Update .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_12-update-dom0, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_11-update-timezone, .local/share/chezmoi/system/etc/yum.repos.d/qubes-dom0.repo, .local/share/chezmoi/system/etc/qubes/repo-templates/qubes-templates.repo, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_13-install-official-templates, .local/share/chezmoi/home/.chezmoidata.yaml, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_14-ensure-minimal-vms-passwordless, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_15-install-unofficial-templates, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui, .local/share/chezmoi/system/etc/grub.d/31-hold-shift, .local/share/chezmoi/system/etc/default/modify_grub, .local/share/chezmoi/system/.chezmoidata.yaml, .local/share/chezmoi/system/.chezmoiexternal.toml, .local/share/chezmoi/system/usr/share/run_onchange_after_setup-share-folder, .local/share/chezmoi/system/boot/efi/EFI/qubes/modify_grubenv, .local/share/chezmoi/system/etc/sddm.conf, .local/share/chezmoi/system/etc/modify_environment

This commit is contained in:
Brian Zalewski 2022-12-06 08:59:10 +00:00
parent 55d460c491
commit df13ca7758
20 changed files with 417 additions and 0 deletions

View file

@ -846,3 +846,27 @@ softwarePlugins:
- https://github.com/tpope/vim-sensible.git
- https://github.com/tpope/vim-surround.git
- https://github.com/nanotee/zoxide.vim.git
qubes:
mirageUrl: https://github.com/mirage/qubes-mirage-firewall/releases/latest/download/mirage-firewall.tar.bz2
promptKeyboards: false
provisionVM: provision
templates:
# - centos-8
# - centos-8-minimal
# - debian-10
- debian-11
- debian-11-minimal
- fedora-32
- fedora-36
- fedora-36-minimal
- fedora-36-xfce
- fedora-37
# - gentoo
# - gentoo-minimal
# - kali
- whonix-gw-16
- whonix-ws-16
templatesUnofficial:
- https://qubes.3isec.org/Templates_4.1/qubes-template-archlinux-4.0.6-202204171510.noarch.rpm
- https://qubes.3isec.org/Templates_4.1/qubes-template-debian-12-4.0.6-202208292254.noarch.rpm
- https://qubes.3isec.org/Templates_4.1/qubes-template-jammy-4.0.6-202205012228.noarch.rpm

View file

@ -0,0 +1,5 @@
#!/usr/bin/env bash
### Update timezone
logg info "Setting timezone to {{ .user.timezone }}"
timedatectl set-timezone {{ .user.timezone }}

View file

@ -0,0 +1,11 @@
#!/usr/bin/env bash
### Update dom0
logg info 'Updating dom0 via `qubesctl`'
sudo qubesctl --show-output state.sls update.qubes-dom0
logg info 'Updating dom0 via `qubes-dom0-update`'
sudo qubes-dom0-update --clean -y
### Ensure sys-whonix is running
logg info 'Ensuring `sys-whonix` is running'
qvm-start sys-whonix --skip-if-running

View file

@ -0,0 +1,9 @@
#!/usr/bin/env bash
### Ensure Qubes templates exist and download if they are not present
for TEMPLATE of {{ .qubes.templates | toString | replace "[" "" | replace "]" "" }}; do
if [ ! -f "/var/lib/qubes/vm-templates/$TEMPLATE" ]; then
logg info "Installing $TEMPLATE"
sudo qubes-dom0-update "qubes-template-$TEMPLATE"
fi
done

View file

@ -0,0 +1,15 @@
#!/usr/bin/env bash
### Ensure Qubes minimal templates have passwordless sudo
for TEMPLATE of {{ .qubes.templates | toString | replace "[" "" | replace "]" "" }}; do
if [[ "$TEMPLATE" == *'-minimal' ]]; then
if [[ "$TEMPLATE" == 'debian'* ]] || [[ "$TEMPLATE" == 'ubuntu'* ]]; then
logg info "Installing qubes-core-agent-passwordless-root on $TEMPLATE"
qvm-run -u root "$TEMPLATE" apt-get update
qvm-run -u root "$TEMPLATE" apt-get install -y qubes-core-agent-passwordless-root
elif [[ "$TEMPLATE" == 'fedora'* ]]; then
logg info "Installing qubes-core-agent-passwordless-root on $TEMPLATE"
qvm-run -u root "$TEMPLATE" dnf install -y qubes-core-agent-passwordless-root
fi
fi
done

