Commit Graph

418 Commits

Author SHA1 Message Date
Ben Grande
3696a08f07
doc: organize Qubes Builder options in a list 2024-08-09 12:08:59 +02:00
Ben Grande
bdd4c789c1
fix: avoid echo usage
Echo can interpret operand as an option and checking every variable to
be echoed is troublesome while with printf, if the format specifier is
present before the operand, printing as string can be enforced.
2024-08-06 18:15:24 +02:00
Ben Grande
1b2f1ba941
fix: avoid operand evaluation as argument
Explicit end option parsing as the shell can be quite dangerous without
it.
2024-08-06 17:13:25 +02:00
Ben Grande
e42950376a
fix: SSH clients misses Qubes network integration
Although the dev qube doesn't need it as it use a TCP proxy, every
normal SSH setup requires it.
2024-07-25 21:23:19 +02:00
Ben Grande
2b7f555494
fix: exclude Whonix qubes by distribution feature
The feature is more reliable than the whonix-updatevm tag as the tag can
be deleted for other Whonix tags to take effect to target different
gateways, which is the case for the Bitcoin formula.
2024-07-25 20:38:35 +02:00
Ben Grande
f8aa555da8
fix: clean Signal and Browser dependencies
- libgtk4-1 is not used by Signal and now it declares the libgtk3-0
  as a dependency;
- Zenity is not needed as a file manager once Thunar is used;
- ATK is installed for Signal but not for any apps, remove until there
  is a shared formula or pillar to install accessibility tools; and
- Ayatana AppIndicator for tray widget. Signal tray widget is buggy,
  sometimes quitting doesn't quit and there is no configuration option
  to start the tray, only command-line option. Because of these reasons,
  not enabling the tray bar was chosen.
2024-07-19 15:30:19 +02:00
Ben Grande
95a184d1a9
fix: change directory to repository top level 2024-07-19 15:29:17 +02:00
Ben Grande
5d6a50c286
fix: add media appmenus 2024-07-19 15:28:56 +02:00
Ben Grande
3b6901b5d2
fix: remove broken Signal firewall rules
As NFTables converts domain names to IPs on the first query, it is not
possible to depend on it to have a stable connection. Implementing a DNS
proxy configuration might still be difficult due to the use of CDNs.
2024-07-18 16:18:36 +02:00
Ben Grande
e00ef4277c
fix: remove unnecessary USB proxy for audio client
Selecting the output and input device in the AudioVM using a GUI audio
manager such as Pavucontrol or Easyeffects to the connected USB device
is enough to make audio work. USB audio devices should not be connected
to audio clients.
2024-07-18 15:50:48 +02:00
Ben Grande
2802f2a20e
doc: prefer journalctl parameters over pipes 2024-07-18 15:41:09 +02:00
Ben Grande
3cae8df1d7
doc: add global guivm property
For: https://github.com/ben-grande/qusal/issues/89
2024-07-18 15:24:10 +02:00
Ben Grande
c7b0139a85
fix: remove unused codespell directive 2024-07-18 15:21:10 +02:00
Ben Grande
735b324821
feat: add GUI domain formula
For: https://github.com/ben-grande/qusal/issues/89
2024-07-18 15:19:38 +02:00
Ben Grande
fa11a1da7f
fix: lint all Salt file extensions 2024-07-18 12:23:38 +02:00
Ben Grande
f5fe9737a2
fix: add icons to remmina toolbar 2024-07-16 16:59:04 +02:00
Ben Grande
43aaaff352
fix: update dotfiles module 2024-07-16 16:58:34 +02:00
Ben Grande
5043e7b7d2
fix: correct easyeffects desktop application name 2024-07-15 18:31:51 +02:00
Ben Grande
a36de84155
fix: update dotfiles module 2024-07-15 18:13:54 +02:00
Ben Grande
409ac73e73
feat: add appmenus to audio applications 2024-07-15 18:03:08 +02:00
Ben Grande
a713cef2a0
fix: stop parse options on double dashes 2024-07-15 11:07:27 +02:00
Ben Grande
cf432651b3
fix: shell syntax typos 2024-07-15 10:08:19 +02:00
Ben Grande
04d1aaf63e
feat: find PGP keys from within the linter
- Find PGP keys using the same methods as other scripts;
- Lower threshold to 30 days by default;
- Add environment variable to set threshold;
- Add colors to distinguish expired from expires soon; and
- Add days until key expiration when it is below threshold.
2024-07-11 15:29:57 +02:00
Ben Grande
7a0fac1dbb
feat: add pylint configuration file 2024-07-10 17:03:56 +02:00
Ben Grande
4239032cfc
fix: uniform lint scripts name 2024-07-10 15:06:11 +02:00
Ben Grande
155eaa8622
fix: update RPM Specs 2024-07-10 15:04:09 +02:00
Ben Grande
224312ed42
feat: enable all optional shellcheck validations
Make shell a little bit safer with:

