Commit Graph

339 Commits

Author SHA1 Message Date
Ben Grande
18204da1a2
fix: import jinja template to dom0 kde state
Fixes: https://github.com/ben-grande/qusal/issues/50
2024-05-01 03:23:19 +02:00
Ben Grande
5722a25779
fix: discover non-root username at runtime
Useful when Dom0 has the non-default username, less useful for DomUs.

Fixes: https://github.com/ben-grande/qusal/issues/43
2024-04-30 16:04:40 +02:00
Ben Grande
e84959bebb
fix: update fedora mirror list with upstream
Experiment with setting zchunk to false in DNF for Fedora.

Fixes: https://github.com/ben-grande/qusal/issues/47
2024-04-30 14:53:21 +02:00
Ben Grande
760fdd9625
doc: cacher documentation duplicates sections
Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-30 14:07:03 +02:00
Ben Grande
bfd7b228c5
fix: incorrect path to repo rewriter service
Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-29 23:10:08 +02:00
Ben Grande
234afc3df8
doc: update cacher table of contents 2024-04-26 19:27:52 +02:00
Ben Grande
1ede2e1a1e
fix: allow update check to work on cacher clients
Qubes that have the updates-proxy-service enabled will have the
repository definitions set to work with the proxy, being it a TemplateVM
or another type of qube. Qubes that have that same service disabled and
are based on templates that are being cached, will have the repository
definitions corrected for it to work like normal systems via the
networking instead of caching proxy.

Optimizations were done for a faster runtime, previously it would call
sed 38 times on Fedora-39, now it only calls sed 2 times for Fedora
repositories (one extra for rpmfusion) and some more for PackageKit and
dnf.conf markers. Inexpensive runtime is a must for a script that may
run multiple times, such as when being called by a tool monitoring the
filesystem such as inotify.

Code from /usr/lib/qubes/update-proxy-configs was used for the NetVM use
case of the cacher, thus the license had to be changed.

For: https://github.com/ben-grande/qusal/issues/44
Fixes: https://github.com/ben-grande/qusal/issues/31
2024-04-26 19:23:14 +02:00
Ben Grande
a6f7d23819
doc: wrong cacher header position 2024-04-25 11:53:47 +02:00
Ben Grande
648bdad04b
fix: remove updatevm tag after DomU uninstallation
For: https://github.com/ben-grande/qusal/issues/41
2024-04-25 11:25:42 +02:00
Ben Grande
7ec71ccf1b
feat: bump Mirage Firewall version 2024-04-24 13:52:20 +02:00
Ben Grande
69745df512
fix: update dotfiles module 2024-04-23 18:37:45 +02:00
Ben Grande
ec7f62f23b
feat: bump Bitcoin version 2024-04-17 09:37:18 +02:00
Ben Grande
63e93be1d4
fix: GUI policy precedes sys-cacher policy
Fixes: https://github.com/ben-grande/qusal/issues/45
2024-04-13 16:17:49 +02:00
Ben Grande
a8e918829d
feat: bump Pi-Hole and Bitcoin version 2024-04-12 18:13:55 +02:00
Ben Grande
084d08f7c5
doc: uninstall cacher client based on tag
For: https://github.com/ben-grande/qusal/issues/41
2024-03-25 12:34:59 +01:00
Ben Grande
fb7db5dc45
fix: browser requires a state and not a package
For: https://github.com/ben-grande/qusal/issues/40
2024-03-25 11:04:54 +01:00
Ben Grande
fcc155f5c7
feat: optional state to autostart AudioVM
Not the default because it is unnecessary to autostart AudioVM as audio
is not necessary for everyone on every boot.

