Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2025-01-25 23:06:03 -05:00
Code Issues Packages Projects Releases Wiki Activity
347 Commits 3 Branches 436 Tags
Commit Graph

347 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ben Grande
ff4773bf8e doc: kicksecure missing minimal flavor signed_tag_for_ff4773bf 2024-01-14 08:52:24 +01:00
Ben Grande
23a569d4e1 fix: install less browser packages in reader 
The state browse.install installs extraneous packages that we won't
need for an untrusted environment, such as USB and audio support.
signed_tag_for_23a569d4 		2024-01-12 19:47:52 +01:00
Ben Grande
2576d14448 fix: policy file mode not allowing group to write signed_tag_for_2576d144 2024-01-12 19:44:55 +01:00
Ben Grande
ac25ef6b87 fix: sys-usb hide-usb-from-dom0 in keyboard state signed_tag_for_ac25ef6b 2024-01-12 19:08:56 +01:00
Ben Grande
8d7c0a2d0b fix: sys-cacher policy with the new tag name signed_tag_for_8d7c0a2d 2024-01-12 18:34:04 +01:00
Ben Grande
2063a4328c fix: clone macro support for optional argument signed_tag_for_2063a432 2024-01-12 18:22:33 +01:00
Ben Grande
6eefceda74 fix: sys-usb disposables must have name prefix signed_tag_for_6eefceda 2024-01-12 18:22:18 +01:00
Ben Grande
6828e83dde fix: update dotfiles module signed_tag_for_6828e83d 2024-01-12 18:00:40 +01:00
Ben Grande
7eb1f34f73 feat: disposable mirage firewall signed_tag_for_7eb1f34f 2024-01-12 17:58:56 +01:00
Ben Grande
5502103901 fix: separate template formula per flavor 
Default template flavor is Gnome, installing Xfce when requesting the
template formula without flavor causes confusion.
signed_tag_for_55021039 		2024-01-12 17:47:21 +01:00
Ben Grande
233ac76bcb fix: sys-cacher tag compliance with default tags 
The default tags start with the capability than the qube name, such as
audiovm-dom0 and guivm-dom0.
signed_tag_for_233ac76b 		2024-01-12 17:30:29 +01:00
Ben Grande
5e5ae2f704 fix: zsh state import with relative path 
Relative path only works well if it is on the salt root.
signed_tag_for_5e5ae2f7 		2024-01-12 17:24:43 +01:00
Ben Grande
a97e3c0c8a feat: kicksecure minimal template signed_tag_for_a97e3c0c 2024-01-12 17:24:31 +01:00
Ben Grande
2b6daac8a9 fix: shellcheck signed_tag_for_2b6daac8 2024-01-10 14:31:57 +01:00
Ben Grande
040594ae74 fix: do not remove created dvm 
The removal was first implemented to get a clean state of the qube, but
there are side effects, it fails if the user created a named disposable
based on the dvm and also removes the (dvm) entry from the appmenu.

The sys-usb case is a workaround in case the user selected a
non-disposable, an appvm sys-usb during system installation.
signed_tag_for_040594ae 		2024-01-10 14:27:44 +01:00
Ben Grande
5b9b0bba5b doc: missing access control for sys-usb signed_tag_for_5b9b0bba 2024-01-10 12:50:02 +01:00
Ben Grande
76e9234c83 fix: organize sys-usb policy per service signed_tag_for_76e9234c 2024-01-10 12:49:20 +01:00
Ben Grande
567e36d276 fix: prefer qvm-features for uniformity signed_tag_for_567e36d2 2024-01-09 18:48:29 +01:00
Ben Grande
a3829e46ae feat: policy support for multiple sys-usb qubes signed_tag_for_a3829e46 2024-01-09 18:44:50 +01:00
Ben Grande
f5894dc6fc doc: cleaner usage sections for qubes-builder signed_tag_for_f5894dc6 2024-01-08 20:08:54 +01:00
Ben Grande
c306047f1e fix: sys-wireguard compatible with Qubes 4.2 signed_tag_for_c306047f 2024-01-08 20:07:20 +01:00
Ben Grande
42a93093dd fix: rpc service copy to dvm 
Upstream-commit: 7c37bb7bd65ad3a183790ad07344729504bc0930
signed_tag_for_42a93093 		2024-01-07 20:20:54 +01:00
Ben Grande
762f8be485 fix: make sys-pihole fully replace sys-firewall signed_tag_for_762f8be4 2024-01-05 20:28:27 +01:00
Ben Grande
705808d8b6 feat: allow sys-pihole to use pi-hole for queries signed_tag_for_705808d8 2024-01-05 17:45:04 +01:00
Ben Grande
a17f9f5250 feat: unattended qubes-builder build 
Split-gpg2 allows to isolate GPG home directories. In the future,
enforcing this setting via drop-in configuration would be safer, depends
on https://github.com/QubesOS/qubes-issues/issues/8792.
