From 0bae3d94b27da2a24957e35491b6c78c26ad21c6 Mon Sep 17 00:00:00 2001 From: seven-beep Date: Mon, 3 Mar 2025 15:50:27 +0100 Subject: [PATCH] feat: allow exclusion of dotfiles with pillars The dotfiles provides hardened configuration as well as usability settings, but it has downsides: - Even though some programs allowing including extra files, not all of them do; - Experienced users wants their own configuration that can conflict in file path; - Adds a lot of lines to review that is not strictly necessary for Qusal to work. With this change, users can set pillar values to disable specific components or all components. For: https://github.com/ben-grande/dotfiles/pull/1 For: https://github.com/ben-grande/qusal/issues/17 Co-authored-by: Ben Grande --- README.md | 51 +++++++++++++++++++++++++++++++++++++++++++++- copy-all.sls | 25 ++++++++++++++++++++++- copy-dom0.sls | 13 +++++++++++- copy-git.sls | 11 ++++++++++ copy-gtk.sls | 13 +++++++++++- copy-mutt.sls | 11 ++++++++++ copy-net.sls | 11 ++++++++++ copy-pgp.sls | 13 +++++++++++- copy-sh.sls | 13 +++++++++++- copy-ssh.sls | 13 +++++++++++- copy-tmux.sls | 11 ++++++++++ copy-vim.sls | 13 +++++++++++- copy-x11.sls | 13 +++++++++++- pillar.sls.example | 37 +++++++++++++++++++++++++++++++++ pillar.top.example | 20 ++++++++++++++++++ 15 files changed, 259 insertions(+), 9 deletions(-) create mode 100644 pillar.sls.example create mode 100644 pillar.top.example diff --git a/README.md b/README.md index 772fa31..054c930 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,8 @@ # dotfiles @@ -13,6 +14,8 @@ Dotfiles. * [Description](#description) * [Installation](#installation) * [Salt](#salt) + * [Pillar](#pillar) + * [Pillar example](#pillar-example) * [Script](#script) * [Usage](#usage) * [License](#license) @@ -59,6 +62,52 @@ Install specific files in Dom0: sudo qubesctl state.apply dotfiles.copy-dom0,dotfiles.copy-sh,dotfiles.copy-vim,dotfiles.copy-x11 ``` +#### Pillar + +By default, all states are executed when applied. Each component can be be +deactivated by configuring the corresponding pillar data to a non true value. + +You will need a top and a state file in your `pillar_roots`. If you followed +[Qusal's installation instructions](https://github.com/ben-grande/qusal/blob/main/docs/INSTALL.md), +it has already configured the setting for you using the value +`/srv/pillar/qusal`. What you can do, is selectively enable or disable +components. + +For a complete example of a pillar state and a list of their corresponding +formulas states, please refer to [pillar.sls.example](pillar.sls.example). + +##### Pillar example + +On the following example, we will selectively disable only the `dom0` +component, therefore, the state `copy-dom0.sls` is not applied to `dom0`: + +Create a pillar top to apply to all targets, write it to +`/srv/pillar/qusal/dotfiles.top`: + +```yaml +base: + '*': + - qusal.dotfiles +``` + +Then, create a pillar state do disable only `dom0` states, write it to +`/srv/pillar/qusal/dotfiles.sls`: + +```yaml +qusal: + dotfiles: + dom0: false +``` + +Add the pillar to the highstate: + +```sh +sudo qubesctl top.enable qusal.dotfiles pillar=true +``` + +From now on, when calling the state `copy-dom0.sls`, it won't execute +anything. + ### Script You can simply deploy all configurations with: diff --git a/copy-all.sls b/copy-all.sls index 46b3a5a..8979cb6 100644 --- a/copy-all.sls +++ b/copy-all.sls @@ -1,13 +1,29 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 seven-beep SPDX-License-Identifier: AGPL-3.0-or-later #} +{%- if salt["pillar.get"]("qusal:dotfiles:all"), default=True) or + salt["pillar.get"]("qusal:dotfiles:dom0") or + salt["pillar.get"]("qusal:dotfiles:git") or + salt["pillar.get"]("qusal:dotfiles:gtk") or + salt["pillar.get"]("qusal:dotfiles:mutt") or + salt["pillar.get"]("qusal:dotfiles:net") or + salt["pillar.get"]("qusal:dotfiles:pgp") or + salt["pillar.get"]("qusal:dotfiles:sh") or + salt["pillar.get"]("qusal:dotfiles:ssh") or + salt["pillar.get"]("qusal:dotfiles:tmux") or + salt["pillar.get"]("qusal:dotfiles:vim") or + salt["pillar.get"]("qusal:dotfiles:x11") +-%} + include: - .copy-dom0 - .copy-git - .copy-gtk + - .copy-mutt - .copy-net - .copy-pgp - .copy-sh @@ -16,6 +32,13 @@ include: - .copy-vim - .copy-x11 +{%- else -%} + +"{{ sls }}-was-disabled-by-pillar": + test.nop + +{%- endif -%} + {# Unfortunately salt.states.file does not keep permissions when using salt-ssh. Best