qusal/salt/signal
2024-01-29 16:49:54 +01:00
..
files/repo refactor: initial commit 2023-11-13 14:33:28 +00:00
appmenus.sls fix: add missing appmenus sync 2023-12-21 00:10:03 +01:00
appmenus.top fix: add missing appmenus sync 2023-12-21 00:10:03 +01:00
clone.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
clone.top refactor: initial commit 2023-11-13 14:33:28 +00:00
configure.sls chore: copyright update 2024-01-29 16:49:54 +01:00
configure.top refactor: initial commit 2023-11-13 14:33:28 +00:00
create.sls chore: copyright update 2024-01-29 16:49:54 +01:00
create.top refactor: initial commit 2023-11-13 14:33:28 +00:00
firewall.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
firewall.top refactor: initial commit 2023-11-13 14:33:28 +00:00
init.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install.sls fix: install missing packages to audio client 2023-12-31 07:48:29 +01:00
install.top refactor: initial commit 2023-11-13 14:33:28 +00:00
README.md fix: add missing appmenus sync 2023-12-21 00:10:03 +01:00

signal

Signal messaging app in Qubes OS.

Table of Contents

Description

Install Signal Desktop and creates an app qube named "signal".

Installation

  • Top:
qubesctl top.enable signal
qubesctl --targets=tpl-signal,signal state.appply
qubesctl top.disable signal
qubesctl state.apply signal.appmenus
  • State:
qubesctl state.apply signal.create
qubesctl --skip-dom0 --targets=tpl-signal state.apply signal.install
qubesctl --skip-dom0 --targets=signal state.apply signal.configure
qubesctl state.apply signal.appmenus

Usage

You may use different Signal accounts for different identities, such as personal, work or pseudonym. Maintain the signal qube pristine and clone it to the assigned domain, personal-signal, work-signal, anon-signal. If you don't maintain the qube pristine, you will have to apply the firewall rules manually.

Signal might loose connectivity due to upstream rotating IP addresses with the use of CDNs to evade blocking. You will have to reapply the firewall rules eventually.

TODO: Is it worth using the firewall? If you allow all cloudfront.net IPs for region "GLOBAL", what is blocking an attacker from using that to host his malicious callback server? Recently (2023-11-11) signal stopped working with the current firewall.