#+title: Methods of installing software in QubesOS with Saltstack
#+OPTIONS: num:nil toc:nil
#+HTML_HEAD_EXTRA: <style>*{font-family: sans-serif !important}</style>

** Intro
Here are some various methods of installing software that I've used in my personal salt configuration
** pkg.installed
:PROPERTIES:
:ID:       0e128288-8e86-41b1-9d4e-8ed5d431d110
:END:

Here's ~/srv/user_salt/pkgs/accounting.sls~ as an example. It uses the simplest way of installing programs, which is just listing them under ~pkg.installed~ which pulls them from your distros main repositories. This is the most preferable way to install software if it's available.

#+begin_src salt
# Install accounting tools
accounting--install-apps:
  pkg.installed:
    - pkgs:
      - hledger # Command-line plain text accounting
      - gnucash # Graphical GNU accounting suite
#+end_src

** move a binary file into /usr/bin
:PROPERTIES:
:ID:       0dacbd16-7ddd-420e-8422-acff908a3c46
:END:

Here's ~/srv/user_salt/pkgs/st.sls~ as an example. It takes a binary file that's part of this salt repository, and moves it into the ~/usr/bin/ directory in a qube.

#+begin_src salt
# Installs my build of st terminal
/usr/bin/st:
  file.managed:
    - source: salt://pkgs/bin/st.bin
    - user: root
    - group: root
    - mode: 777
#+end_src

** Install from third-party repo with a script
:PROPERTIES:
:ID:       98e7e2ec-b88b-4a92-a065-5876a4f7c0ed
:END:

Here's ~/srv/user_salt/pkgs/signal.sls~ as an example. It starts by installing some dependencies using the most common ~pkg.installed~ method, then moves an install script ~/srv/user_salt/pkgs/install-scripts/signal-repo.sh~ into a qube and executes it to install the Signal messenger.

#+begin_src salt
...

signal--repo-script:
  file.managed: # file.managed lets you place files from your salt repo into qubes
    - name: /usr/bin/install-repo # this is where the installation script is placed
    - source: salt://pkgs/install-scripts/signal-repo.sh # This is where the installation script was sourced
    - user: root # sets the owner of the file, you can usually default to root
    - group: root # sets the group of the file, you can usually default to root
    - mode: 777 # sets the permissions of the file, you can usually default to 777 (any user on the qube has permissions)

# This simply executes the install-repo script in a qube
'install-repo':
  cmd.run
#+end_src

Here's the installation script that's ran:

*** ~/srv/user_salt/pkgs/install-scripts/signal-repo.sh~
:PROPERTIES:
:ID:       f07d4cd1-6ec6-41da-af32-41b9512eefb9
:END:

#+begin_src bash
# Retrieves Signal's key for verifying the package
# The request is proxied through 127.0.0.1:8082 to allow the template qube to access the internet
sudo curl --proxy 127.0.0.1:8082 -s https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor | sudo tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null

# Defines Signal's repo in /etc/apt/sources.list.d/
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' | tee /etc/apt/sources.list.d/signal-xenial.list

# Updates packages and installs signal-desktop through the newly configured repository
sudo apt update
sudo apt install signal-desktop -y
#+end_src