Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2025-09-22 21:44:55 -04:00
Code Issues Projects Releases Packages Wiki Activity

doc: nested list indentation

Browse source
This commit is contained in:
Ben Grande 2024-05-14 18:43:07 +02:00
parent 72f61bbbd9
commit d1485990e4
No known key found for this signature in database
GPG key ID: 00C64E14F51F9E56
12 changed files with 204 additions and 190 deletions
Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -44,11 +44,11 @@ are allowed to make.
Here are some of the Global Preferences we can manage: Here are some of the Global Preferences we can manage:
- **clockvm**: disp-sys-net, sys-net - **clockvm**: disp-sys-net, sys-net
- **default_audiovm**: disp-sys-audio
- **default_dispvm**: dvm-reader - **default_dispvm**: dvm-reader
- **default_netvm**: sys-pihole, sys-firewall or disp-sys-firewall - **default_netvm**: sys-pihole, sys-firewall or disp-sys-firewall
- **management_dispvm**: dvm-mgmt - **management_dispvm**: dvm-mgmt
- **updatevm**: sys-pihole, sys-firewall or disp-sys-firewall - **updatevm**: sys-pihole, sys-firewall or disp-sys-firewall
- **default_audiovm**: disp-sys-audio
If you want to learn more about how we make decisions, take a look at our If you want to learn more about how we make decisions, take a look at our
[design document](docs/DESIGN.md). [design document](docs/DESIGN.md).
@ -67,12 +67,12 @@ You current setup needs to fulfill the following requisites:
1. Install `git` in the qube, if it is an AppVM, install it it's the 1. Install `git` in the qube, if it is an AppVM, install it it's the
TemplateVM and restart the AppVM. TemplateVM and restart the AppVM.
2. Clone this repository: 2. Clone the repository (if you made a fork, fork the submodule(s) before
clone and use your remote repository instead, the submodules will also be
from your fork).
```sh ```sh
git clone --recurse-submodules https://github.com/ben-grande/qusal.git git clone --recurse-submodules https://github.com/ben-grande/qusal.git
``` ```
If you made a fork, fork the submodule(s) before clone and use your remote
repository instead, the submodules will also be from your fork.
3. Copy the [maintainer's signing key](https://github.com/ben-grande/ben-grande/raw/main/DF3834875B65758713D93E91A475969DE4E371E3.asc) 3. Copy the [maintainer's signing key](https://github.com/ben-grande/ben-grande/raw/main/DF3834875B65758713D93E91A475969DE4E371E3.asc)
to your text editor and save the file to `/home/user/ben-code.asc`. to your text editor and save the file to `/home/user/ben-code.asc`.
@ -147,7 +147,7 @@ with the sys-git formula.
1. Install the [sys-git formula](salt/sys-git/README.md) and push the 1. Install the [sys-git formula](salt/sys-git/README.md) and push the
repository to the git server. repository to the git server.
2. Install git on Dom0, allow the Qrexec protocol to work in submodules and 2. Install `git` on Dom0, allow the Qrexec protocol to work in submodules and
clone the repository to `~/src/qusal` (only has to be run once): clone the repository to `~/src/qusal` (only has to be run once):
```sh ```sh
mkdir -p ~/src mkdir -p ~/src

2
docs/CONTRIBUTING.md
View file

@ -18,7 +18,7 @@ Be respectful towards peers.
## Environment ## Environment
You will need to setup you development environment before you start You will need to setup you development environment before you start
contributing. You will need Qubes OS R4 or higher. contributing.
### Requirements ### Requirements

73
docs/DESIGN.md
View file

@ -39,26 +39,21 @@ No extraneous features should be included by default besides the basic for
functionality. Extra functionalities that could weaken the system can be functionality. Extra functionalities that could weaken the system can be
provided via extra states that needs to be installed per the user discretion. provided via extra states that needs to be installed per the user discretion.
## Documentation
Markdown code must follow
[Google's Markdown style guide](https://google.github.io/styleguide/docguide/style.html).
Any discrepancies with Google's style guide must be fixed or documented here
with clear motive.
Documentation must not duplicate itself, but reference one another.
Reproducing instructions that can be found in upstream documentation is
discouraged unless the benefits of documenting it in-house, such as getting
the documentation from a single source, do outweigh the necessity of having to
modify the documentation constantly to keep up with upstream.
## Format ## Format
### File naming
1. Every State file `.sls` must have a Top file `.top`. This ensures that
every state can be applied with top.
2. Every project must have a `init.top`, it facilitates applying every state
by enabling a single top file.
3. State file naming must be common between the projects, it helps
understand the project as if it was any other.
4. File name must use `-` as separator, not `_`.
### State ID
1. State IDs must use `-` as separator, not `_`. The underline is allowed in
case the features it is changing has underline, such as `default_netvm`.