View file

@ -0,0 +1,21 @@
#!/usr/bin/env bash
### Ensure unofficial templates are installed
for TEMPLATE_URL of {{ .qubes.templatesUnofficial | toString | replace "[" "" | replace "]" "" }}; do
logg info "Template URL: $TEMPLATE_URL"
TEMPLATE="$(echo "$TEMPLATE_URL" | sed 's/^.*\/\(.*\)-\d+.\d+.\d+-\d+.noarch.rpm$/\1/')"
logg info "Template: $TEMPLATE"
FILE="$(echo "$TEMPLATE_URL" | sed 's/^.*\/\(.*-\d+.\d+.\d+-\d+.noarch.rpm\)$/\1/')"
logg info "File: $FILE"
if [ ! -f "/var/lib/qubes/vm-templates/$TEMPLATE" ]; then
logg info "Downloading the unofficial $TEMPLATE TemplateVM via {{ .qubes.provisionVM }}"
qvm-run --pass-io "{{ .qubes.provisionVM }}" "curl -sSL "$TEMPLATE_URL" -o "/home/Downloads/$FILE""
logg info "Transferring the image to dom0"
qvm-run --pass-io "{{ .qubes.provisionVM }}" "cat /home/Downloads/$FILE" > "/tmp/$FILE"
logg info "Installing the TemplateVM via dnf"
sudo dnf install --nogpgcheck "/tmp/$FILE"
rm -f "/tmp/$FILE"
else
logg info "$TEMPLATE is already installed"
fi
done

View file

@ -0,0 +1,5 @@
#!/usr/bin/env bash
### Update TemplateVMs
logg info 'Updating TemplateVMs via `qubesctl`'
timeout 900 qubesctl --show-output --skip-dom0 --templates state.sls update.qubes-vm

View file

@ -0,0 +1,21 @@
#!/usr/bin/env bash
### Ensure mirage-firewall kernel folder setup
if [ ! -d /var/lib/qubes/vm-kernels/mirage-firewall ]; then
logg info 'Creating the /var/lib/qubes/vm-kernels/mirage-firewall directory'
sudo mkdir -p /var/lib/qubes/vm-kernels/mirage-firewall
fi
### Install the mirage-firewall kernel
if [ ! -f /var/lib/qubes/vm-kernels/mirage-firewall/vmlinuz ]; then
logg info 'Downloading the pre-compiled mirage firewall kernel in the {{ .qubes.provisionVM }} VM'
qvm-run provision 'curl -sSL {{ .qubes.mirageUrl }} > ~/Downloads/mirage-firewall.tar.gz && tar xjf ~/Downloads/mirage-firewall.tar.gz -C ~/Downloads'
logg info 'Transferring mirage-firewall kernel to dom0 from the {{ .qubes.provisionVM }} VM'
qvm-run --pass-io {{ .qubes.provisionVM }} 'cat /home/user/Downloads/mirage-firewall/vmlinuz' > /var/lib/qubes/vm-kernels/mirage-firewall/vmlinuz
fi
### Create dummy initrmfs for the mirage-firewall kernel
if [ ! -f/var/lib/qubes/vm-kernels/mirage-firewall/initramfs ]; then
logg info 'Adding dummy initrmfs file to the mirage-firewall kernel folder'
gzip -n9 < /dev/null > /var/lib/qubes/vm-kernels/mirage-firewall/initramfs
fi

