qubes-salt-stuff/Makefile

SHELL = /bin/bash
.POSIX_SHELL

ifneq (,$(wildcard .bundle-env))
include .bundle-env
endif

ifeq (root,$(shell whoami))
check-root = @true
else
check-root = $(error this target requires root)
endif

ifeq (dom0,$(shell hostname))
check-dom0 = @true
check-domu = $(error this target must be run in the guest qube)
else
check-dom0 = $(error this target must be run in dom0)
check-domu = @true
endif

BUNDLEIN := .bundles/qubes-mgmt-salt


ifeq (apply, $(firstword $(MAKECMDGOALS)))
  # use the rest as arguments for "run"
  APPLY_ARGS := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
  # ...and turn them into do-nothing targets
  $(eval $(APPLY_ARGS):;@:)
endif


clean-workdir = git init -q -b $* && git diff --quiet && git diff --cached --quiet || (echo 'dirty tree; check git status' && false)

.PHONY: guard-domu
guard-domu:
	@ if [ "`hostname`" != "`qubesdb-read /name`" ]; then \
		echo "This task must be run in a guest domain"; \
		exit 1; \
	fi

.PHONY: create-bundle
create-bundle: guard-domu
	mkdir -p .bundles
	git bundle create - --all > .bundles/qubes-mgmt-salt

# cures common weird states (thanks xyhhx for the tip)
# also try `sudo rm -rf /var/cache/salt /srv/salt/_tops/*`
.PHONY: cure
cure:
	sudo rm -rf /var/cache/salt
	sudo rm -rf /srv/salt/_tops/user 
	qubesctl saltutil.clear_cache
	qubesctl saltutil.sync_all

.PHONY: pull pull/%
pull: pull/$(shell git branch --show-current)
pull/%:
	echo "check dom0"
	$(check-dom0)
	echo "clean workdir"
	$(clean-workdir)

	echo "creating bundle"
	qvm-run -p $(GUEST) "cd $(GUEST_REPO) && make create-bundle" </dev/null

	qvm-run -p $(GUEST) "cat $(GUEST_REPO)/.bundles/qubes-mgmt-salt" </dev/null >$(BUNDLEIN)

	git remote add $(GUEST) $(BUNDLEIN) || true

	git pull $(GUEST) $*:$*

	qvm-run -p $(GUEST) "cd $(GUEST_REPO) && git update-ref refs/remotes/dom0/$* $*" </dev/null

	@echo "updated branch $* from $(GUEST)"

install:
	install -D -oroot -groot -m0644 conf/z_user.conf /etc/salt/minion.d/z_user.conf
	install -D -oroot -groot -m0644 conf/overrides.conf /usr/local/etc/salt/minion.d/overrides.conf
	mkdir -p /srv/user
	ln -s $(CURDIR)/salt /srv/user/salt

.PHONY: apply
apply:
	install -D -oroot -groot -m0644 conf/z_user.conf /etc/salt/minion.d/z_user.conf
	install -D -oroot -groot -m0644 conf/overrides.conf /usr/local/etc/salt/minion.d/overrides.conf
	
	qubesctl top.enable topd
	qubesctl top.enable $(APPLY_ARGS)
	qubesctl --show-output --force-color --skip-dom0 --targets templates state.apply $(APPLY_ARGS)
	qubesctl top.disable $(APPLY_ARGS)
wip: make install task 2025-10-20 22:23:13 +02:00			`SHELL = /bin/bash`
Hmmm 2025-10-28 00:18:20 +01:00			`.POSIX_SHELL`
feat: add basic Makefile and .gitignore 2025-10-20 14:53:32 +02:00
			`ifneq (,$(wildcard .bundle-env))`
			`include .bundle-env`
			`endif`

			`ifeq (root,$(shell whoami))`
			`check-root = @true`
			`else`
			`check-root = $(error this target requires root)`
			`endif`

			`ifeq (dom0,$(shell hostname))`
			`check-dom0 = @true`
			`check-domu = $(error this target must be run in the guest qube)`
			`else`
			`check-dom0 = $(error this target must be run in dom0)`
			`check-domu = @true`
			`endif`

debug: bundle 2025-10-20 17:09:44 +02:00			`BUNDLEIN := .bundles/qubes-mgmt-salt`
feat: add basic Makefile and .gitignore 2025-10-20 14:53:32 +02:00
hmmm 2025-10-24 18:59:11 +02:00
			`ifeq (apply, $(firstword $(MAKECMDGOALS)))`
			`# use the rest as arguments for "run"`
			`APPLY_ARGS := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))`
			`# ...and turn them into do-nothing targets`
			`$(eval $(APPLY_ARGS):;@:)`
			`endif`



feat: add basic Makefile and .gitignore 2025-10-20 14:53:32 +02:00			`clean-workdir = git init -q -b $* && git diff --quiet && git diff --cached --quiet \|\| (echo 'dirty tree; check git status' && false)`

debug: bundle 2025-10-20 17:09:44 +02:00			`.PHONY: guard-domu`
			`guard-domu:`
			@ if [ "`hostname`" != "`qubesdb-read /name`" ]; then \
			`echo "This task must be run in a guest domain"; \`
			`exit 1; \`
			`fi`

