Commit Graph

18 Commits

Author SHA1 Message Date
Ben Grande
383c840f2f
doc: lint markdown files
Only way to have a unified markdown syntax is to enforce the wanted
syntax by linting the files. Don't rely on the many markdown syntaxes,
be consistent.
2024-07-04 17:27:31 +02:00
Ben Grande
15711c912f
fix: do not change kicksecure kernel by default
Fixes: https://github.com/ben-grande/qusal/issues/71
2024-06-24 08:34:28 +02:00
Ben Grande
a6194e0364
fix: remove cacher tag from Kicksecure template
Running apt-cacher-ng-repo is during update is unnecessary, the
install-repo macro already does it and the systemd service is run on
boot before Qrexec Agent starts.

Fixes: https://github.com/ben-grande/qusal/issues/66
2024-06-22 12:14:36 +02:00
Ben Grande
7df3be4b78
fix: install caching client before common update
Cacher client installation state included in the common update state as
all qubes that updates with Qusal states use it, rather than including
it on all the installation states. The macro utils.macros.install-repo
still also run's apt-cacher-ng-repo in case the user is not updating at
that moment, just adding a new repository without restarting the qube
(systemd service has already ran).

Fixes: https://github.com/ben-grande/qusal/issues/66
2024-06-22 10:21:40 +02:00
Ben Grande
bd5c6353ec
fix: remove single quotes from Jinja regex
Unnecessary in this instance and salt trips with claiming to have found
"unknown escape character".

Fixes: https://github.com/ben-grande/qusal/issues/65
2024-06-21 19:59:01 +02:00
Ben Grande
c84dfea48e
fix: generate RPM Specs for Qubes Builder V2
It doesn't checkout the current directory when querying the spec, so we
provide the already modified version of the spec.
2024-06-21 17:00:06 +02:00
Ben Grande
faa00fbffa
doc: update table of contents 2024-06-16 10:45:42 +02:00
Ben Grande
b2c9479e50
fix: enforce https on repository installation
Previously was just http to allow for caching and non-caching of
packages. Currently, a client tool exists to rewrite repository
definitions.
2024-05-16 18:57:59 +02:00
Ben Grande
f9ead06408 fix: remove extraneous package repository updates
Updates happens multiple times, normally 2 to 3, even if we consider a
state without includes. On states with multiple includes, it could
easily get approximately 10 updates being ran. This behavior leads to
unnecessary network bandwidth being spent and more time to run the
installation state. When the connection is slow and not using the
cacher, such as torified connections on Whonix, the installation can
occurs much faster.

Adding external repositories has to be done prior to update to ensure it
is also fetched.

Fixes: https://github.com/ben-grande/qusal/issues/29
2024-03-18 17:51:36 +01:00
Ben Grande
5605ec7885 doc: prefix qubesctl with sudo
Fixes: https://github.com/ben-grande/qusal/issues/20
2024-02-23 16:55:11 +01:00
Ben Grande
56ecc25352 fix: vm kernel only applies to developers
Fixes: https://github.com/ben-grande/qusal/issues/3
2024-02-03 20:58:28 +01:00
Ben Grande
76c9cd00ad fix: move custom kicksecure settings to dev state
Fixes: https://github.com/ben-grande/qusal/issues/12
Fixes: https://github.com/ben-grande/qusal/issues/14
Fixes: https://github.com/ben-grande/qusal/issues/15
2024-02-02 10:05:46 +01:00
Ben Grande
4596198037 fix: less intrusive kicksecure default install
- Do not remove sources.list;
- Move broken packages to separate state;
- Rename to developers state and explain it breaks boot;
- Remove settings that are already the default;
- Remove configuration that is deprecated and
- Remove deprecated packages;

Fixes: https://github.com/ben-grande/qusal/issues/4
Fixes: https://github.com/ben-grande/qusal/issues/5
Fixes: https://github.com/ben-grande/qusal/issues/6
Fixes: https://github.com/ben-grande/qusal/issues/7
Fixes: https://github.com/ben-grande/qusal/issues/9
Fixes: https://github.com/ben-grande/qusal/issues/11
Fixes: https://github.com/ben-grande/qusal/issues/13
2024-02-01 17:40:26 +01:00
Ben Grande
6efcc1da77 chore: copyright update 2024-01-29 16:49:54 +01:00
Ben Grande
a04960c1c6 feat: initial split-mail setup
Split-mail allows to separate the receving, reading/composing and
sending of mails to separate qubes, while having the reading/composing
qube offline and a manual step necessary to authorize mails to be sent
form the sender qube.
2024-01-26 22:46:36 +01:00
Ben Grande
422b01e0f6 feat: remove audiovm setting when unnecessary
Decrease audio attack surface to qubes that will never need to use it.
2024-01-20 19:34:39 +01:00
Ben Grande
ff4773bf8e doc: kicksecure missing minimal flavor 2024-01-14 08:52:24 +01:00
Ben Grande
a97e3c0c8a feat: kicksecure minimal template 2024-01-12 17:24:31 +01:00