Fixes: https://github.com/ben-grande/qusal/issues/39
2024-03-23 22:18:45 +01:00
Ben Grande
cf88ad1ed4
fix: install salt depends in fedora-39-minimal
Fixes: https://github.com/ben-grande/qusal/issues/38
2024-03-23 22:09:49 +01:00
Ben Grande
81bf77cabe
fix: missing load import
Fixes: https://github.com/ben-grande/qusal/issues/36
2024-03-22 16:45:29 +01:00
Ben Grande
4ac0ec9613
fix: cacher jinja fails to split words
Fixes: https://github.com/ben-grande/qusal/issues/35
2024-03-21 21:52:02 +01:00
Ben Grande
7faf944964
feat: apply URI changes in qube
Very useful for template based qubes to uninstall the cacher definition
to reach remote repository definitions with direct connection.

https://github.com/ben-grande/qusal/issues/31
2024-03-21 21:50:02 +01:00
Ben Grande
9e96d80b52
fix: add missing archlinux mirror 2024-03-21 16:30:36 +01:00
Ben Grande
af27eb131d
fix: wrong port in rsync client forwarder
Fixes: https://github.com/ben-grande/qusal/issues/34
2024-03-21 12:26:00 +01:00
Ben Grande
004cb73dbf
fix: restrict supported screenshot tools 2024-03-20 10:29:44 +01:00
Ben Grande
4097af2aa5
fix: update dotfiles module 2024-03-19 19:59:41 +01:00
Ben Grande
cb59a9a5b3 feat: fetch mirage tarball
Fixes: https://github.com/ben-grande/qusal/issues/32
2024-03-19 17:19:54 +01:00
Ben Grande
f9ead06408 fix: remove extraneous package repository updates
Updates happens multiple times, normally 2 to 3, even if we consider a
state without includes. On states with multiple includes, it could
easily get approximately 10 updates being ran. This behavior leads to
unnecessary network bandwidth being spent and more time to run the
installation state. When the connection is slow and not using the
cacher, such as torified connections on Whonix, the installation can
occurs much faster.

Adding external repositories has to be done prior to update to ensure it
is also fetched.

Fixes: https://github.com/ben-grande/qusal/issues/29
2024-03-18 17:51:36 +01:00
Ben Grande
fc2af9b619 fix: remove colors from output of backup file 2024-03-18 15:26:05 +01:00
Ben Grande
db86c2dc64 feat: bump electrs version 2024-03-15 17:12:14 +01:00
Ben Grande
425748ab9e fix: install screenshot dependencies
Provided in the default Dom0 installation as it brings a much better
usability and small packages.

KDE ships with kdialog but without a screenshot utility.
Xfce ships with xfce4-screenshooter but without a dialog utility.
Scrot and Zenity are minimal tools that works on both DEs and are very
small packages.

Fixes: https://github.com/ben-grande/qusal/issues/22
2024-03-15 11:03:00 +01:00
Ben Grande
7c3d6ac7c0 fix: remove cacher proxy from updatevm
Git revision is specified in the git module to Salt not fail trying to
verify it is in HEAD when it is in a tag from a previous installation.

Fixes: https://github.com/ben-grande/qusal/issues/27
2024-03-14 16:53:23 +01:00
Ben Grande
8a0c004ed8 fix: update dotfiles module 2024-03-14 12:14:15 +01:00
Ben Grande
134a26a0f5 feat: add screenshot helper
Comparison to upstream:

- POSIX compliant;
- Add more dialog tools: kdialog;
- Add more screenshot tools: spectacle, xfce4-screenshooter;
- Change work "Nautilus" to "File Manager";
- Fix all shellcheck messages;
- Fix wording of confusing options seen by the user;
- Fix variable names without meaning;
- Remove commented/unused code;
- Remove extraneous messages sent to the user;
- Remove Imgur support; and
- Remove ImageMagic, use tools that support editing: spectacle.

Fixes: https://github.com/ben-grande/qusal/issues/22
2024-03-13 17:15:24 +01:00
Ben Grande
beb5c048ee fix: start qube before running qrexec-client 2024-03-11 17:51:43 +01:00
Ben Grande
49fb733a1c fix: update dotfiles module 2024-03-11 08:59:29 +01:00
Ben Grande
3dca623519 fix: change mgmt template to fedora
A Minimal Fedora template can't be the management qube or the targeted
qube of Salt as it is missing dependencies that are only available in
the full template. The management qube is temporarily changed to the
non-minimal version so the minimal template can be targeted once and
then it takes over the management disposable template.

