6 files changed, 128 insertions, 82 deletions

diff --git a/web/create-web-qubes.top b/web/create-web-qubes.top
index 445ebc1..7d134e9 100644
--- a/web/create-web-qubes.top
+++ b/web/create-web-qubes.top
@@ -1,6 +1,9 @@
 user:
   dom0:
-    - web.qvm-app
-    - web.qvm-tmpl
+    - web.qvm-tmpl # Creates tmpl-web, tmpl-split-web
+    - web.qvm-app # Creates web-dvm, split-web
   tmpl-web:
-    - web.tmpl-pkgs
+    - web.tmpl-pkgs # Installs tmpl-web pkgs
+    - web.tmpl-configure-split-firefox # Configures split-browser for FF
+  tmpl-split-web:
+    - web.tmpl-split-pkgs # Installs tmpl-split-web pkgs
diff --git a/web/qvm-app.sls b/web/qvm-app.sls
index 0d77f90..6d49a07 100644
--- a/web/qvm-app.sls
+++ b/web/qvm-app.sls
@@ -1,6 +1,6 @@
-web--create-browsing-qube:
+web--create-web-qube:
   qvm.vm:
-    - name: browsing-dvm
+    - name: web-dvm
     - present:
       - template: tmpl-web
       - label: yellow
@@ -8,87 +8,94 @@ web--create-browsing-qube:
       - template_for_dispvms: True
     - features:
       - set:
-        - menu-items: librewolf.desktop
+        - menu-items: xfce4-terminal.desktop
     - require:
       - qvm: web--create-template
 
-browsing-features_dvm:
+web-features_dvm:
   qvm.features:
-    - name: browsing-dvm
+    - name: web-dvm
     - disable:
       - service.cups
       - service.cups-browsed
       - service.tinyproxy
     - set:
-      - menu-items: librewolf.desktop
+      - menu-items: xfce4-terminal.desktop
       - appmenus-dispvm: True
 
-web--create-vps-admin-qube:
+split-web--create-qube:
   qvm.vm:
-    - name: web-vps-admin
+    - name: split-web
     - present:
-      - template: tmpl-web
-      - label: blue
+      - template: tmpl-split-web
+      - label: gray
     - prefs:
-      - label: blue
+      - default-dispvm: web-dvm
+      - netvm: none
     - features:
       - set:
-        - menu-items: librewolf.desktop
+        - menu-items: split-browser.desktop xterm.desktop
     - require:
-      - qvm: web--create-template
+        - web--create-split-template
 
-web--create-home-admin-qube:
-  qvm.vm:
-    - name: web-home-admin
-    - present:
-      - template: tmpl-web
-      - label: blue
-    - prefs:
-      - label: blue
-    - features:
-      - set:
-        - menu-items: librewolf.desktop
-    - require:
-      - qvm: web--create-template
+# web--create-vps-admin-qube:
+#   qvm.vm:
+#     - name: web-vps-admin
+#     - present:
+#       - template: tmpl-web
+#       - label: blue
+#     - features:
+#       - set:
+#         - menu-items: librewolf.desktop
+#     - require:
+#       - qvm: web--create-template
 
-web--create-banking-qube:
-  qvm.vm:
-    - name: web-banking
-    - present:
-      - template: tmpl-web
-      - label: blue
-    - prefs:
-      - label: blue
-    - features:
-      - set:
-        - menu-items: librewolf.desktop
-    - require:
-      - qvm: web--create-template
+# web--create-home-admin-qube:
+#   qvm.vm:
+#     - name: web-home-admin
+#     - present:
+#       - template: tmpl-web
+#       - label: blue
+#     - features:
+#       - set:
+#         - menu-items: librewolf.desktop
+#     - require:
+#       - qvm: web--create-template
 
-web--create-work-qube:
-  qvm.vm:
-    - name: web-work
-    - present:
-      - template: tmpl-web
-      - label: blue
-    - prefs:
-      - label: blue
-    - features:
-      - set:
-        - menu-items: librewolf.desktop
-    - require:
-      - qvm: web--create-template
+# web--create-banking-qube:
+#   qvm.vm:
+#     - name: web-banking
+#     - present:
+#       - template: tmpl-web
+#       - label: blue
+#     - features:
+#       - set:
+#         - menu-items: librewolf.desktop
+#     - require:
+#       - qvm: web--create-template
 
