Commit Graph

380 Commits

Author SHA1 Message Date
Ben Grande
523bca2327
fix: conform files to editorconfig specification 2024-07-08 17:26:34 +02:00
Ben Grande
89a4ea8073
ci: show all errors by continuing on error 2024-07-08 17:17:16 +02:00
Ben Grande
4a56d535ca
ci: checkout before reading dependencies file 2024-07-08 17:11:12 +02:00
Ben Grande
67c8c78426
ci: lint editorconfig checker 2024-07-08 17:08:12 +02:00
Ben Grande
0e150382e1
ci: check if RPM Specs are up to date 2024-07-08 15:21:49 +02:00
Ben Grande
85635f305d
build: update RPM Specs 2024-07-08 11:42:13 +02:00
Ben Grande
f60077f1a9
doc: spell check 2024-07-08 11:41:45 +02:00
Ben Grande
077b9b4e5e
ci: lint YAML and spell check code 2024-07-08 11:12:38 +02:00
Ben Grande
ab044c15b1
feat: bump Pi-Hole version
Many of the Pi-Hole releases of this year were made due to security
vulnerabilities. None of them are to concern to Qusal users.

- GHSA-jg6g-rrj6-xfg6: Requires authenticated user;
- GHSA-95g6-7q26-mp9x: Requires authenticated user; and
- GHSA-3597-244c-wrpj: Requires shell in the same qube running Pi-Hole.

The admin interface is only allowed through localhost, therefore only
sys-pihole and sys-pihole-browser qubes have access to it, blocked by
firewall (nftables) and HTTP server (lighttpd). Qubes with access to the
admin interface are not of a concern, we assume that every qube that has
access to the admin interface is trusted, therefore, only if a qube
doesn't have access to the admin interface and can gain access, it
becomes a concern, which hasn't happened.
2024-07-07 15:26:52 +02:00
Ben Grande
bb722faba4
Revert "ci: use action major version"
This reverts commit 8721ff184a.

GitHub Action version syntax is not support for all actions such as
pre-commit.
2024-07-07 15:25:23 +02:00
Ben Grande
a2fff01867
fix: remove unimplemented policy creation
Fixes: https://github.com/ben-grande/qusal/issues/91
2024-07-07 15:19:20 +02:00
Ben Grande
8721ff184a
ci: use action major version
Using action major version guarantees using the latest action version
while not having to constantly modify the patch and minor version.
2024-07-06 22:31:51 +02:00
Ben Grande
8604887c66
feat: unify cacher tag list to a single script 2024-07-06 22:30:36 +02:00
Ben Grande
35fa43dadf
perf: make pre-commit hooks pass file extensions
- shell-lint: faster evaluation of shell scripts, hook 40% faster;
- *-lint: unify method to find the "find" utility; and
- pre-commit: pass file extensions to lint tools.
2024-07-06 22:25:54 +02:00
Ben Grande
00a0b0f264
doc: add Tailscale too bootstrap guide 2024-07-05 17:15:57 +02:00
Ben Grande
b918478aa3
doc: interactive Tailscale login command 2024-07-05 17:00:00 +02:00
Ben Grande
eed904c7f2
feat: add Tailscale formula
Fixes: https://github.com/ben-grande/qusal/issues/42
2024-07-05 16:35:32 +02:00
Ben Grande
1425cdaf1c
fix: cache Mullvad packages 2024-07-05 16:31:24 +02:00
Ben Grande
a9ca2f02cd
doc: inform how to use USB audio in disp-sys-audio 2024-07-05 14:19:40 +02:00
Ben Grande
19440915df
ci: install python lint 2024-07-05 12:31:37 +02:00
Ben Grande
d457302fc3
feat: lint python files 2024-07-05 12:24:24 +02:00
Ben Grande
80482bfec7
fix: use systemd-resolved DNS on boot
In case user configured Wireguard but there are no clients connected,
network hooks are never run and no domains can be resolved from the
sys-wireguard qube itself, therefore using Qrexec services to resolve
DNS in sys-wireguard hooks doesn't work and depended on connected
clients.

If Wireguard systemd service wasn't run, the nameserver will be empty
and that is not a problem.

