This repository regroups usefull scripts I developed in order to customize my Qubes OS installation.
This script is used to synchronize pillars, formulas and states from a virtual machine to dom0.
dom0 is isolated from anything else and has no easy way to transfer stuff from a VM for a very good reason:
A compromise of
dom0implies a compromise of the entire system.
See https://www.qubes-os.org/doc/copy-from-dom0/#copying-to-dom0 for more details.
You should verify twice what you will copy to dom0 and copy from a VM as safe as possible (disposable VM can be an option).
BEWARE this sync script pushes some entire folders hierarchy to dom0.
Sync script pulls pillars, formulas and states from source domain <domain> to dom0.
Pillars, formulas and states must all be part of the base salt environment to take advantage of the built-in modules and formulas.
Regarding pillars and states, myq folder is recursively copied (i.e. children are included) from respective source folders qubesos-pillars and qubesos-states.
They are pushed to folders /srv/pillar and /srv/salt respectively to make sure they will be loaded in base salt environment with the built-in Qubes OS salt configuration.
Regarding formulas, the myq folder, if any, is recursively copied (i.e. children are included) from every folder ending with -formula in source folder qubesos-formulas.
-formula folder is included in the copy with only the myq folder in it so formula won’t be copied unless it contain the expected myq folder.
They are pushed to folder /srv/formulas/myq and the generated configuration loads them in the base salt environment.
Move sync script to dom0 by executing following command in dom0 after replacing ${SRC_VM} and ${SRC_DIR} as per your environment:
qvm-run --pass-io ${SRC_VM} "cat ${SRC_DIR}/sync-salt-dom0-from.sh" > sync-salt-dom0-from.sh
chmod u+x sync-salt-dom0-from.sh