diff --git a/README.md b/README.md index 1cf6336..e80536b 100644 --- a/README.md +++ b/README.md @@ -27,36 +27,27 @@ projects. User policies should always be set on /etc/qubes/policy.d/30-user.policy as this file will take precedence over the packaged policy. -Qubes global settings (qubes-prefs) that will be managed: - -clockvm : disp-sys-net or sys-net -default_audiovm : dom0 # TODO -default_dispvm : reader -default_netvm : sys-pihole or sys-firewall or disp-sys-firewall -management_dispvm : dvm-mgmt -updatevm : sys-pihole or sys-firewall or disp-sys-firewall - ## Installation Clone this repository: -```shell +```sh git clone https://github.com/ben-grande/qusal.git ~/qusal git clone ssh://git@github.com/ben-grande/qusal.git ~/qusal ``` Copy this repository from some qube to Dom0 from Dom0: -```shell +```sh mkdir -p ~/QubesIncoming/QUBE qvm-run -p tar -cC qusal | tar -xvC ~/QubesIncoming/QUBE qusal ``` Example copying repository from the `dev` qube to Dom0 by running in Dom0: -```shell +```sh mkdir -p ~/QubesIncoming/dev qvm-run -p dev tar -cC /home/user qusal | tar -xvC ~/QubesIncoming/dev qusal ``` Copy the files to the Salt directories: -```shell +```sh cd qusal ./setup.sh ``` @@ -64,6 +55,15 @@ cd qusal Qusal is now installed. Please read the README.md of each project for further information on how to install the desired package. +Qubes global settings (qubes-prefs) that will be managed: + +- **clockvm**: disp-sys-net, sys-net +- **default_audiovmm**: dom0 # TODO +- **default_dispvm**: reader +- **default_netvm**: sys-pihole, sys-firewall or disp-sys-firewall +- **management_dispvm**: dvm-mgmt +- **updatevm**: sys-pihole, sys-firewall or disp-sys-firewall + ## Format ### File naming diff --git a/TODO.md b/TODO.md index d99ad7a..ad1c3a5 100644 --- a/TODO.md +++ b/TODO.md @@ -12,6 +12,7 @@ ## Medium Priority +- repos: migrate debian .list to .sources - sys-usb: - multiple PCI assignment to different qubes fails due to ext_module_qvm.py bug diff --git a/qusal/dotfiles/README.md b/qusal/dotfiles/README.md index 5549e32..b227e5e 100644 --- a/qusal/dotfiles/README.md +++ b/qusal/dotfiles/README.md @@ -22,12 +22,12 @@ Configuration and scripts targeting: - Drop-in configuration files - Tested on Qubes OS Dom0, Debian, Fedora - Tasks: - - GUI: x11, gtk - - SCM: git, tig, git-shell - - Keys: gpg, ssh - - Networking: curl, urlview, wget, w3m - - Productivity: tmux, vim - - Shell: sh, bash, zsh, less, dircolors + - GUI: x11, gtk + - SCM: git, tig, git-shell + - Keys: gpg, ssh + - Networking: curl, urlview, wget, w3m + - Productivity: tmux, vim + - Shell: sh, bash, zsh, less, dircolors ## Installation @@ -63,14 +63,14 @@ configuration is implemented by including a local file per application. Supported programs and the expected file names in `$HOME`: -- bash: `.bashrc.local` -- git: `.gitconfig.local` -- sh: `.profile.local`, `.shrc.local` -- ssh: `.ssh/config.d/*.conf`, `.ssh/known_hosts.d/*.host` -- tmux: `.tmux.conf.local` -- vim: `.vimrc.local` -- x11: `.xprofile.local` -- zsh: `.zshrc.local` +- **bash**: .bashrc.local +- **git**: .gitconfig.local +- **sh**: .profile.local, .shrc.local +- **ssh**: .ssh/config.d/*.conf, .ssh/known_hosts.d/*.host +- **tmux**: .tmux.conf.local +- **vim**: .vimrc.local +- **x11**: .xprofile.local +- **zsh**: .zshrc.local ## Copyright diff --git a/qusal/dotfiles/files/git/.config/git/config b/qusal/dotfiles/files/git/.config/git/config index b672124..bb08f66 100644 --- a/qusal/dotfiles/files/git/.config/git/config +++ b/qusal/dotfiles/files/git/.config/git/config @@ -19,8 +19,7 @@ rl = remote -v cf = config --file "$HOME/.gitconfig.local" ; Helpers - aliases = !git config --get-regexp 'alias.