Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2025-04-06 06:16:08 -04:00
Code Issues Packages Projects Releases Wiki Activity
92 Commits 6 Branches 436 Tags
Commit Graph

92 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ben Grande
94f0fbe6c2
fix: clone macro support for optional argument signed_tag_for_94f0fbe6 2024-01-12 18:22:33 +01:00
Ben Grande
e2ff679849
fix: sys-usb disposables must have name prefix signed_tag_for_e2ff6798 2024-01-12 18:22:18 +01:00
Ben Grande
f69d17ad35
fix: update dotfiles module signed_tag_for_f69d17ad 2024-01-12 18:00:40 +01:00
Ben Grande
5805bd79fb
feat: disposable mirage firewall signed_tag_for_5805bd79 2024-01-12 17:58:56 +01:00
Ben Grande
e2f44fba70
fix: separate template formula per flavor 
Default template flavor is Gnome, installing Xfce when requesting the
template formula without flavor causes confusion.
signed_tag_for_e2f44fba 		2024-01-12 17:47:21 +01:00
Ben Grande
a380aeb3b6
fix: sys-cacher tag compliance with default tags 
The default tags start with the capability than the qube name, such as
audiovm-dom0 and guivm-dom0.
signed_tag_for_a380aeb3 		2024-01-12 17:30:29 +01:00
Ben Grande
f989908457
fix: zsh state import with relative path 
Relative path only works well if it is on the salt root.
signed_tag_for_f9899084 		2024-01-12 17:24:43 +01:00
Ben Grande
efa4013e90
feat: kicksecure minimal template signed_tag_for_efa4013e 2024-01-12 17:24:31 +01:00
Ben Grande
cd1786f67d
fix: shellcheck signed_tag_for_cd1786f6 2024-01-10 14:31:57 +01:00
Ben Grande
3012491615
fix: do not remove created dvm 
The removal was first implemented to get a clean state of the qube, but
there are side effects, it fails if the user created a named disposable
based on the dvm and also removes the (dvm) entry from the appmenu.

