Commit Graph

348 Commits

Author SHA1 Message Date
Ben Grande
c064f03b5a
doc: fix grammar mistakes in pull request template 2024-07-01 18:33:52 +02:00
Ben Grande
a09c53b263
doc: make Github select the pull request template 2024-07-01 18:32:32 +02:00
Ben Grande
e058acb78d
ci: add permission for job to close PR 2024-07-01 13:42:20 +02:00
Ben Grande
51424a47e6
ci: change workflow if statement syntax 2024-07-01 12:29:20 +02:00
Ben Grande
ba5193126e
ci: add condition to close pull request 2024-07-01 12:18:46 +02:00
Ben Grande
ded46161f6
ci: close PRs that have commits made on GitHub Web 2024-07-01 12:09:07 +02:00
c0mmando
41c2100f0d
fix: remove typo in mullvad-browser install state
Fixes: https://github.com/ben-grande/qusal/pull/85
Signed-off-by: Ben Grande <ben.grande.b@gmail.com>
2024-07-01 10:55:23 +02:00
Ben Grande
140b96b785
fix: remove expired GitHub web-flow signing key 2024-07-01 09:14:53 +02:00
Ben Grande
54b07fb05e
doc: example to enable split-gpg2-client service
For: https://github.com/ben-grande/qusal/issues/83
2024-06-30 11:34:26 +02:00
Ben Grande
09bd216d79
fix: fold character that is not special for Jinja
Fixes: https://github.com/ben-grande/qusal/issues/82
2024-06-30 11:01:34 +02:00
Ben Grande
f903c0e3df
feat: get GUI user with salt modules 2024-06-28 19:28:49 +02:00
Ben Grande
077b21d3a4
feat: support browser installation on Fedora 2024-06-28 14:12:17 +02:00
Ben Grande
72068e8e9d
fix: add Mullvad Browser 2024-06-28 12:24:29 +02:00
Ben Grande
59fc487682
fix: bind wireguard configuration directory 2024-06-28 10:39:44 +02:00
Ben Grande
05e73f985f
doc: release new version 2024-06-27 13:29:32 +02:00
Ben Grande
e84d395bb2
doc: upgrade template major releases 2024-06-27 13:28:35 +02:00
Ben Grande
9a7d2329f3
fix: bootstrap mgmt as early as possible
It was after sys-cacher for it's packages to be cached, but
fedora-minimal is targeted during sys-cacher installation, making
sys-cacher and any other formula that targets fedora-minimal fail.

Fixes: https://github.com/ben-grande/qusal/issues/69
2024-06-26 16:39:08 +02:00
Ben Grande
c46fa53409
doc: add rules for Access Control contents 2024-06-26 12:39:32 +02:00
Ben Grande
eb3a8ab324
feat: install Qusal TCP Proxy on updatevm's origin
Document qusal.ConnectTCP in dev's Access Control as it defaults to deny
and causes confusion to users why it doesn't work by default.  This is
an exception of the rule that a formula cannot document the RPC service
of another formula to avoid duplication.
2024-06-26 12:24:56 +02:00
Ben Grande
c2fc4b524a
feat: show origin template features of any class
For: https://github.com/ben-grande/qusal/issues/69
2024-06-26 10:10:27 +02:00
Ben Grande
4a72a48388
feat: deploy Qusal Builder configuration
For: https://github.com/ben-grande/qusal/issues/59
2024-06-26 00:18:44 +02:00
Ben Grande
d31699952c
doc: add browser isolation feature to design guide 2024-06-25 23:17:22 +02:00
Ben Grande
9c280689d8
refactor: prefer systemd sockets over socat
- Document preferred method for socket use depending on use case;
- Fix Github web-flow key;
- Standardize naming of services;
- Use sys-ssh in ansible formula;
- Start services conditionally with Qubes Service and evaluated by
  systemd ConditionPathExists= instead of installing on a per qube basis
  with rc.local scripts;
- Change Qusal services to "qusal-" prefix instead of "qubes-" prefix.

Fixes: https://github.com/ben-grande/qusal/issues/80
Fixes: https://github.com/ben-grande/qusal/issues/79
2024-06-25 22:16:26 +02:00
Ben Grande
3880a35cfa
fix: ansible references legacy zsh state
Fixes: https://github.com/ben-grande/qusal/issues/78
2024-06-25 09:17:16 +02:00
Ben Grande
4facf458b7
feat: use native TCP socket with Qrexec 2024-06-25 01:28:53 +02:00
Ben Grande
95289ed19a
build: add line break slash to remove command
For: https://github.com/ben-grande/qusal/issues/59
2024-06-24 19:09:23 +02:00
Ben Grande
22e2a2e82c
chore: add copyright to systemd services 2024-06-24 17:44:35 +02:00
Ben Grande
c0508977c7
build: remove unpackaged hidden files
Dotfiles build failed as it is a submodule and contains ".git" and
"LICENSES". Hidden files in the base directory are normally used to
specify configuration of tools for development, not usable in packages.