*' | colrm 1 6 | sed 's/[ ]/ = /' - aliases-get = "!f() { git config --get alias.$1;}; f" + aliases = "!sh -c 'if test -n \"$1\"; then git config --get alias.$1; else git config --get-regexp \"alias.*\" | colrm 1 6 | sed \"s/[ ]/ = /\"; fi'" - ; Patch with subject prefix containing repository name and output ; directory has the child directories the repository and branch name. fp = "!sh -c '\ diff --git a/qusal/qubes-builder/README.md b/qusal/qubes-builder/README.md index a9daa12..4c0b12c 100644 --- a/qusal/qubes-builder/README.md +++ b/qusal/qubes-builder/README.md @@ -59,17 +59,10 @@ Extra services added are `qubes.Gpg`, `qubes.Gpg2`, `qusal.GitInit`, Out of these services, if an argument `+qubes-builder` can be specified to limit the scope, the action is `allowed`, else the action is to `ask`. -Consult documentation for each service separately on their appropriate -project: - -- `qusal.Git*`: sys-git -- `qusal.SshAgent`: sys-ssh-agent -- `qubes.*`: upstream documentation - ## Usage -When using the `qubes` executor, set the `dispvm` option to either `dom0` or -`dvm-qubes-builder` in `builder.yml`: +When using the Qubes Executor, configure the builder.yml `dispvm` option to +either `dom0` or `dvm-qubes-builder`: ```yaml executor: type: qubes @@ -77,8 +70,8 @@ executor: dispvm: "dom0" #dispvm: "dvm-qubes-builder" ``` -Setting the `dispvm` to `dom0` works because it will use the `default_dispvm` -preference of `qubes-builder`, which is `dvm-qubes-builder`. +Setting the Disposable VM to Dom0 works because it will use the +`default_dispvm` preference of `qubes-builder`, which is `dvm-qubes-builder`. There are no further modifications needed to comply with this package. Consult upstream documentation on how to use the Qubes OS Builder. diff --git a/qusal/remmina/README.md b/qusal/remmina/README.md index 676a7ed..9b8acd5 100644 --- a/qusal/remmina/README.md +++ b/qusal/remmina/README.md @@ -11,7 +11,8 @@ Remmina Remote Desktop Client in Qubes OS. Creates a disposable template named "dvm-remmina". From it, you can create -disposables for Remmina usage for SSH, VNC, SPICE, HTTP(S), X2Go and more. +disposables for Remmina usage for SSH, VNC, SPICE, HTTP(S), X2Go and more. If +you prefer to use an app qube, a qube named "remmina" will also be created. ## Installation diff --git a/qusal/signal/README.md b/qusal/signal/README.md index a3b3a0f..3d28bc6 100644 --- a/qusal/signal/README.md +++ b/qusal/signal/README.md @@ -10,6 +10,8 @@ Signal messaging app on Qubes OS. +Install Signal Desktop and creates an app qube named "signal". + ## Installation - Top: diff --git a/qusal/sys-cacher/README.md b/qusal/sys-cacher/README.md index 54eddb4..102bbc4 100644 --- a/qusal/sys-cacher/README.md +++ b/qusal/sys-cacher/README.md @@ -64,7 +64,7 @@ of sys-cacher. ### Non-TemplateVMs integration -Attention: this method will allow for a client qube to bypass the qubes +**Attention**: this method will allow for a client qube to bypass the qubes firewall and connect to a remote via the updates proxy. By default, only templates will use the proxy to update, if you want to cache diff --git a/qusal/sys-git/README.md b/qusal/sys-git/README.md index 28fd36c..7a7112d 100644 --- a/qusal/sys-git/README.md +++ b/qusal/sys-git/README.md @@ -40,7 +40,7 @@ implementation: | Push | True | True | False | True | | Init | True | False | False | False | | Validates Git communication | False | False | True | False | -| Verify tag signature | False | False | True | False | +| Verifies tag signature | False | False | True | False | ## Installation @@ -154,7 +154,7 @@ You