Merge branch 'deeplow-patch-22'

This commit is contained in:
Andrew David Wong 2021-07-06 07:14:25 -07:00
commit c4f59952f5
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17

View File

@ -20,7 +20,7 @@ We will set up a spare machine (bare metal, not a virtual) that will be hosting
## Setting up the Machine ## Setting up the Machine
### Install ISO ### Install ISO
First, do a clean install from the `.iso` [you built](/doc/qubes-iso-building/) or grabbed elsewhere (for example [here](https://forum.qubes-os.org/t/qubesos-4-1-alpha-signed-weekly-builds/3601)) First, do a clean install from the `.iso` [you built](/doc/qubes-iso-building/) or grabbed elsewhere (for example [here](https://forum.qubes-os.org/t/qubesos-4-1-alpha-signed-weekly-builds/3601)).
### Enabling Network Access in Dom0 ### Enabling Network Access in Dom0
@ -30,53 +30,72 @@ Internet access is intentionally disabled by default in dom0. But to ease the de
1. Remove the network card (PCI device) from `sys-net` 1. Remove the network card (PCI device) from `sys-net`
2. Restart your computer (for the removal to take effect) 2. Restart your computer (for the removal to take effect)
3. The following script should enable your network card in dom0. *Be sure to adjust the script's variables to suit your needs.* You'll need to run this at every startup (TODO: describe how to run this at every startup). 3. Install `dhcp-client` and `openssh-server` on your testbench's dom0.
4. Save the following script in `/home/user/bin/dom0_network.sh` and make it executable. It should enable your network card in dom0. *Be sure to adjust the script's variables to suit your needs.*
```bash ```bash
#!/bin/sh #!/bin/sh
# adjust this for your NIC (run lspci) # adjust this for your NIC (run lspci)
BDF=0000:02:00.0 BDF=0000:02:00.0
# adjust this for your network driver # adjust this for your network driver
DRIVER=e1000e DRIVER=e1000e
prog=$(basename $0) prog=$(basename $0)
pciunbind() {
local path
path=/sys/bus/pci/devices/${1}/driver/unbind
if ! [ -w ${path} ]; then
echo "${prog}: Device ${1} not bound"
return 1
fi
echo -n ${1} >${path}
}
pcibind() {
local path
path=/sys/bus/pci/drivers/${2}/bind
if ! [ -w ${path} ]; then
echo "${prog}: Driver ${2} not found"
return 1
fi
echo ${1} >${path}
}
pciunbind ${BDF}
pcibind ${BDF} ${DRIVER}
pciunbind() { sleep 1
local path dhclient
path=/sys/bus/pci/devices/${1}/driver/unbind ```
if ! [ -w ${path} ]; then
echo "${prog}: Device ${1} not bound"
return 1
fi
echo -n ${1} >${path}
}
pcibind() { 5. Configure your DHCP server so your testbench gets static IP and connect your machine to your local network. You should ensure that your testbench can reach the Internet.
local path
path=/sys/bus/pci/drivers/${2}/bind
if ! [ -w ${path} ]; then
echo "${prog}: Driver ${2} not found"
return 1
fi
echo ${1} >${path}
}
pciunbind ${BDF} 6. You'll need to run the above script on every startup. To automate this save the following systemd service `/etc/systemd/system/dom0-network-direct.service`
pcibind ${BDF} ${DRIVER}
sleep 1
dhclient
```
4. Configure your DHCP server so your testbench gets static IP and connect your machine to your local network. You should ensure that your testbench can reach the Internet. ```
[Unit]
Description=Connect network to dom0
5. Install `openssh-server` on your testbench. [Service]
Type=oneshot
~~~ ExecStart=/home/user/bin/dom0_network.sh
sudo dnf --setopt=reposdir=/etc/yum.repos.d install openssh-server
~~~ [Install]
WantedBy=multi-user.target
```
7. Then, enable and start the SSH Server and the script on boot:
```bash
sudo systemctl enable sshd
sudo systemctl start sshd
sudo systemctl enable dom0-network-direct
sudo systemctl start dom0-network-direct
```
> **Note:** If you want to install additional software in dom0 and your only network card was assigned to dom0, then _instead_ of the usual `sudo qubes-dom0-update <PACKAGE>` now you run `sudo dnf --setopt=reposdir=/etc/yum.repos.d install <PACKAGE>`. > **Note:** If you want to install additional software in dom0 and your only network card was assigned to dom0, then _instead_ of the usual `sudo qubes-dom0-update <PACKAGE>` now you run `sudo dnf --setopt=reposdir=/etc/yum.repos.d install <PACKAGE>`.