c84dfea48e
It doesn't checkout the current directory when querying the spec, so we provide the already modified version of the spec. |
||
---|---|---|
.. | ||
files/repo | ||
appmenus.sls | ||
appmenus.top | ||
clone.sls | ||
clone.top | ||
configure.sls | ||
configure.top | ||
create.sls | ||
create.top | ||
firewall.sls | ||
firewall.top | ||
init.top | ||
install-repo.sls | ||
install-repo.top | ||
install.sls | ||
install.top | ||
README.md | ||
version |
signal
Signal messaging app in Qubes OS.
Table of Contents
Description
Install Signal Desktop and creates an app qube named "signal".
Installation
- Top:
sudo qubesctl top.enable signal
sudo qubesctl --targets=tpl-signal,signal state.appply
sudo qubesctl top.disable signal
sudo qubesctl state.apply signal.appmenus
- State:
sudo qubesctl state.apply signal.create
sudo qubesctl --skip-dom0 --targets=tpl-signal state.apply signal.install
sudo qubesctl --skip-dom0 --targets=signal state.apply signal.configure
sudo qubesctl state.apply signal.appmenus
Usage
You may use different Signal accounts for different identities, such as
personal, work or pseudonym. Maintain the signal
qube pristine and clone it
to the assigned domain, personal-signal
, work-signal
, anon-signal
. If
you don't maintain the qube pristine, you will have to apply the firewall
rules manually.
Signal might loose connectivity due to upstream rotating IP addresses with the use of CDNs to evade blocking. You will have to reapply the firewall rules eventually.
TODO: Is it worth using the firewall? If you allow all cloudfront.net IPs for region "GLOBAL", what is blocking an attacker from using that to host his malicious callback server? Recently (2023-11-11) signal stopped working with the current firewall.