qusal/salt/sys-net
2024-01-04 17:25:16 +01:00
..
files/admin refactor: initial commit 2023-11-13 14:33:28 +00:00
clone.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
clone.top refactor: initial commit 2023-11-13 14:33:28 +00:00
create.sls feat: move clockvm out of sys-net to sys-firewall 2023-12-21 23:38:39 +01:00
create.top refactor: initial commit 2023-11-13 14:33:28 +00:00
init.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install-debug.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
install-debug.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install.sls fix: do not install net debug tools by default 2024-01-04 17:25:16 +01:00
install.top refactor: initial commit 2023-11-13 14:33:28 +00:00
prefs-disp.sls feat: move clockvm out of sys-net to sys-firewall 2023-12-21 23:38:39 +01:00
prefs-disp.top refactor: initial commit 2023-11-13 14:33:28 +00:00
prefs.sls feat: move clockvm out of sys-net to sys-firewall 2023-12-21 23:38:39 +01:00
prefs.top refactor: initial commit 2023-11-13 14:33:28 +00:00
README.md fix: do not install net debug tools by default 2024-01-04 17:25:16 +01:00

sys-net

PCI handler of network devices in Qubes OS.

Table of Contents

Description

Creates and configure qubes for handling the network devices. Qubes OS provides the state "qvm.sys-net", but it will create only "sys-net", which can be a disposable or not. This package takes a different approach, it will create an AppVM "sys-net" and a DispVM "disp-sys-net".

By default, the chosen one is "sys-net", but you can choose which qube type becomes the upstream net qube "default_netvm", the "clockvm" and the fallback target for the "qubes.UpdatesProxy" service in case no rule matched before.

Installation

Before installation, rename your current sys-net to another name such as sys-net-old, the old qube will be used to install packages require for the template. After successful installation and testing the new net qube capabilities, you can remove the old one. If you want the default net qube back, just set sys-net template to the full template you are using, such as Debian or Fedora.

  • Top:
qubesctl top.enable sys-net
qubesctl --targets=tpl-sys-net state.apply
qubesctl top.disable sys-net
qubesctl state.apply sys-net.prefs
  • State:
qubesctl state.apply sys-net.create
qubesctl --skip-dom0 --targets=tpl-sys-net state.apply sys-net.install
qubesctl state.apply sys-net.prefs

If you need to debug a net qube, install some helper tools:

qubesctl --skip-dom0 --targets=tpl-sys-net state.apply sys-net.install-debug

If you prefer to have a disposable net qube:

qubesctl state.apply sys-net.prefs-disp

You might need to install some firmware on the template for your network drivers. Check files/admin/firmware.txt.

Usage

A network manager is provided in sys-net, from there you can manager Wi-Fi or Ethernet cable connections. You can also use it for network monitoring. It should be relied on to hold firewall rules for other qubes, use sys-firewall, sys-pihole or sys-mirage-firewall for that purpose.