2. State IDs must always have the project ID, thus allowing to target multiple
states to the same minion from different projects without having
conflicting IDs.
### Readme ### Readme
Every project should have a README.md with at least the following sections: Every project should have a README.md with at least the following sections:
@ -70,6 +65,24 @@ Every project should have a README.md with at least the following sections:
- Usage; and - Usage; and
- Credits (if sourced). - Credits (if sourced).
### File naming
1. Every State file `.sls` must have a Top file `.top`. This ensures that
every state can be applied with top.
2. Every project must have a `init.top`, it facilitates applying every state
by enabling a single top file.
3. State file naming must be common between the projects, it helps understand
the project as if it was any other.
4. File name must use `-` as separator, not `_`.
### State ID
1. State IDs must use `-` as separator, not `_`. The underline is allowed in
case the features it is changing has underline, such as `default_netvm`.
2. State IDs must always have the project ID, thus allowing to target multiple
states to the same minion from different projects without having
conflicting IDs.
### Qube preferences ### Qube preferences
#### Qube naming #### Qube naming
@ -101,14 +114,14 @@ related to trustworthiness of the data it is dealing with.
- **Black**: - **Black**:
- **Trust**: Ultimate. - **Trust**: Ultimate.
- **Description**: You must trust Dom0, Templates, Vaults, Management qubes, - **Description**: You must trust Dom0, Templates, Vaults, Management
these qubes control your system and hold valuable information. qubes, these qubes control your system and hold valuable information.
- **Examples**: dom0, tpl-ssh, vault, dvm-mgmt. - **Examples**: dom0, tpl-ssh, vault, dvm-mgmt.
- **Gray**: - **Gray**:
- **Trust**: Fully. - **Trust**: Fully.
- **Description**: Trusted storage with extra RPC services that allow certain - **Description**: Trusted storage with extra RPC services that allow
operations to be made by the client and executed on the server or may certain operations to be made by the client and executed on the server
build components for other qubes. or may build components for other qubes.
- **Examples**: sys-cacher, sys-git, sys-pgp, sys-ssh-agent, qubes-builder. - **Examples**: sys-cacher, sys-git, sys-pgp, sys-ssh-agent, qubes-builder.
- **Purple**: - **Purple**:
- **Trust**: Very much. - **Trust**: Very much.
@ -129,13 +142,13 @@ related to trustworthiness of the data it is dealing with.
- **Examples**: TODO - **Examples**: TODO
- **Orange**: - **Orange**:
- **Trust**: Slight. - **Trust**: Slight.
- **Description**: Controls the network flow of data to the client, normally a - **Description**: Controls the network flow of data to the client,
firewall. normally a firewall.
- **Examples**: sys-firewall, sys-vpn, sys-pihole. - **Examples**: sys-firewall, sys-vpn, sys-pihole.
- **Red**: - **Red**:
- **Trust**: Untrusted. - **Trust**: Untrusted.
- **Description**: Holds untrusted data (PCI devices, untrusted programs, - **Description**: Holds untrusted data (PCI devices, untrusted
disposables for opening untrusted files or web pages). programs, disposables for opening untrusted files or web pages).
- **Examples**: sys-net, sys-usb, dvm-browser. - **Examples**: sys-net, sys-usb, dvm-browser.
### Qube connections ### Qube connections
@ -150,9 +163,9 @@ Xen or with Qrexec. If something is not required, we remove it.
- When required, set it to `"*default*"` to honor the global preferences. - When required, set it to `"*default*"` to honor the global preferences.
- When not required, must be set to None; - When not required, must be set to None;
- `netvm` is required on a lot of projects. - `netvm` is required on a lot of projects.
- When required, must not be managed to honor the global preferences. If it - When required, must not be managed to honor the global preferences. If
requires a custom networking scheme, the state must make sure that the it requires a custom networking scheme, the state must make sure that
netvm exists; the netvm exists;
- When not required, must be set to None. - When not required, must be set to None.
- `default_dispvm` is nice to have: - `default_dispvm` is nice to have:
- When required, must guarantee that the network follows the same chain as - When required, must guarantee that the network follows the same chain as

4
salt/browser/README.md
View file

@ -21,7 +21,7 @@ Firefox-ESR, W3M or Lynx.
## Installation ## Installation
- Top - Top:
```sh ```sh
sudo qubesctl top.enable browser sudo qubesctl top.enable browser
sudo qubesctl --targets=tpl-browser,dvm-browser state.apply sudo qubesctl --targets=tpl-browser,dvm-browser state.apply
@ -29,7 +29,7 @@ sudo qubesctl top.disable browser
sudo qubesctl state.apply browser.appmenus sudo qubesctl state.apply browser.appmenus
``` ```
- State - State:
<!-- pkg:begin:post-install --> <!-- pkg:begin:post-install -->
```sh ```sh
sudo qubesctl state.apply browser.create sudo qubesctl state.apply browser.create

