Commit Graph

19 Commits

Author SHA1 Message Date
Ben Grande
f9ead06408 fix: remove extraneous package repository updates
Updates happens multiple times, normally 2 to 3, even if we consider a
state without includes. On states with multiple includes, it could
easily get approximately 10 updates being ran. This behavior leads to
unnecessary network bandwidth being spent and more time to run the
installation state. When the connection is slow and not using the
cacher, such as torified connections on Whonix, the installation can
occurs much faster.

Adding external repositories has to be done prior to update to ensure it
is also fetched.

Fixes: https://github.com/ben-grande/qusal/issues/29
2024-03-18 17:51:36 +01:00
Ben Grande
7c3d6ac7c0 fix: remove cacher proxy from updatevm
Git revision is specified in the git module to Salt not fail trying to
verify it is in HEAD when it is in a tag from a previous installation.

Fixes: https://github.com/ben-grande/qusal/issues/27
2024-03-14 16:53:23 +01:00
Ben Grande
5605ec7885 doc: prefix qubesctl with sudo
Fixes: https://github.com/ben-grande/qusal/issues/20
2024-02-23 16:55:11 +01:00
Ben Grande
6efcc1da77 chore: copyright update 2024-01-29 16:49:54 +01:00
Ben Grande
422b01e0f6 feat: remove audiovm setting when unnecessary
Decrease audio attack surface to qubes that will never need to use it.
2024-01-20 19:34:39 +01:00
Ben Grande
567e36d276 fix: prefer qvm-features for uniformity 2024-01-09 18:48:29 +01:00
Ben Grande
762f8be485 fix: make sys-pihole fully replace sys-firewall 2024-01-05 20:28:27 +01:00
Ben Grande
705808d8b6 feat: allow sys-pihole to use pi-hole for queries 2024-01-05 17:45:04 +01:00
Ben Grande
692659e22d feat: passwordless pihole admin interface
- Passwordless as it doesn't compromise security;
- Firewall blocks access to the interface in case the pihole is exposed
  to the internet;
- setupVars.conf needs to be 644 for non root commands to the pihole
  script to work, so the WEB_PASSWORD can be read as normal user,
  restricting root on pihole does not make sense, as it can modify the
  network setting via pihole web interface.
2024-01-05 16:32:42 +01:00
Ben Grande
6bb426a057 refactor: import armored gpg keys instead of db 2024-01-03 21:40:05 +01:00
Ben Grande
6a551eba67 refactor: pihole nft rules for Qubes 4.2 2023-12-26 19:50:31 +01:00
Ben Grande
224d2d5f69 fix: pihole lighttpd link 2023-12-24 21:23:29 +01:00
Ben Grande
6fc173d78d feat: clockvm also present in sys-pihole 2023-12-23 21:05:24 +01:00
Ben Grande
38d98ecb0d fix: nft shebang and table names 2023-12-20 16:49:58 +01:00
Ben Grande
71d22c54b6 refactor: reorder states to avoid race condition 2023-12-19 23:06:37 +01:00
Ben Grande
b4d142b640 refactor: move appended states to drop-in rc.local 2023-12-19 22:50:59 +01:00
Ben Grande
0751aff4b5 refactor: organize pihole directory structure 2023-12-19 21:55:45 +01:00
Ben Grande
963e72c7ed chore: Fix unman copyright contact 2023-11-13 18:18:06 +00:00
Ben Grande
5eebd789ed refactor: initial commit 2023-11-13 14:33:28 +00:00