Hi,
I got two machines running Qubes and have written some salt files kept in a git repo.
While syncing from dom0 to some git repo is doable (and not very risky).
I am somewhat at a loss how to do it in the other direction.
How do I (somewhat securely) load a git repo of salt files into my dom0?
Are there any best practices?
Greetings,
m3lt
There is no way to deliver anything to dom0 in a secure and simple way.
You can use qvm-run as described in the documentation to copy files from a trusted domain.
This will get old if done often. A tricky, but very convenient solution would be to create your own yum repository. This will both allow you to use existing package management mechanisms and improve security using gpgcheck.
I see,
so basically copying what unman does in shaker as best practices?
I lowkey hoped for a simpler solution for my smaller scale, but fair enough.
Time to look into how to run a yum repo 