Installing dom0 applications and start service at boot?

[tlaurion]

I have a hard time finding this info and your git is the most complete i've found. I have found no info on applying salt recipes to dom0, but for templates installation.

What I would love to do, for example:

• Install powertop in dom0
• activate systemd powertop service wich starts powertop --auto-tune at boot automatically?

Working on it. Will post my findings and propose a pull request with working recipes.

[tlaurion]

@SkypLabs @marmarek

created dom0-powertop.sls, which after deployment in dom0 with ./copy-fom-vm-to-dom0.sh are deployed under /srv/salt/my-config/ dom0-powertop.sls content:

# -*- coding: utf-8 -*-
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :

dom0:
  pkg.installed:
    - name: powertop
    - fromrepo: fedora

Modified my-config.top so that the dom0 section ressembles to:

# -*- coding: utf-8 -*-
# vim: set syntax=yaml ts=2 sw=2 sts=2 et :

base:
  'dom0':
    - my-config.anon-whonix
    - my-config.personal
    - my-config.personal-dev
    - my-config.personal-pub
    - my-config.untrusted
    - my-config.vault
    - my-config.dom0-powertop 

Ran sudo qubesctl top.enable my-config in dom0, then sudo qubesctl --show-output --targets dom0-powertop state.highstate

• All your recipes were run, even though I specifified just dom0-powertop in the above command. Why is that? Will have to delete everything manually...
• dom0-powertop recipe results in command line error: no such option --best when launching yumdownloader. How one's installs software and add service launch in the present recipe attempt?

Any guideline in writing dom0 package installation and service inclusion? Thanks a bunch.

[marmarek]

--target option is about target VMs, not formulas. If you want to run selected formula only, use state.sls my-config.dom0-powertop instead of state.highstate. It will run only one sls file, regardless of top file settings. Note that ignoring top file means you may need to provide target VMs manually (using --target option) - but if you skip --targets, it will apply to dom0 only, which is probably what you want.

As for command line error: no such option --best - I guess you're using Debian-based VM for updatevm. Unfortunately, Debian has very old yum/yumdownloader and doesn't have dnf package at all, which makes some options unsupported. Better use Fedora-based VM for that. If you want to use Whonix, you can connect that Fedora-based VM to sys-whonix.

[SkypLabs]

Thanks @tlaurion for your work and @marmarek for your help.

You will find some instructions on the wiki including how to use state.highstate, state.sls, the --skip-dom0 and --targets options...

If something is missing, just drop me a message in this issue and I will update the wiki accordingly.

[tlaurion]

thanks to you both.

@marmarek:

So the current works with sudo qubesctl state.sls my-config.dom0-powertop.

• How would one enable a service in dom0? (systemctl enable powertop)
• How would one state in a sls (powertop here) that it requires a sys-update based on fedora template that in return depends on sys-whonix or default sys-firewall?

Thanks a bunch. Learning my way through salt and the management stack, but learning fast. :)

[tlaurion]

Fixed in https://github.com/SkypLabs/my-qubes-os-formula/pull/2