Commit Graph

30 Commits

Author SHA1 Message Date
Ben Grande
383c840f2f
doc: lint markdown files
Only way to have a unified markdown syntax is to enforce the wanted
syntax by linting the files. Don't rely on the many markdown syntaxes,
be consistent.
2024-07-04 17:27:31 +02:00
Ben Grande
d31699952c
doc: add browser isolation feature to design guide 2024-06-25 23:17:22 +02:00
Ben Grande
9c280689d8
refactor: prefer systemd sockets over socat
- Document preferred method for socket use depending on use case;
- Fix Github web-flow key;
- Standardize naming of services;
- Use sys-ssh in ansible formula;
- Start services conditionally with Qubes Service and evaluated by
  systemd ConditionPathExists= instead of installing on a per qube basis
  with rc.local scripts;
- Change Qusal services to "qusal-" prefix instead of "qubes-" prefix.

Fixes: https://github.com/ben-grande/qusal/issues/80
Fixes: https://github.com/ben-grande/qusal/issues/79
2024-06-25 22:16:26 +02:00
Ben Grande
4facf458b7
feat: use native TCP socket with Qrexec 2024-06-25 01:28:53 +02:00
Ben Grande
22e2a2e82c
chore: add copyright to systemd services 2024-06-24 17:44:35 +02:00
Ben Grande
c84dfea48e
fix: generate RPM Specs for Qubes Builder V2
It doesn't checkout the current directory when querying the spec, so we
provide the already modified version of the spec.
2024-06-21 17:00:06 +02:00
Ben Grande
97b2496891
fix: start service after Qubes Service setup 2024-06-19 18:08:20 +02:00
Ben Grande
d2771d5dd6
fix: guarantee states order dependent on browser 2024-06-09 12:50:53 +02:00
Ben Grande
8accc47d99
fix: remove old deb repository list format 2024-05-29 11:34:17 +02:00
Ben Grande
44ea4c5db2
feat: add manual page reader
Ability to read the program's manual from the terminal is much better
than to ask the user to search the manual page on the internet, we
already trust the installed program and documentation, but we should not
trust every manual page on the internet.
2024-05-28 11:00:04 +02:00
Ben Grande
b2c9479e50
fix: enforce https on repository installation
Previously was just http to allow for caching and non-caching of
packages. Currently, a client tool exists to rewrite repository
definitions.
2024-05-16 18:57:59 +02:00
Ben Grande
d4c3fb11d3
feat: add terraform and chrome fedora repositories 2024-05-16 18:24:03 +02:00
Ben Grande
f9ead06408 fix: remove extraneous package repository updates
Updates happens multiple times, normally 2 to 3, even if we consider a
state without includes. On states with multiple includes, it could
easily get approximately 10 updates being ran. This behavior leads to
unnecessary network bandwidth being spent and more time to run the
installation state. When the connection is slow and not using the
cacher, such as torified connections on Whonix, the installation can
occurs much faster.

Adding external repositories has to be done prior to update to ensure it
is also fetched.

Fixes: https://github.com/ben-grande/qusal/issues/29
2024-03-18 17:51:36 +01:00
Ben Grande
5605ec7885 doc: prefix qubesctl with sudo
Fixes: https://github.com/ben-grande/qusal/issues/20
2024-02-23 16:55:11 +01:00
Ben Grande
b5d7371f93 fix: thunar requires xfce helpers to find terminal 2024-01-31 14:42:17 +01:00
Ben Grande
6efcc1da77 chore: copyright update 2024-01-29 16:49:54 +01:00
Ben Grande
b01f2d213a chore: move port forward to dom0 formula
The script can be used with sys-cacher, sys-pihole, sys-syncthing,
sys-ssh and many services you'd want to forward, make it reusable.
2024-01-29 12:11:51 +01:00
Ben Grande
30f2ebe4ce fix: port forward validate values from DomUs 2024-01-29 12:06:33 +01:00
Ben Grande
9183828985 fix: fail early when qubes.VMShell is unsupported
Happens with Mirage Unikernel, as it doesn't have a proper shell.

Fixes: https://github.com/ben-grande/qusal/issues/1
2024-01-28 23:25:03 +01:00
Ben Grande
03cb70c2c2 fix: port forwarder missing short options usage 2024-01-27 17:05:56 +01:00
Ben Grande
422b01e0f6 feat: remove audiovm setting when unnecessary
Decrease audio attack surface to qubes that will never need to use it.
2024-01-20 19:34:39 +01:00
Ben Grande
6bf9b97a36 fix: help option for port forwarder 2024-01-16 12:11:31 +01:00
Ben Grande
80638d64b5 feat: port forwarder
If persistent rules are chosen, it can deal with disposable sys-net, but
not with disposable sys-firewall, as the qube ip will change, the rule
won't work. Applying the rule to the disposable template is a "try it
all", but it's usage is discouraged.
2024-01-16 00:15:29 +01:00
Ben Grande
76079d2c7e fix: wrong source paths 2023-12-27 23:45:06 +01:00
Ben Grande
e650deaa7d fix: port forwarder script with custom rc 2023-12-26 20:15:57 +01:00
Ben Grande
71d22c54b6 refactor: reorder states to avoid race condition 2023-12-19 23:06:37 +01:00
Ben Grande
b4d142b640 refactor: move appended states to drop-in rc.local 2023-12-19 22:50:59 +01:00
Ben Grande
10b3bcdf41 fix: unstrusted input marking and sanitization 2023-11-21 14:57:47 +00:00
Ben Grande
963e72c7ed chore: Fix unman copyright contact 2023-11-13 18:18:06 +00:00
Ben Grande
5eebd789ed refactor: initial commit 2023-11-13 14:33:28 +00:00