wip: some more bundle debugging 2025-10-20 17:18:12 +02:00			`.PHONY: create-bundle`
debug: bundle 2025-10-20 17:09:44 +02:00			`create-bundle: guard-domu`
			`mkdir -p .bundles`
			`git bundle create - --all > .bundles/qubes-mgmt-salt`
feat: add basic Makefile and .gitignore 2025-10-20 14:53:32 +02:00
wip: add cure task 2025-10-20 23:42:41 +02:00			`# cures common weird states (thanks xyhhx for the tip)`
			# also try `sudo rm -rf /var/cache/salt /srv/salt/_tops/*`
			`.PHONY: cure`
			`cure:`
			`sudo rm -rf /var/cache/salt`
wip: add cure task 2025-10-20 23:44:17 +02:00			`sudo rm -rf /srv/salt/_tops/user`
wip: add cure task 2025-10-20 23:42:41 +02:00			`qubesctl saltutil.clear_cache`
			`qubesctl saltutil.sync_all`

debug: makefile testing 2025-10-20 15:08:03 +02:00			`.PHONY: pull pull/%`
feat: add basic Makefile and .gitignore 2025-10-20 14:53:32 +02:00			`pull: pull/$(shell git branch --show-current)`
fix: typo in Makefile pull task 2025-10-20 15:23:06 +02:00			`pull/%:`
debug: add debug echos to help figure out make pull errors 2025-10-20 15:53:33 +02:00			`echo "check dom0"`
feat: add basic Makefile and .gitignore 2025-10-20 14:53:32 +02:00			`$(check-dom0)`
debug: add debug echos to help figure out make pull errors 2025-10-20 15:53:33 +02:00			`echo "clean workdir"`
feat: add basic Makefile and .gitignore 2025-10-20 14:53:32 +02:00			`$(clean-workdir)`
wip: make install task 2025-10-20 22:23:13 +02:00
debug: add debug echos to help figure out make pull errors 2025-10-20 15:53:33 +02:00			`echo "creating bundle"`
wip: some more bundle debugging 2025-10-20 17:19:24 +02:00			`qvm-run -p $(GUEST) "cd $(GUEST_REPO) && make create-bundle" </dev/null`
feat: add basic Makefile and .gitignore 2025-10-20 14:53:32 +02:00
wip: even more bundle debugging 2025-10-20 17:20:34 +02:00			`qvm-run -p $(GUEST) "cat $(GUEST_REPO)/.bundles/qubes-mgmt-salt" </dev/null >$(BUNDLEIN)`
feat: add basic Makefile and .gitignore 2025-10-20 14:53:32 +02:00
			`git remote add $(GUEST) $(BUNDLEIN) \|\| true`
wip: make install task 2025-10-20 22:23:13 +02:00
feat: add basic Makefile and .gitignore 2025-10-20 14:53:32 +02:00			`git pull $(GUEST) $:$`
wip: make install task 2025-10-20 22:23:13 +02:00
feat: add basic Makefile and .gitignore 2025-10-20 14:53:32 +02:00			`qvm-run -p $(GUEST) "cd $(GUEST_REPO) && git update-ref refs/remotes/dom0/$* $*" </dev/null`

			`@echo "updated branch $* from $(GUEST)"`
wip: test salts based off of https://theguardian.engineering/blog/info-2024-apr-04-when-security-matters-working-with-qubes-os-at-the-guardian for practice 2025-10-20 15:44:13 +02:00
wip: make install task 2025-10-20 22:23:13 +02:00			`install:`
			`install -D -oroot -groot -m0644 conf/z_user.conf /etc/salt/minion.d/z_user.conf`
			`install -D -oroot -groot -m0644 conf/overrides.conf /usr/local/etc/salt/minion.d/overrides.conf`
wip: tweaking Make install 2025-10-20 22:46:50 +02:00			`mkdir -p /srv/user`
wip: tweaking symlink 2025-10-20 22:55:22 +02:00			`ln -s $(CURDIR)/salt /srv/user/salt`
wip: tweaking Make install 2025-10-20 22:46:50 +02:00
hmmm 2025-10-24 18:59:11 +02:00			`.PHONY: apply`
wip: tweaking Make install 2025-10-20 22:46:50 +02:00			`apply:`
wip: tweak install and apply makefile tasks 2025-10-20 23:00:53 +02:00			`install -D -oroot -groot -m0644 conf/z_user.conf /etc/salt/minion.d/z_user.conf`
			`install -D -oroot -groot -m0644 conf/overrides.conf /usr/local/etc/salt/minion.d/overrides.conf`
wip: tweaking make apply 2025-10-21 00:46:27 +02:00
hmm 2025-10-25 00:06:02 +02:00			`qubesctl top.enable topd`
hmmm 2025-10-24 18:59:11 +02:00			`qubesctl top.enable $(APPLY_ARGS)`
Hmmm 2025-10-28 00:18:20 +01:00			`qubesctl --show-output --force-color --skip-dom0 --targets templates state.apply $(APPLY_ARGS)`
hmmm 2025-10-24 18:59:11 +02:00			`qubesctl top.disable $(APPLY_ARGS)`