Fixes: https://github.com/ben-grande/qusal/issues/28
2024-03-10 17:22:39 +01:00
Ben Grande
ead4073bcf feat: allow disp-sys-usb to be an AudioVM
- End qrexec policy with deny rules;
- Move the USB setup from sys-audio to sys-usb; and
- Document the pros and cons of the different types of USB devices
  assignment to client qubes or to the server.
2024-02-28 22:30:19 +01:00
Ben Grande
e7a7649a07 fix: remove dom0 port forwarding default install
Fixes: https://github.com/ben-grande/qusal/issues/25
2024-02-26 13:53:12 +01:00
Ben Grande
f3953ebd24 fix: convert backup profile to example type 2024-02-24 22:58:15 +01:00
Ben Grande
d984da54a0 feat: enhance mpv performance
Fixes: https://github.com/ben-grande/qusal/issues/19
2024-02-23 20:48:49 +01:00
Ben Grande
766a430ba8 fix: typo in file name
Fixes: https://github.com/ben-grande/qusal/issues/21
2024-02-23 19:06:52 +01:00
Ben Grande
5605ec7885 doc: prefix qubesctl with sudo
Fixes: https://github.com/ben-grande/qusal/issues/20
2024-02-23 16:55:11 +01:00
Ben Grande
f513f64065 feat: better dom0 terminal usability
These helpers were in the dotfiles submodule, but they are very useful
and makes sense to port them to this project, especially when in need to
update Qusal.

Fixes: https://github.com/ben-grande/qusal/issues/18
Fixes: https://github.com/ben-grande/qusal/issues/21
2024-02-23 16:47:27 +01:00
Ben Grande
858aba8263 doc: inform how to get a better mpv performance
https://github.com/ben-grande/qusal/issues/19
2024-02-22 22:32:33 +01:00
Ben Grande
9a4790f74e doc: inform how to reduce bitcoind memory usage 2024-02-22 21:59:43 +01:00
Ben Grande
0cd3e662da fix: remove hardcoded fedora versions from cacher 2024-02-22 21:58:14 +01:00
Ben Grande
908a0773db fix: allow apt-cacher-ng cronjob to run 2024-02-22 21:57:51 +01:00
Ben Grande
23dbc723cb fix: update apt-cacher-ng mirror list 2024-02-22 21:57:26 +01:00
Ben Grande
2b46500d81 doc: remove outdated ssh agent server instructions 2024-02-20 00:31:43 +01:00
Ben Grande
89bd760d3c feat: add OpenTofu 2024-02-19 23:36:54 +01:00
Ben Grande
f735474141 fix: update dotfiles module 2024-02-18 21:26:06 +01:00
Ben Grande
a91f48889a fix: update dotfiles module 2024-02-18 17:09:05 +01:00
Ben Grande
7d6e2bf9c9 fix: less menu items for bitcoin qubes 2024-02-18 17:08:30 +01:00
Ben Grande
2409d8a141 fix: better electrum GUI resolution and tabs 2024-02-18 17:08:09 +01:00
Ben Grande
3ef02df040 fix: electrum install zbar and protobuf 2024-02-18 17:05:30 +01:00
Ben Grande
275178fa7c fix: add missing dependency for qvm-connect-tcp
The target of qubes.ConnectTCP has 'socat' because it is a dependency of
qubes-core-agent-networking. In case the target has not networking
packages, this needs to be taken care by the formula that creates the
target, not from the client itself.
2024-02-17 12:03:45 +01:00
Ben Grande
dbed18dfa2 feat: Bitcoin Core and Electrum servers and wallet 2024-02-17 00:07:33 +01:00
Ben Grande
e6fb72c22e feat: update template to fedora-39 2024-02-16 23:31:57 +01:00
Ben Grande
7331b1938e refactor: distinct whonix formulas
Separating the Gateway and the Workstation formula makes it easier to
use the clone-template macro as well as only run the necessary states.
2024-02-08 23:58:59 +01:00
Ben Grande
f27db69e3a fix: update dotfiles module 2024-02-04 19:51:11 +01:00
Ben Grande
c35ec15f7e fix: create directories when necessary 2024-02-04 19:48:12 +01:00
Ben Grande
56ecc25352 fix: vm kernel only applies to developers
Fixes: https://github.com/ben-grande/qusal/issues/3
2024-02-03 20:58:28 +01:00
Ben Grande
8f076d2441 fix: whonix template with high memory and backup 2024-02-02 10:28:19 +01:00
Ben Grande
76c9cd00ad fix: move custom kicksecure settings to dev state
Fixes: https://github.com/ben-grande/qusal/issues/12
Fixes: https://github.com/ben-grande/qusal/issues/14
Fixes: https://github.com/ben-grande/qusal/issues/15
2024-02-02 10:05:46 +01:00
Ben Grande
4596198037 fix: less intrusive kicksecure default install
- Do not remove sources.list;
- Move broken packages to separate state;
- Rename to developers state and explain it breaks boot;
- Remove settings that are already the default;
- Remove configuration that is deprecated and
- Remove deprecated packages;