4
salt/dom0/README.md
View file

@ -15,14 +15,14 @@ etc.
## Installation ## Installation
- Top - Top:
```sh ```sh
sudo qubesctl top.enable dom0 sudo qubesctl top.enable dom0
sudo qubesctl state.apply sudo qubesctl state.apply
sudo qubesctl top.disable dom0 sudo qubesctl top.disable dom0
``` ```
- State - State:
<!-- pkg:begin:post-install --> <!-- pkg:begin:post-install -->
```sh ```sh
sudo qubesctl state.apply dom0 sudo qubesctl state.apply dom0

2
salt/dotfiles

@ -1 +1 @@
Subproject commit 84bae87dc5da48334f81501e11cf17919ff1504b Subproject commit 0dd49bcab48ddb7c328e1320c875780b2d9db1bc

4
salt/mail/README.md
View file

@ -74,7 +74,7 @@ exploitation, as `msmtp` still needs to parse the mail to be sent.
## Installation ## Installation
- Top - Top:
```sh ```sh
sudo qubesctl top.enable mail reader sudo qubesctl top.enable mail reader
sudo qubesctl --targets=tpl-mail-fetcher,tpl-mail-reader,tpl-mail-sender,dvm-mail-fetcher,mail-reader,dvm-mail-sender,tpl-reader state.apply sudo qubesctl --targets=tpl-mail-fetcher,tpl-mail-reader,tpl-mail-sender,dvm-mail-fetcher,mail-reader,dvm-mail-sender,tpl-reader state.apply
@ -82,7 +82,7 @@ sudo qubesctl top.disable mail reader
sudo qubesctl state.apply mail.appmenus,reader.appmenus sudo qubesctl state.apply mail.appmenus,reader.appmenus
``` ```
- State - State:
<!-- pkg:begin:post-install --> <!-- pkg:begin:post-install -->
```sh ```sh
sudo qubesctl state.apply mail.create sudo qubesctl state.apply mail.create

