It was after sys-cacher for it's packages to be cached, but
fedora-minimal is targeted during sys-cacher installation, making
sys-cacher and any other formula that targets fedora-minimal fail.
Fixes: https://github.com/ben-grande/qusal/issues/69
Document qusal.ConnectTCP in dev's Access Control as it defaults to deny
and causes confusion to users why it doesn't work by default. This is
an exception of the rule that a formula cannot document the RPC service
of another formula to avoid duplication.
- Document preferred method for socket use depending on use case;
- Fix Github web-flow key;
- Standardize naming of services;
- Use sys-ssh in ansible formula;
- Start services conditionally with Qubes Service and evaluated by
systemd ConditionPathExists= instead of installing on a per qube basis
with rc.local scripts;
- Change Qusal services to "qusal-" prefix instead of "qubes-" prefix.
Fixes: https://github.com/ben-grande/qusal/issues/80
Fixes: https://github.com/ben-grande/qusal/issues/79
Dotfiles build failed as it is a submodule and contains ".git" and
"LICENSES". Hidden files in the base directory are normally used to
specify configuration of tools for development, not usable in packages.
For: https://github.com/ben-grande/qusal/issues/59
Template was not set to shutdown after patch to avoid double the amount
of startups at shutdown required due to the salt patch that a package
needs to be installed during the "create" state. Proven to cause
problems in case a qube based on the same template requires a package
that is installed during the "install" state. Other fedora-minimal
templates "mgmt" and "sys-pgp" are unaffected.
Fixes: https://github.com/ben-grande/qusal/issues/70
The spec-build.sh was necessary for a proper build, but it is not
correct to depend on external scripts to generate the correct
RPM_BUILD_ROOT files. Now everything is contained in the spec file. The
spec-build.sh can be used in the future to automate the process of
copying sources to the specified directory and signing, but not
modifying the sources contents on a per file basis.
For: https://github.com/ben-grande/qusal/issues/59
Running apt-cacher-ng-repo is during update is unnecessary, the
install-repo macro already does it and the systemd service is run on
boot before Qrexec Agent starts.
Fixes: https://github.com/ben-grande/qusal/issues/66
Cacher client installation state included in the common update state as
all qubes that updates with Qusal states use it, rather than including
it on all the installation states. The macro utils.macros.install-repo
still also run's apt-cacher-ng-repo in case the user is not updating at
that moment, just adding a new repository without restarting the qube
(systemd service has already ran).
Fixes: https://github.com/ben-grande/qusal/issues/66
- Install RPC service to template;
- Move qube configuration to template configuration;
- Start server after the Qubes Services are created;
- Qrexec policy ask to both app and disposable qube; and
- Rename systemd service to qusal prefix instead of qubes.
- Remove OpenVPN code comments;
- Reorganize rules for easier reading;
- Server can connect without having client attached;
- Systemd service for easier monitoring of wg-quick; and
- Firewall also restarts wg-quick and apply new endpoint rules.
