blob: 19d1f1149891fe3fbca3b1e5d1c8dccd53784d3f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
#+title: Methods of installing software in QubesOS with Saltstack
#+OPTIONS: num:nil toc:nil
#+HTML_HEAD_EXTRA: <style>*{font-family: sans-serif !important}</style>
** Intro
Here are some various methods of installing software that I've used in my personal salt configuration
** pkg.installed
:PROPERTIES:
:ID: 0e128288-8e86-41b1-9d4e-8ed5d431d110
:END:
Here's ~/srv/user_salt/pkgs/accounting.sls~ as an example. It uses the simplest way of installing programs, which is just listing them under ~pkg.installed~ which pulls them from your distros main repositories. This is the most preferable way to install software if it's available.
#+begin_src salt
# Install accounting tools
accounting--install-apps:
pkg.installed:
- pkgs:
- hledger # Command-line plain text accounting
- gnucash # Graphical GNU accounting suite
#+end_src
** move a binary file into /usr/bin
:PROPERTIES:
:ID: 0dacbd16-7ddd-420e-8422-acff908a3c46
:END:
Here's ~/srv/user_salt/pkgs/st.sls~ as an example. It takes a binary file that's part of this salt repository, and moves it into the ~/usr/bin/ directory in a qube.
#+begin_src salt
# Installs my build of st terminal
/usr/bin/st:
file.managed:
- source: salt://pkgs/bin/st.bin
- user: root
- group: root
- mode: 777
#+end_src
** Install from third-party repo with a script
:PROPERTIES:
:ID: 98e7e2ec-b88b-4a92-a065-5876a4f7c0ed
:END:
Here's ~/srv/user_salt/pkgs/signal.sls~ as an example. It starts by installing some dependencies using the most common ~pkg.installed~ method, then moves an install script ~/srv/user_salt/pkgs/install-scripts/signal-repo.sh~ into a qube and executes it to install the Signal messenger.
#+begin_src salt
...
signal--repo-script:
file.managed: # file.managed lets you place files from your salt repo into qubes
- name: /usr/bin/install-repo # this is where the installation script is placed
- source: salt://pkgs/install-scripts/signal-repo.sh # This is where the installation script was sourced
- user: root # sets the owner of the file, you can usually default to root
- group: root # sets the group of the file, you can usually default to root
- mode: 777 # sets the permissions of the file, you can usually default to 777 (any user on the qube has permissions)
# This simply executes the install-repo script in a qube
'install-repo':
cmd.run
#+end_src
Here's the installation script that's ran:
*** ~/srv/user_salt/pkgs/install-scripts/signal-repo.sh~
:PROPERTIES:
:ID: f07d4cd1-6ec6-41da-af32-41b9512eefb9
:END:
#+begin_src bash
# Retrieves Signal's key for verifying the package
# The request is proxied through 127.0.0.1:8082 to allow the template qube to access the internet
sudo curl --proxy 127.0.0.1:8082 -s https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor | sudo tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null
# Defines Signal's repo in /etc/apt/sources.list.d/
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' | tee /etc/apt/sources.list.d/signal-xenial.list
# Updates packages and installs signal-desktop through the newly configured repository
sudo apt update
sudo apt install signal-desktop -y
#+end_src
|
