options_present:
     26     - separator: "="
     27     - sections:
     28         Interface:
     29           Address: {{ config.Address }}
     30           PrivateKey: {{ config.PrivateKey }}
     31           PostUp: {{ config.PostUp }}
     32         Peer:
     33           PublicKey: {{ config.PublicKey }}
     34           AllowedIPs: {{ config.AllowedIPs }}
     35           Endpoint: {{ config.Endpoint ~ ':' ~ config.Port }}
     36 
     37 {% endfor %}
     38 
     39 {% if wg.autoconnect %}
     40 
     41 /rw/config/rc.local.d/299-wireguard-autoconnect.rc:
     42   file.managed:
     43     - mode: 0755
     44     - makedirs: True
     45     - contents: |
     46         #!/usr/bin/bash
     47         [[ "${HOSTNAME}" =~ ^.+-dvm$ ]] && exit 0
     48         connect {{ wg.autoconnect }}
     49 
     50 {% endif %}
     51 
     52 /usr/local/bin/connect:
     53   file.managed:
     54     - source: salt://{{ slspath }}/files/connect
     55     - mode: 0755
     56     - makedirs: True