-web--create-shopping-qube:
-  qvm.vm:
-    - name: web-shopping
-    - present:
-      - template: tmpl-web
-      - label: blue
-    - prefs:
-      - label: blue
-    - features:
-      - set:
-        - menu-items: librewolf.desktop
-    - require:
-      - qvm: web--create-template
+# web--create-work-qube:
+#   qvm.vm:
+#     - name: web-work
+#     - present:
+#       - template: tmpl-web
+#       - label: blue
+#       - mem: 6000
+#       - vcpus: 4
+#     - features:
+#       - set:
+#         - menu-items: librewolf.desktop
+#     - require:
+#       - qvm: web--create-template
+
+# web--create-shopping-qube:
+#   qvm.vm:
+#     - name: web-shopping
+#     - present:
+#       - template: tmpl-web
+#       - label: blue
+#     - features:
+#       - set:
+#         - menu-items: librewolf.desktop
+#     - require:
+#       - qvm: web--create-template
diff --git a/web/qvm-tmpl.sls b/web/qvm-tmpl.sls
index 1a06153..4aa9730 100644
--- a/web/qvm-tmpl.sls
+++ b/web/qvm-tmpl.sls
@@ -2,3 +2,8 @@ web--create-template:
   qvm.clone:
     - name: tmpl-web
     - source: debian-12-minimal
+
+web--create-split-template:
+  qvm.clone:
+    - name: tmpl-split-web
+    - source: debian-12-xfce # TODO make this a minimal template
diff --git a/web/tmpl-configure-split-firefox.sls b/web/tmpl-configure-split-firefox.sls
new file mode 100644
index 0000000..f740622
--- /dev/null
+++ b/web/tmpl-configure-split-firefox.sls
@@ -0,0 +1,11 @@
+# Split-browser tries to use torbrowser by default, so we'll disable it
+split-web--disable-tor-browser:
+  cmd.run:
+    - name: 'mv /etc/split-browser-disp/21-tor-browser.bash /etc/split-browser-disp/21-tor-browser.bash.EXAMPLE'
+    - creates: '/etc/split-browser-disp/21-tor-browser.bash.EXAMPLE'
+
+# Enabling the firefox config so split-browser knows where to find the executable
+split-web--enable-firefox:
+  cmd.run:
+    - name: 'mv /etc/split-browser-disp/22-firefox.bash.EXAMPLE /etc/split-browser-disp/22-firefox.bash'
+    - creates: '/etc/split-browser-disp/22-firefox.bash'
diff --git a/web/tmpl-pkgs.sls b/web/tmpl-pkgs.sls
index f02112a..245d7ee 100644
--- a/web/tmpl-pkgs.sls
+++ b/web/tmpl-pkgs.sls
@@ -1,3 +1,8 @@
+web--tmpl-split-browser-pkgs:
+  pkg.installed:
+    - pkgs:
+      - qubes-repo-contrib
+
 web--tmpl-pkgs:
   pkg.installed:
     - pkgs:
@@ -6,25 +11,27 @@ web--tmpl-pkgs:
       - qubes-core-agent-networking
       - qubes-core-agent-thunar
       - pulseaudio-qubes
+      - qubes-split-browser-disp
+      - firefox-esr
 
-{% if grains['os_family']|lower == 'debian' %}
+# {% if grains['os_family']|lower == 'debian' %}
 
-extrepo:
-  pkg.installed
+# extrepo:
+#   pkg.installed
 
-'http_proxy=http://127.0.0.1:8082 https_proxy=http://127.0.0.1:8082 extrepo enable librewolf':
-  cmd.run
+# 'http_proxy=http://127.0.0.1:8082 https_proxy=http://127.0.0.1:8082 extrepo enable librewolf':
+#   cmd.run
 
-{% else %}
+# {% else %}
 
-'dnf config-manager --add-repo https://rpm.librewolf.net/librewolf-repo.repo':
-  cmd.run
+# 'dnf config-manager --add-repo https://rpm.librewolf.net/librewolf-repo.repo':
+#   cmd.run
 
-{% endif %}
+# {% endif %}
 
-librewolf-updated:
-  pkg.uptodate:
-    - refresh: True
+# librewolf-updated:
+#   pkg.uptodate:
+#     - refresh: True
 
-librewolf:
-  pkg.installed
+# librewolf:
+#   pkg.installed
diff --git a/web/tmpl-split-pkgs.sls b/web/tmpl-split-pkgs.sls
new file mode 100644
index 0000000..9903014
--- /dev/null
+++ b/web/tmpl-split-pkgs.sls
@@ -0,0 +1,13 @@
+split-web--contrib-repo:
+  pkg.installed:
+    - pkgs:
+      - qubes-repo-contrib
+
+split-web--pkgs:
+  pkg.installed:
+    - pkgs:
+      - qubes-split-browser
+      # - qubes-core-agent-passwordless-root
+      # - qubes-mgmt-salt-vm-connector
+      # - qubes-core-agent-thunar
+      # - qubes-desktop-linux-common