I am looking to set up “block all but whitelist” per vm in sys-pihole. Per the pihole documentation, it can be achieved using ip address of pihole clients. For this to work in qubes saltstack, one should be able to either assign ip address for a vm during creation or at least get ip address of a vm in saltstack (provided the ip address are static for the vm). Any one know how to assign ip address to a vm in saltstack?
IP addresses are always static per qube, and are assigned at creation.
You could access in jinja like this:
salt['cmd.shell'](' qubesdb-read /qubes-ip -d QUBE ' )
Or get the value of the 'ipv4` grain from the qube.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
1 Like
Thank you. I have to run the whitelist scripts in sys-pihole which means I have to provide target=sys-pihole while running the saltstack scripts. However to get ip address looks like I have to run the command on the client vm. Is there any way to get ip address of client vm and pass it on to the script that needs to run in sys-pihole?
Edit: I see that that the command qubesdb-read /qubes-ip -d QUBE can be run from dom0. But the question remains, how do I run a command in dom0 and pass the output to the script that should be run in sys-pihole in saltstack.