Fixes: https://github.com/ben-grande/qusal/issues/4
Fixes: https://github.com/ben-grande/qusal/issues/5
Fixes: https://github.com/ben-grande/qusal/issues/6
Fixes: https://github.com/ben-grande/qusal/issues/7
Fixes: https://github.com/ben-grande/qusal/issues/9
Fixes: https://github.com/ben-grande/qusal/issues/11
Fixes: https://github.com/ben-grande/qusal/issues/13
2024-02-01 17:40:26 +01:00
Ben Grande
174af08efc feat: electrum bitcoin wallet 2024-01-31 16:53:04 +01:00
Ben Grande
c98b8b3fa5 fix: do not include mirage firewall in backup 2024-01-31 15:50:35 +01:00
Ben Grande
8ff19988d0 feat: install available sequoia-pgp tools 2024-01-31 14:51:17 +01:00
Ben Grande
b5d7371f93 fix: thunar requires xfce helpers to find terminal 2024-01-31 14:42:17 +01:00
Ben Grande
c08b39decc feat: add torrent client to fetcher 2024-01-30 19:32:05 +01:00
Ben Grande
6efcc1da77 chore: copyright update 2024-01-29 16:49:54 +01:00
Ben Grande
b01f2d213a chore: move port forward to dom0 formula
The script can be used with sys-cacher, sys-pihole, sys-syncthing,
sys-ssh and many services you'd want to forward, make it reusable.
2024-01-29 12:11:51 +01:00
Ben Grande
30f2ebe4ce fix: port forward validate values from DomUs 2024-01-29 12:06:33 +01:00
Ben Grande
cb4ff00113 doc: typo in mirage firewall usage 2024-01-28 23:28:00 +01:00
Ben Grande
9183828985 fix: fail early when qubes.VMShell is unsupported
Happens with Mirage Unikernel, as it doesn't have a proper shell.

