Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2024-10-01 02:35:49 -04:00
Code Issues Packages Projects Releases Wiki Activity
a564b3a703
qusal/salt/sys-net
History
Ben Grande a564b3a703
feat: add TCP proxy for remote hosts 
Ideally, it would be a Qrexec socket service, but it doesn't handle DNS,
only accepting IPs. The dev qube is now non-networked and network,
especially to remote git repositories can be acquired via the proxy that
is going to be installed in every netvm.
2024-06-13 18:01:08 +02:00
..
files feat: add TCP proxy for remote hosts 2024-06-13 18:01:08 +02:00
clone.sls chore: copyright update 2024-01-29 16:49:54 +01:00
clone.top refactor: initial commit 2023-11-13 14:33:28 +00:00
create.sls chore: copyright update 2024-01-29 16:49:54 +01:00
create.top refactor: initial commit 2023-11-13 14:33:28 +00:00
init.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install-debug.sls fix: install libpci by default on sys-net 2024-05-02 19:33:32 +02:00
install-debug.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install-proxy.sls feat: add TCP proxy for remote hosts 2024-06-13 18:01:08 +02:00
install-proxy.top feat: add TCP proxy for remote hosts 2024-06-13 18:01:08 +02:00
install.sls feat: add TCP proxy for remote hosts 2024-06-13 18:01:08 +02:00
install.top refactor: initial commit 2023-11-13 14:33:28 +00:00
prefs-disp.sls chore: copyright update 2024-01-29 16:49:54 +01:00
prefs-disp.top refactor: initial commit 2023-11-13 14:33:28 +00:00
prefs.sls chore: copyright update 2024-01-29 16:49:54 +01:00
prefs.top refactor: initial commit 2023-11-13 14:33:28 +00:00
README.md doc: prefix qubesctl with sudo 2024-02-23 16:55:11 +01:00

README.md

sys-net

PCI handler of network devices in Qubes OS.

Table of Contents

Description

Creates and configure qubes for handling the network devices. Qubes OS provides the state "qvm.sys-net", but it will create only "sys-net", which can be a disposable or not. This package takes a different approach, it will create an AppVM "sys-net" and a DispVM "disp-sys-net".

By default, the chosen one is "disp-sys-net", but you can choose which qube type becomes the upstream net qube "default_netvm" and the fallback target for the "qubes.UpdatesProxy" service in case no rule matched before.

Installation

Before installation, rename your current sys-net to another name such as sys-net-old, the old qube will be used to install packages required for the minimal template. After successful installation and testing the new net qube capabilities, you can remove the old one. If you want the default net qube back, just set sys-net template to the full template you are using, such as Debian or Fedora. Before starting, turn on the default_netvm and check if DNS is working, after that, proceed with the installation.

  • Top:
sudo qubesctl top.enable sys-net
sudo qubesctl --targets=tpl-sys-net state.apply
sudo qubesctl top.disable sys-net
sudo qubesctl state.apply sys-net.prefs-disp
  • State:
sudo qubesctl state.apply sys-net.create
sudo qubesctl --skip-dom0 --targets=tpl-sys-net state.apply sys-net.install
sudo qubesctl state.apply sys-net.prefs-disp

If you need to debug a net qube, install some helper tools:

sudo qubesctl --skip-dom0 --targets=tpl-sys-net state.apply sys-net.install-debug

If you prefer to have an app qube as the net qube:

sudo qubesctl state.apply sys-net.prefs

You might need to install some firmware on the template for your network drivers. Check files/admin/firmware.txt.

Usage

A network manager is provided in sys-net, from there you can manager Wi-Fi or Ethernet cable connections. You can also use it for network monitoring. It should be relied on to hold firewall rules for other qubes, use sys-firewall, sys-pihole or sys-mirage-firewall for that purpose.