can then use that repository as usual, making commits. Push to the server and set it as the default upstream: ```sh -git push -u sg master +git push -u sg main ``` Following pushes will be simpler: diff --git a/qusal/sys-pgp/README.md b/qusal/sys-pgp/README.md index d2d8a42..bb38ae1 100644 --- a/qusal/sys-pgp/README.md +++ b/qusal/sys-pgp/README.md @@ -48,12 +48,15 @@ qvm-features dev service.split-gpg2-client _Default policy_: `any qube` can `ask` via the `@default` target if you allow it to use split-gpg in `sys-pgp`. -Allow the `work` qubes to access `sys-pgp`, but no other qubes from using the -Gpg RPC service: +Allow the `work` qubes to access `sys-pgp`, but not other qubes: ```qrexecpolicy qubes.Gpg2 * work sys-pgp ask default_target=sys-pgp qubes.Gpg2 * work @default ask target=sys-pgp default_target=sys-pgp qubes.Gpg2 * @anyvm @anyvm deny + +qubes.Gpg * work sys-pgp ask default_target=sys-pgp +qubes.Gpg * work @default ask target=sys-pgp default_target=sys-pgp +qubes.Gpg * @anyvm @anyvm deny ``` ## Usage diff --git a/qusal/sys-pihole/README.md b/qusal/sys-pihole/README.md index 3aa8a2b..35dea4c 100644 --- a/qusal/sys-pihole/README.md +++ b/qusal/sys-pihole/README.md @@ -57,9 +57,14 @@ Pi-hole will be installed with these default settings: - Steven Black's Unified Hosts List is included - Query logging is enabled to show everything. -You can change these settings via the admin interface: http://localhost/admin. -The default Admin Webpage login password is: `UpSNQsy4` -You should change this on first use, by running: `pihole -a -p` +You can change these settings via the admin interface: +- URL: http://localhost/admin +- default password: `UpSNQsy4` + +You should change this password on first use by running: +```sh +pihole -a -p +``` ## Copyright diff --git a/qusal/sys-ssh-agent/README.md b/qusal/sys-ssh-agent/README.md index 908bfdc..d34b58f 100644 --- a/qusal/sys-ssh-agent/README.md +++ b/qusal/sys-ssh-agent/README.md @@ -246,4 +246,8 @@ Host work ## Copyright -License: GPLv2+ +License: GPLv3+ + +Credits: + +- [Unman](https://github.com/unman/qubes-ssh-agent) diff --git a/qusal/templates/debian-minimal/README.md b/qusal/templates/debian-minimal/README.md index fe415d6..2b6cace 100644 --- a/qusal/templates/debian-minimal/README.md +++ b/qusal/templates/debian-minimal/README.md @@ -1,9 +1,10 @@ -# Debian Minimal Template +# debian-minimal ## Table of Contents * [Description](#description) * [Installation](#installation) +* [Copyright](#copyright) ## Description @@ -22,3 +23,7 @@ qubesctl top.disable templates.debian-minimal qubesctl state.apply templates.debian-minimal.create qubesctl --skip-dom0 --targets=debian-12-minimal state.apply templates.debian-minimal.install ``` + +## Copyright + +License: GPLv2+ diff --git a/qusal/templates/debian/README.md b/qusal/templates/debian/README.md index fccc29a..12d6d7d 100644 --- a/qusal/templates/debian/README.md +++ b/qusal/templates/debian/README.md @@ -1,9 +1,10 @@ -# Debian Template +# debian ## Table of Contents * [Description](#description) * [Installation](#installation) +* [Copyright](#copyright) ## Description @@ -22,3 +23,7 @@ qubesctl top.disable templates.debian qubesctl state.apply templates.debian.create qubesctl --skip-dom0 --targets=debian-12 state.apply templates.debian.install ``` + +## Copyright + +License: GPLv2+ diff --git a/qusal/templates/fedora-minimal/README.md b/qusal/templates/fedora-minimal/README.md index 5f0b33d..52db556 100644 --- a/qusal/templates/fedora-minimal/README.md +++ b/qusal/templates/fedora-minimal/README.md @@ -1,9 +1,10 @@ -# Fedora Minimal Template +# fedora-minimal ## Table of