Ben Grande
0dd627b670
fix: update dotfiles module
2024-01-18 09:24:36 +01:00
Ben Grande
23bccebaab
fix: dom0 as sys-git client
...
The salt module git.config_get does not work in Dom0 and does not have
a key to set the system gitconfig.
2024-01-18 09:21:21 +01:00
Ben Grande
3faa523820
feat: usb devices in sys-audio
...
Introduces support for USB connected devices such as Bluetooth and
camera, microphone as well as their integrated versions.
2024-01-17 16:52:55 +01:00
Ben Grande
6bf9b97a36
fix: help option for port forwarder
2024-01-16 12:11:31 +01:00
Ben Grande
80638d64b5
feat: port forwarder
...
If persistent rules are chosen, it can deal with disposable sys-net, but
not with disposable sys-firewall, as the qube ip will change, the rule
won't work. Applying the rule to the disposable template is a "try it
all", but it's usage is discouraged.
2024-01-16 00:15:29 +01:00
Ben Grande
c3937e881e
fix: disposable sys-audio name with disp prefix
2024-01-14 14:05:17 +01:00
Ben Grande
ff4773bf8e
doc: kicksecure missing minimal flavor
2024-01-14 08:52:24 +01:00
Ben Grande
23a569d4e1
fix: install less browser packages in reader
...
The state browse.install installs extraneous packages that we won't
need for an untrusted environment, such as USB and audio support.
2024-01-12 19:47:52 +01:00
Ben Grande
2576d14448
fix: policy file mode not allowing group to write
2024-01-12 19:44:55 +01:00
Ben Grande
ac25ef6b87
fix: sys-usb hide-usb-from-dom0 in keyboard state
2024-01-12 19:08:56 +01:00
Ben Grande
8d7c0a2d0b
fix: sys-cacher policy with the new tag name
2024-01-12 18:34:04 +01:00
Ben Grande
2063a4328c
fix: clone macro support for optional argument
2024-01-12 18:22:33 +01:00
Ben Grande
6eefceda74
fix: sys-usb disposables must have name prefix
2024-01-12 18:22:18 +01:00
Ben Grande
6828e83dde
fix: update dotfiles module
2024-01-12 18:00:40 +01:00
Ben Grande
7eb1f34f73
feat: disposable mirage firewall
2024-01-12 17:58:56 +01:00
Ben Grande
5502103901
fix: separate template formula per flavor
...
Default template flavor is Gnome, installing Xfce when requesting the
template formula without flavor causes confusion.
2024-01-12 17:47:21 +01:00
Ben Grande
233ac76bcb
fix: sys-cacher tag compliance with default tags
...
The default tags start with the capability than the qube name, such as
audiovm-dom0 and guivm-dom0.
2024-01-12 17:30:29 +01:00
Ben Grande
5e5ae2f704
fix: zsh state import with relative path
...
Relative path only works well if it is on the salt root.
2024-01-12 17:24:43 +01:00
Ben Grande
a97e3c0c8a
feat: kicksecure minimal template
2024-01-12 17:24:31 +01:00
Ben Grande
2b6daac8a9
fix: shellcheck
2024-01-10 14:31:57 +01:00
Ben Grande
040594ae74
fix: do not remove created dvm
...
The removal was first implemented to get a clean state of the qube, but
there are side effects, it fails if the user created a named disposable
based on the dvm and also removes the (dvm) entry from the appmenu.
The sys-usb case is a workaround in case the user selected a
non-disposable, an appvm sys-usb during system installation.
2024-01-10 14:27:44 +01:00
Ben Grande
5b9b0bba5b
doc: missing access control for sys-usb
2024-01-10 12:50:02 +01:00
Ben Grande
76e9234c83
fix: organize sys-usb policy per service
2024-01-10 12:49:20 +01:00
Ben Grande
567e36d276
fix: prefer qvm-features for uniformity
2024-01-09 18:48:29 +01:00
Ben Grande
a3829e46ae
feat: policy support for multiple sys-usb qubes
2024-01-09 18:44:50 +01:00
Ben Grande
f5894dc6fc
doc: cleaner usage sections for qubes-builder
2024-01-08 20:08:54 +01:00
Ben Grande
c306047f1e
fix: sys-wireguard compatible with Qubes 4.2
2024-01-08 20:07:20 +01:00
Ben Grande
42a93093dd
fix: rpc service copy to dvm
...
Upstream-commit: 7c37bb7bd65ad3a183790ad07344729504bc0930
2024-01-07 20:20:54 +01:00
Ben Grande
762f8be485
fix: make sys-pihole fully replace sys-firewall
2024-01-05 20:28:27 +01:00
Ben Grande
705808d8b6
feat: allow sys-pihole to use pi-hole for queries
2024-01-05 17:45:04 +01:00
Ben Grande
a17f9f5250
feat: unattended qubes-builder build
...
