diff options
Diffstat (limited to 'posts/installing-software-salt-qubes.org')
| -rw-r--r-- | posts/installing-software-salt-qubes.org | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/posts/installing-software-salt-qubes.org b/posts/installing-software-salt-qubes.org new file mode 100644 index 0000000..19d1f11 --- /dev/null +++ b/posts/installing-software-salt-qubes.org @@ -0,0 +1,81 @@ +#+title: Methods of installing software in QubesOS with Saltstack +#+OPTIONS: num:nil toc:nil +#+HTML_HEAD_EXTRA: <style>*{font-family: sans-serif !important}</style> + +** Intro +Here are some various methods of installing software that I've used in my personal salt configuration +** pkg.installed +:PROPERTIES: +:ID: 0e128288-8e86-41b1-9d4e-8ed5d431d110 +:END: + +Here's ~/srv/user_salt/pkgs/accounting.sls~ as an example. It uses the simplest way of installing programs, which is just listing them under ~pkg.installed~ which pulls them from your distros main repositories. This is the most preferable way to install software if it's available. + +#+begin_src salt +# Install accounting tools +accounting--install-apps: + pkg.installed: + - pkgs: + - hledger # Command-line plain text accounting + - gnucash # Graphical GNU accounting suite +#+end_src + +** move a binary file into /usr/bin +:PROPERTIES: +:ID: 0dacbd16-7ddd-420e-8422-acff908a3c46 +:END: + +Here's ~/srv/user_salt/pkgs/st.sls~ as an example. It takes a binary file that's part of this salt repository, and moves it into the ~/usr/bin/ directory in a qube. + +#+begin_src salt +# Installs my build of st terminal +/usr/bin/st: + file.managed: + - source: salt://pkgs/bin/st.bin + - user: root + - group: root + - mode: 777 +#+end_src + +** Install from third-party repo with a script +:PROPERTIES: +:ID: 98e7e2ec-b88b-4a92-a065-5876a4f7c0ed +:END: + +Here's ~/srv/user_salt/pkgs/signal.sls~ as an example. It starts by installing some dependencies using the most common ~pkg.installed~ method, then moves an install script ~/srv/user_salt/pkgs/install-scripts/signal-repo.sh~ into a qube and executes it to install the Signal messenger. + +#+begin_src salt +... + +signal--repo-script: + file.managed: # file.managed lets you place files from your salt repo into qubes + - name: /usr/bin/install-repo # this is where the installation script is placed + - source: salt://pkgs/install-scripts/signal-repo.sh # This is where the installation script was sourced + - user: root # sets the owner of the file, you can usually default to root + - group: root # sets the group of the file, you can usually default to root + - mode: 777 # sets the permissions of the file, you can usually default to 777 (any user on the qube has permissions) + +# This simply executes the install-repo script in a qube +'install-repo': + cmd.run +#+end_src + +Here's the installation script that's ran: + +*** ~/srv/user_salt/pkgs/install-scripts/signal-repo.sh~ +:PROPERTIES: +:ID: f07d4cd1-6ec6-41da-af32-41b9512eefb9 +:END: + +#+begin_src bash +# Retrieves Signal's key for verifying the package +# The request is proxied through 127.0.0.1:8082 to allow the template qube to access the internet +sudo curl --proxy 127.0.0.1:8082 -s https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor | sudo tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null + +# Defines Signal's repo in /etc/apt/sources.list.d/ +echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' | tee /etc/apt/sources.list.d/signal-xenial.list + +# Updates packages and installs signal-desktop through the newly configured repository +sudo apt update +sudo apt install signal-desktop -y +#+end_src |