mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-01-11 23:39:38 -05:00
Merge branch 'deeplow-patch-22'
This commit is contained in:
commit
c4f59952f5
@ -20,7 +20,7 @@ We will set up a spare machine (bare metal, not a virtual) that will be hosting
|
|||||||
## Setting up the Machine
|
## Setting up the Machine
|
||||||
|
|
||||||
### Install ISO
|
### Install ISO
|
||||||
First, do a clean install from the `.iso` [you built](/doc/qubes-iso-building/) or grabbed elsewhere (for example [here](https://forum.qubes-os.org/t/qubesos-4-1-alpha-signed-weekly-builds/3601))
|
First, do a clean install from the `.iso` [you built](/doc/qubes-iso-building/) or grabbed elsewhere (for example [here](https://forum.qubes-os.org/t/qubesos-4-1-alpha-signed-weekly-builds/3601)).
|
||||||
|
|
||||||
### Enabling Network Access in Dom0
|
### Enabling Network Access in Dom0
|
||||||
|
|
||||||
@ -30,53 +30,72 @@ Internet access is intentionally disabled by default in dom0. But to ease the de
|
|||||||
|
|
||||||
1. Remove the network card (PCI device) from `sys-net`
|
1. Remove the network card (PCI device) from `sys-net`
|
||||||
2. Restart your computer (for the removal to take effect)
|
2. Restart your computer (for the removal to take effect)
|
||||||
3. The following script should enable your network card in dom0. *Be sure to adjust the script's variables to suit your needs.* You'll need to run this at every startup (TODO: describe how to run this at every startup).
|
3. Install `dhcp-client` and `openssh-server` on your testbench's dom0.
|
||||||
|
4. Save the following script in `/home/user/bin/dom0_network.sh` and make it executable. It should enable your network card in dom0. *Be sure to adjust the script's variables to suit your needs.*
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# adjust this for your NIC (run lspci)
|
# adjust this for your NIC (run lspci)
|
||||||
BDF=0000:02:00.0
|
BDF=0000:02:00.0
|
||||||
|
|
||||||
# adjust this for your network driver
|
# adjust this for your network driver
|
||||||
DRIVER=e1000e
|
DRIVER=e1000e
|
||||||
|
|
||||||
prog=$(basename $0)
|
prog=$(basename $0)
|
||||||
|
|
||||||
|
pciunbind() {
|
||||||
|
local path
|
||||||
|
path=/sys/bus/pci/devices/${1}/driver/unbind
|
||||||
|
if ! [ -w ${path} ]; then
|
||||||
|
echo "${prog}: Device ${1} not bound"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
echo -n ${1} >${path}
|
||||||
|
}
|
||||||
|
|
||||||
|
pcibind() {
|
||||||
|
local path
|
||||||
|
path=/sys/bus/pci/drivers/${2}/bind
|
||||||
|
if ! [ -w ${path} ]; then
|
||||||
|
echo "${prog}: Driver ${2} not found"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
echo ${1} >${path}
|
||||||
|
}
|
||||||
|
|
||||||
|
pciunbind ${BDF}
|
||||||
|
pcibind ${BDF} ${DRIVER}
|
||||||
|
|
||||||
pciunbind() {
|
sleep 1
|
||||||
local path
|
dhclient
|
||||||
path=/sys/bus/pci/devices/${1}/driver/unbind
|
```
|
||||||
if ! [ -w ${path} ]; then
|
|
||||||
echo "${prog}: Device ${1} not bound"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
echo -n ${1} >${path}
|
|
||||||
}
|
|
||||||
|
|
||||||
pcibind() {
|
5. Configure your DHCP server so your testbench gets static IP and connect your machine to your local network. You should ensure that your testbench can reach the Internet.
|
||||||
local path
|
|
||||||
path=/sys/bus/pci/drivers/${2}/bind
|
|
||||||
if ! [ -w ${path} ]; then
|
|
||||||
echo "${prog}: Driver ${2} not found"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
echo ${1} >${path}
|
|
||||||
}
|
|
||||||
|
|
||||||
pciunbind ${BDF}
|
6. You'll need to run the above script on every startup. To automate this save the following systemd service `/etc/systemd/system/dom0-network-direct.service`
|
||||||
pcibind ${BDF} ${DRIVER}
|
|
||||||
|
|
||||||
sleep 1
|
|
||||||
dhclient
|
|
||||||
```
|
|
||||||
|
|
||||||
4. Configure your DHCP server so your testbench gets static IP and connect your machine to your local network. You should ensure that your testbench can reach the Internet.
|
```
|
||||||
|
[Unit]
|
||||||
|
Description=Connect network to dom0
|
||||||
|
|
||||||
5. Install `openssh-server` on your testbench.
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
~~~
|
ExecStart=/home/user/bin/dom0_network.sh
|
||||||
sudo dnf --setopt=reposdir=/etc/yum.repos.d install openssh-server
|
|
||||||
~~~
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
```
|
||||||
|
|
||||||
|
7. Then, enable and start the SSH Server and the script on boot:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo systemctl enable sshd
|
||||||
|
sudo systemctl start sshd
|
||||||
|
|
||||||
|
sudo systemctl enable dom0-network-direct
|
||||||
|
sudo systemctl start dom0-network-direct
|
||||||
|
```
|
||||||
|
|
||||||
> **Note:** If you want to install additional software in dom0 and your only network card was assigned to dom0, then _instead_ of the usual `sudo qubes-dom0-update <PACKAGE>` now you run `sudo dnf --setopt=reposdir=/etc/yum.repos.d install <PACKAGE>`.
|
> **Note:** If you want to install additional software in dom0 and your only network card was assigned to dom0, then _instead_ of the usual `sudo qubes-dom0-update <PACKAGE>` now you run `sudo dnf --setopt=reposdir=/etc/yum.repos.d install <PACKAGE>`.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user