For: https://github.com/ben-grande/qusal/issues/59
2024-06-24 17:11:46 +02:00
Ben Grande
d0ed3a8b82
fix: repository dir uses debug directory
Fixes: https://github.com/ben-grande/qusal/issues/76
2024-06-24 16:57:08 +02:00
Ben Grande
c7fb371189
fix: reference Salt dependency installation state
For: https://github.com/ben-grande/qusal/pull/75
2024-06-24 16:37:39 +02:00
Ben Grande
beaf07dde0
fix: include shell profile sourcer
Fixes: https://github.com/ben-grande/qusal/issues/73
2024-06-24 16:32:58 +02:00
Ben Grande
4b1b75a240
build: regenerate specs 2024-06-24 15:46:50 +02:00
Ben Grande
9a9feb3a93
build: add Qubes Builder V2 package cache
For: https://github.com/ben-grande/qusal/issues/59
2024-06-24 14:57:59 +02:00
Ben Grande
ab1438f4b5
fix: change Launchpad repository to HTTPS domain
Fixes: https://github.com/ben-grande/qusal/issues/72
2024-06-24 14:32:34 +02:00
Ben Grande
1bec52badc
fix: install correct repository for signal 2024-06-24 11:42:44 +02:00
Ben Grande
916e21f359
ci: set packager via environment variable 2024-06-24 11:17:58 +02:00
Ben Grande
e9801c8535
feat: helper to show mgmt property information
For: https://github.com/ben-grande/qusal/issues/69
2024-06-24 11:14:31 +02:00
Ben Grande
620fa10a69
fix: shutdown template before install state
Template was not set to shutdown after patch to avoid double the amount
of startups at shutdown required due to the salt patch that a package
needs to be installed during the "create" state. Proven to cause
problems in case a qube based on the same template requires a package
that is installed during the "install" state. Other fedora-minimal
templates "mgmt" and "sys-pgp" are unaffected.

Fixes: https://github.com/ben-grande/qusal/issues/70
2024-06-24 08:38:56 +02:00
Ben Grande
15711c912f
fix: do not change kicksecure kernel by default
Fixes: https://github.com/ben-grande/qusal/issues/71
2024-06-24 08:34:28 +02:00
Ben Grande
e2791139ee
fix: build RPM contained in spec definitions
The spec-build.sh was necessary for a proper build, but it is not
correct to depend on external scripts to generate the correct
RPM_BUILD_ROOT files. Now everything is contained in the spec file. The
spec-build.sh can be used in the future to automate the process of
copying sources to the specified directory and signing, but not
modifying the sources contents on a per file basis.

For: https://github.com/ben-grande/qusal/issues/59
2024-06-24 08:24:48 +02:00
Ben Grande
f5528fec2e
fix: remove duplicated updates proxy feature
It should be disabled and is already present in the disabled section.

Fixes: https://github.com/ben-grande/qusal/issues/66
2024-06-22 12:48:46 +02:00
Ben Grande
ac6f707bf5
ci: set spec vendor as git user.name is unset
Fixes: https://github.com/ben-grande/qusal/issues/67
2024-06-22 12:39:51 +02:00
Ben Grande
a6194e0364
fix: remove cacher tag from Kicksecure template
Running apt-cacher-ng-repo is during update is unnecessary, the
install-repo macro already does it and the systemd service is run on
boot before Qrexec Agent starts.

Fixes: https://github.com/ben-grande/qusal/issues/66
2024-06-22 12:14:36 +02:00
Ben Grande
19ea24da5c
ci: remove python flag of externally managed env 2024-06-22 12:02:46 +02:00
Ben Grande
fef12eb573
ci: skip pip error externally managed environment 2024-06-22 11:49:24 +02:00
Ben Grande
c7ed34e99f
ci: run on a fixed version of hosted runner
Github delays the -latest tag for some months, set the latest version
manually.
2024-06-22 10:37:20 +02:00
Ben Grande
2c2ba4f5f5
doc: add new documentation to issue commitment 2024-06-22 10:31:19 +02:00
Ben Grande
4276358a7e
feat: add development goodies to Qubes Builder 2024-06-22 10:31:02 +02:00
Ben Grande
7df3be4b78
fix: install caching client before common update
Cacher client installation state included in the common update state as
all qubes that updates with Qusal states use it, rather than including
it on all the installation states. The macro utils.macros.install-repo
still also run's apt-cacher-ng-repo in case the user is not updating at
that moment, just adding a new repository without restarting the qube
(systemd service has already ran).

Fixes: https://github.com/ben-grande/qusal/issues/66
2024-06-22 10:21:40 +02:00
Ben Grande
312b871bd7
ci: pass pre-commit script argument on its own key 2024-06-22 09:10:21 +02:00