signed_tag_for_a17f9f52 		2024-01-05 17:24:14 +01:00
Ben Grande
692659e22d feat: passwordless pihole admin interface 
- Passwordless as it doesn't compromise security;
- Firewall blocks access to the interface in case the pihole is exposed
  to the internet;
- setupVars.conf needs to be 644 for non root commands to the pihole
  script to work, so the WEB_PASSWORD can be read as normal user,
  restricting root on pihole does not make sense, as it can modify the
  network setting via pihole web interface.
signed_tag_for_692659e2 		2024-01-05 16:32:42 +01:00
Ben Grande
417843ba75 feat: remove extraneous passwordless root signed_tag_for_417843ba 2024-01-05 12:03:23 +01:00
Ben Grande
c1094046ee fix: add user to mock group signed_tag_for_c1094046 2024-01-05 11:07:27 +01:00
Ben Grande
41b71eed46 doc: update README.md signed_tag_for_41b71eed 2024-01-04 22:05:35 +01:00
Ben Grande
0216297ee6 feat: default to disposable netvm 
- Default sys-net and sys-firewall to disposable;
- Set global and per vm preferences by starting the qubes or shutting
  down them when necessary; and
- Less manual steps remaining for the user: just rename the net qube, as
  it can only be done via Qubes Manager.
signed_tag_for_0216297e 		2024-01-04 21:59:15 +01:00
Ben Grande
8a8252d6f0 fix: changes default template flavor to Xfce signed_tag_for_8a8252d6 2024-01-04 18:01:21 +01:00
Ben Grande
e0b11b3daf fix: do not install net debug tools by default signed_tag_for_e0b11b3d 2024-01-04 17:25:16 +01:00
Ben Grande
e167879cfb doc: sys-audio usage signed_tag_for_e167879c 2024-01-04 15:17:20 +01:00
Ben Grande
767fc42523 fix: allow to attach mic with sys-audio signed_tag_for_767fc425 2024-01-04 12:20:13 +01:00
Ben Grande
6bb426a057 refactor: import armored gpg keys instead of db signed_tag_for_6bb426a0 2024-01-03 21:40:05 +01:00
Ben Grande
0eecbcffc4 fix: unconfined qfile-unpacker 
Upstream-commit: 0648b2329f0d142a2e24ecf376b28603fb04abb4
signed_tag_for_0eecbcff 		2024-01-03 14:35:06 +01:00
Ben Grande
083285901c fix: remove old split-gpg from qubes-builder signed_tag_for_08328590 2024-01-03 14:29:49 +01:00
Ben Grande
ca95f435c8 doc: sys-audio compatible with Qubes 4.2 signed_tag_for_ca95f435 2024-01-03 12:34:48 +01:00
Ben Grande
2283b3368e fix: sys-audio policy and autostart pacat daemon signed_tag_for_2283b336 2024-01-03 11:47:13 +01:00
Ben Grande
0e05c097c2 fix: missing reuse license information signed_tag_for_0e05c097 2024-01-02 23:09:34 +01:00
Ben Grande
4de0f3ff9f doc: inform how to bootstrap a new system signed_tag_for_4de0f3ff 2024-01-02 23:04:36 +01:00
Ben Grande
d939d4aa26 fix: signal state uses idempotent state signed_tag_for_d939d4aa 2024-01-02 23:03:10 +01:00
Ben Grande
f32a14c422 fix: autostart volumeicon signed_tag_for_f32a14c4 2024-01-02 23:01:58 +01:00
Ben Grande
b86486a793 feat: qubes-vm-update global settings signed_tag_for_b86486a7 2024-01-02 18:04:54 +01:00
Ben Grande
ed4fe70980 fix: customize sys-whonix 
- autostart set to false;
- lower vcpus available;
- lower total memory; and
- use state provided by upstream;
signed_tag_for_ed4fe709 		2023-12-31 07:52:38 +01:00
Ben Grande
e2c24ec78e style: client state ID must conform to order signed_tag_for_e2c24ec7 2023-12-31 07:50:03 +01:00
Ben Grande
ec9142bf27 fix: pci regain with invalid syntax signed_tag_for_ec9142bf 2023-12-31 07:49:25 +01:00
Ben Grande
81f8c56a76 fix: install missing packages to audio client signed_tag_for_81f8c56a 2023-12-31 07:48:29 +01:00
Ben Grande
bd54499a26 fix: update dotfiles module signed_tag_for_bd54499a 2023-12-28 12:29:09 +01:00
Ben Grande
f8953c6acc doc: better usage of split-gpg2 in qubes-builder signed_tag_for_f8953c6a 2023-12-28 12:26:37 +01:00