wip: test salts based off of https://theguardian.engineering/blog/info-2024-apr-04-when-security-matters-working-with-qubes-os-at-the-guardian for practice
This commit is contained in:
mustard
parent
91d1b9df07
commit
37bf73a3ab
3 changed files with 28 additions and 0 deletions
7
Makefile
7
Makefile
|
|
@ -44,3 +44,10 @@ pull/%:
|
|||
qvm-run -p $(GUEST) "cd $(GUEST_REPO) && git update-ref refs/remotes/dom0/$* $*" </dev/null
|
||||
|
||||
@echo "updated branch $* from $(GUEST)"
|
||||
|
||||
apply:
|
||||
echo "Applying salt states"
|
||||
pushd ./guardian
|
||||
sudo qubesctl top.enable guardian
|
||||
sudo qubesctl --show-output --all state.apply
|
||||
popd
|
||||
|
|
|
|||
18
guardian/guardian-vms.sls
Normal file
18
guardian/guardian-vms.sls
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
create-guardian-template:
|
||||
qvm.vm:
|
||||
- name: guardian-template
|
||||
- clone:
|
||||
- source: fedora-42
|
||||
- label: black
|
||||
- prefs:
|
||||
- netvm: ""
|
||||
|
||||
create-app:
|
||||
qvm.vm:
|
||||
- name: app
|
||||
- present:
|
||||
- template: guardian-template
|
||||
- label: green
|
||||
- prefs:
|
||||
- template: guardian-template
|
||||
- netvm: ""
|
||||
3
guardian/guardian.top
Normal file
3
guardian/guardian.top
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
base:
|
||||
dom0:
|
||||
- guardian-vms
|
||||
Loading…
Add table
Add a link
Reference in a new issue