Commit Graph

371 Commits

Author SHA1 Message Date
Ben Grande
bb722faba4
Revert "ci: use action major version"
This reverts commit 8721ff184a.

GitHub Action version syntax is not support for all actions such as
pre-commit.
2024-07-07 15:25:23 +02:00
Ben Grande
a2fff01867
fix: remove unimplemented policy creation
Fixes: https://github.com/ben-grande/qusal/issues/91
2024-07-07 15:19:20 +02:00
Ben Grande
8721ff184a
ci: use action major version
Using action major version guarantees using the latest action version
while not having to constantly modify the patch and minor version.
2024-07-06 22:31:51 +02:00
Ben Grande
8604887c66
feat: unify cacher tag list to a single script 2024-07-06 22:30:36 +02:00
Ben Grande
35fa43dadf
perf: make pre-commit hooks pass file extensions
- shell-lint: faster evaluation of shell scripts, hook 40% faster;
- *-lint: unify method to find the "find" utility; and
- pre-commit: pass file extensions to lint tools.
2024-07-06 22:25:54 +02:00
Ben Grande
00a0b0f264
doc: add Tailscale too bootstrap guide 2024-07-05 17:15:57 +02:00
Ben Grande
b918478aa3
doc: interactive Tailscale login command 2024-07-05 17:00:00 +02:00
Ben Grande
eed904c7f2
feat: add Tailscale formula
Fixes: https://github.com/ben-grande/qusal/issues/42
2024-07-05 16:35:32 +02:00
Ben Grande
1425cdaf1c
fix: cache Mullvad packages 2024-07-05 16:31:24 +02:00
Ben Grande
a9ca2f02cd
doc: inform how to use USB audio in disp-sys-audio 2024-07-05 14:19:40 +02:00
Ben Grande
19440915df
ci: install python lint 2024-07-05 12:31:37 +02:00
Ben Grande
d457302fc3
feat: lint python files 2024-07-05 12:24:24 +02:00
Ben Grande
80482bfec7
fix: use systemd-resolved DNS on boot
In case user configured Wireguard but there are no clients connected,
network hooks are never run and no domains can be resolved from the
sys-wireguard qube itself, therefore using Qrexec services to resolve
DNS in sys-wireguard hooks doesn't work and depended on connected
clients.

If Wireguard systemd service wasn't run, the nameserver will be empty
and that is not a problem.

