feat: allow exclusion of dotfiles with pillars

The dotfiles provides hardened configuration as well as usability settings, but it has downsides: - Even though some programs allowing including extra files, not all of them do; - Experienced users wants their own configuration that can conflict in file path; - Adds a lot of lines to review that is not strictly necessary for Qusal to work. With this change, users can set pillar values to disable specific components or all components. For: https://github.com/ben-grande/dotfiles/pull/1 For: https://github.com/ben-grande/qusal/issues/17 Co-authored-by: Ben Grande <ben.grande.b@gmail.com>
2026-04-08 09:18:53 +02:00 · 2025-03-03 15:50:27 +01:00 · 2025-03-03 15:50:27 +01:00 · 0bae3d94b2
commit 0bae3d94b2
parent 11bc58a4dd
15 changed files with 259 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,8 @@
 # dotfiles
 <!--
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-License-Identifier: CC-BY-SA-4.0
 -->
@ -13,6 +14,8 @@ Dotfiles.
 *   [Description](#description)
 *   [Installation](#installation)
    *   [Salt](#salt)
        *   [Pillar](#pillar)
            *   [Pillar example](#pillar-example)
    *   [Script](#script)
 *   [Usage](#usage)
 *   [License](#license)
@ -59,6 +62,52 @@ Install specific files in Dom0:
 sudo qubesctl state.apply dotfiles.copy-dom0,dotfiles.copy-sh,dotfiles.copy-vim,dotfiles.copy-x11
 ```
 #### Pillar
 By default, all states are executed when applied. Each component can be be
 deactivated by configuring the corresponding pillar data to a non true value.
 You will need a top and a state file in your `pillar_roots`. If you followed
 [Qusal's installation instructions](https://github.com/ben-grande/qusal/blob/main/docs/INSTALL.md),
 it has already configured the setting for you using the value
 `/srv/pillar/qusal`. What you can do, is selectively enable or disable
 components.
 For a complete example of a pillar state and a list of their corresponding
 formulas states, please refer to [pillar.sls.example](pillar.sls.example).
 ##### Pillar example
 On the following example, we will selectively disable only the `dom0`
 component, therefore, the state `copy-dom0.sls` is not applied to `dom0`:
 Create a pillar top to apply to all targets, write it to
 `/srv/pillar/qusal/dotfiles.top`:
 ```yaml
 base:
  '*':
    - qusal.dotfiles
 ```
 Then, create a pillar state do disable only `dom0` states, write it to
 `/srv/pillar/qusal/dotfiles.sls`:
 ```yaml
 qusal:
  dotfiles:
    dom0: false
 ```
 Add the pillar to the highstate:
 ```sh
 sudo qubesctl top.enable qusal.dotfiles pillar=true
 ```
 From now on, when calling the state `copy-dom0.sls`, it won't execute
 anything.
 ### Script
 You can simply deploy all configurations with:
--- a/copy-all.sls
+++ b/copy-all.sls
@ -1,13 +1,29 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- if  salt["pillar.get"]("qusal:dotfiles:all"), default=True) or
        salt["pillar.get"]("qusal:dotfiles:dom0") or
        salt["pillar.get"]("qusal:dotfiles:git") or
        salt["pillar.get"]("qusal:dotfiles:gtk") or
        salt["pillar.get"]("qusal:dotfiles:mutt") or
        salt["pillar.get"]("qusal:dotfiles:net") or
        salt["pillar.get"]("qusal:dotfiles:pgp") or
        salt["pillar.get"]("qusal:dotfiles:sh") or
        salt["pillar.get"]("qusal:dotfiles:ssh") or
        salt["pillar.get"]("qusal:dotfiles:tmux") or
        salt["pillar.get"]("qusal:dotfiles:vim") or
        salt["pillar.get"]("qusal:dotfiles:x11")
 -%}
 include:
  - .copy-dom0
  - .copy-git
  - .copy-gtk
  - .copy-mutt
  - .copy-net
  - .copy-pgp
  - .copy-sh
@ -16,6 +32,13 @@ include:
  - .copy-vim
  - .copy-x11
 {%- else -%}
 "{{ sls }}-was-disabled-by-pillar":
  test.nop
 {%- endif -%}
 {#
 Unfortunately salt.states.file does not keep permissions when using salt-ssh.