Fixes: https://github.com/ben-grande/qusal/issues/1
2024-01-28 23:25:03 +01:00
Ben Grande
03cb70c2c2 fix: port forwarder missing short options usage 2024-01-27 17:05:56 +01:00
Ben Grande
dab297905c fix: mail qrexec policy missing disp in name 2024-01-27 11:38:28 +01:00
Ben Grande
aec644bfc6 feat: add qubes img and pdf converter media qubes 2024-01-26 22:49:18 +01:00
Ben Grande
a04960c1c6 feat: initial split-mail setup
Split-mail allows to separate the receving, reading/composing and
sending of mails to separate qubes, while having the reading/composing
qube offline and a manual step necessary to authorize mails to be sent
form the sender qube.
2024-01-26 22:46:36 +01:00
Ben Grande
7ec20f1863 fix: add file browser to reader
We are already trusting many applications to display files, adding a
file browser is a huge usability improvement in this case.
2024-01-23 13:27:15 +01:00
Ben Grande
bd255af41f fix: cleanup audio home directory 2024-01-22 18:42:54 +01:00
Ben Grande
adba858477 fix: add whonix dvm 2024-01-22 10:56:31 +01:00
Ben Grande
d75a59f54b fix: update dotfiles module 2024-01-21 23:40:55 +01:00
Ben Grande
67403a17a3 feat: whonix setup independent from OEM
Depending on OEM will conflict the state IDs because they are the name
of the qubes being created. As not much changes are needed and we
customize much more, stop depending on upstream.
2024-01-21 23:04:41 +01:00
Ben Grande
3e6ba8ff82 fix: client install the ssh-agent client packages
The client should install the agent client packages and not the
opposite. The way it was, it would not be possible to include the agent
client packages to the ssh client, as it would create a recursive loop.
2024-01-21 22:04:34 +01:00
Ben Grande
97c644a09c fix: invert builder memory and vcpus 2024-01-20 19:51:45 +01:00
Ben Grande
422b01e0f6 feat: remove audiovm setting when unnecessary
Decrease audio attack surface to qubes that will never need to use it.
2024-01-20 19:34:39 +01:00
Ben Grande
71dd9a5280 doc: bluetooth system tray 2024-01-19 12:16:34 +01:00
Ben Grande
4ef0d05279 feat: seamless audio integration with bluetooth 2024-01-19 11:18:37 +01:00
Ben Grande
b95cc6da43 feat: pavucontrol in sys-audio
The mixer provided by the program volumeicon is okay, it shows only one
input and one output. Pavucontrol correctly detects the different inputs
and output of each audio client, you can have deeper control of the
client volume.
2024-01-19 10:14:22 +01:00
Ben Grande
04a016e876 doc: attacker can display a large byte set 2024-01-18 19:49:15 +01:00
Ben Grande
0887c24a19 fix: remove unicode from used files
No considering license, copyright notices kept outside of the installed
directories, but excluding keys that have unicode in their comment
section.
2024-01-18 15:23:52 +01:00
Ben Grande
f8ea066b2b doc: how to update the repository
As it is not easy to get files to dom0 and we don't want to reimplement
a package manager, crude Git is the solution as of know.

With Git we have the following advantages: native fetch format for
source controlled files, cleaner command-line, automatic signature
verification during merge, the disadvantage is that it is not included
by default in Dom0 and filtering it's stdout chars are not possible.
Note that the remote can report messages to the client via stderr, which
is filtered already, and if it tries to send an escape sequence to
stdout, the operation will fail with 'bad line length character: CHAR'
printed to stderr on the client, unfiltered by qrexec, but filtered to
some extent by the git client. If it is an escape character, the char is
transformed to "?", but UTF-8 multibyte characters are not filtered. Up
to 4 bytes can be displayed.