View file

@ -0,0 +1,24 @@
#!/usr/bin/env bash
### Enable sys-usb
logg info 'Modifying Salt configuration to be able to enable sys-usb'
qubesctl top.enabled pillar=True || EXIT_CODE=$?
qubesctl state.highstate || EXIT_CODE=$?
logg info 'Ensuring sys-net-as-usbvm is removed'
qubesctl top.disable qvm.sys-net-as-usbvm pillar=True || EXIT_CODE=$?
logg info 'Ensuring sys-usb is setup and that it is properly configured with the keyboard'
qubesctl state.sls qvm.usb-keyboard
### Configure USB keyboard settings
if [ "{{ .qubes.promptKeyboards }}" = 'true' ]; then
logg info 'Ensure USB keyboards are only allows to connect after prompt is answered'
logg warn 'This can potentially lock you out if all you have are USB keyboards'
echo "sys-usb dom0 ask,user=root,default_target=dom0" | sudo tee /etc/qubes-rpc/policy/qubes.InputKeyboard
else
logg info 'Ensuring USB keyboards can connect without a prompt'
echo "sys-usb dom0 allow,user=root" | sudo tee /etc/qubes-rpc/policy/qubes.InputKeyboard
fi
### Configure USB mouse settings
logg info 'Ensuring newly connected USB mouse devices are only allowed to connect after a prompt is accepted'
echo "sys-usb dom0 ask,default_target=dom0" | sudo tee /etc/qubes-rpc/policy/qubes.InputMouse

View file

@ -0,0 +1,26 @@
#!/usr/bin/env bash
### Enables sys-gui-gpu
enableSysGUIGPU() {
logg info 'Enabling `sys-gui-gpu`'
qubesctl top.enable qvm.sys-gui-gpu
qubesctl top.enable qvm.sys-gui-gpu pillar=True
qubesctl --all state.highstate
qubesctl top.disable qvm.sys-gui-gpu
}
### Enable appropriate sys-gui
if qvm-pci list | grep 'VGA compatible controller' | grep 'Intel'; else
logg info 'An Intel GPU was detected'
enableSysGUIGPU
logg info 'Attaching Intel GPU PCI devices to sys-gui-gpu'
qubesctl state.sls qvm.sys-gui-gpu-attach-gpu
elif qvm-pci list | grep 'VGA compatible controller' | grep 'NVIDIA'; then
logg info 'An NVIDIA GPU was detected'
enableSysGUIGPU
logg info 'Attaching NVIDIA GPU PCI devices to sys-gui-gpu'
for ID of "$(qvm-pci list | grep 'NVIDIA' | sed 's/^\([^ ]*\).*/\1/')"; do
logg info "Attaching PCI device with ID of $ID"
qvm-pci attach sys-gui-gpu "$ID" --persistent -o permissive=true
done
fi

