tl; dr; Please help me out by explaining like I’m a moron exactly what I need to do to tell salt
/qubesctl
that I have collections of formulas (in the form of directories of one directory per-formula) in three separate directories (e.g. /srv/salt/qusal/salt/
, /srv/salt/shaker/
and /srv/salt/mysalt.git/
)
Realllllly long explanation follows.
I’m using both qusal
and shaker
, because they each have their own strengths or formulas that the other may be lacking. I also would like to start porting what I’ve done in ansible to salt, to eliminate the manual steps I have to use, and so I can contribute formulas to a public Github repo
The way I’m currently setting up qusal
and shaker
is by copying all of the directories in the shaker root directory and all of the directories in qusal salt/ directory into /srv/salt
. So I end up with a listing like this in /srv/salt (I remove the few that clash before copying):
.
./_modules
./_utils
./topd
./_tops
./qubes
./_states
./_grains
./_pillar
./3isec-common
./ansible
./browser
./builder
./cacher
./debian
./debian-minimal
./debian-xfce
./dev
./docker
./dom0
./dotfiles
./electrum
./element
./fedora
./fedora-minimal
./fedora-xfce
./fetcher
./flasher
./git
./gpg
./i2p
./ids
./kali_template
./kicksecure-minimal
./mail
./media
./mgmt
./mirage
./mirage-builder
./monero
./monitor
./mullvad
./multimedia
./mutt
./office
./opentofu
./openvpn
./pihole
./print
./proton
./pyenv
./qubes-builder
./qubes-doc
./qubes-ssh-agent
./remmina
./salt-dev
./share
./signal
./ssh
./store
./syncthing
./sys-audio
./sys-bitcoin
./sys-cacher
./sys-electrs
./sys-electrumx
./sys-firewall
./sys-git
./sys-gui
./sys-gui-gpu
./sys-gui-vnc
./sys-mirage-firewall
./sys-net
./sys-pgp
./sys-pihole
./sys-print
./sys-rsync
./sys-ssh
./sys-ssh-agent
./sys-syncthing
./sys-tailscale
./sys-wireguard
./templates
./terraform
./usb
./utils
./vault
./video-companion
./whonix-gateway
./whonix-workstation
./win_fs
I’ve found that, for the most part, this Just Works well enough for my purposes of building templates and VMs
For example, I built a few templates and appVMs yesterday, including sys-git, using the instructions provided by the README in the sys-git formula. For sys-git, I used the following to build the template and appVM:
$ sudo qubesctl top.enable sys-git
$ sudo qubesctl --targets=tpl-sys-git,sys-git state.apply
$ sudo qubesctl top.disable sys-git
Very nice. I wasn’t sure if what I did would actually work, but seems it’s good enough. I suspect it’s not the right / best way to do it, but it got the job done
Ultimately, though, I want to be able to have third-party salt formulas as well as my own formulas, under source control and runnable in dom0 in such a way that I can easily invoke any of them
Doing it in the way that I did above is not ideal, because then I can’t easily pull down any new commits made to the qusal or shaker public repos without manual effort. I also can’t tell which formula came from which repo
I would rather have a configuration option or flag that informs salt that:
- The “shaker” formulas are in
/srv/user_salt/shaker.git/shaker/
- The “qusal” formulas are in
/srv/user_salt/qusal.git/salt/
- The “user” formulas are in
/srv/user_salt/mysaltrepo.git/salt/
That way I can have shaker/
and qusal/
as separate repos, so I can easily keep them in sync with the public repos and I can have my own formulas, which I can incrementally enhance and retrieve from sys-git
I know that the real answer is “go read the salt docs, go read the Qubes salt docs” - and I have, to some extent. But I’m most interested in getting these working rapidly and in a sustainable way. Because I’m a slow learner without hours and hours of hands-on experience, and because I’m not ever going to use Salt again, I can’t justify the time investment to learning how to lay out the formulas and configure salt to know about them (or avoid pitfalls I’m likely to encounter doing it this way)
Maybe the right question to ask is how can I inform salt/qubesctl that I have formulas in multiple arbitrary or semi-arbitrary directories, rather than one monolithic collections of formulas?
Any help beyond “rtfm” is very appreciated. Because I’ll never use salt again, I found it very, very difficult to absorb anything in the qubes salt or salt docs/guide before my eyes glazed over and I felt that I was wasting time. If I need to spend hours a day for weeks to really learn salt well enough to absorb how to structure the project, it’s going to negate the time saved to the point that I’ll give up and use shell scripts and ansible
… it’s fair to say “then just use shell scripts and ansible” - however, I do intend to send PRs and publish my own repo to Github, so in my opinion it’s worthwhile to the larger community to contribute a few moments of your time and explain like I’m an LLM exactly what layout I want, and what settings/configuration options I will need to get off and running with qusal, shaker and my own repo being in separate directories
I do NOT expect any help in writing the formulas - I can manage that myself. It’s not much different from ansible, just different syntax and different patterns here and there, which I can learn by stealing/referencing qusal and shaker
I’m hoping answers might be simple - e.g. “just add /srv/salt/config.yml
with each directory containing formulas listed under the top-level key some_salt_convention
”. I’m also hoping that what I’m describing isn’t a horrible perilous anti-pattern in Salt-Land.
Thanks !!!