wip: test salts based off of https://theguardian.engineering/blog/info-2024-apr-04-when-security-matters-working-with-qubes-os-at-the-guardian for practice
This commit is contained in:
mustard
parent
91d1b9df07
commit
37bf73a3ab
3 changed files with 28 additions and 0 deletions
7
Makefile
7
Makefile
|
|
@ -44,3 +44,10 @@ pull/%:
|
||||||
qvm-run -p $(GUEST) "cd $(GUEST_REPO) && git update-ref refs/remotes/dom0/$* $*" </dev/null
|
qvm-run -p $(GUEST) "cd $(GUEST_REPO) && git update-ref refs/remotes/dom0/$* $*" </dev/null
|
||||||
|
|
||||||
@echo "updated branch $* from $(GUEST)"
|
@echo "updated branch $* from $(GUEST)"
|
||||||
|
|
||||||
|
apply:
|
||||||
|
echo "Applying salt states"
|
||||||
|
pushd ./guardian
|
||||||
|
sudo qubesctl top.enable guardian
|
||||||
|
sudo qubesctl --show-output --all state.apply
|
||||||
|
popd
|
||||||
|
|
|
||||||
18
guardian/guardian-vms.sls
Normal file
18
guardian/guardian-vms.sls
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
create-guardian-template:
|
||||||
|
qvm.vm:
|
||||||
|
- name: guardian-template
|
||||||
|
- clone:
|
||||||
|
- source: fedora-42
|
||||||
|
- label: black
|
||||||
|
- prefs:
|
||||||
|
- netvm: ""
|
||||||
|
|
||||||
|
create-app:
|
||||||
|
qvm.vm:
|
||||||
|
- name: app
|
||||||
|
- present:
|
||||||
|
- template: guardian-template
|
||||||
|
- label: green
|
||||||
|
- prefs:
|
||||||
|
- template: guardian-template
|
||||||
|
- netvm: ""
|
||||||
3
guardian/guardian.top
Normal file
3
guardian/guardian.top
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
base:
|
||||||
|
dom0:
|
||||||
|
- guardian-vms
|
||||||
Loading…
Add table
Add a link
Reference in a new issue