qubes-ssh SSH server over qrexec for file sharing

2024-10-01 01:25:41 -04:00 · 2021-02-05 14:25:27 +00:00 · 2021-02-05 14:25:27 +00:00 · 10129a224c
commit 10129a224c
parent 35b50d2d12
8 changed files with 118 additions and 0 deletions
--- a/share/clone.sls
+++ b/share/clone.sls
@ -0,0 +1,9 @@
+include:
+  - template-debian-10-minimal
+
+qvm-clone-id:
+  qvm.clone:
+    - require:
+      - sls: template-debian-10-minimal 
+    - name: template-share
+    - source: debian-10-minimal
--- a/share/clone.top
+++ b/share/clone.top
@ -0,0 +1,4 @@
+base:
+  dom0:
+    - match: nodegroup
+    - share.clone
--- a/share/configure.sls
+++ b/share/configure.sls
@ -0,0 +1,21 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+/rw/config/rc.local:
+  file.append:
+    - text: |
+        systemctl unmask ssh
+        systemctl start ssh
+
+Setup:
+  cmd.run:
+    - name: 'mkdir /home/user/.ssh'
+    - runas: user
+    - creates: /home/user/.ssh 
+
+Create_share:
+  cmd.run:
+    - name: |
+        mkdir /home/tx
+        chmod 777 /home/tx
+    - runas: root
+    - creates: /home/tx
--- a/share/configure.top
+++ b/share/configure.top
@ -0,0 +1,5 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+base:
+  share:
+    - share.configure
--- a/share/create.sls
+++ b/share/create.sls
@ -0,0 +1,32 @@
+include:
+  - share.clone
+
+qvm-present-id:
+  qvm.present:
+    - name: share
+    - template: template-share
+    - label: gray
+
+qvm-prefs-id:
+  qvm.prefs:
+    - name: share
+    - netvm: none
+    - memory: 400
+    - maxmem: 800
+    - vcpus: 2
+
+qvm-features-id:
+  qvm.features:
+    - name: share
+    - disable:
+      - service.cups
+      - service.cups-browsed
+
+'qvm-volume extend share:private 40G' :
+  cmd.run
+
+update_file:
+  file.prepend:
+    - name: '/etc/qubes-rpc/policy/qubes.sshfs'
+    - text: '@anyvm @anyvm ask,default_target=share'
+
--- a/share/create.top
+++ b/share/create.top
@ -0,0 +1,4 @@
+base:
+  dom0:
+    - match: nodegroup
+    - share.create
--- a/share/install.sls
+++ b/share/install.sls
@ -0,0 +1,38 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+/etc/apt/sources.list:
+  file.replace:
+    - pattern: 'https:'
+    - repl: 'http://HTTPS/'
+    - flags: [ 'IGNORECASE', 'MULTILINE' ]
+
+/etc/apt/sources.list.d/qubes-r4.list:
+  file.replace:
+    - pattern: 'https:'
+    - repl: 'http://HTTPS/'
+    - flags: [ 'IGNORECASE', 'MULTILINE' ]
+
+allow-testing:
+  file.uncomment:
+    - name: /etc/apt/sources.list.d/qubes-r4.list
+    - regex: ^deb\s.*qubes-os.org.*-testing
+    - backup: false
+
+installed:
+  pkg.installed:
+    - pkgs:
+      - openssh-server
+      - socat
+
+disable:
+  cmd.run:
+    - name: |
+        systemctl stop ssh
+        systemctl disable ssh
+        systemctl mask ssh
+
+/etc/qubes-rpc/qubes.ssh:
+  file.append:
+    - text: |
+        #!/bin/sh
+        exec socat STDIO TCP:localhost:22
--- a/share/install.top
+++ b/share/install.top
@ -0,0 +1,5 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+base:
+  template-share:
+  - share.install