The sys-usb case is a workaround in case the user selected a
non-disposable, an appvm sys-usb during system installation.
signed_tag_for_30124916 		2024-01-10 14:27:44 +01:00
Ben Grande
5ec87fe3a8
doc: missing access control for sys-usb signed_tag_for_5ec87fe3 2024-01-10 12:50:02 +01:00
Ben Grande
c76fb42d48
fix: organize sys-usb policy per service signed_tag_for_c76fb42d 2024-01-10 12:49:20 +01:00
Ben Grande
302460b458
fix: prefer qvm-features for uniformity signed_tag_for_302460b4 2024-01-09 18:48:29 +01:00
Ben Grande
1f42dd26d8
feat: policy support for multiple sys-usb qubes signed_tag_for_1f42dd26 2024-01-09 18:44:50 +01:00
Ben Grande
e677d9f7e1
doc: cleaner usage sections for qubes-builder signed_tag_for_e677d9f7 2024-01-08 20:08:54 +01:00
Ben Grande
02e0eb0ece
fix: sys-wireguard compatible with Qubes 4.2 signed_tag_for_02e0eb0e 2024-01-08 20:07:20 +01:00
Ben Grande
6e11daa616
fix: rpc service copy to dvm 
Upstream-commit: 7c37bb7bd65ad3a183790ad07344729504bc0930
signed_tag_for_6e11daa6 		2024-01-07 20:20:54 +01:00
Ben Grande
fc37e1b05b
fix: make sys-pihole fully replace sys-firewall signed_tag_for_fc37e1b0 2024-01-05 20:28:27 +01:00
Ben Grande
e8a21ef5a4
feat: allow sys-pihole to use pi-hole for queries signed_tag_for_e8a21ef5 2024-01-05 17:45:04 +01:00
Ben Grande
132431aebd
feat: unattended qubes-builder build 
Split-gpg2 allows to isolate GPG home directories. In the future,
enforcing this setting via drop-in configuration would be safer, depends
on https://github.com/QubesOS/qubes-issues/issues/8792.
signed_tag_for_132431ae 		2024-01-05 17:24:14 +01:00
Ben Grande
6bf6da56fb
feat: passwordless pihole admin interface 
- Passwordless as it doesn't compromise security;
- Firewall blocks access to the interface in case the pihole is exposed
  to the internet;
- setupVars.conf needs to be 644 for non root commands to the pihole
  script to work, so the WEB_PASSWORD can be read as normal user,
  restricting root on pihole does not make sense, as it can modify the
  network setting via pihole web interface.
signed_tag_for_6bf6da56 		2024-01-05 16:32:42 +01:00
Ben Grande
d246ff6508
feat: remove extraneous passwordless root signed_tag_for_d246ff65 2024-01-05 12:03:23 +01:00
Ben Grande
eff6381f12
fix: add user to mock group signed_tag_for_eff6381f 2024-01-05 11:07:27 +01:00
Ben Grande
3cb2456405
doc: update README.md signed_tag_for_3cb24564 2024-01-04 22:05:35 +01:00
Ben Grande
d88a114db6
feat: default to disposable netvm 
- Default sys-net and sys-firewall to disposable;
- Set global and per vm preferences by starting the qubes or shutting
  down them when necessary; and
- Less manual steps remaining for the user: just rename the net qube, as
  it can only be done via Qubes Manager.
signed_tag_for_d88a114d 		2024-01-04 21:59:15 +01:00
Ben Grande
8059435b57
fix: changes default template flavor to Xfce signed_tag_for_8059435b 2024-01-04 18:01:21 +01:00
Ben Grande
e0d62fd12a
fix: do not install net debug tools by default signed_tag_for_e0d62fd1 2024-01-04 17:25:16 +01:00
Ben Grande
2b4fc48cec
doc: sys-audio usage signed_tag_for_2b4fc48c 2024-01-04 15:17:20 +01:00
Ben Grande
a431f4e502
fix: allow to attach mic with sys-audio signed_tag_for_a431f4e5 2024-01-04 12:20:13 +01:00
Ben Grande
5d00c764bc
refactor: import armored gpg keys instead of db signed_tag_for_5d00c764 2024-01-03 21:40:05 +01:00
Ben Grande
5a93e9edda
fix: unconfined qfile-unpacker 
Upstream-commit: 0648b2329f0d142a2e24ecf376b28603fb04abb4
signed_tag_for_5a93e9ed 		2024-01-03 14:35:06 +01:00
Ben Grande
ddb2775d52
fix: remove old split-gpg from qubes-builder signed_tag_for_ddb2775d 2024-01-03 14:29:49 +01:00
Ben Grande
d80b697558
doc: sys-audio compatible with Qubes 4.2 signed_tag_for_d80b6975 2024-01-03 12:34:48 +01:00
Ben Grande
3103100999
fix: sys-audio policy and autostart pacat daemon signed_tag_for_31031009 2024-01-03 11:47:13 +01:00
Ben Grande
5f17f7e163
fix: missing reuse license information signed_tag_for_5f17f7e1 2024-01-02 23:09:34 +01:00
Ben Grande
03288af7d9
doc: inform how to bootstrap a new system signed_tag_for_03288af7 2024-01-02 23:04:36 +01:00
Ben Grande
eca10ad7e7
fix: signal state uses idempotent state signed_tag_for_eca10ad7 2024-01-02 23:03:10 +01:00
Ben Grande
fa22308200
fix: autostart volumeicon signed_tag_for_fa223082 2024-01-02 23:01:58 +01:00
Ben Grande
a434aead8f
feat: qubes-vm-update global settings signed_tag_for_a434aead 2024-01-02 18:04:54 +01:00
Ben Grande
f6cb322f5a
fix: customize sys-whonix 
- autostart set to false;
- lower vcpus available;
- lower total memory; and
- use state provided by upstream;
signed_tag_for_f6cb322f 		2023-12-31 07:52:38 +01:00
Ben Grande
624be831c5
style: client state ID must conform to order signed_tag_for_624be831 2023-12-31 07:50:03 +01:00
Ben Grande
575691ecdf
fix: pci regain with invalid syntax signed_tag_for_575691ec 2023-12-31 07:49:25 +01:00
Ben Grande
403504da55
fix: install missing packages to audio client signed_tag_for_403504da 2023-12-31 07:48:29 +01:00
Ben Grande
c3e8baecb7
fix: update dotfiles module signed_tag_for_c3e8baec 2023-12-28 12:29:09 +01:00
Ben Grande
3d93badbf7
doc: better usage of split-gpg2 in qubes-builder signed_tag_for_3d93badb 2023-12-28 12:26:37 +01:00
Ben Grande
9772b2140d
fix: strict split-gpg2 service 
Split-gpg V1 allowed for querying public keys, but as split-gpg2 is
running as an agent, public keys are not queried. Allowing connection to
the server to query only public parts of the key exposes the server more
than needed to the client.

All clients now have to hold the public key they need locally in order
to do GPG operations.
signed_tag_for_9772b214 		2023-12-28 11:47:41 +01:00
Ben Grande
47f927f88a
fix: wrong source paths signed_tag_for_47f927f8 2023-12-27 23:45:06 +01:00
Ben Grande
ad01d374af
fix: update minimum Qubes version to 4.2 signed_tag_for_ad01d374 2023-12-27 20:13:33 +01:00
Ben Grande
7cb1d4b605
fix: update dotfiles module signed_tag_for_7cb1d4b6 2023-12-27 20:05:41 +01:00
Ben Grande
c6a0dcc8de
fix: modify package names to match Qubes 4.2 signed_tag_for_c6a0dcc8 2023-12-27 20:00:15 +01:00