Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2025-06-25 06:40:49 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix: make sys-pihole fully replace sys-firewall

Browse source
This commit is contained in:
Ben Grande 2024-01-05 18:07:18 +01:00
parent e8a21ef5a4
commit fc37e1b05b
No known key found for this signature in database
GPG key ID: 00C64E14F51F9E56
3 changed files with 28 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

15
salt/sys-pihole/files/admin/prefs.sh
View file

@ -7,23 +7,14 @@
set -eu set -eu
qvm-start --skip-if-running sys-pihole && sleep 5 ## Change the netvm of every qube that has (disp-)sys-firewall to pihole.
if qubes-prefs updatevm | grep -q sys-firewall; then
qubes-prefs updatevm sys-pihole
fi
if qubes-prefs default_netvm | grep -q sys-firewall; then
qubes-prefs default_netvm sys-pihole
fi
for qube in $(qvm-ls --raw-data --fields=NAME,NETVM | for qube in $(qvm-ls --raw-data --fields=NAME,NETVM |
awk -F '|' '/sys-firewall$/{print $1}') awk -F '|' '/\|(disp-)?sys-firewall$/{print $1}')
do do
## Avoid overwriting netvm to sys-pihole when instead it should use the ## Avoid overwriting netvm to sys-pihole when instead it should use the
## default_netvm, so better to prevent overwriting user choices. ## default_netvm, so better to prevent overwriting user choices.
qvm-prefs "$qube" | grep -q "^netvm[[:space:]]\+D" && continue qvm-prefs "$qube" | grep -q "^netvm[[:space:]]\+D" && continue
## Set netvm for qubes that were using sys-firewall to sys-pihole. ## Set netvm for qubes that were using (disp-)sys-firewall to sys-pihole.
qvm-prefs "$qube" netvm sys-pihole qvm-prefs "$qube" netvm sys-pihole
done done

2
salt/sys-pihole/files/server/network-hooks.d/50-sys-pihole.sh
View file

@ -15,5 +15,5 @@ for vif in /proc/sys/net/ipv4/conf/vif*/route_localnet; do
done done
if test -f /var/run/qubes-service/local-dns-server; then if test -f /var/run/qubes-service/local-dns-server; then
echo "nameserver 127.0.0.1" | tee /etc/resolv.conf echo "nameserver 127.0.0.1" | tee /etc/resolv.conf >/dev/null
fi fi

29
salt/sys-pihole/prefs.sls
View file

@ -4,15 +4,26 @@ SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
SPDX-License-Identifier: AGPL-3.0-or-later SPDX-License-Identifier: AGPL-3.0-or-later
#} #}
{% set qube = 'sys-pihole' -%}
{% set running = 0 -%}
{% if salt['cmd.shell']('qvm-ls --no-spinner --raw-list --running ' ~ qube) == qube -%}
{% set running = 1 -%}
{% endif -%}
"{{ slsdotpath }}-start":
qvm.start:
- name: {{ slsdotpath }}
"{{ slsdotpath }}-change-prefs": "{{ slsdotpath }}-change-prefs":
cmd.script: cmd.script:
- name: prefs.sh - name: prefs.sh
- source: salt://{{ slsdotpath }}/files/admin/prefs.sh - source: salt://{{ slsdotpath }}/files/admin/prefs.sh
{# "{{ slsdotpath }}-qubes-prefs-clockvm":
"{{ slsdotpath }}-start": cmd.run:
qvm.start: - require:
- name: {{ slsdotpath }} - qvm: "{{ slsdotpath }}-start"
- name: qubes-prefs clockvm {{ slsdotpath }}
"{{ slsdotpath }}-qubes-prefs-updatevm": "{{ slsdotpath }}-qubes-prefs-updatevm":
cmd.run: cmd.run:
@ -25,4 +36,12 @@ SPDX-License-Identifier: AGPL-3.0-or-later
- require: - require:
- qvm: "{{ slsdotpath }}-start" - qvm: "{{ slsdotpath }}-start"
- name: qubes-prefs default_netvm {{ slsdotpath }} - name: qubes-prefs default_netvm {{ slsdotpath }}
#}
{% if running == 0 -%}
"{{ slsdotpath }}-shutdown":
qvm.shutdown:
- name: {{ default_netvm }}
- flags:
- wait
- force
{% endif -%}