Tar on the other hand is already installed, but it is much ancient and
it's file parsing caused CVEs in the past relatively more drastic than
Git, it also doesn't only include committed files, it can include any
file that is present in the directory, which by far, increases a lot of
the attack surface unless you reset the state to HEAD, clean .git
directory manually and there are possibly other avenues of attack.
2024-01-18 15:22:35 +01:00
Ben Grande
0dd627b670 fix: update dotfiles module 2024-01-18 09:24:36 +01:00
Ben Grande
23bccebaab fix: dom0 as sys-git client
The salt module git.config_get does not work in Dom0 and does not have
a key to set the system gitconfig.
2024-01-18 09:21:21 +01:00
Ben Grande
3faa523820 feat: usb devices in sys-audio
Introduces support for USB connected devices such as Bluetooth and
camera, microphone as well as their integrated versions.
2024-01-17 16:52:55 +01:00
Ben Grande
6bf9b97a36 fix: help option for port forwarder 2024-01-16 12:11:31 +01:00
Ben Grande
80638d64b5 feat: port forwarder
If persistent rules are chosen, it can deal with disposable sys-net, but
not with disposable sys-firewall, as the qube ip will change, the rule
won't work. Applying the rule to the disposable template is a "try it
all", but it's usage is discouraged.
2024-01-16 00:15:29 +01:00
Ben Grande
c3937e881e fix: disposable sys-audio name with disp prefix 2024-01-14 14:05:17 +01:00
Ben Grande
ff4773bf8e doc: kicksecure missing minimal flavor 2024-01-14 08:52:24 +01:00
Ben Grande
23a569d4e1 fix: install less browser packages in reader
The state browse.install installs extraneous packages that we won't
need for an untrusted environment, such as USB and audio support.
2024-01-12 19:47:52 +01:00
Ben Grande
2576d14448 fix: policy file mode not allowing group to write 2024-01-12 19:44:55 +01:00
Ben Grande
ac25ef6b87 fix: sys-usb hide-usb-from-dom0 in keyboard state 2024-01-12 19:08:56 +01:00
Ben Grande
8d7c0a2d0b fix: sys-cacher policy with the new tag name 2024-01-12 18:34:04 +01:00
Ben Grande
2063a4328c fix: clone macro support for optional argument 2024-01-12 18:22:33 +01:00
Ben Grande
6eefceda74 fix: sys-usb disposables must have name prefix 2024-01-12 18:22:18 +01:00
Ben Grande
6828e83dde fix: update dotfiles module 2024-01-12 18:00:40 +01:00
Ben Grande
7eb1f34f73 feat: disposable mirage firewall 2024-01-12 17:58:56 +01:00
Ben Grande
5502103901 fix: separate template formula per flavor
Default template flavor is Gnome, installing Xfce when requesting the
template formula without flavor causes confusion.
2024-01-12 17:47:21 +01:00
Ben Grande
233ac76bcb fix: sys-cacher tag compliance with default tags
The default tags start with the capability than the qube name, such as
audiovm-dom0 and guivm-dom0.
2024-01-12 17:30:29 +01:00
Ben Grande
5e5ae2f704 fix: zsh state import with relative path
Relative path only works well if it is on the salt root.
2024-01-12 17:24:43 +01:00
Ben Grande
a97e3c0c8a feat: kicksecure minimal template 2024-01-12 17:24:31 +01:00
Ben Grande
2b6daac8a9 fix: shellcheck 2024-01-10 14:31:57 +01:00
Ben Grande
040594ae74 fix: do not remove created dvm
The removal was first implemented to get a clean state of the qube, but
there are side effects, it fails if the user created a named disposable
based on the dvm and also removes the (dvm) entry from the appmenu.

