Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2025-04-06 06:16:08 -04:00
Code Issues Packages Projects Releases Wiki Activity
97 Commits 6 Branches 436 Tags
Commit Graph

97 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ben Grande
583cad97f4
doc: kicksecure missing minimal flavor signed_tag_for_583cad97 2024-01-14 08:52:24 +01:00
Ben Grande
37db49182e
fix: install less browser packages in reader 
The state browse.install installs extraneous packages that we won't
need for an untrusted environment, such as USB and audio support.
signed_tag_for_37db4918 		2024-01-12 19:47:52 +01:00
Ben Grande
8e6554bd01
fix: policy file mode not allowing group to write signed_tag_for_8e6554bd 2024-01-12 19:44:55 +01:00
Ben Grande
6d23871608
fix: sys-usb hide-usb-from-dom0 in keyboard state signed_tag_for_6d238716 2024-01-12 19:08:56 +01:00
Ben Grande
4b59eab882
fix: sys-cacher policy with the new tag name signed_tag_for_4b59eab8 2024-01-12 18:34:04 +01:00
Ben Grande
94f0fbe6c2
fix: clone macro support for optional argument signed_tag_for_94f0fbe6 2024-01-12 18:22:33 +01:00
Ben Grande
e2ff679849
fix: sys-usb disposables must have name prefix signed_tag_for_e2ff6798 2024-01-12 18:22:18 +01:00
Ben Grande
f69d17ad35
fix: update dotfiles module signed_tag_for_f69d17ad 2024-01-12 18:00:40 +01:00
Ben Grande
5805bd79fb
feat: disposable mirage firewall signed_tag_for_5805bd79 2024-01-12 17:58:56 +01:00
Ben Grande
e2f44fba70
fix: separate template formula per flavor 
Default template flavor is Gnome, installing Xfce when requesting the
template formula without flavor causes confusion.
signed_tag_for_e2f44fba 		2024-01-12 17:47:21 +01:00
Ben Grande
a380aeb3b6
fix: sys-cacher tag compliance with default tags 
The default tags start with the capability than the qube name, such as
audiovm-dom0 and guivm-dom0.
signed_tag_for_a380aeb3 		2024-01-12 17:30:29 +01:00
Ben Grande
f989908457
fix: zsh state import with relative path 
Relative path only works well if it is on the salt root.
signed_tag_for_f9899084 		2024-01-12 17:24:43 +01:00
Ben Grande
efa4013e90
feat: kicksecure minimal template signed_tag_for_efa4013e 2024-01-12 17:24:31 +01:00
Ben Grande
cd1786f67d
fix: shellcheck signed_tag_for_cd1786f6 2024-01-10 14:31:57 +01:00
Ben Grande
3012491615
fix: do not remove created dvm 
The removal was first implemented to get a clean state of the qube, but
there are side effects, it fails if the user created a named disposable
based on the dvm and also removes the (dvm) entry from the appmenu.

The sys-usb case is a workaround in case the user selected a
non-disposable, an appvm sys-usb during system installation.
signed_tag_for_30124916 		2024-01-10 14:27:44 +01:00
Ben Grande
5ec87fe3a8
doc: missing access control for sys-usb signed_tag_for_5ec87fe3 2024-01-10 12:50:02 +01:00
Ben Grande
c76fb42d48
fix: organize sys-usb policy per service signed_tag_for_c76fb42d 2024-01-10 12:49:20 +01:00
Ben Grande
302460b458
fix: prefer qvm-features for uniformity signed_tag_for_302460b4 2024-01-09 18:48:29 +01:00
Ben Grande
1f42dd26d8
feat: policy support for multiple sys-usb qubes signed_tag_for_1f42dd26 2024-01-09 18:44:50 +01:00
Ben Grande
e677d9f7e1
doc: cleaner usage sections for qubes-builder signed_tag_for_e677d9f7 2024-01-08 20:08:54 +01:00
Ben Grande
02e0eb0ece
fix: sys-wireguard compatible with Qubes 4.2 signed_tag_for_02e0eb0e 2024-01-08 20:07:20 +01:00
Ben Grande
6e11daa616
fix: rpc service copy to dvm 
Upstream-commit: 7c37bb7bd65ad3a183790ad07344729504bc0930
signed_tag_for_6e11daa6 		2024-01-07 20:20:54 +01:00
Ben Grande
fc37e1b05b
fix: make sys-pihole fully replace sys-firewall signed_tag_for_fc37e1b0 2024-01-05 20:28:27 +01:00
Ben Grande
e8a21ef5a4
feat: allow sys-pihole to use pi-hole for queries signed_tag_for_e8a21ef5 2024-01-05 17:45:04 +01:00
Ben Grande
132431aebd
feat: unattended qubes-builder build 
Split-gpg2 allows to isolate GPG home directories. In the future,
enforcing this setting via drop-in configuration would be safer, depends
on https://github.com/QubesOS/qubes-issues/issues/8792.
