mirror of https://github.com/ben-grande/qusal.git synced 2024-09-07 19:12:00 +00:00

Salt Formulas for Qubes OS.

qubes qubes-os qubesos saltstack-formula

Go to file

Ben Grande e42950376a fix: SSH clients misses Qubes network integration Although the dev qube doesn't need it as it use a TCP proxy, every normal SSH setup requires it.		2024-07-25 21:23:19 +02:00
.github	feat: find PGP keys from within the linter	2024-07-11 15:29:57 +02:00
.reuse	ci: lint editorconfig checker	2024-07-08 17:08:12 +02:00
dependencies	ci: lint YAML and spell check code	2024-07-08 11:12:38 +02:00
docs	doc: prefer journalctl parameters over pipes	2024-07-18 15:41:09 +02:00
LICENSES	fix: remove mirage tarball license	2024-03-20 10:29:20 +01:00
minion.d
rpm_spec	fix: add media appmenus	2024-07-19 15:28:56 +02:00
salt	fix: SSH clients misses Qubes network integration	2024-07-25 21:23:19 +02:00
scripts	fix: change directory to repository top level	2024-07-19 15:29:17 +02:00
.codespellrc	ci: lint YAML and spell check code	2024-07-08 11:12:38 +02:00
.ecrc	chore: editorconfig check	2024-07-08 19:59:53 +02:00
.editorconfig	style: limit line length per file extension	2024-07-09 17:42:07 +02:00
.gitlint	chore: copyright update	2024-01-29 16:49:54 +01:00
.gitmodules
.mdl-style.rb	doc: lint markdown files	2024-07-04 17:27:31 +02:00
.mdlrc	feat: add pylint configuration file	2024-07-10 17:03:56 +02:00
.pre-commit-config.yaml	fix: lint all Salt file extensions	2024-07-18 12:23:38 +02:00
.pylintrc	feat: add pylint configuration file	2024-07-10 17:03:56 +02:00
.qubesbuilder	feat: add GUI domain formula	2024-07-18 15:19:38 +02:00
.qubesbuilder.template	feat: build and sign RPM packages	2024-06-12 14:44:04 +02:00
.salt-lint.yaml	ci: lint YAML and spell check code	2024-07-08 11:12:38 +02:00
.shellcheckrc	feat: enable all optional shellcheck validations	2024-07-10 14:36:05 +02:00
.yamllint.yaml	ci: lint YAML and spell check code	2024-07-08 11:12:38 +02:00
README.md	doc: add global guivm property	2024-07-18 15:24:10 +02:00
version	fix: build RPM contained in spec definitions	2024-06-24 08:24:48 +02:00

README.md

qusal

Salt Formulas for Qubes OS.

Warning

Warning: Not ready for production, development only. Breaking changes can and will be introduced in the meantime. You've been warned.

Description
Installation
Usage
Contribute
Donate
Support
- Free Support
- Paid Support
Contact
Credits
Legal

Description

Qusal is a Free and Open Source security-focused project that provides SaltStack Formulas for Qubes OS users to complete various daily tasks, such as web browsing, video-calls, remote administration, coding, network tunnels and much more, which are easy to install and maintains low attack surface.

We not only provide a single solution for each project, but also provides alternative when they differ, such as for networking, you could use a VPN, DNS Sink-hole, Mirage Unikernel or the standard Qubes Firewall for managing the network chain and the connections the clients connected to these NetVMs are allowed to make.

Here are some of the Global Preferences we can manage:

clockvm: disp-sys-net, sys-net
default_audiovm: disp-sys-audio
default_dispvm: dvm-reader
default_guivm: sys-gui, sys-gui-vnc, sys-gui-gpu
default_netvm: sys-pihole, sys-firewall or disp-sys-firewall
management_dispvm: dvm-mgmt
updatevm: sys-pihole, sys-firewall or disp-sys-firewall

Installation

See the installation instructions.

Usage

After installing Qusal, please read the README.md of each project in the salt directory you desire install. If you are unsure how to start, get some ideas from our bootstrap guide.

The intended behavior is to enforce the state of qubes and their services. If you modify the qubes and their services and apply the state again, conflicting configurations will be overwritten. To enforce your state, write a SaltFile to specify the desired state and call it after the ones provided by this project.

If you want to edit the access control of any service, you should always use the Qrexec policy at /etc/qubes/policy.d/30-user.policy, as this file will take precedence over the packaged policies.

Please note that when you allow more Qrexec calls than the default shipped by Qubes OS, you are increasing the attack surface of the target, normally to a valuable qube that can hold secrets or pristine data. A compromise of the client qube can extend to the server, therefore configure the installation according to your threat model.

To troubleshoot issues, read our troubleshooting document.

Contribute

See the contribution instructions.

Donate

This project can only survive through donations. If you like what we have done, please consider donating. Contact us for donation address. Please note that donations are gratuitous, there is not obligation from the maintainers to provide the donor with support, help with bugs, features or answering questions, if there was, it would not be a donation, but a payment.

This project depends on Qubes OS, consider donating to upstream.

Support

Free Support

Free support will be provided on a best effort basis. If you want something, open an issue and patiently wait for a reply, the project is best developed in the open so anyone can search for past issues.

Paid Support

Paid consultation services can be provided. Request a quote from us.

Contact

You must not contact for free support.

E-mail

Credits

I stand on the shoulders of giants. This would not be possible without people contributing to Qubes OS SaltStack formulas. Honorable mention(s): unman.

Legal

This project is REUSE-compliant. It is difficult to list all licenses and copyrights and keep them up-to-date here.

The easiest way to get the copyright and license of the project is with the reuse tool:

reuse spdx

You can also check these information manually by looking in the file header, a companion .license file or in .reuse/dep5.

All licenses are present in the LICENSES directory.

Note that submodules have their own licenses and copyrights statements, please check each one individually using the same methods described above for a full statement.