In case user hasn't configured the Wireguard configuration correctly,
drop all connections.
2024-07-05 12:02:40 +02:00
Ben Grande
14b389655b
feat: use ip interface group for faster evaluation 2024-07-05 12:00:22 +02:00
Ben Grande
34d2943556
fix: correct markdown lint package name
Fixes: https://github.com/ben-grande/qusal/issues/90
2024-07-05 09:41:41 +02:00
Ben Grande
2a4b453b58
fix: lint GitHub issue and pull request templates 2024-07-04 18:09:38 +02:00
Ben Grande
f46504afcb
ci: install markdown lint 2024-07-04 17:38:34 +02:00
Ben Grande
383c840f2f
doc: lint markdown files
Only way to have a unified markdown syntax is to enforce the wanted
syntax by linting the files. Don't rely on the many markdown syntaxes,
be consistent.
2024-07-04 17:27:31 +02:00
Ben Grande
88d9ba525c
fix: update dotfiles module 2024-07-04 11:26:31 +02:00
Ben Grande
91cf478908
fix: use mirrors metalink as a submodule 2024-07-04 11:24:21 +02:00
Ben Grande
06af125458
feat: clean dev installation
- git-send-email was implemented for a future RPC service for SMTP that
  was never created and can have some risks. As dev has no networking by
  default and the service was never created, removing it;
- git and gnupg already present in the included states;
- remove commented code; and
- move separate salt state to default installation as it only contains a
  single package that is not troublesome.
2024-07-02 12:20:47 +02:00
Ben Grande
9320c3fcf3
feat: disable OBEX Bluetooth file transfer method
No documentation as there is no intention to ever have file transfer
support in the AudioVM.
2024-07-02 10:10:50 +02:00
Ben Grande
422ec06071
fix: sync Qrexec audio policies 2024-07-02 09:33:28 +02:00
Ben Grande
c064f03b5a
doc: fix grammar mistakes in pull request template 2024-07-01 18:33:52 +02:00
Ben Grande
a09c53b263
doc: make Github select the pull request template 2024-07-01 18:32:32 +02:00
Ben Grande
e058acb78d
ci: add permission for job to close PR 2024-07-01 13:42:20 +02:00
Ben Grande
51424a47e6
ci: change workflow if statement syntax 2024-07-01 12:29:20 +02:00
Ben Grande
ba5193126e
ci: add condition to close pull request 2024-07-01 12:18:46 +02:00
Ben Grande
ded46161f6
ci: close PRs that have commits made on GitHub Web 2024-07-01 12:09:07 +02:00
c0mmando
41c2100f0d
fix: remove typo in mullvad-browser install state
Fixes: https://github.com/ben-grande/qusal/pull/85
Signed-off-by: Ben Grande <ben.grande.b@gmail.com>
2024-07-01 10:55:23 +02:00
Ben Grande
140b96b785
fix: remove expired GitHub web-flow signing key 2024-07-01 09:14:53 +02:00
Ben Grande
54b07fb05e
doc: example to enable split-gpg2-client service
For: https://github.com/ben-grande/qusal/issues/83
2024-06-30 11:34:26 +02:00
Ben Grande
09bd216d79
fix: fold character that is not special for Jinja
Fixes: https://github.com/ben-grande/qusal/issues/82
2024-06-30 11:01:34 +02:00
Ben Grande
f903c0e3df
feat: get GUI user with salt modules 2024-06-28 19:28:49 +02:00
Ben Grande
077b21d3a4
feat: support browser installation on Fedora 2024-06-28 14:12:17 +02:00
Ben Grande
72068e8e9d
fix: add Mullvad Browser 2024-06-28 12:24:29 +02:00
Ben Grande
59fc487682
fix: bind wireguard configuration directory 2024-06-28 10:39:44 +02:00
Ben Grande
05e73f985f
doc: release new version 2024-06-27 13:29:32 +02:00
Ben Grande
e84d395bb2
doc: upgrade template major releases 2024-06-27 13:28:35 +02:00
Ben Grande
9a7d2329f3
fix: bootstrap mgmt as early as possible
It was after sys-cacher for it's packages to be cached, but
fedora-minimal is targeted during sys-cacher installation, making
sys-cacher and any other formula that targets fedora-minimal fail.

Fixes: https://github.com/ben-grande/qusal/issues/69
2024-06-26 16:39:08 +02:00
Ben Grande
c46fa53409
doc: add rules for Access Control contents 2024-06-26 12:39:32 +02:00
Ben Grande
eb3a8ab324
feat: install Qusal TCP Proxy on updatevm's origin
Document qusal.ConnectTCP in dev's Access Control as it defaults to deny
and causes confusion to users why it doesn't work by default.  This is
an exception of the rule that a formula cannot document the RPC service
of another formula to avoid duplication.
2024-06-26 12:24:56 +02:00
Ben Grande
c2fc4b524a
feat: show origin template features of any class
For: https://github.com/ben-grande/qusal/issues/69
2024-06-26 10:10:27 +02:00
Ben Grande
4a72a48388
feat: deploy Qusal Builder configuration
For: https://github.com/ben-grande/qusal/issues/59
2024-06-26 00:18:44 +02:00
Ben Grande
d31699952c
doc: add browser isolation feature to design guide 2024-06-25 23:17:22 +02:00
Ben Grande
9c280689d8
refactor: prefer systemd sockets over socat
- Document preferred method for socket use depending on use case;
- Fix Github web-flow key;
- Standardize naming of services;
- Use sys-ssh in ansible formula;
- Start services conditionally with Qubes Service and evaluated by
  systemd ConditionPathExists= instead of installing on a per qube basis
  with rc.local scripts;
- Change Qusal services to "qusal-" prefix instead of "qubes-" prefix.

Fixes: https://github.com/ben-grande/qusal/issues/80
Fixes: https://github.com/ben-grande/qusal/issues/79
2024-06-25 22:16:26 +02:00
Ben Grande
3880a35cfa
fix: ansible references legacy zsh state
Fixes: https://github.com/ben-grande/qusal/issues/78
2024-06-25 09:17:16 +02:00
Ben Grande
4facf458b7
feat: use native TCP socket with Qrexec 2024-06-25 01:28:53 +02:00
Ben Grande
95289ed19a
build: add line break slash to remove command
For: https://github.com/ben-grande/qusal/issues/59
2024-06-24 19:09:23 +02:00
Ben Grande
22e2a2e82c
chore: add copyright to systemd services 2024-06-24 17:44:35 +02:00