View file

@ -0,0 +1,4 @@
---
grub:
shiftToSeeMenu: false
theme: Betelgeuse

View file

@ -1,9 +1,98 @@
{{- if not .host.headless }}
## Betelgeuse Theme
["/usr/local/src/betelgeuse"]
type = "git-repo"
url = "https://gitlab.com/megabyte-labs/misc/betelgeuse.git"
clone.args = ["--depth", "1"]
pull.args = ["--ff-only"]
### Hack Nerd Font Download
{{- $refreshPeriod := "4800h" }}
{{- $fontDir := "" }}
{{- $fontUrlBase := "https://github.com/ryanoasis/nerd-fonts/raw/master/patched-fonts/Hack"}}
{{- if eq .host.distro.family "darwin" }}
{{- $fontDir = "/Library/Fonts" }}
{{- else if eq .host.distro.family "linux" }}
{{- $fontDir = "/usr/local/share/fonts" }}
{{- else if eq .host.distro.family "windows" }}
{{- $fontDir = "TODOWindows/Fonts" }}
{{- end }}
["{{ $fontDir }}/Hack-Regular-Nerd-Font.ttf"]
type = "file"
url = "{{ $fontUrlBase }}/Regular/complete/Hack%20Regular%20Nerd%20Font%20Complete{{if eq .host.distro.family "windows"}}%20Windows%20Compatible{{end}}.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
["{{ $fontDir }}/Hack-Bold-Nerd-Font.ttf"]
type = "file"
url = "{{ $fontUrlBase }}/Bold/complete/Hack%20Bold%20Nerd%20Font%20Complete{{if eq .host.distro.family "windows"}}%20Windows%20Compatible{{end}}.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
["{{ $fontDir }}/Hack-Italic-Nerd-Font.ttf"]
type = "file"
url = "{{ $fontUrlBase }}/Italic/complete/Hack%20Italic%20Nerd%20Font%20Complete{{if eq .host.distro.family "windows"}}%20Windows%20Compatible{{end}}.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
["{{ $fontDir }}/Hack-Bold-Italic-Nerd-Font.ttf"]
type = "file"
url = "{{ $fontUrlBase }}/BoldItalic/complete/Hack%20Bold%20Italic%20Nerd%20Font%20Complete{{if eq .host.distro.family "windows"}}%20Windows%20Compatible{{end}}.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
### Montserrat Font Download
{{- $fontUrlBase := "https://github.com/JulietaUla/Montserrat/raw/master/fonts/ttf/Montserrat-"}}
{{- $fonts := list "Black" "BlackItalic" "Bold" "BoldItalic" "ExtraBold" "ExtraBoldItalic" "ExtraLight" "ExtraLightItalic" "Italic" "Light" "LightItalic" "Medium" "MediumItalic" "Regular" "SemiBold" "SemiBoldItalic" "Thin" "ThinItalic" }}
{{- range $font := $fonts }}
["{{ $fontDir }}/Montserrat-{{ $font }}.ttf"]
type = "file"
url = "{{ $fontUrlBase }}{{ $font }}.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
{{- end }}
### ZillaSlab Font Download
{{- $fontUrlBase := "https://github.com/typotheque/zilla-slab/raw/master/fonts_TTF/ZillaSlab"}}
{{- $fonts := list "-Bold" "-BoldItalic" "-Italic" "-Light" "-LightItalic" "-Medium" "-MediumItalic" "-Regular" "-SemiBold" "-SemiBoldItalic" "Highlight-Bold" "Highlight-Regular" }}
{{- range $font := $fonts }}
["{{ $fontDir }}/ZillaSlab{{ $font }}.ttf"]
type = "file"
url = "{{ $fontUrlBase }}{{ $font }}.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
{{- end }}
### Rofi Fonts
["{{ $fontDir }}/GrapeNuts-Regular.ttf"]
type = "file"
url = "https://github.com/adi1090x/rofi/raw/master/fonts/GrapeNuts-Regular.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
["{{ $fontDir }}/Icomoon-Feather.ttf"]
type = "file"
url = "https://github.com/adi1090x/rofi/raw/master/fonts/Icomoon-Feather.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
["{{ $fontDir }}/Iosevka-Nerd-Font-Complete.ttf"]
type = "file"
url = "https://github.com/adi1090x/rofi/raw/master/fonts/Iosevka-Nerd-Font-Complete.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
["{{ $fontDir }}/JetBrains-Mono-Nerd-Font-Complete.ttf"]
type = "file"
url = "https://github.com/adi1090x/rofi/raw/master/fonts/JetBrains-Mono-Nerd-Font-Complete.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
### Miscellaneous Fonts Download
["{{ $fontDir }}/FontAwesome.ttf"]
type = "file"
# Source URL
url = "https://github.com/VermiumSifell/dotfiles/raw/main/dot_local/share/fonts/fontawesome.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
["{{ $fontDir }}/Weather-Icons.ttf"]
type = "file"
# Source URL
url = "https://github.com/VermiumSifell/dotfiles/raw/main/dot_local/share/fonts/weathericons.ttf"
refreshPeriod = "{{ $refreshPeriod }}"
{{- end }}
### NGINX
["/etc/nginx"]
type = "git-repo"
url = "https://gitlab.com/megabyte-labs/cloud/nginx-configs.git"
clone.args = ["--depth", "1"]
pull.args = ["--ff-only"]
### Rundeck
["/var/lib/rundeck/libext/ansible-plugin-3.2.2.jar"]
type = "file"
url = "https://github.com/rundeck-plugins/ansible-plugin/releases/download/v3.2.2/ansible-plugin-3.2.2.jar"

View file

@ -0,0 +1,4 @@
#!/usr/bin/env bash
logg info 'Copying /boot/grub2/grubenv to /boot/efi/EFI/qubes/grubenv'
sudo cp -f /boot/grub2/grubenv /boot/efi/EFI/qubes/grubenv

