mirror of
https://github.com/ben-grande/qusal.git
synced 2024-12-22 06:05:01 -05:00
a564b3a703
Ideally, it would be a Qrexec socket service, but it doesn't handle DNS, only accepting IPs. The dev qube is now non-networked and network, especially to remote git repositories can be acquired via the proxy that is going to be installed in every netvm.
38 lines
1.2 KiB
Bash
Executable File
38 lines
1.2 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
## SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
|
|
##
|
|
## SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
## How to use with SSH?
|
|
## On Dom0 Qrexec policy:
|
|
## qusal.ConnectTCP +domain.tld+22 sshclient @default ask default_target=sshproxy
|
|
## On Dom0, enable the "qusal-proxy-client" service for the client qube:
|
|
## qvm-features sshclient service.qusal-proxy-client 1
|
|
## On the SSH Proxy server (netvm of your liking), install this RPC service.
|
|
## qubesctl --skip-dom0 --targets=sshproxy state.apply sys-net.install-proxy
|
|
## On the client ssh configuration:
|
|
## Match Exec "test -f /var/run/qubes-service/qusal-proxy-client"
|
|
## ProxyCommand qrexec-client-vm @default qusal.ConnectTCP+%h+%p
|
|
|
|
set -eu
|
|
|
|
arg="${QREXEC_SERVICE_ARGUMENT}"
|
|
host="${arg%%+*}"
|
|
port="${arg##*+}"
|
|
|
|
if test -z "${port}" || test -z "${host}" || test "${port}" = "${host}"; then
|
|
echo "Missing either host, port or both" >&2
|
|
exit 1
|
|
fi
|
|
if test "${#host}" -gt 256; then
|
|
echo "Host size exceeds limit" >&2
|
|
exit 1
|
|
fi
|
|
if test "${#port}" -gt 5 || test "${port}" -gt 65535; then
|
|
echo "Invalid port number, it must be between 1 and 65535" >&2
|
|
exit 1
|
|
fi
|
|
|
|
exec socat - "TCP:${host}:${port}"
|