Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2025-01-26 07:15:56 -05:00
Code Issues Packages Projects Releases Wiki Activity
232 Commits 3 Branches 436 Tags
Commit Graph

232 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ben Grande
5b9b0bba5b doc: missing access control for sys-usb signed_tag_for_5b9b0bba 2024-01-10 12:50:02 +01:00
Ben Grande
76e9234c83 fix: organize sys-usb policy per service signed_tag_for_76e9234c 2024-01-10 12:49:20 +01:00
Ben Grande
567e36d276 fix: prefer qvm-features for uniformity signed_tag_for_567e36d2 2024-01-09 18:48:29 +01:00
Ben Grande
a3829e46ae feat: policy support for multiple sys-usb qubes signed_tag_for_a3829e46 2024-01-09 18:44:50 +01:00
Ben Grande
f5894dc6fc doc: cleaner usage sections for qubes-builder signed_tag_for_f5894dc6 2024-01-08 20:08:54 +01:00
Ben Grande
c306047f1e fix: sys-wireguard compatible with Qubes 4.2 signed_tag_for_c306047f 2024-01-08 20:07:20 +01:00
Ben Grande
42a93093dd fix: rpc service copy to dvm 
Upstream-commit: 7c37bb7bd65ad3a183790ad07344729504bc0930
signed_tag_for_42a93093 		2024-01-07 20:20:54 +01:00
Ben Grande
762f8be485 fix: make sys-pihole fully replace sys-firewall signed_tag_for_762f8be4 2024-01-05 20:28:27 +01:00
Ben Grande
705808d8b6 feat: allow sys-pihole to use pi-hole for queries signed_tag_for_705808d8 2024-01-05 17:45:04 +01:00
Ben Grande
a17f9f5250 feat: unattended qubes-builder build 
Split-gpg2 allows to isolate GPG home directories. In the future,
enforcing this setting via drop-in configuration would be safer, depends
on https://github.com/QubesOS/qubes-issues/issues/8792.
signed_tag_for_a17f9f52 		2024-01-05 17:24:14 +01:00
Ben Grande
692659e22d feat: passwordless pihole admin interface 
- Passwordless as it doesn't compromise security;
- Firewall blocks access to the interface in case the pihole is exposed
  to the internet;
- setupVars.conf needs to be 644 for non root commands to the pihole
  script to work, so the WEB_PASSWORD can be read as normal user,
  restricting root on pihole does not make sense, as it can modify the
  network setting via pihole web interface.
signed_tag_for_692659e2 		2024-01-05 16:32:42 +01:00
Ben Grande
417843ba75 feat: remove extraneous passwordless root signed_tag_for_417843ba 2024-01-05 12:03:23 +01:00
Ben Grande
c1094046ee fix: add user to mock group signed_tag_for_c1094046 2024-01-05 11:07:27 +01:00
Ben Grande
41b71eed46 doc: update README.md signed_tag_for_41b71eed 2024-01-04 22:05:35 +01:00
Ben Grande
0216297ee6 feat: default to disposable netvm 
- Default sys-net and sys-firewall to disposable;
- Set global and per vm preferences by starting the qubes or shutting
  down them when necessary; and
- Less manual steps remaining for the user: just rename the net qube, as
  it can only be done via Qubes Manager.
