Ben Grande
a17f9f5250
feat: unattended qubes-builder build
...
Split-gpg2 allows to isolate GPG home directories. In the future,
enforcing this setting via drop-in configuration would be safer, depends
on https://github.com/QubesOS/qubes-issues/issues/8792 .
2024-01-05 17:24:14 +01:00
Ben Grande
692659e22d
feat: passwordless pihole admin interface
...
- Passwordless as it doesn't compromise security;
- Firewall blocks access to the interface in case the pihole is exposed
to the internet;
- setupVars.conf needs to be 644 for non root commands to the pihole
script to work, so the WEB_PASSWORD can be read as normal user,
restricting root on pihole does not make sense, as it can modify the
network setting via pihole web interface.
2024-01-05 16:32:42 +01:00
Ben Grande
417843ba75
feat: remove extraneous passwordless root
2024-01-05 12:03:23 +01:00
Ben Grande
c1094046ee
fix: add user to mock group
2024-01-05 11:07:27 +01:00
Ben Grande
41b71eed46
doc: update README.md
2024-01-04 22:05:35 +01:00
Ben Grande
0216297ee6
feat: default to disposable netvm
...
- Default sys-net and sys-firewall to disposable;
- Set global and per vm preferences by starting the qubes or shutting
down them when necessary; and
- Less manual steps remaining for the user: just rename the net qube, as
it can only be done via Qubes Manager.
2024-01-04 21:59:15 +01:00
Ben Grande
8a8252d6f0
fix: changes default template flavor to Xfce
2024-01-04 18:01:21 +01:00
Ben Grande
e0b11b3daf
fix: do not install net debug tools by default
2024-01-04 17:25:16 +01:00
Ben Grande
e167879cfb
doc: sys-audio usage
2024-01-04 15:17:20 +01:00
Ben Grande
767fc42523
fix: allow to attach mic with sys-audio
2024-01-04 12:20:13 +01:00
Ben Grande
6bb426a057
refactor: import armored gpg keys instead of db
2024-01-03 21:40:05 +01:00
Ben Grande
0eecbcffc4
fix: unconfined qfile-unpacker
...
Upstream-commit: 0648b2329f0d142a2e24ecf376b28603fb04abb4
2024-01-03 14:35:06 +01:00
Ben Grande
083285901c
fix: remove old split-gpg from qubes-builder
2024-01-03 14:29:49 +01:00
Ben Grande
ca95f435c8
doc: sys-audio compatible with Qubes 4.2
2024-01-03 12:34:48 +01:00
Ben Grande
2283b3368e
fix: sys-audio policy and autostart pacat daemon
2024-01-03 11:47:13 +01:00
Ben Grande
0e05c097c2
fix: missing reuse license information
2024-01-02 23:09:34 +01:00
Ben Grande
4de0f3ff9f
doc: inform how to bootstrap a new system
2024-01-02 23:04:36 +01:00
Ben Grande
d939d4aa26
fix: signal state uses idempotent state
2024-01-02 23:03:10 +01:00
Ben Grande
f32a14c422
fix: autostart volumeicon
2024-01-02 23:01:58 +01:00
Ben Grande
b86486a793
feat: qubes-vm-update global settings
2024-01-02 18:04:54 +01:00
Ben Grande
ed4fe70980
fix: customize sys-whonix
...
- autostart set to false;
- lower vcpus available;
- lower total memory; and
- use state provided by upstream;
2023-12-31 07:52:38 +01:00
Ben Grande
e2c24ec78e
style: client state ID must conform to order
2023-12-31 07:50:03 +01:00
Ben Grande
ec9142bf27
fix: pci regain with invalid syntax
2023-12-31 07:49:25 +01:00
Ben Grande
81f8c56a76
fix: install missing packages to audio client
2023-12-31 07:48:29 +01:00
Ben Grande
bd54499a26
fix: update dotfiles module
2023-12-28 12:29:09 +01:00
Ben Grande
f8953c6acc
doc: better usage of split-gpg2 in qubes-builder
2023-12-28 12:26:37 +01:00
Ben Grande
b52e4b1b63
fix: strict split-gpg2 service
...
Split-gpg V1 allowed for querying public keys, but as split-gpg2 is
running as an agent, public keys are not queried. Allowing connection to
the server to query only public parts of the key exposes the server more
than needed to the client.
All clients now have to hold the public key they need locally in order
to do GPG operations.
2023-12-28 11:47:41 +01:00
Ben Grande
76079d2c7e
fix: wrong source paths
2023-12-27 23:45:06 +01:00
Ben Grande
cb01810cef
fix: update minimum Qubes version to 4.2
2023-12-27 20:13:33 +01:00
Ben Grande
652b4f0f71
fix: update dotfiles module
2023-12-27 20:05:41 +01:00
Ben Grande
a617c3d97e
fix: modify package names to match Qubes 4.2
2023-12-27 20:00:15 +01:00
Ben Grande
250c877723
fix: regain pci script not managed
2023-12-27 19:58:01 +01:00
Ben Grande
e650deaa7d
fix: port forwarder script with custom rc
2023-12-26 20:15:57 +01:00
Ben Grande
06393fce3f
fix: browser cli install tool switches to fetcher
2023-12-26 19:53:59 +01:00
Ben Grande
6a551eba67
refactor: pihole nft rules for Qubes 4.2
2023-12-26 19:50:31 +01:00
Ben Grande
224d2d5f69
fix: pihole lighttpd link
2023-12-24 21:23:29 +01:00
Ben Grande
6fc173d78d
feat: clockvm also present in sys-pihole
2023-12-23 21:05:24 +01:00
Ben Grande
ad6f5e29fe
feat: move clockvm out of sys-net to sys-firewall
2023-12-21 23:38:39 +01:00
Ben Grande
f21f676adf
fix: dom0 qrexec call target qube
2023-12-21 22:38:32 +01:00
Ben Grande
a820751ba3
refactor: git Qrexec helper with drop-in commands
...
Drop-in scripts can complement the remote-helper ability.
Basic trace of the communication of git with the helper.
2023-12-21 15:38:16 +01:00
Ben Grande
a27493c5d9
fix: update dotfiles module
2023-12-21 15:09:52 +01:00
Ben Grande
ff34a8a1c3
fix: add missing appmenus sync
2023-12-21 00:10:03 +01:00
Ben Grande
a3ebfed693
fix: whonix top missing template update
2023-12-20 21:28:36 +01:00
Ben Grande
015019aa5d
fix: ssh top files missing list type matcher
2023-12-20 21:27:42 +01:00
Ben Grande
89e03956b1
fix: remove repeated pkg in mutt
2023-12-20 21:26:33 +01:00
Ben Grande
dbaa386269
chore: inline dev install documentation
2023-12-20 21:26:13 +01:00
Ben Grande
80aeb3644f
fix: sync reader appmenus
2023-12-20 21:24:43 +01:00
Ben Grande
c2f25844da
feat: provide development environment for dom0
2023-12-20 17:17:05 +01:00
Ben Grande
38d98ecb0d
fix: nft shebang and table names
2023-12-20 16:49:58 +01:00
Ben Grande
d3ae662c00
fix: cacher client installation indentation
2023-12-20 16:47:35 +01:00