Split-gpg2 allows to isolate GPG home directories. In the future,
enforcing this setting via drop-in configuration would be safer, depends
on https://github.com/QubesOS/qubes-issues/issues/8792 .
2024-01-05 17:24:14 +01:00
Ben Grande
692659e22d
feat: passwordless pihole admin interface
...
- Passwordless as it doesn't compromise security;
- Firewall blocks access to the interface in case the pihole is exposed
to the internet;
- setupVars.conf needs to be 644 for non root commands to the pihole
script to work, so the WEB_PASSWORD can be read as normal user,
restricting root on pihole does not make sense, as it can modify the
network setting via pihole web interface.
2024-01-05 16:32:42 +01:00
Ben Grande
417843ba75
feat: remove extraneous passwordless root
2024-01-05 12:03:23 +01:00
Ben Grande
c1094046ee
fix: add user to mock group
2024-01-05 11:07:27 +01:00
Ben Grande
0216297ee6
feat: default to disposable netvm
...
- Default sys-net and sys-firewall to disposable;
- Set global and per vm preferences by starting the qubes or shutting
down them when necessary; and
- Less manual steps remaining for the user: just rename the net qube, as
it can only be done via Qubes Manager.
2024-01-04 21:59:15 +01:00
Ben Grande
8a8252d6f0
fix: changes default template flavor to Xfce
2024-01-04 18:01:21 +01:00
Ben Grande
e0b11b3daf
fix: do not install net debug tools by default
2024-01-04 17:25:16 +01:00
Ben Grande
e167879cfb
doc: sys-audio usage
2024-01-04 15:17:20 +01:00
Ben Grande
767fc42523
fix: allow to attach mic with sys-audio
2024-01-04 12:20:13 +01:00
Ben Grande
6bb426a057
refactor: import armored gpg keys instead of db
2024-01-03 21:40:05 +01:00
Ben Grande
0eecbcffc4
fix: unconfined qfile-unpacker
...
Upstream-commit: 0648b2329f0d142a2e24ecf376b28603fb04abb4
2024-01-03 14:35:06 +01:00
Ben Grande
083285901c
fix: remove old split-gpg from qubes-builder
2024-01-03 14:29:49 +01:00
Ben Grande
2283b3368e
fix: sys-audio policy and autostart pacat daemon
2024-01-03 11:47:13 +01:00
Ben Grande
d939d4aa26
fix: signal state uses idempotent state
2024-01-02 23:03:10 +01:00
Ben Grande
f32a14c422
fix: autostart volumeicon
2024-01-02 23:01:58 +01:00
Ben Grande
b86486a793
feat: qubes-vm-update global settings
2024-01-02 18:04:54 +01:00
Ben Grande
ed4fe70980
fix: customize sys-whonix
...
- autostart set to false;
- lower vcpus available;
- lower total memory; and
- use state provided by upstream;
2023-12-31 07:52:38 +01:00
Ben Grande
e2c24ec78e
style: client state ID must conform to order
2023-12-31 07:50:03 +01:00
Ben Grande
ec9142bf27
fix: pci regain with invalid syntax
2023-12-31 07:49:25 +01:00
Ben Grande
81f8c56a76
fix: install missing packages to audio client
2023-12-31 07:48:29 +01:00
Ben Grande
bd54499a26
fix: update dotfiles module
2023-12-28 12:29:09 +01:00
Ben Grande
f8953c6acc
doc: better usage of split-gpg2 in qubes-builder
2023-12-28 12:26:37 +01:00
Ben Grande
b52e4b1b63
fix: strict split-gpg2 service
...
Split-gpg V1 allowed for querying public keys, but as split-gpg2 is
running as an agent, public keys are not queried. Allowing connection to
the server to query only public parts of the key exposes the server more
than needed to the client.
All clients now have to hold the public key they need locally in order
to do GPG operations.
