I manually maintain this big text list of packages and just use
that to manually update the fresh templateVM to what I
need. There's typically also some non package installs, which I
include basic pointers for (think downloaded rpms and so forth),
as well as some outside repos to add (e.g. keybase). There's also
typically some packages I forgot to put on the list, which I can
usually suss out by going through the bash history for the old
template, although often there's one or two that slip through the
cracks, which I find out about eventually and it's not a huge
deal.
I'm particularly curious if anyone does anything more
sophisticated than that, using salt or some other automated deploy
system to prep new template images.
If you want to install a package, don't open the template and install it
there, edit the install.sls file to include the package, and run
`qubesctl --skip-dom0 --targets=<template> state.apply install`
I have full systems set up in salt to customise a new install as I want,
with new templates and different setups. Sometimes it can be a bit
shaky, and you *have* to check the logs, but it's great to run the full
state, have a coffee, and come back to a fully configured system.
For travel, I have a minimum state I can download and apply, to get a
workable system with gpg, vpn, ssh set up out of the box. So cool.
Very intriguing. I am looking at
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html
https://www.qubes-os.org/doc/salt/....lmk if there is anything else I should read!
I found that the /svr/salt directory was owned by root so I had to use sudo to copy anything to it. Is that normal? I also had to use sudo on the qubesctl commands.
One of the things I need to go is install a printer driver for a network printer. Is this sort of thing easy to do with salt? I normally download the driver from the brother website and follow the instructions for a fedora install.