signed_tag_for_0216297e 		2024-01-04 21:59:15 +01:00
Ben Grande
8a8252d6f0 fix: changes default template flavor to Xfce signed_tag_for_8a8252d6 2024-01-04 18:01:21 +01:00
Ben Grande
e0b11b3daf fix: do not install net debug tools by default signed_tag_for_e0b11b3d 2024-01-04 17:25:16 +01:00
Ben Grande
e167879cfb doc: sys-audio usage signed_tag_for_e167879c 2024-01-04 15:17:20 +01:00
Ben Grande
767fc42523 fix: allow to attach mic with sys-audio signed_tag_for_767fc425 2024-01-04 12:20:13 +01:00
Ben Grande
6bb426a057 refactor: import armored gpg keys instead of db signed_tag_for_6bb426a0 2024-01-03 21:40:05 +01:00
Ben Grande
0eecbcffc4 fix: unconfined qfile-unpacker 
Upstream-commit: 0648b2329f0d142a2e24ecf376b28603fb04abb4
signed_tag_for_0eecbcff 		2024-01-03 14:35:06 +01:00
Ben Grande
083285901c fix: remove old split-gpg from qubes-builder signed_tag_for_08328590 2024-01-03 14:29:49 +01:00
Ben Grande
ca95f435c8 doc: sys-audio compatible with Qubes 4.2 signed_tag_for_ca95f435 2024-01-03 12:34:48 +01:00
Ben Grande
2283b3368e fix: sys-audio policy and autostart pacat daemon signed_tag_for_2283b336 2024-01-03 11:47:13 +01:00
Ben Grande
0e05c097c2 fix: missing reuse license information signed_tag_for_0e05c097 2024-01-02 23:09:34 +01:00
Ben Grande
4de0f3ff9f doc: inform how to bootstrap a new system signed_tag_for_4de0f3ff 2024-01-02 23:04:36 +01:00
Ben Grande
d939d4aa26 fix: signal state uses idempotent state signed_tag_for_d939d4aa 2024-01-02 23:03:10 +01:00
Ben Grande
f32a14c422 fix: autostart volumeicon signed_tag_for_f32a14c4 2024-01-02 23:01:58 +01:00
Ben Grande
b86486a793 feat: qubes-vm-update global settings signed_tag_for_b86486a7 2024-01-02 18:04:54 +01:00
Ben Grande
ed4fe70980 fix: customize sys-whonix 
- autostart set to false;
- lower vcpus available;
- lower total memory; and
- use state provided by upstream;
signed_tag_for_ed4fe709 		2023-12-31 07:52:38 +01:00
Ben Grande
e2c24ec78e style: client state ID must conform to order signed_tag_for_e2c24ec7 2023-12-31 07:50:03 +01:00
Ben Grande
ec9142bf27 fix: pci regain with invalid syntax signed_tag_for_ec9142bf 2023-12-31 07:49:25 +01:00
Ben Grande
81f8c56a76 fix: install missing packages to audio client signed_tag_for_81f8c56a 2023-12-31 07:48:29 +01:00
Ben Grande
bd54499a26 fix: update dotfiles module signed_tag_for_bd54499a 2023-12-28 12:29:09 +01:00
Ben Grande
f8953c6acc doc: better usage of split-gpg2 in qubes-builder signed_tag_for_f8953c6a 2023-12-28 12:26:37 +01:00
Ben Grande
b52e4b1b63 fix: strict split-gpg2 service 
Split-gpg V1 allowed for querying public keys, but as split-gpg2 is
running as an agent, public keys are not queried. Allowing connection to
the server to query only public parts of the key exposes the server more
than needed to the client.

All clients now have to hold the public key they need locally in order
to do GPG operations.
signed_tag_for_b52e4b1b 		2023-12-28 11:47:41 +01:00
Ben Grande
76079d2c7e fix: wrong source paths signed_tag_for_76079d2c 2023-12-27 23:45:06 +01:00
Ben Grande
cb01810cef fix: update minimum Qubes version to 4.2 signed_tag_for_cb01810c 2023-12-27 20:13:33 +01:00
Ben Grande
652b4f0f71 fix: update dotfiles module signed_tag_for_652b4f0f 2023-12-27 20:05:41 +01:00
Ben Grande
a617c3d97e fix: modify package names to match Qubes 4.2 signed_tag_for_a617c3d9 2023-12-27 20:00:15 +01:00
Ben Grande
250c877723 fix: regain pci script not managed signed_tag_for_250c8777 2023-12-27 19:58:01 +01:00
Ben Grande
e650deaa7d fix: port forwarder script with custom rc signed_tag_for_e650deaa 2023-12-26 20:15:57 +01:00
Ben Grande
06393fce3f fix: browser cli install tool switches to fetcher signed_tag_for_06393fce 2023-12-26 19:53:59 +01:00
Ben Grande
6a551eba67 refactor: pihole nft rules for Qubes 4.2 signed_tag_for_6a551eba 2023-12-26 19:50:31 +01:00
Ben Grande
224d2d5f69 fix: pihole lighttpd link signed_tag_for_224d2d5f 2023-12-24 21:23:29 +01:00
Ben Grande
6fc173d78d feat: clockvm also present in sys-pihole signed_tag_for_6fc173d7 2023-12-23 21:05:24 +01:00
Ben Grande
ad6f5e29fe feat: move clockvm out of sys-net to sys-firewall signed_tag_for_ad6f5e29 2023-12-21 23:38:39 +01:00
Ben Grande
f21f676adf fix: dom0 qrexec call target qube signed_tag_for_f21f676a 2023-12-21 22:38:32 +01:00
Ben Grande
a820751ba3 refactor: git Qrexec helper with drop-in commands 
Drop-in scripts can complement the remote-helper ability.
Basic trace of the communication of git with the helper.
signed_tag_for_a820751b 		2023-12-21 15:38:16 +01:00
Ben Grande
a27493c5d9 fix: update dotfiles module signed_tag_for_a27493c5 2023-12-21 15:09:52 +01:00