View file

@ -0,0 +1,54 @@
#!/usr/bin/env bash
SCREEN_WIDTH="$(xrandr --current | grep '*' | uniq | awk '{print $1}' | cut -d 'x' -f1)"
SCREEN_HEIGHT="$(xrandr --current | grep '*' | uniq | awk '{print $1}' | cut -d 'x' -f2)"
SCREEN_RATIO="$(awk -v height={{ screen_height.stdout }} -v width={{ screen_width.stdout }} 'BEGIN { print ((height / width) * 1000) }')"
SCREEN_RATIO="${SCREEN_RATIO%.*}"
SCREEN_RATIO_ULTRAWIDE="2100"
GRUB_RESOLUTION_TYPE="1080p"
### Determine if screen is ultrawide
if (( $(echo "$SCREEN_RATIO $SCREEN_RATIO_ULTRAWIDE" | awk '{print ($1 > $2)}') )); then
GRUB_RESOLUTION_TYPE="ultrawide"
fi
### Optimize the GRUB resolution
logg info 'Optimizing the GRUB resolution'
if cat /etc/default/grub | grep GRUB_GFX_MODE; then
sudo sed -i '/.*GRUB_GFXMODE.*/GRUB_GFXMODE=auto/' /etc/default/grub
else
echo "GRUB_GFXMODE=auto" | sudo tee -a /etc/default/grub
fi
### Add GRUB_GFXPAYLOAD_LINUX=keep
logg info 'Ensuring GRUB_GFXPAYLOAD_LINUX is set to keep'
if cat /etc/default/grub | grep GRUB_GFXPAYLOAD_LINUX; then
sudo sed -i '/.*GRUB_GFXPAYLOAD_LINUX.*/GRUB_GFXPAYLOAD_LINUX="keep"/' /etc/default/grub
else
echo 'GRUB_GFXPAYLOAD_LINUX="keep"' | sudo tee -a /etc/default/grub
fi
### Set GRUB theme
logg info "Setting GRUB2 theme to {{ .theme }}-$GRUB_RESOLUTION_TYPE"
if cat /etc/default/grub | grep GRUB_THEME; then
sudo sed -i '/.*GRUB_THEME.*/GRUB_THEME="{{ .theme }}-'"$GRUB_RESOLUTION_TYPE"'"/' /etc/default/grub
else
echo 'GRUB_THEME="{{ .theme }}-'"$GRUB_RESOLUTION_TYPE"'"' | sudo tee -a /etc/default/grub
fi
### Set GRUB background
logg info 'Set GRUB background to prevent FOUC'
if cat /etc/default/grub | grep GRUB_BACKGROUND; then
sudo sed -i '/.*GRUB_BACKGROUND.*/GRUB_BACKGROUND="/usr/local/share/grub/{{ .theme }}-blue.png"/' /etc/default/grub
else
echo 'GRUB_BACKGROUND="/usr/local/share/grub/{{ .theme }}-blue.png"' | sudo tee -a /etc/default/grub
fi
### Configure Shift to see menu feature
logg info 'Configuring Shift to see GRUB2 menu feature'
sed -i '/GRUB_FORCE_HIDDEN_MENU/d' /etc/default/grub
echo "GRUB_FORCE_HIDDEN_MENU={{ .grub.shiftToSeeMenu }}" > /etc/default/grub
### Remove duplicate lines
logg info 'Ensuring there are no duplicate entries in /etc/default/grub'
cat /etc/default/grub | uniq -u | sudo tee /etc/default/grub

View file

@ -0,0 +1,9 @@
#!/usr/bin/env bash
### Ensure QT_STYLE_OVERRIDE is set in /etc/environment
logg info 'Ensuring QT_STYLE_OVERRIDE is set in /etc/environment'
if cat /etc/environment | grep QT_STYLE_OVERRIDE; then
sudo sed -i '/.*QT_STYLE_OVERRIDE.*/export QT_STYLE_OVERRIDE=kvantum-dark/' /etc/environment
else
echo 'export QT_STYLE_OVERRIDE=kvantum-dark' | sudo tee -a /etc/environment
fi