2023-12-28 11:47:41 +01:00
Ben Grande
76079d2c7e
fix: wrong source paths
2023-12-27 23:45:06 +01:00
Ben Grande
652b4f0f71
fix: update dotfiles module
2023-12-27 20:05:41 +01:00
Ben Grande
a617c3d97e
fix: modify package names to match Qubes 4.2
2023-12-27 20:00:15 +01:00
Ben Grande
250c877723
fix: regain pci script not managed
2023-12-27 19:58:01 +01:00
Ben Grande
e650deaa7d
fix: port forwarder script with custom rc
2023-12-26 20:15:57 +01:00
Ben Grande
06393fce3f
fix: browser cli install tool switches to fetcher
2023-12-26 19:53:59 +01:00
Ben Grande
6a551eba67
refactor: pihole nft rules for Qubes 4.2
2023-12-26 19:50:31 +01:00
Ben Grande
224d2d5f69
fix: pihole lighttpd link
2023-12-24 21:23:29 +01:00
Ben Grande
6fc173d78d
feat: clockvm also present in sys-pihole
2023-12-23 21:05:24 +01:00
Ben Grande
ad6f5e29fe
feat: move clockvm out of sys-net to sys-firewall
2023-12-21 23:38:39 +01:00
Ben Grande
f21f676adf
fix: dom0 qrexec call target qube
2023-12-21 22:38:32 +01:00
Ben Grande
a820751ba3
refactor: git Qrexec helper with drop-in commands
...
Drop-in scripts can complement the remote-helper ability.
Basic trace of the communication of git with the helper.
2023-12-21 15:38:16 +01:00
Ben Grande
a27493c5d9
fix: update dotfiles module
2023-12-21 15:09:52 +01:00
Ben Grande
ff34a8a1c3
fix: add missing appmenus sync
2023-12-21 00:10:03 +01:00
Ben Grande
a3ebfed693
fix: whonix top missing template update
2023-12-20 21:28:36 +01:00
Ben Grande
015019aa5d
fix: ssh top files missing list type matcher
2023-12-20 21:27:42 +01:00
Ben Grande
89e03956b1
fix: remove repeated pkg in mutt
2023-12-20 21:26:33 +01:00
Ben Grande
dbaa386269
chore: inline dev install documentation
2023-12-20 21:26:13 +01:00
Ben Grande
80aeb3644f
fix: sync reader appmenus
2023-12-20 21:24:43 +01:00
Ben Grande
c2f25844da
feat: provide development environment for dom0
2023-12-20 17:17:05 +01:00
Ben Grande
38d98ecb0d
fix: nft shebang and table names
2023-12-20 16:49:58 +01:00
Ben Grande
d3ae662c00
fix: cacher client installation indentation
2023-12-20 16:47:35 +01:00
Ben Grande
a78b90e8bd
fix: better output for cacher tag assignment
2023-12-20 11:43:54 +01:00
Ben Grande
71d22c54b6
refactor: reorder states to avoid race condition
2023-12-19 23:06:37 +01:00
Ben Grande
b4d142b640
refactor: move appended states to drop-in rc.local
2023-12-19 22:50:59 +01:00
Ben Grande
0751aff4b5
refactor: organize pihole directory structure
2023-12-19 21:55:45 +01:00
Ben Grande
e670d026d4
fix: skip client setup on cacher initialization
...
Installing sys-cacher does not require that all templates change.
2023-12-19 21:12:07 +01:00
Ben Grande
b4b7f27492
fix: qubes-update superseded by qubes-vm-update
2023-12-19 14:44:33 +01:00
Ben Grande
bcc8165620
fix: salt syntax with missing characters
2023-12-19 13:02:04 +01:00
Ben Grande
fcfb2e236c
fix: whonix naming without abbreviations
2023-12-19 13:00:57 +01:00
Ben Grande
b0626bd15b
fix: template name must specify version
2023-12-19 12:59:52 +01:00
Ben Grande
bcb65a2f1a
feat: usb client
2023-12-18 15:31:27 +00:00
Ben Grande
f16bfdd28b
feat: fetcher
2023-12-18 15:31:19 +00:00
Ben Grande
9fc2c03a2c
doc: top method must not skip dom0
2023-12-18 15:25:55 +00:00
Ben Grande
20115a2207
fix: udpate dotfiles module
2023-11-21 23:56:52 +00:00
Ben Grande
ec2dab3bf5
fix: stop modifying distribution package files
...
Avoids breaking package updates.
2023-11-21 23:55:16 +00:00
Ben Grande
10b3bcdf41
fix: unstrusted input marking and sanitization
2023-11-21 14:57:47 +00:00
Ben Grande
5e3c790111
fix: mode ansible linter to correct project
2023-11-20 19:25:52 +00:00
Ben Grande
83c17c4ff4
fix: update dotfiles module
2023-11-20 12:23:48 +00:00
Ben Grande
2702768127
fix: add required package to sync clockvm time
2023-11-20 12:21:37 +00:00
Ben Grande
41c54186c6
fix: cacher shuting down on long running updates
2023-11-14 07:13:54 +00:00
Ben Grande
963e72c7ed
chore: Fix unman copyright contact
2023-11-13 18:18:06 +00:00
Ben Grande
5eebd789ed
refactor: initial commit
2023-11-13 14:33:28 +00:00