new to Qubes OS, I like to have a somewhat “reproducible” way to reconfigure my machine in case of issue or if I move hardware, starting from fresh and using my configuration again.
However, with Qubes, it looks like very difficult to achieve that:
many changes are done in /rw per AppVm
changes in dom0 are mostly done in /srv and /etc, and it’s not good/practical to sync dom0 data to somewhere else
I’m currently trying to manage the most I can from dom0 salt by writing sls files. But I’m curious to read what other do to handle their OS.
In particular, I’d like to know how people are managing salt files in dom0. I want to write salt files in an IDE, and I don’t want the IDE in dom0. (I would’ve at least got something working with a dedicated qube without internet access and ro-mounted its data in dom0, but I just went from LVM to btrfs and have no idea where the DomU volumes are now.)
Can’t you just use an IDE in an offline VM and periodically copy the file for testing over to dom0 (qvm-run -p ide-qube 'cat your_salt_file' > your_salt_file_in_dom0)?
I personally write most Salt files in dom0, in a sub-directory of my /home that I have symlinked to /srv/user_salt. (That’s not the smoothest setup, I’m only mentioning that so that you know I’m replying to your question from a set of slightly different requirements.)
More often than not, however, I take advantage of the fact that dom0’s home directory is included in my backups, and that the Qubes Backup tool provides integrity and authenticity checks to my backups.
Also, the symlink approach works with config files other than Salt as well. Though in practice, recreating a collection of symlinks can be just as tedious as restoring a collection of files
I’m looking for a “one touch” fast development loop (I find slow loops awful to work with with configuration management tools - bad experiences with Ansible in the past) that will scale to dozens of files/directories. Maybe that qvm-run -p pattern could do it, dirtily. It gets me off the ground anyway.
Thanks @gonzalo-bulnes - I’d missed that these directories aren’t included in backups, so that’s another future crisis averted
took a while, but got git-remote-qubes working.