The sys-usb case is a workaround in case the user selected a
non-disposable, an appvm sys-usb during system installation.
2024-01-10 14:27:44 +01:00
Ben Grande
5b9b0bba5b doc: missing access control for sys-usb 2024-01-10 12:50:02 +01:00
Ben Grande
76e9234c83 fix: organize sys-usb policy per service 2024-01-10 12:49:20 +01:00
Ben Grande
567e36d276 fix: prefer qvm-features for uniformity 2024-01-09 18:48:29 +01:00
Ben Grande
a3829e46ae feat: policy support for multiple sys-usb qubes 2024-01-09 18:44:50 +01:00
Ben Grande
f5894dc6fc doc: cleaner usage sections for qubes-builder 2024-01-08 20:08:54 +01:00
Ben Grande
c306047f1e fix: sys-wireguard compatible with Qubes 4.2 2024-01-08 20:07:20 +01:00
Ben Grande
42a93093dd fix: rpc service copy to dvm
Upstream-commit: 7c37bb7bd65ad3a183790ad07344729504bc0930
2024-01-07 20:20:54 +01:00
Ben Grande
762f8be485 fix: make sys-pihole fully replace sys-firewall 2024-01-05 20:28:27 +01:00
Ben Grande
705808d8b6 feat: allow sys-pihole to use pi-hole for queries 2024-01-05 17:45:04 +01:00
Ben Grande
a17f9f5250 feat: unattended qubes-builder build
Split-gpg2 allows to isolate GPG home directories. In the future,
enforcing this setting via drop-in configuration would be safer, depends
on https://github.com/QubesOS/qubes-issues/issues/8792.
2024-01-05 17:24:14 +01:00
Ben Grande
692659e22d feat: passwordless pihole admin interface
- Passwordless as it doesn't compromise security;
- Firewall blocks access to the interface in case the pihole is exposed
  to the internet;
- setupVars.conf needs to be 644 for non root commands to the pihole
  script to work, so the WEB_PASSWORD can be read as normal user,
  restricting root on pihole does not make sense, as it can modify the
  network setting via pihole web interface.
2024-01-05 16:32:42 +01:00
Ben Grande
417843ba75 feat: remove extraneous passwordless root 2024-01-05 12:03:23 +01:00
Ben Grande
c1094046ee fix: add user to mock group 2024-01-05 11:07:27 +01:00
Ben Grande
0216297ee6 feat: default to disposable netvm
- Default sys-net and sys-firewall to disposable;
- Set global and per vm preferences by starting the qubes or shutting
  down them when necessary; and
- Less manual steps remaining for the user: just rename the net qube, as
  it can only be done via Qubes Manager.
2024-01-04 21:59:15 +01:00
Ben Grande
8a8252d6f0 fix: changes default template flavor to Xfce 2024-01-04 18:01:21 +01:00
Ben Grande
e0b11b3daf fix: do not install net debug tools by default 2024-01-04 17:25:16 +01:00
Ben Grande
e167879cfb doc: sys-audio usage 2024-01-04 15:17:20 +01:00
Ben Grande
767fc42523 fix: allow to attach mic with sys-audio 2024-01-04 12:20:13 +01:00
Ben Grande
6bb426a057 refactor: import armored gpg keys instead of db 2024-01-03 21:40:05 +01:00
Ben Grande
0eecbcffc4 fix: unconfined qfile-unpacker
Upstream-commit: 0648b2329f0d142a2e24ecf376b28603fb04abb4
2024-01-03 14:35:06 +01:00
Ben Grande
083285901c fix: remove old split-gpg from qubes-builder 2024-01-03 14:29:49 +01:00
Ben Grande
2283b3368e fix: sys-audio policy and autostart pacat daemon 2024-01-03 11:47:13 +01:00
Ben Grande
d939d4aa26 fix: signal state uses idempotent state 2024-01-02 23:03:10 +01:00
Ben Grande
f32a14c422 fix: autostart volumeicon 2024-01-02 23:01:58 +01:00
Ben Grande
b86486a793 feat: qubes-vm-update global settings 2024-01-02 18:04:54 +01:00
Ben Grande
ed4fe70980 fix: customize sys-whonix
- autostart set to false;
- lower vcpus available;
- lower total memory; and
- use state provided by upstream;
2023-12-31 07:52:38 +01:00
Ben Grande
e2c24ec78e style: client state ID must conform to order 2023-12-31 07:50:03 +01:00
Ben Grande
ec9142bf27 fix: pci regain with invalid syntax 2023-12-31 07:49:25 +01:00
Ben Grande
81f8c56a76 fix: install missing packages to audio client 2023-12-31 07:48:29 +01:00
Ben Grande
bd54499a26 fix: update dotfiles module 2023-12-28 12:29:09 +01:00
Ben Grande
f8953c6acc doc: better usage of split-gpg2 in qubes-builder 2023-12-28 12:26:37 +01:00
Ben Grande
b52e4b1b63 fix: strict split-gpg2 service
Split-gpg V1 allowed for querying public keys, but as split-gpg2 is
running as an agent, public keys are not queried. Allowing connection to
the server to query only public parts of the key exposes the server more
than needed to the client.

