fix: make sys-pihole fully replace sys-firewall

salt/sys-pihole/files/admin/prefs.sh

@@ -7,23 +7,14 @@
 
 set -eu
 
-qvm-start --skip-if-running sys-pihole && sleep 5
-
-if qubes-prefs updatevm | grep -q sys-firewall; then
-  qubes-prefs updatevm sys-pihole
-fi
-
-if qubes-prefs default_netvm | grep -q sys-firewall; then
-  qubes-prefs default_netvm sys-pihole
-fi
-
+## Change the netvm of every qube that has (disp-)sys-firewall to pihole.
 for qube in $(qvm-ls --raw-data --fields=NAME,NETVM |
-            awk -F '|' '/sys-firewall$/{print  $1}')
+              awk -F '|' '/\|(disp-)?sys-firewall$/{print $1}')
 do
   ## Avoid overwriting netvm to sys-pihole when instead it should use the
   ## default_netvm, so better to prevent overwriting user choices.
   qvm-prefs "$qube" | grep -q "^netvm[[:space:]]\+D" && continue
-  ## Set netvm for qubes that were using sys-firewall to sys-pihole.
+  ## Set netvm for qubes that were using (disp-)sys-firewall to sys-pihole.
   qvm-prefs "$qube" netvm sys-pihole
 done
 

salt/sys-pihole/files/server/network-hooks.d/50-sys-pihole.sh

@@ -15,5 +15,5 @@ for vif in /proc/sys/net/ipv4/conf/vif*/route_localnet; do
 done
 
 if test -f /var/run/qubes-service/local-dns-server; then
-  echo "nameserver 127.0.0.1" | tee /etc/resolv.conf
+  echo "nameserver 127.0.0.1" | tee /etc/resolv.conf >/dev/null
 fi

salt/sys-pihole/prefs.sls

@@ -4,15 +4,26 @@ SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <[email protected]>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
+{% set qube = 'sys-pihole' -%}
+{% set running = 0 -%}
+{% if salt['cmd.shell']('qvm-ls --no-spinner --raw-list --running ' ~ qube) == qube -%}
+  {% set running = 1 -%}
+{% endif -%}
+
+"{{ slsdotpath }}-start":
+  qvm.start:
+    - name: {{ slsdotpath }}
+
 "{{ slsdotpath }}-change-prefs":
   cmd.script:
     - name: prefs.sh
     - source: salt://{{ slsdotpath }}/files/admin/prefs.sh
 
-{#
-"{{ slsdotpath }}-start":
-  qvm.start:
-    - name: {{ slsdotpath }}
+"{{ slsdotpath }}-qubes-prefs-clockvm":
+  cmd.run:
+    - require:
+      - qvm: "{{ slsdotpath }}-start"
+    - name: qubes-prefs clockvm {{ slsdotpath }}
 
 "{{ slsdotpath }}-qubes-prefs-updatevm":
   cmd.run:
@@ -25,4 +36,12 @@ SPDX-License-Identifier: AGPL-3.0-or-later
     - require:
       - qvm: "{{ slsdotpath }}-start"
     - name: qubes-prefs default_netvm {{ slsdotpath }}
-#}
+
+{% if running == 0 -%}
+"{{ slsdotpath }}-shutdown":
+  qvm.shutdown:
+    - name: {{ default_netvm }}
+    - flags:
+      - wait
+      - force
+{% endif -%}