{"id":16678379,"url":"https://github.com/viccuad/salt-configs","last_synced_at":"2026-05-09T03:36:57.689Z","repository":{"id":148476956,"uuid":"81490681","full_name":"viccuad/salt-configs","owner":"viccuad","description":"Superseded by https://github.com/viccuad/ansible-configs","archived":false,"fork":false,"pushed_at":"2017-09-03T09:51:24.000Z","size":1939,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-08-24T22:14:37.188Z","etag":null,"topics":["dotfiles","salt","saltstack"],"latest_commit_sha":null,"homepage":"","language":"CSS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/viccuad.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-02-09T20:13:13.000Z","updated_at":"2023-06-11T14:25:40.000Z","dependencies_parsed_at":"2023-09-14T12:49:15.713Z","dependency_job_id":null,"html_url":"https://github.com/viccuad/salt-configs","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/viccuad/salt-configs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viccuad%2Fsalt-configs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viccuad%2Fsalt-configs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viccuad%2Fsalt-configs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viccuad%2Fsalt-configs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/viccuad","download_url":"https://codeload.github.com/viccuad/salt-configs/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/viccuad%2Fsalt-configs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32806373,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T08:22:46.396Z","status":"online","status_checked_at":"2026-05-09T02:00:06.633Z","response_time":123,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dotfiles","salt","saltstack"],"created_at":"2024-10-12T13:29:07.574Z","updated_at":"2026-05-09T03:36:57.665Z","avatar_url":"https://github.com/viccuad.png","language":"CSS","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ABANDONED IN FAVOUR OF\n# https://github.com/viccuad/ansible-configs\n\n--------\n\n\nNew incarnation of my dotfiles, on steroids.\n\nThis salt configs implement Puppet's \"Role\" pattern to set up my dotfiles,\nGUIless workstation, laptop setup, desktop environment, offline PC, router with\nFreedombox and more.\nCurrently it contains already several hundred(!) states.\n\n\n# Where are the dotfiles? #\n\nIf you don't want to dive into salt and just want to extract some dotfiles'\nconfig from here, look at:\n\n- `salt/profile/dotfiles/\u003cwhatever\u003e/files/*`: a file tree that you could put\n  right on to `~` with stow and the like\n- `salt/profile/dotfiles/\u003cwhatever\u003e/files/init.sls`: salt state to install\n  dependencies, append environmental variables, aliases, process templates and\n  copy them where they correspond, etc\n- `salt/profile/dotfiles/\u003cwhatever\u003e/templates/*`: files that are `sed'ed` by\n  salt in some way and afterwards copied into place\n\n\n# How is private info taken care of? #\n\nI have contemplated several options:\n  * git submodules or external repo\n  * .gpg files decrypted by states\n    - apply highstate twice, one to set up gpg/pass, the other to use both\n  * git-crypt\n  * salt gpg renderer:\n    https://docs.saltstack.com/en/latest/ref/renderers/all/salt.renderers.gpg.html\n  * salt sds:\n    https://docs.saltstack.com/en/latest/topics/sdb\n\nI [use][3] a smartcard and I like encrypting everything with gpg and\ncentralizing everything with it as a 2-factor auth.\nI also want to apply the public part of the salt configs and not have binary\nencrypted blobs breaking programs here and there (eg: blobs instead of config\nfiles for weechat, or gnupg, or mail, etc).\n\nWith that in mind, I've chosen the git submodule option. I like the trade-off\nof having a git submodule that contains all the private states and files, and\nthe submodule only gets used if it has been initialized and populated.\n\n\n# Deploying the configs #\n\n## Testing with vagrant (if you are me) ##\n\nOn the host, requires `lxc`, `vagrant`, `vagrant-lxc`, and `gnupg` 2.1+ for\ngpg-agent forwarding (and therefore the private states).\n\n1. Build your own debian Stretch image as explained below\n2. `$ vagrant up workstation`\n3. Ssh into the container and apply the first phase of salt states, the public\n   one:\n\n    ```\n    workstation ~# salt-call -l debug --state-output=mixed state.apply\n    ```\n\n4. Start the forwarding of gpg from the host to the container: take\n   `salt/profile/dotfiles/gnupg/files/.local/bin/remote-gpg`, execute it\n   and leave it running:\n\n   ```\n   host ~$ remote-gpg \u003cip of lxc container\u003e\n\n   Perform remote GPG operations and hit enter\n   ```\n\n   If you get a warning, execute again the script to remove the gpg sockets\n\n5. Connect the Yubikey, and now you have gpg working inside the container.\n6. `git submodule init \u0026\u0026 git submodule update`\n7. Rerun salt states now that the private submodules are checked out\n8. ???\n9. Profit!\n\n\n## From inside a system ##\n\n1. Symlink the needed folders and install the dependencies by executing\n   `bootstrap.sh --symlink`\n2. Run the first phase of salt states, the public one:\n\n```\nworkstation ~# salt-call -l debug --state-output=mixed state.apply\n```\n\n4. Connect the smartcard, do `git submodule init \u0026\u0026 git submodule update`\n5. Rerun salt states\n\n\n# Building a Stretch image #\n\nUntil Debian Stretch is officially released, you can build your own Stretch lxc\nimage (following the official scripts) and use it for the Vagrantfile.\n\nInside this repo, do:\n\n```\n$ git clone https://anonscm.debian.org/git/cloud/debian-vm-templates.git\n$ sudo make -C debian-vm-templates/custom-lxc-vagrant stretch\n$ vagrant up\n```\n\n\n# \"Roles\" code pattern #\n\nThe code that describes the infrastructure follows the pattern:\n\n\n```\n    []         Ids (identity of the machine. Eg: machine02)\n   [] []       Roles (business logic. Eg: workstation, nas). Implemented in pillars\n [] [] []      Profiles (Configure whole stack. Eg: dns server). Implemented in states\n[] [] [] []    Salt formulas (Configure part of the stack. eg: sshd)\n```\n\nThe targeting is based on pillar contents; the pillars contain a dictionary\ncalled `states`, with the states to be applied. Since it's a dictionary, it gets\nmerged from all the pillars.\n\nFor more info, see [4] and [5].\n\nThe role pattern is a best-practices one for Puppet, see [1] and [2].\n\n[1]: https://docs.puppet.com/pe/2016.4/r_n_p_intro.html\n[2]: https://puppet.com/presentations/designing-puppet-rolesprofiles-pattern\n[3]:http://viccuad.me/blog/secure-yourself-part-1-airgapped-computer-and-GPG-smartcards\n[4]: http://seedickcode.com/devops/saltstack/saltstack-a-better-salt-top-sls-part-2/\n[5]: https://www.lutro.me/posts/dangers-of-targetting-grains-in-salt\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fviccuad%2Fsalt-configs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fviccuad%2Fsalt-configs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fviccuad%2Fsalt-configs/lists"}