signed_tag_for_132431ae 		2024-01-05 17:24:14 +01:00
Ben Grande
6bf6da56fb
feat: passwordless pihole admin interface 
- Passwordless as it doesn't compromise security;
- Firewall blocks access to the interface in case the pihole is exposed
  to the internet;
- setupVars.conf needs to be 644 for non root commands to the pihole
  script to work, so the WEB_PASSWORD can be read as normal user,
  restricting root on pihole does not make sense, as it can modify the
  network setting via pihole web interface.
signed_tag_for_6bf6da56 		2024-01-05 16:32:42 +01:00
Ben Grande
d246ff6508
feat: remove extraneous passwordless root signed_tag_for_d246ff65 2024-01-05 12:03:23 +01:00
Ben Grande
eff6381f12
fix: add user to mock group signed_tag_for_eff6381f 2024-01-05 11:07:27 +01:00
Ben Grande
3cb2456405
doc: update README.md signed_tag_for_3cb24564 2024-01-04 22:05:35 +01:00
Ben Grande
d88a114db6
feat: default to disposable netvm 
- Default sys-net and sys-firewall to disposable;
- Set global and per vm preferences by starting the qubes or shutting
  down them when necessary; and
- Less manual steps remaining for the user: just rename the net qube, as
  it can only be done via Qubes Manager.
signed_tag_for_d88a114d 		2024-01-04 21:59:15 +01:00
Ben Grande
8059435b57
fix: changes default template flavor to Xfce signed_tag_for_8059435b 2024-01-04 18:01:21 +01:00
Ben Grande
e0d62fd12a
fix: do not install net debug tools by default signed_tag_for_e0d62fd1 2024-01-04 17:25:16 +01:00
Ben Grande
2b4fc48cec
doc: sys-audio usage signed_tag_for_2b4fc48c 2024-01-04 15:17:20 +01:00
Ben Grande
a431f4e502
fix: allow to attach mic with sys-audio signed_tag_for_a431f4e5 2024-01-04 12:20:13 +01:00
Ben Grande
5d00c764bc
refactor: import armored gpg keys instead of db signed_tag_for_5d00c764 2024-01-03 21:40:05 +01:00
Ben Grande
5a93e9edda
fix: unconfined qfile-unpacker 
Upstream-commit: 0648b2329f0d142a2e24ecf376b28603fb04abb4
signed_tag_for_5a93e9ed 		2024-01-03 14:35:06 +01:00
Ben Grande
ddb2775d52
fix: remove old split-gpg from qubes-builder signed_tag_for_ddb2775d 2024-01-03 14:29:49 +01:00
Ben Grande
d80b697558
doc: sys-audio compatible with Qubes 4.2 signed_tag_for_d80b6975 2024-01-03 12:34:48 +01:00
Ben Grande
3103100999
fix: sys-audio policy and autostart pacat daemon signed_tag_for_31031009 2024-01-03 11:47:13 +01:00
Ben Grande
5f17f7e163
fix: missing reuse license information signed_tag_for_5f17f7e1 2024-01-02 23:09:34 +01:00
Ben Grande
03288af7d9
doc: inform how to bootstrap a new system signed_tag_for_03288af7 2024-01-02 23:04:36 +01:00
Ben Grande
eca10ad7e7
fix: signal state uses idempotent state signed_tag_for_eca10ad7 2024-01-02 23:03:10 +01:00
Ben Grande
fa22308200
fix: autostart volumeicon signed_tag_for_fa223082 2024-01-02 23:01:58 +01:00
Ben Grande
a434aead8f
feat: qubes-vm-update global settings signed_tag_for_a434aead 2024-01-02 18:04:54 +01:00
Ben Grande
f6cb322f5a
fix: customize sys-whonix 
- autostart set to false;
- lower vcpus available;
- lower total memory; and
- use state provided by upstream;
signed_tag_for_f6cb322f 		2023-12-31 07:52:38 +01:00
Ben Grande
624be831c5
style: client state ID must conform to order signed_tag_for_624be831 2023-12-31 07:50:03 +01:00
Ben Grande
575691ecdf
fix: pci regain with invalid syntax signed_tag_for_575691ec 2023-12-31 07:49:25 +01:00
Ben Grande
403504da55
fix: install missing packages to audio client signed_tag_for_403504da 2023-12-31 07:48:29 +01:00
Ben Grande
c3e8baecb7
fix: update dotfiles module signed_tag_for_c3e8baec 2023-12-28 12:29:09 +01:00
Ben Grande
3d93badbf7
doc: better usage of split-gpg2 in qubes-builder signed_tag_for_3d93badb 2023-12-28 12:26:37 +01:00