option is 'file.managed mode: keep' or 'file.recurse file_mode: keep'. diff --git a/copy-dom0.sls b/copy-dom0.sls index 88ba0af..d71a6bb 100644 --- a/copy-dom0.sls +++ b/copy-dom0.sls @@ -1,9 +1,13 @@ {# -SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 seven-beep SPDX-License-Identifier: AGPL-3.0-or-later #} +{%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%} +{%- if salt["pillar.get"]("qusal:dotfiles:dom0", default=qusal_dot) -%} + {%- import "dom0/gui-user.jinja" as gui_user -%} "{{ slsdotpath }}-copy-dom0-home": @@ -25,3 +29,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later - user: root - group: root - makedirs: True + +{%- else -%} + +"{{ sls }}-was-disabled-by-pillar": + test.nop + +{%- endif %} diff --git a/copy-git.sls b/copy-git.sls index 07790e7..0652d12 100644 --- a/copy-git.sls +++ b/copy-git.sls @@ -1,9 +1,13 @@ {# SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 seven-beep SPDX-License-Identifier: AGPL-3.0-or-later #} +{%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%} +{%- if salt["pillar.get"]("qusal:dotfiles:git", default=qusal_dot) -%} + {%- import "dom0/gui-user.jinja" as gui_user -%} "{{ slsdotpath }}-copy-git-home": @@ -65,3 +69,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later - mode: '0755' - recurse: - mode + +{%- else -%} + +"{{ sls }}-was-disabled-by-pillar": + test.nop + +{%- endif %} diff --git a/copy-gtk.sls b/copy-gtk.sls index 0219472..16fc89f 100644 --- a/copy-gtk.sls +++ b/copy-gtk.sls @@ -1,9 +1,13 @@ {# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 seven-beep SPDX-License-Identifier: AGPL-3.0-or-later #} +{%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%} +{%- if salt["pillar.get"]("qusal:dotfiles:gtk", default=qusal_dot) -%} + {%- import "dom0/gui-user.jinja" as gui_user -%} "{{ slsdotpath }}-copy-gtk-home": @@ -23,3 +27,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later - dir_mode: '0700' - user: root - group: root + +{%- else -%} + +"{{ sls }}-was-disabled-by-pillar": + test.nop + +{%- endif %} diff --git a/copy-mutt.sls b/copy-mutt.sls index 3f361e4..34b3a00 100644 --- a/copy-mutt.sls +++ b/copy-mutt.sls @@ -1,9 +1,13 @@ {# SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 seven-beep SPDX-License-Identifier: AGPL-3.0-or-later #} +{%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%} +{%- if salt["pillar.get"]("qusal:dotfiles:mutt", default=qusal_dot) -%} + {%- import "dom0/gui-user.jinja" as gui_user -%} "{{ slsdotpath }}-copy-mutt-home": @@ -39,3 +43,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later - mode: '0755' - recurse: - mode + +{%- else -%} + +"{{ sls }}-was-disabled-by-pillar": + test.nop + +{%- endif %} diff --git a/copy-net.sls b/copy-net.sls index 278d7dd..99b191c 100644 --- a/copy-net.sls +++ b/copy-net.sls @@ -1,9 +1,13 @@ {# SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 seven-beep SPDX-License-Identifier: AGPL-3.0-or-later #} +{%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%} +{%- if salt["pillar.get"]("qusal:dotfiles:net", default=qusal_dot) -%} + {%- import "dom0/gui-user.jinja" as gui_user -%} "{{ slsdotpath }}-copy-net-home": @@ -41,3 +45,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later - mode: '0755' - recurse: - mode + +{%- else -%} + +"{{ sls }}-was-disabled-by-pillar": + test.nop + +{%- endif %} diff --git a/copy-pgp.sls b/copy-pgp.sls index 2b91f41..85f0638 100644 --- a/copy-pgp.sls +++ b/copy-pgp.sls @@ -1,9 +1,13 @@ {# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 seven-beep SPDX-License-Identifier: AGPL-3.0-or-later #} +{%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%} +{%- if salt["pillar.get"]("qusal:dotfiles:pgp", default=qusal_dot) -%} + {%- import "dom0/gui-user.jinja" as gui_user -%} "{{ slsdotpath }}-copy-pgp-home": @@ -27,3 +31,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later - group: root {% endif -%} + +{%- else -%} + +"{{ sls }}-was-disabled-by-pillar": + test.nop + +{%- endif %} diff --git a/copy-sh.sls b/copy-sh.sls index 6052050..1914b60 100644 --- a/copy-sh.sls +++ b/copy-sh.sls @@ -1,9 +1,13 @@ {# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 seven-beep SPDX-License-Identifier: AGPL-3.0-or-later #} +{%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%} +{%- if salt["pillar.get"]("qusal:dotfiles:sh", default=qusal_dot) -%} + {%- import "dom0/gui-user.jinja" as gui_user -%} "{{ slsdotpath }}-copy-sh-home": @@ -43,3 +47,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later - dir_mode: '0755' - recurse: - mode + +{%- else -%} + +"{{ sls }}-was-disabled-by-pillar": + test.nop + +{%- endif %} diff --git a/copy-ssh.sls b/copy-ssh.sls index 3c2f112..f5db189 100644 --- a/copy-ssh.sls +++ b/copy-ssh.sls @@ -1,9 +1,13 @@ {# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 seven-beep SPDX-License-Identifier: AGPL-3.0-or-later #} +{%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%} +{%- if salt["pillar.get"]("qusal:dotfiles:ssh", default=qusal_dot) -%} + {%- import "dom0/gui-user.jinja" as gui_user -%} "{{ slsdotpath }}-copy-ssh-home": @@ -24,3 +28,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later - dir_mode: '0700' - user: root - group: root + +{%- else -%} + +"{{ sls }}-was-disabled-by-pillar": + test.nop + +{%- endif %} diff --git a/copy-tmux.sls b/copy-tmux.sls index ff366c9..833a459 100644 --- a/copy-tmux.sls +++ b/copy-tmux.sls @@ -1,9 +1,13 @@ {# SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 seven-beep SPDX-License-Identifier: AGPL-3.0-or-later #} +{%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%} +{%- if salt["pillar.get"]("qusal:dotfiles:tmux", default=qusal_dot) -%} + {%- import "dom0/gui-user.jinja" as gui_user -%} "{{ slsdotpath }}-copy-tmux-home": @@ -37,3 +41,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later - mode: '0755' - recurse: - mode + +{%- else -%} + +"{{ sls }}-was-disabled-by-pillar": + test.nop + +{%- endif %} diff --git a/copy-vim.sls b/copy-vim.sls index 46771b6..a311575 100644 --- a/copy-vim.sls +++ b/copy-vim.sls @@ -1,9 +1,13 @@ {# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 seven-beep SPDX-License-Identifier: AGPL-3.0-or-later #} +{%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%} +{%- if salt["pillar.get"]("qusal:dotfiles:vim", default=qusal_dot) -%} + {%- import "dom0/gui-user.jinja" as gui_user -%} "{{ slsdotpath }}-copy-vim-home": @@ -23,3 +27,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later - dir_mode: '0700' - user: root - group: root + +{%- else -%} + +"{{ sls }}-was-disabled-by-pillar": + test.nop + +{%- endif %} diff --git a/copy-x11.sls b/copy-x11.sls index 5601a03..85e3a70 100644 --- a/copy-x11.sls +++ b/copy-x11.sls @@ -1,9 +1,13 @@ {# -SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. +SPDX-FileCopyrightText: 2024 seven-beep SPDX-License-Identifier: AGPL-3.0-or-later #} +{%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%} +{%- if salt["pillar.get"]("qusal:dotfiles:x11", default=qusal_dot) -%} + {%- import "dom0/gui-user.jinja" as gui_user -%} "{{ slsdotpath }}-copy-x11-home": @@ -27,3 +31,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later - group: root - keep_symlinks: True - force_symlinks: True + +{%- else -%} + +"{{ sls }}-was-disabled-by-pillar": + test.nop + +{%- endif %} diff --git a/pillar.sls.example b/pillar.sls.example new file mode 100644 index 0000000..0c6619b --- /dev/null +++ b/pillar.sls.example @@ -0,0 +1,37 @@ +{# +SPDX-FileCopyrightText: 2024 seven-beep +SPDX-FileCopyrightText: 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: CC-BY-SA-4.0 + + +Example of a pillar state structure for https://github.com/ben-grande/dotfiles + +For this file to be active: + +1. Copy the file to the pillar_roots directory without the '.example' suffix; +2. Reference this state by a pillar highstate. + +See the README for detailed instructions. + +Each pillar component is optional. Disable a single component by setting them +to 'false'. To selectively enable few components, disable 'all' and enable +each desired component by setting them to 'true'. + +Entries example: 'dom0' corresponds to 'copy-dom0.sls'. +#} + +qusal: + dotfiles: + all: true + dom0: true + git: true + gtk: true + mutt: true + net: true + pgp: true + sh: true + ssh: true + tmux: true + vim: true + x11: true diff --git a/pillar.top.example b/pillar.top.example new file mode 100644 index 0000000..b2c19b0 --- /dev/null +++ b/pillar.top.example @@ -0,0 +1,20 @@ +{# +SPDX-FileCopyrightText: 2024 seven-beep +SPDX-FileCopyrightText: 2025 Benjamin Grande M. S. + +SPDX-License-Identifier: CC-BY-SA-4.0 + + +Example of a pillar top structure for https://github.com/ben-grande/dotfiles + +For this file to be active: + +1. Copy the file to the pillar_roots directory without the '.example' suffix; +2. Enable the pillar highstate. + +See the README for detailed instructions. +#} + +base: + '*': + - qusal.dotfiles