View file

@ -0,0 +1,41 @@
[qubes-templates-itl]
name = Qubes Templates repository
#baseurl = https://yum.qubes-os.org/r$releasever/templates-itl
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/templates-itl
metalink = https://yum.qubes-os.org/r$releasever/templates-itl/repodata/repomd.xml.metalink
enabled = 1
fastestmirror = 1
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/qubes/repo-templates/keys/RPM-GPG-KEY-qubes-$releasever-primary
[qubes-templates-itl-testing]
name = Qubes Templates repository
#baseurl = https://yum.qubes-os.org/r$releasever/templates-itl-testing
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/templates-itl-testing
metalink = https://yum.qubes-os.org/r$releasever/templates-itl-testing/repodata/repomd.xml.metalink
enabled = 1
fastestmirror = 1
gpgcheck = 1
gpgkey = file:///etc/qubes/repo-templates/keys/RPM-GPG-KEY-qubes-$releasever-primary
[qubes-templates-community]
name = Qubes Community Templates repository
#baseurl = https://yum.qubes-os.org/r$releasever/templates-community
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/templates-community
metalink = https://yum.qubes-os.org/r$releasever/templates-community/repodata/repomd.xml.metalink
enabled = 1
fastestmirror = 1
metadata_expire = 7d
gpgcheck = 1
gpgkey = file:///etc/qubes/repo-templates/keys/RPM-GPG-KEY-qubes-$releasever-templates-community
[qubes-templates-community-testing]
name = Qubes Community Templates repository
#baseurl = https://yum.qubes-os.org/r$releasever/templates-community-testing
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/templates-community-testing
metalink = https://yum.qubes-os.org/r$releasever/templates-community-testing/repodata/repomd.xml.metalink
enabled = 1
fastestmirror = 1
gpgcheck = 1
gpgkey = file:///etc/qubes/repo-templates/keys/RPM-GPG-KEY-qubes-$releasever-templates-community

View file

@ -0,0 +1,42 @@
[qubes-dom0-current]
name = Qubes Dom0 Repository (updates)
#baseurl = https://yum.qubes-os.org/r$releasever/current/dom0/fc32
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/current/dom0/fc32
metalink = https://yum.qubes-os.org/r$releasever/current/dom0/fc32/repodata/repomd.xml.metalink
skip_if_unavailable=False
enabled = 1
metadata_expire = 6h
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
[qubes-dom0-current-testing]
name = Qubes Dom0 Repository (updates-testing)
#baseurl = https://yum.qubes-os.org/r$releasever/current-testing/dom0/fc32
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/current-testing/dom0/fc32
metalink = https://yum.qubes-os.org/r$releasever/current-testing/dom0/fc32/repodata/repomd.xml.metalink
skip_if_unavailable=False
enabled = 1
metadata_expire = 6h
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
[qubes-dom0-security-testing]
name = Qubes Dom0 Repository (security-testing)
#baseurl = https://yum.qubes-os.org/r$releasever/security-testing/dom0/fc32
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/security-testing/dom0/fc32
metalink = https://yum.qubes-os.org/r$releasever/security-testing/dom0/fc32/repodata/repomd.xml.metalink
skip_if_unavailable=False
enabled = 1
metadata_expire = 6h
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
[qubes-dom0-unstable]
name = Qubes Dom0 Repository (unstable)
#baseurl = https://yum.qubes-os.org/r$releasever/unstable/dom0/fc32
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/unstable/dom0/fc32
metalink = https://yum.qubes-os.org/r$releasever/unstable/dom0/fc32/repodata/repomd.xml.metalink
skip_if_unavailable=False
enabled = 0
gpgcheck = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-unstable

View file

@ -0,0 +1,13 @@
#!/usr/bin/env bash
logg info 'Ensure /usr/local/share/grub/themes is a directory'
sudo mkdir -p /usr/local/share/grub/themes
logg info 'Copy GRUB theme to /usr/local/share/grub/themes'
cp -rf /usr/local/src/{{ .theme }}/share/grub/themes/ /usr/local/share/grub/themes
logg info 'Ensure /boot/grub2/themes is a directory'
sudo mkdir -p /boot/grub2/themes
logg info 'Copy GRUB themes to /boot/grub2/themes'
sudo cp -rf /usr/local/share/grub/themes/ /boot/grub2/themes