Make shell a little bit safer with:
- add-default-case
- check-extra-masked-returns
- check-set-e-suppressed
- quote-safe-variables
- check-unassigned-uppercase
Although there are some stylistic decisions for uniformity:
- avoid-nullary-conditions
- deprecated-which
- require-variable-braces
- Document preferred method for socket use depending on use case;
- Fix Github web-flow key;
- Standardize naming of services;
- Use sys-ssh in ansible formula;
- Start services conditionally with Qubes Service and evaluated by
systemd ConditionPathExists= instead of installing on a per qube basis
with rc.local scripts;
- Change Qusal services to "qusal-" prefix instead of "qubes-" prefix.
Fixes: https://github.com/ben-grande/qusal/issues/80
Fixes: https://github.com/ben-grande/qusal/issues/79
- Passwordless as it doesn't compromise security;
- Firewall blocks access to the interface in case the pihole is exposed
to the internet;
- setupVars.conf needs to be 644 for non root commands to the pihole
script to work, so the WEB_PASSWORD can be read as normal user,
restricting root on pihole does not make sense, as it can modify the
network setting via pihole web interface.