 Best option is 'file.managed mode: keep' or 'file.recurse file_mode: keep'.
--- a/copy-dom0.sls
+++ b/copy-dom0.sls
@ -1,9 +1,13 @@
 {#
-SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%}
 {%- if salt["pillar.get"]("qusal:dotfiles:dom0", default=qusal_dot) -%}
 {%- import "dom0/gui-user.jinja" as gui_user -%}
 "{{ slsdotpath }}-copy-dom0-home":
@ -25,3 +29,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later
    - user: root
    - group: root
    - makedirs: True
 {%- else -%}
 "{{ sls }}-was-disabled-by-pillar":
  test.nop
 {%- endif %}
--- a/copy-git.sls
+++ b/copy-git.sls
@ -1,9 +1,13 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%}
 {%- if salt["pillar.get"]("qusal:dotfiles:git", default=qusal_dot) -%}
 {%- import "dom0/gui-user.jinja" as gui_user -%}
 "{{ slsdotpath }}-copy-git-home":
@ -65,3 +69,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later
    - mode: '0755'
    - recurse:
      - mode
 {%- else -%}
 "{{ sls }}-was-disabled-by-pillar":
  test.nop
 {%- endif %}
--- a/copy-gtk.sls
+++ b/copy-gtk.sls
@ -1,9 +1,13 @@
 {#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%}
 {%- if salt["pillar.get"]("qusal:dotfiles:gtk", default=qusal_dot) -%}
 {%- import "dom0/gui-user.jinja" as gui_user -%}
 "{{ slsdotpath }}-copy-gtk-home":
@ -23,3 +27,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later
    - dir_mode: '0700'
    - user: root
    - group: root
 {%- else -%}
 "{{ sls }}-was-disabled-by-pillar":
  test.nop
 {%- endif %}
--- a/copy-mutt.sls
+++ b/copy-mutt.sls
@ -1,9 +1,13 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%}
 {%- if salt["pillar.get"]("qusal:dotfiles:mutt", default=qusal_dot) -%}
 {%- import "dom0/gui-user.jinja" as gui_user -%}
 "{{ slsdotpath }}-copy-mutt-home":
@ -39,3 +43,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later
    - mode: '0755'
    - recurse:
      - mode
 {%- else -%}
 "{{ sls }}-was-disabled-by-pillar":
  test.nop
 {%- endif %}
--- a/copy-net.sls
+++ b/copy-net.sls
@ -1,9 +1,13 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%}
 {%- if salt["pillar.get"]("qusal:dotfiles:net", default=qusal_dot) -%}
 {%- import "dom0/gui-user.jinja" as gui_user -%}
 "{{ slsdotpath }}-copy-net-home":
@ -41,3 +45,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later
    - mode: '0755'
    - recurse:
      - mode
 {%- else -%}
 "{{ sls }}-was-disabled-by-pillar":
  test.nop
 {%- endif %}
--- a/copy-pgp.sls
+++ b/copy-pgp.sls
@ -1,9 +1,13 @@
 {#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%}
 {%- if salt["pillar.get"]("qusal:dotfiles:pgp", default=qusal_dot) -%}
 {%- import "dom0/gui-user.jinja" as gui_user -%}
 "{{ slsdotpath }}-copy-pgp-home":
@ -27,3 +31,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later
    - group: root
 {% endif -%}
 {%- else -%}
 "{{ sls }}-was-disabled-by-pillar":
  test.nop
 {%- endif %}
--- a/copy-sh.sls
+++ b/copy-sh.sls
@ -1,9 +1,13 @@
 {#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%}
 {%- if salt["pillar.get"]("qusal:dotfiles:sh", default=qusal_dot) -%}
 {%- import "dom0/gui-user.jinja" as gui_user -%}
 "{{ slsdotpath }}-copy-sh-home":
@ -43,3 +47,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later
    - dir_mode: '0755'
    - recurse:
      - mode
 {%- else -%}
 "{{ sls }}-was-disabled-by-pillar":
  test.nop
 {%- endif %}
--- a/copy-ssh.sls
+++ b/copy-ssh.sls
@ -1,9 +1,13 @@
 {#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%}