- add-default-case
- check-extra-masked-returns
- check-set-e-suppressed
- quote-safe-variables
- check-unassigned-uppercase

Although there are some stylistic decisions for uniformity:

- avoid-nullary-conditions
- deprecated-which
- require-variable-braces
2024-07-10 14:36:05 +02:00
Ben Grande
011a71a36d
style: limit line length per file extension
Editorconfig can only act based on file extension and path, not
attributes, it remains a mean only for multiple collaborators to use the
same configuration on their editor. When it is too restrictive, such as
not considering the file syntax, use a lint tool for the specific file
type instead of trusting editorconfig. Changes were made to increase
readability.
2024-07-09 17:42:07 +02:00
Ben Grande
2d0bf9784d
fix: update dotfiles RPM Spec 2024-07-08 20:14:42 +02:00
Ben Grande
28c298d6f4
fix: add Python indentation to editorconfig 2024-07-08 20:11:44 +02:00
Ben Grande
10c0ea0cbf
chore: editorconfig check 2024-07-08 19:59:53 +02:00
Ben Grande
6eb13fa07f
ci: reproducible license sort 2024-07-08 19:10:14 +02:00
Ben Grande
49fb82a177
ci: show license sort order 2024-07-08 18:55:24 +02:00
Ben Grande
ca143746b9
ci: show environment 2024-07-08 18:42:46 +02:00
Ben Grande
6e6c7b452f
ci: escape special sed character 2024-07-08 18:34:41 +02:00
Ben Grande
f30e5e11a9
build: dictionary sort licenses names
GHA can sort differently than local.
2024-07-08 18:20:12 +02:00
Ben Grande
0f6aa34a89
test: show RPM Spec differences on status check 2024-07-08 18:00:01 +02:00
Ben Grande
c06e4311f9
ci: generate reproducible RPM Spec macros 2024-07-08 17:42:47 +02:00
Ben Grande
523bca2327
fix: conform files to editorconfig specification 2024-07-08 17:26:34 +02:00
Ben Grande
89a4ea8073
ci: show all errors by continuing on error 2024-07-08 17:17:16 +02:00
Ben Grande
4a56d535ca
ci: checkout before reading dependencies file 2024-07-08 17:11:12 +02:00
Ben Grande
67c8c78426
ci: lint editorconfig checker 2024-07-08 17:08:12 +02:00
Ben Grande
0e150382e1
ci: check if RPM Specs are up to date 2024-07-08 15:21:49 +02:00
Ben Grande
85635f305d
build: update RPM Specs 2024-07-08 11:42:13 +02:00
Ben Grande
f60077f1a9
doc: spell check 2024-07-08 11:41:45 +02:00
Ben Grande
077b9b4e5e
ci: lint YAML and spell check code 2024-07-08 11:12:38 +02:00
Ben Grande
ab044c15b1
feat: bump Pi-Hole version
Many of the Pi-Hole releases of this year were made due to security
vulnerabilities. None of them are to concern to Qusal users.

- GHSA-jg6g-rrj6-xfg6: Requires authenticated user;
- GHSA-95g6-7q26-mp9x: Requires authenticated user; and
- GHSA-3597-244c-wrpj: Requires shell in the same qube running Pi-Hole.

The admin interface is only allowed through localhost, therefore only
sys-pihole and sys-pihole-browser qubes have access to it, blocked by
firewall (nftables) and HTTP server (lighttpd). Qubes with access to the
admin interface are not of a concern, we assume that every qube that has
access to the admin interface is trusted, therefore, only if a qube
doesn't have access to the admin interface and can gain access, it
becomes a concern, which hasn't happened.
2024-07-07 15:26:52 +02:00
Ben Grande
bb722faba4
Revert "ci: use action major version"
This reverts commit 8721ff184a.

GitHub Action version syntax is not support for all actions such as
pre-commit.
2024-07-07 15:25:23 +02:00
Ben Grande
a2fff01867
fix: remove unimplemented policy creation
Fixes: https://github.com/ben-grande/qusal/issues/91
2024-07-07 15:19:20 +02:00
Ben Grande
8721ff184a
ci: use action major version
Using action major version guarantees using the latest action version
while not having to constantly modify the patch and minor version.
2024-07-06 22:31:51 +02:00