ProtonVPN App 4.2 setup guide

Community Guides
58

I think there is a more elegant way to implement the salt configuration e.g. qusal by bend-grande. But the script below thanks to Qubes Salt Beginner’s Guide I can understand: I copy several lines from your repo (GitHub - kennethrrosen/qubes-for-journalists: QubesOS wiki and simple setup scripts for use by journalists and media organizations.) too:
step-by-step instruction for everybody less familiar with the procedures:

  1. copy the text below to create files fedora-40-minimal-clone.sls and proton-vpn-minimal.sls in a dispvm with the the name like disp1234 in the user directory
{% if grains['id'] == 'dom0' %}

minimal-template-clone:
  qvm.clone:
    - name: fedora-40-minimal-clone
    - source: fedora-40-minimal

minimal-template-config:  
  qvm.vm:
    - name: fedora-40-minimal-clone
    - prefs:
      - default_dispvm: none
      - audiovm: none
    - require:
      - qvm: minimal-template-clone    

{% elif grains['id'] == 'fedora-40-minimal-clone' %}

minimal-packages:
  pkg.installed:
    - pkgs:
      - qubes-core-agent-passwordless-root
      - qubes-core-agent-networking

{% endif %}

and for proton-vpn-minimal is this:

{% if grains['id'] == 'dom0' %}

protonvpn-present-id:
  qvm.present:
    - name: proton-vpn-minimal
    - template: fedora-40-minimal-clone
    - label: red
    - class: StandaloneVM

protonvpn-prefs-id:
  qvm.prefs:
    - name: proton-vpn-minimal
    - netvm: sys-firewall
    - memory: 800
    - maxmem: 800
    - autostart: True
    - provides-network: True

protonvpn-features-id:
  qvm.features:
    - name: proton-vpn-minimal
    - enable:
      - service.network-manager
      - service.qubes-firewal
    - set:
      - menu-items: protonvpn-app.desktop

{% elif grains['id'] == 'proton-vpn-minimal' %}

protonvpn-install-deps:
    pkg.installed:
      - pkgs:
        - wget
        - network-manager-applet
        - qubes-core-agent-network-manager
      - pkg.uptodate:
        - refresh: True

protonvpn-install:
    cmd.run:
        - name: |
            wget https://repo.protonvpn.com/fedora-40-stable/protonvpn-stable-release/protonvpn-stable-release-1.0.1-2.noarch.rpm
            dnf install -y ./protonvpn-stable-release-1.0.1-2.noarch.rpm
            dnf install -y --refresh proton-vpn-gnome-desktop

setup-autostart:
  file.symlink:
    - name: /home/user/.config/autostart/protonvpn-app.desktop
    - target: /usr/share/applications/protonvpn-app.desktop
    - user: user
    - group: user
    - force: True
    - makedirs: True

{% endif %}

  1. activate sls user configuration in dom0 terminal in case you did not do it already with this:
    sudo qubesctl state.sls qubes.user-dirs

  2. run in dom0 terminal to copy text only to dom0 home directory from dispvm. *change the disp1234 to your dispvm.

qvm-run --pass-io disp1234 'cat /home/user/fedora-40-minimal-clone.sls' > fedora-40-minimal-clone.sls
qvm-run --pass-io disp1234 'cat /home/user/proton-vpn-minimal.sls'  > proton-vpn-minimal.sls
  1. copy sls files to salt directory: run from your dom0 user this:
sudo cp fedora-40-minimal-clone.sls /srv/user_salt/
sudo cp proton-vpn-minimal.sls /srv/user_salt/
  1. run these commands to create your 2 new qubes:
sudo qubesctl --targets=fedora-40-minimal-clone state.sls fedora-40-minimal-clone saltenv=user
sudo qubesctl --targets=proton-vpn-minimal state.sls proton-vpn-minimal saltenv=user
  1. enjoy
2 Likes