 {%- if salt["pillar.get"]("qusal:dotfiles:ssh", default=qusal_dot) -%}
 {%- import "dom0/gui-user.jinja" as gui_user -%}
 "{{ slsdotpath }}-copy-ssh-home":
@ -24,3 +28,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later
    - dir_mode: '0700'
    - user: root
    - group: root
 {%- else -%}
 "{{ sls }}-was-disabled-by-pillar":
  test.nop
 {%- endif %}
--- a/copy-tmux.sls
+++ b/copy-tmux.sls
@ -1,9 +1,13 @@
 {#
 SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%}
 {%- if salt["pillar.get"]("qusal:dotfiles:tmux", default=qusal_dot) -%}
 {%- import "dom0/gui-user.jinja" as gui_user -%}
 "{{ slsdotpath }}-copy-tmux-home":
@ -37,3 +41,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later
    - mode: '0755'
    - recurse:
      - mode
 {%- else -%}
 "{{ sls }}-was-disabled-by-pillar":
  test.nop
 {%- endif %}
--- a/copy-vim.sls
+++ b/copy-vim.sls
@ -1,9 +1,13 @@
 {#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%}
 {%- if salt["pillar.get"]("qusal:dotfiles:vim", default=qusal_dot) -%}
 {%- import "dom0/gui-user.jinja" as gui_user -%}
 "{{ slsdotpath }}-copy-vim-home":
@ -23,3 +27,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later
    - dir_mode: '0700'
    - user: root
    - group: root
 {%- else -%}
 "{{ sls }}-was-disabled-by-pillar":
  test.nop
 {%- endif %}
--- a/copy-x11.sls
+++ b/copy-x11.sls
@ -1,9 +1,13 @@
 {#
-SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+SPDX-FileCopyrightText: 2023 - 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 {%- set qusal_dot = salt["pillar.get"]("qusal:dotfiles:all", default=True) -%}
 {%- if salt["pillar.get"]("qusal:dotfiles:x11", default=qusal_dot) -%}
 {%- import "dom0/gui-user.jinja" as gui_user -%}
 "{{ slsdotpath }}-copy-x11-home":
@ -27,3 +31,10 @@ SPDX-License-Identifier: AGPL-3.0-or-later
    - group: root
    - keep_symlinks: True
    - force_symlinks: True
 {%- else -%}
 "{{ sls }}-was-disabled-by-pillar":
  test.nop
 {%- endif %}
--- a/pillar.sls.example
+++ b/pillar.sls.example
@ -0,0 +1,37 @@
 {#
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-FileCopyrightText: 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: CC-BY-SA-4.0
 Example of a pillar state structure for https://github.com/ben-grande/dotfiles
 For this file to be active:
 1. Copy the file to the pillar_roots directory without the '.example' suffix;
 2. Reference this state by a pillar highstate.
 See the README for detailed instructions.
 Each pillar component is optional. Disable a single component by setting them
 to 'false'. To selectively enable few components, disable 'all' and enable
 each desired component by setting them to 'true'.
 Entries example: 'dom0' corresponds to 'copy-dom0.sls'.
 #}
 qusal:
  dotfiles:
    all: true
    dom0: true
    git: true
    gtk: true
    mutt: true
    net: true
    pgp: true
    sh: true
    ssh: true
    tmux: true
    vim: true
    x11: true
--- a/pillar.top.example
+++ b/pillar.top.example
@ -0,0 +1,20 @@
 {#
 SPDX-FileCopyrightText: 2024 seven-beep <ebn@entreparentheses.xyz>
 SPDX-FileCopyrightText: 2025 Benjamin Grande M. S. <ben.grande.b@gmail.com>
 SPDX-License-Identifier: CC-BY-SA-4.0
 Example of a pillar top structure for https://github.com/ben-grande/dotfiles
 For this file to be active:
 1. Copy the file to the pillar_roots directory without the '.example' suffix;
 2. Enable the pillar highstate.
 See the README for detailed instructions.
 #}
 base:
  '*':
    - qusal.dotfiles