4
salt/mirage-builder/README.md
View file

@ -21,14 +21,14 @@ are done through the web interface, they have GitHub Web-Flow signature. This
is the best verification we can get for Mirage Firewall. If you don't trust is the best verification we can get for Mirage Firewall. If you don't trust
the hosting provider however, don't install this package. the hosting provider however, don't install this package.
- Top - Top:
```sh ```sh
sudo qubesctl top.enable mirage-builder sudo qubesctl top.enable mirage-builder
sudo qubesctl --targets=tpl-mirage-builder,mirage-builder state.apply sudo qubesctl --targets=tpl-mirage-builder,mirage-builder state.apply
sudo qubesctl top.disable mirage-builder sudo qubesctl top.disable mirage-builder
``` ```
- State - State:
<!-- pkg:begin:post-install --> <!-- pkg:begin:post-install -->
```sh ```sh
sudo qubesctl state.apply mirage-builder.create sudo qubesctl state.apply mirage-builder.create

4
salt/sys-electrs/README.md
View file

@ -26,14 +26,14 @@ At least `200GB` of disk space is required.
This formula depends on [sys-bitcoin](../sys-bitcoin/README.md). This formula depends on [sys-bitcoin](../sys-bitcoin/README.md).
- Top - Top:
```sh ```sh
sudo qubesctl top.enable sys-electrs sudo qubesctl top.enable sys-electrs
sudo qubesctl --targets=tpl-electrs-builder,tpl-sys-electrs,disp-electrs-builder,sys-electrs state.apply sudo qubesctl --targets=tpl-electrs-builder,tpl-sys-electrs,disp-electrs-builder,sys-electrs state.apply
sudo qubesctl top.disable sys-electrs sudo qubesctl top.disable sys-electrs
``` ```
- State - State:
<!-- pkg:begin:post-install --> <!-- pkg:begin:post-install -->
```sh ```sh
sudo qubesctl state.apply sys-electrs.create sudo qubesctl state.apply sys-electrs.create

4
salt/sys-mirage-firewall/README.md
View file

@ -26,14 +26,14 @@ You can't use Mirage Firewall to be the updatevm, use another qube instead.
We have built the Unikernel locally and verified that the upstream checksum We have built the Unikernel locally and verified that the upstream checksum
and local checksum matched when comparing the same release. and local checksum matched when comparing the same release.
- Top - Top:
```sh ```sh
sudo qubesctl top.enable sys-mirage-firewall sudo qubesctl top.enable sys-mirage-firewall
sudo qubesctl state.apply sudo qubesctl state.apply
sudo qubesctl top.disable sys-mirage-firewall sudo qubesctl top.disable sys-mirage-firewall
``` ```
- State - State:
<!-- pkg:begin:post-install --> <!-- pkg:begin:post-install -->
```sh ```sh
sudo qubesctl state.apply sys-mirage-firewall.create sudo qubesctl state.apply sys-mirage-firewall.create

1
salt/sys-pihole/README.md
View file

@ -68,6 +68,7 @@ Pi-hole will be installed with these default settings:
- Query logging is enabled to show everything. - Query logging is enabled to show everything.
You can change the settings via the admin interface: You can change the settings via the admin interface:
- URL: http://localhost/admin - URL: http://localhost/admin
- There is no password (access allowed only through localhost) - There is no password (access allowed only through localhost)

4
salt/utils/tools/zsh/README.md
View file

@ -15,14 +15,14 @@ warnings.
## Installation ## Installation
- Top - Top:
```sh ```sh
sudo qubesctl top.enable utils.tools.zsh sudo qubesctl top.enable utils.tools.zsh
sudo qubesctl --targets=TARGET state.apply sudo qubesctl --targets=TARGET state.apply
sudo qubesctl top.disable utils.tools.zsh sudo qubesctl top.disable utils.tools.zsh
``` ```
- State - State:
<!-- pkg:begin:post-install --> <!-- pkg:begin:post-install -->
```sh ```sh
sudo qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.zsh.change-shell sudo qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.zsh.change-shell