In case user hasn't configured the Wireguard configuration correctly,
drop all connections.
2024-07-05 12:02:40 +02:00
Ben Grande
14b389655b
feat: use ip interface group for faster evaluation 2024-07-05 12:00:22 +02:00
Ben Grande
34d2943556
fix: correct markdown lint package name
Fixes: https://github.com/ben-grande/qusal/issues/90
2024-07-05 09:41:41 +02:00
Ben Grande
2a4b453b58
fix: lint GitHub issue and pull request templates 2024-07-04 18:09:38 +02:00
Ben Grande
f46504afcb
ci: install markdown lint 2024-07-04 17:38:34 +02:00
Ben Grande
383c840f2f
doc: lint markdown files
Only way to have a unified markdown syntax is to enforce the wanted
syntax by linting the files. Don't rely on the many markdown syntaxes,
be consistent.
2024-07-04 17:27:31 +02:00
Ben Grande
88d9ba525c
fix: update dotfiles module 2024-07-04 11:26:31 +02:00
Ben Grande
91cf478908
fix: use mirrors metalink as a submodule 2024-07-04 11:24:21 +02:00
Ben Grande
06af125458
feat: clean dev installation
- git-send-email was implemented for a future RPC service for SMTP that
  was never created and can have some risks. As dev has no networking by
  default and the service was never created, removing it;
- git and gnupg already present in the included states;
- remove commented code; and
- move separate salt state to default installation as it only contains a
  single package that is not troublesome.
2024-07-02 12:20:47 +02:00
Ben Grande
9320c3fcf3
feat: disable OBEX Bluetooth file transfer method
No documentation as there is no intention to ever have file transfer
support in the AudioVM.
2024-07-02 10:10:50 +02:00
Ben Grande
422ec06071
fix: sync Qrexec audio policies 2024-07-02 09:33:28 +02:00
Ben Grande
c064f03b5a
doc: fix grammar mistakes in pull request template 2024-07-01 18:33:52 +02:00
Ben Grande
a09c53b263
doc: make Github select the pull request template 2024-07-01 18:32:32 +02:00
Ben Grande
e058acb78d
ci: add permission for job to close PR 2024-07-01 13:42:20 +02:00
Ben Grande
51424a47e6
ci: change workflow if statement syntax 2024-07-01 12:29:20 +02:00
Ben Grande
ba5193126e
ci: add condition to close pull request 2024-07-01 12:18:46 +02:00
Ben Grande
ded46161f6
ci: close PRs that have commits made on GitHub Web 2024-07-01 12:09:07 +02:00
c0mmando
41c2100f0d
fix: remove typo in mullvad-browser install state
Fixes: https://github.com/ben-grande/qusal/pull/85
Signed-off-by: Ben Grande <ben.grande.b@gmail.com>
2024-07-01 10:55:23 +02:00
Ben Grande
140b96b785
fix: remove expired GitHub web-flow signing key 2024-07-01 09:14:53 +02:00
Ben Grande
54b07fb05e
doc: example to enable split-gpg2-client service
For: https://github.com/ben-grande/qusal/issues/83
2024-06-30 11:34:26 +02:00
Ben Grande
09bd216d79
fix: fold character that is not special for Jinja
Fixes: https://github.com/ben-grande/qusal/issues/82
2024-06-30 11:01:34 +02:00
Ben Grande
f903c0e3df
feat: get GUI user with salt modules 2024-06-28 19:28:49 +02:00
Ben Grande
077b21d3a4
feat: support browser installation on Fedora 2024-06-28 14:12:17 +02:00
Ben Grande
72068e8e9d
fix: add Mullvad Browser 2024-06-28 12:24:29 +02:00
Ben Grande
59fc487682
fix: bind wireguard configuration directory 2024-06-28 10:39:44 +02:00
Ben Grande
05e73f985f
doc: release new version 2024-06-27 13:29:32 +02:00
Ben Grande
e84d395bb2
doc: upgrade template major releases 2024-06-27 13:28:35 +02:00
Ben Grande
9a7d2329f3
fix: bootstrap mgmt as early as possible
It was after sys-cacher for it's packages to be cached, but
fedora-minimal is targeted during sys-cacher installation, making
sys-cacher and any other formula that targets fedora-minimal fail.

Fixes: https://github.com/ben-grande/qusal/issues/69
2024-06-26 16:39:08 +02:00
Ben Grande
c46fa53409
doc: add rules for Access Control contents 2024-06-26 12:39:32 +02:00