If the nvim dev state is active, then instead of creating two repositories, link the local nvim config to the development repo. It's too much work to push/pull for every feature.

Implemented in 898f791. Closing.

• install user.js manager;
• apply per-profile user.js overrides;
• create default (private), clean, session (saves data - dev; youtube), and test (new features) profiles;
• install default add-ons;
• create/use a per-domain profile changer (/usr/lib system profile);
• import add-on preferences;

Install pyenv, set the PATH (include local user libs).

When using file.accumulated or managed, multi-line strings do not respect indentation of the surrounding context. The only thin that works is a template, and appending pillar values into that template, because the template provides the formatting. However, for some cases, where adding features to a file via file.accumulated, this isn't possible, and you're stuck with broken indentation.

Example

foo-id:
  file.managed:
    - name: /foo.sh
    - marker_start: "# START FOO"
    - marker_end: "# END FOO"

bar-id:
  file.accumulated:
    - filename: /foo.sh
    - text |
        foobar
        baz
    - require_in:
      - file: foo-id

# /foo.sh
if [[ 1 == 1 ]]; then
  # START FOO
foobar
baz
# END FOO
fi

I have tried {{ "foobar" | indent(2) }}, and - text |2. The former doesn't work (probably a master config issue -- where it strips all spaces), and the latter throws a traceback.

I have also tried {{+ "foobar" | indent(2) }}: nothing.

Move towards using qubesctl --targes foo, where the top file looks like:

user:
  dom0:
    - ...
  qubes:type:template:
    - ...
  qubes:type:appvm:
    - ...

Such that you can apply a set of states to any VM, just by providing its name (i.e. not hard-coding te targets).

Right now, for example, the current system requires a state file for every domain that you wish to apply a service to -- e.g. vms/dev/docker.sls.

Make it faster, and manage its config with Salt.

Also find which scripts, zsh plugins require it and make it a dependency for that state (i.e. A used ZSH plugin uses JQ).

Pull configs, store them in a Salt store. Also, make configs fuzzy selectable via a floating pop-up terminal that does FZF searching, set the symlink and restart the service.

There is a ZSH plugin that does Docker completions. Perhaps add Docker as a dependency there.

Also not that you will need to set user-dirs in the domU (so that Docker data isn't deleted on a reboot).

Additionally, possibly move the required kernel parameter into the Docker state (if it's not too much hassle).

Instead of settings like firewall or template name etc, don't. Rely on defaults instead. Create a state that manages qubes-prefs (defaults).

• manage dependencies: determine which binaries the scripts require and link them via states;
• create dom0, domU, and common script directories in order to apply scripts to the correct domain;

Not all VMs will use Zinit (e.g. vault) and yet will execute the init script.

Move it to the user's zshrc, and use a Salt to manage it.

Also move starship init and path deduping into zshrc: starship needs to be inited after path is readd; deduping only makes sense after the entire config has loaded (including Zinit, which is the worst offender).

The Qubes metalink is different, and the Regex will fail to apply &protocol=https due to it not already having existing GET parameters.

1. check that you can apply these to dom0, and if not, change the state file name from admin to templatevm;
2. change the Regex to apply ? if there not existing GET parameter (also trim '/');

Ranger

Install:

• pynvim: via pip --user
• ranger-fm: via pip --user

export NVIM_LISTEN_ADDRESS=127.0.0.1:XXXX so that Ranger can use RPC.

You must install both ranger and pynvim locally. For some reason if you install the into different site-packages paths it doesn't work -- ranger cannot find pynvim.

FZF

TODO

Packer

You must clone this on every AppVM, since it lives under .local.

MISC

Consider pinning dep versions via packer, and sharing it globally somehow. It's probably not a big deal.

• include rifle;
• apply as dependency to neovim state;
• set as the default file manager, such that Firefox and other applications will open it;

The minimal VMs need qubes-mgmt-salt-vm-connector. You cannot run salt against VMs without it. You will need to find a way to download and install the minimal template outside of Salt, and install this package.

Things like EDITOR=vim instead of nvim; QUBES_VAULT_VM has not place in dom0.

See if you can instead install it entirely in a DispVM. If not, at least turn off any services.

See if it's possible to use a dedicated mgmt VM (with a restricted RPC policy) to load IP blocks, and other IPs (from DNS queries) into the firewall.

Lock down permissions in all VMs.

Set the config to /etc/xdg/kitty/. Install kittens.