mirror of
https://github.com/ben-grande/qusal.git
synced 2024-10-01 02:35:49 -04:00
f9ead06408
Updates happens multiple times, normally 2 to 3, even if we consider a state without includes. On states with multiple includes, it could easily get approximately 10 updates being ran. This behavior leads to unnecessary network bandwidth being spent and more time to run the installation state. When the connection is slow and not using the cacher, such as torified connections on Whonix, the installation can occurs much faster. Adding external repositories has to be done prior to update to ensure it is also fetched. Fixes: https://github.com/ben-grande/qusal/issues/29 |
||
|---|---|---|
| .. | ||
| appmenus.sls | ||
| appmenus.top | ||
| clone.sls | ||
| clone.top | ||
| create.sls | ||
| create.top | ||
| init.top | ||
| install.sls | ||
| install.top | ||
| README.md | ||
vault
Vault environment in Qubes OS.
Table of Contents
Description
An offline qube will be created and named "vault", it will have a password manager for high entropy passwords, PGP and SSH client for creating private keys.
Installation
- Top:
sudo qubesctl top.enable vault
sudo qubesctl --targets=tpl-vault state.apply
sudo qubesctl top.disable vault
sudo qubesctl state.apply vault.appmenus
- State:
sudo qubesctl state.apply vault.create
sudo qubesctl --skip-dom0 --targets=tpl-vault state.apply vault.install
sudo qubesctl state.apply vault.appmenus
Usage
The intended usage is to hold passwords and keys. You should copy the keys generated from the vault to another qube, which can be a split agent server for SSH, PGP, Pass. A compromise of the client qube can escalate into a compromise of the qubes it can run RPC services, therefore a separate vault is appropriate according to your threat model.