โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ cozyโsalt โ a comfy little salt โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
(^-^)
โง
โง โง Q(-_-q)
โง โง โง
โง โง
โง
(ใฅ๏ฝกโโฟโฟโ๏ฝก)ใฅ
SaltStack IaC for Windows/Linux workstation provisioning. Master runs in Docker.
Note
AI-generated docs available on DeepWiki โ auto-generated, may drift.
- Listed in AUTHORS.md
# Pull repo and submodules
git pull --recursive git@github.com:vegcom/cozy-salt.git
cd cozy-salt# Start master
make up-master
# Test on Ubuntu container
make test-ubuntu
# Test on RHEL container
make test-rhelsrv/salt/ # Salt states (linux/, windows/, common/)
srv/pillar/ # Pillar data (config per minion)
provisioning/ # Files to deploy (configs, scripts, templates)
scripts/ # Enrollment, Docker entrypoints, utilities
Create a macvlan network and bridge
# 10.0.0.0/16 is a standin
# Dictates ingress, make sure every host that needs on is includd in your subnet
docker network create -d macvlan \
--subnet=10.0.0.0/16 \
--gateway=10.0.0.1 \
-o parent=eth0 \
frontend# 10.0.0.254 is an unassigned IP
ip link delete frontend-shim
ip link add frontend-shim link eth0 type macvlan mode bridge
ip addr add 10.0.0.254/16 dev frontend-shim
ip link set frontend-shim up# 10.0.0.220 is the default salt master IP
ip route add 10.0.0.220/32 dev frontend-shimHierarchy (later levels override earlier):
- Global defaults:
srv/pillar/linux/init.sls,srv/pillar/windows/init.sls,srv/pillar/dist/*.sls - Hardware classes:
srv/pillar/hardware/(e.g.,galileo.slsfor Steam Deck) - Per-host overrides:
srv/pillar/host/example.sls(copy template, rename to hostname) - User configurations:
srv/pillar/users/(individual user configs, seedemo.slstemplate) - Secrets:
srv/pillar/secrets/init.sls(gitignored, tokens/credentials)
User Management:
- Global:
srv/pillar/common/users.sls- managed users list + shared GitHub tokens - Per-user:
srv/pillar/users/{username}.sls- individual user configs- Template:
srv/pillar/users/demo.sls - Copy template and rename to username (e.g.,
newuser.sls) - Includes: groups, SSH keys, git config (email/name), personal tokens
- Tokens merge with global tokens automatically
- Template:
Git Credentials:
- Stored in
.git-credentialswith format:https://username:token@github.com - Deployed per-user via
srv/salt/common/gitconfig.sls .gitconfig.localauto-populated with[user]section if email/name in pillar- See
srv/pillar/users/demo.slsfor structure
OneDir install is proper install
Related: saltstack/salt-bootstrap#2101 (Arch onedir fix)
# Win-Stall on GNU/LInux
# Example master is 10.0.0.220
salt='10.0.0.220'
read -p "type Minion ID: " minion_id
if [[ ! -n $host_name ]] ; then
curl -L https://raw.githubusercontent.com/saltstack/salt-bootstrap/develop/bootstrap-salt.sh | sh -s -- -A ${salt} -i ${minion_id} onedir
fiUses bootstrap-salt.ps1 (onedir) โ consistent with Linux targets.
Bootstrap handles version resolution + install. See lib/windows/__init__.py.
# Install salt
# Example master is 10.0.0.220
Invoke-WebRequest -Uri https://packages.broadcom.com/artifactory/saltproject-generic/windows/3007.9/Salt-Minion-3007.9-Py3-AMD64-Setup.exe -OutFile "$env:TEMP\salt-minion.exe"
& "$env:TEMP\salt-minion.exe" /S /master=10.0.0.220 /minion-name=windows-miniongit submodule update --recursive --remote
vegcom/cozy-salt-enrollment.git
- Linux:
scripts/enrollment/install-minion.py - Windows:
scripts/enrollment/install-minion.ps1 - Windows (Dockur): See scripts/enrollment/WINDOWS.md
Note
Themeing and customization โ leverages Twilite: A theme for those who love a cute purple hue.
See CONTRIBUTING.md for the 3 rules and development workflow.