Contents * [Description](#description) * [Installation](#installation) +* [Copyright](#copyright) ## Description @@ -22,3 +23,7 @@ qubesctl top.disable templates.fedora-minimal qubesctl state.apply templates.fedora-minimal.create qubesctl --skip-dom0 --targets=fedora-38-minimal state.apply templates.fedora-minimal.install ``` + +## Copyright + +License: GPLv2+ diff --git a/qusal/templates/fedora/README.md b/qusal/templates/fedora/README.md index f8a1315..2ae7ea9 100644 --- a/qusal/templates/fedora/README.md +++ b/qusal/templates/fedora/README.md @@ -1,9 +1,10 @@ -# Fedora Template +# fedora ## Table of Contents * [Description](#description) * [Installation](#installation) +* [Copyright](#copyright) ## Description @@ -22,3 +23,7 @@ qubesctl top.disable templates.fedora qubesctl state.apply templates.fedora.create qubesctl --skip-dom0 --targets=fedora-38 state.apply templates.fedora.install ``` + +## Copyright + +License: GPLv2+ diff --git a/qusal/templates/whonix/README.md b/qusal/templates/whonix/README.md index 6c22982..1e82e29 100644 --- a/qusal/templates/whonix/README.md +++ b/qusal/templates/whonix/README.md @@ -1,9 +1,10 @@ -# Whonix +# whonix ## Table of Contents * [Description](#description) * [Installation](#installation) +* [Copyright](#copyright) ## Description @@ -25,3 +26,6 @@ qubesctl state.apply templates.whonix.create qubesctl state.apply qvm.anon-whonix qubesctl state.apply qvm.whonix-ws-dvm ``` +## Copyright + +License: GPLv2+ diff --git a/qusal/terraform/README.md b/qusal/terraform/README.md index 274aed9..ed040b2 100644 --- a/qusal/terraform/README.md +++ b/qusal/terraform/README.md @@ -10,6 +10,8 @@ Terraform installation in Qubes OS. +Install Terraform and use it on the "terraform" app qube. + ## Installation - Top: diff --git a/qusal/utils/tools/builder/README.md b/qusal/utils/tools/builder/README.md new file mode 100644 index 0000000..ef04b03 --- /dev/null +++ b/qusal/utils/tools/builder/README.md @@ -0,0 +1,29 @@ +# builder + +## Table of Contents + +* [Description](#description) +* [Installation](#installation) +* [Copyright](#copyright) + +## Description + +Build tools for packaging on Qubes OS. + +This is not necessary for qubes-builder, it is just a set of useful tools for +building packages in UNIX distributions. + +## Installation + +Install builder tools on templates: +```sh +qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.builder.core +``` +Install documentation tools on templates: +```sh +qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.builder.doc +``` + +## Copyright + +License: GPLv2+ diff --git a/qusal/utils/tools/zsh/README.md b/qusal/utils/tools/zsh/README.md index 8e559d3..fee7535 100644 --- a/qusal/utils/tools/zsh/README.md +++ b/qusal/utils/tools/zsh/README.md @@ -1,25 +1,33 @@ -# Dev +# zsh ## Table of Contents * [Description](#description) * [Installation](#installation) +* [Copyright](#copyright) ## Description -Install and configure Zsh. +Zsh installation for Qubes OS. + +Install Zsh, setup it to be the user shell and touch ~/.zshrc to avoid +warnings. ## Installation - Top ```sh -qubesctl top.enable zsh +qubesctl top.enable utils.tools.zsh qubesctl --targets=TARGET state.apply -qubesctl top.disable zsh +qubesctl top.disable utils.tools.zsh ``` - State ```sh -qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply zsh.install,zsh.change-shell,zsh.touch-zshrc -qubesctl --skip-dom0 --targets=APPVMS state.apply zsh.touch-zshrc +qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.zsh.change-shell +qubesctl --skip-dom0 --targets=APPVMS state.apply utils.tools.zsh.touch-zshrc ``` + +## Copyright + +License: GPLv2+