All clients now have to hold the public key they need locally in order
to do GPG operations.
2023-12-28 11:47:41 +01:00
Ben Grande
76079d2c7e fix: wrong source paths 2023-12-27 23:45:06 +01:00
Ben Grande
652b4f0f71 fix: update dotfiles module 2023-12-27 20:05:41 +01:00
Ben Grande
a617c3d97e fix: modify package names to match Qubes 4.2 2023-12-27 20:00:15 +01:00
Ben Grande
250c877723 fix: regain pci script not managed 2023-12-27 19:58:01 +01:00
Ben Grande
e650deaa7d fix: port forwarder script with custom rc 2023-12-26 20:15:57 +01:00
Ben Grande
06393fce3f fix: browser cli install tool switches to fetcher 2023-12-26 19:53:59 +01:00
Ben Grande
6a551eba67 refactor: pihole nft rules for Qubes 4.2 2023-12-26 19:50:31 +01:00
Ben Grande
224d2d5f69 fix: pihole lighttpd link 2023-12-24 21:23:29 +01:00
Ben Grande
6fc173d78d feat: clockvm also present in sys-pihole 2023-12-23 21:05:24 +01:00
Ben Grande
ad6f5e29fe feat: move clockvm out of sys-net to sys-firewall 2023-12-21 23:38:39 +01:00
Ben Grande
f21f676adf fix: dom0 qrexec call target qube 2023-12-21 22:38:32 +01:00
Ben Grande
a820751ba3 refactor: git Qrexec helper with drop-in commands
Drop-in scripts can complement the remote-helper ability.
Basic trace of the communication of git with the helper.
2023-12-21 15:38:16 +01:00
Ben Grande
a27493c5d9 fix: update dotfiles module 2023-12-21 15:09:52 +01:00
Ben Grande
ff34a8a1c3 fix: add missing appmenus sync 2023-12-21 00:10:03 +01:00
Ben Grande
a3ebfed693 fix: whonix top missing template update 2023-12-20 21:28:36 +01:00
Ben Grande
015019aa5d fix: ssh top files missing list type matcher 2023-12-20 21:27:42 +01:00
Ben Grande
89e03956b1 fix: remove repeated pkg in mutt 2023-12-20 21:26:33 +01:00
Ben Grande
dbaa386269 chore: inline dev install documentation 2023-12-20 21:26:13 +01:00
Ben Grande
80aeb3644f fix: sync reader appmenus 2023-12-20 21:24:43 +01:00
Ben Grande
c2f25844da feat: provide development environment for dom0 2023-12-20 17:17:05 +01:00
Ben Grande
38d98ecb0d fix: nft shebang and table names 2023-12-20 16:49:58 +01:00
Ben Grande
d3ae662c00 fix: cacher client installation indentation 2023-12-20 16:47:35 +01:00
Ben Grande
a78b90e8bd fix: better output for cacher tag assignment 2023-12-20 11:43:54 +01:00
Ben Grande
71d22c54b6 refactor: reorder states to avoid race condition 2023-12-19 23:06:37 +01:00
Ben Grande
b4d142b640 refactor: move appended states to drop-in rc.local 2023-12-19 22:50:59 +01:00
Ben Grande
0751aff4b5 refactor: organize pihole directory structure 2023-12-19 21:55:45 +01:00
Ben Grande
e670d026d4 fix: skip client setup on cacher initialization
Installing sys-cacher does not require that all templates change.
2023-12-19 21:12:07 +01:00
Ben Grande
b4b7f27492 fix: qubes-update superseded by qubes-vm-update 2023-12-19 14:44:33 +01:00
Ben Grande
bcc8165620 fix: salt syntax with missing characters 2023-12-19 13:02:04 +01:00
Ben Grande
fcfb2e236c fix: whonix naming without abbreviations 2023-12-19 13:00:57 +01:00
Ben Grande
b0626bd15b fix: template name must specify version 2023-12-19 12:59:52 +01:00
Ben Grande
bcb65a2f1a feat: usb client 2023-12-18 15:31:27 +00:00
Ben Grande
f16bfdd28b feat: fetcher 2023-12-18 15:31:19 +00:00
Ben Grande
9fc2c03a2c doc: top method must not skip dom0 2023-12-18 15:25:55 +00:00
Ben Grande
20115a2207 fix: udpate dotfiles module 2023-11-21 23:56:52 +00:00
Ben Grande
ec2dab3bf5 fix: stop modifying distribution package files
Avoids breaking package updates.
2023-11-21 23:55:16 +00:00
Ben Grande
10b3bcdf41 fix: unstrusted input marking and sanitization 2023-11-21 14:57:47 +00:00
Ben Grande
5e3c790111 fix: mode ansible linter to correct project 2023-11-20 19:25:52 +00:00
Ben Grande
83c17c4ff4 fix: update dotfiles module 2023-11-20 12:23:48 +00:00
Ben Grande
2702768127 fix: add required package to sync clockvm time 2023-11-20 12:21:37 +00:00
Ben Grande
41c54186c6 fix: cacher shuting down on long running updates 2023-11-14 07:13:54 +00:00
Ben Grande
963e72c7ed chore: Fix unman copyright contact 2023-11-13 18:18:06 +00:00
Ben Grande
5eebd789ed refactor: initial commit 2023-11-13 14:33:28 +00:00