From 10129a224c5437b36b307e469b7bda2bdc24ff72 Mon Sep 17 00:00:00 2001 From: unman Date: Fri, 5 Feb 2021 14:25:27 +0000 Subject: [PATCH] qubes-ssh SSH server over qrexec for file sharing --- share/clone.sls | 9 +++++++++ share/clone.top | 4 ++++ share/configure.sls | 21 +++++++++++++++++++++ share/configure.top | 5 +++++ share/create.sls | 32 ++++++++++++++++++++++++++++++++ share/create.top | 4 ++++ share/install.sls | 38 ++++++++++++++++++++++++++++++++++++++ share/install.top | 5 +++++ 8 files changed, 118 insertions(+) create mode 100644 share/clone.sls create mode 100644 share/clone.top create mode 100644 share/configure.sls create mode 100644 share/configure.top create mode 100644 share/create.sls create mode 100644 share/create.top create mode 100644 share/install.sls create mode 100644 share/install.top diff --git a/share/clone.sls b/share/clone.sls new file mode 100644 index 0000000..f63e01f --- /dev/null +++ b/share/clone.sls @@ -0,0 +1,9 @@ +include: + - template-debian-10-minimal + +qvm-clone-id: + qvm.clone: + - require: + - sls: template-debian-10-minimal + - name: template-share + - source: debian-10-minimal diff --git a/share/clone.top b/share/clone.top new file mode 100644 index 0000000..acd66cd --- /dev/null +++ b/share/clone.top @@ -0,0 +1,4 @@ +base: + dom0: + - match: nodegroup + - share.clone diff --git a/share/configure.sls b/share/configure.sls new file mode 100644 index 0000000..e5f2803 --- /dev/null +++ b/share/configure.sls @@ -0,0 +1,21 @@ +# vim: set syntax=yaml ts=2 sw=2 sts=2 et : + +/rw/config/rc.local: + file.append: + - text: | + systemctl unmask ssh + systemctl start ssh + +Setup: + cmd.run: + - name: 'mkdir /home/user/.ssh' + - runas: user + - creates: /home/user/.ssh + +Create_share: + cmd.run: + - name: | + mkdir /home/tx + chmod 777 /home/tx + - runas: root + - creates: /home/tx diff --git a/share/configure.top b/share/configure.top new file mode 100644 index 0000000..a196a5b --- /dev/null +++ b/share/configure.top @@ -0,0 +1,5 @@ +# vim: set syntax=yaml ts=2 sw=2 sts=2 et : + +base: + share: + - share.configure diff --git a/share/create.sls b/share/create.sls new file mode 100644 index 0000000..e76fcbe --- /dev/null +++ b/share/create.sls @@ -0,0 +1,32 @@ +include: + - share.clone + +qvm-present-id: + qvm.present: + - name: share + - template: template-share + - label: gray + +qvm-prefs-id: + qvm.prefs: + - name: share + - netvm: none + - memory: 400 + - maxmem: 800 + - vcpus: 2 + +qvm-features-id: + qvm.features: + - name: share + - disable: + - service.cups + - service.cups-browsed + +'qvm-volume extend share:private 40G' : + cmd.run + +update_file: + file.prepend: + - name: '/etc/qubes-rpc/policy/qubes.sshfs' + - text: '@anyvm @anyvm ask,default_target=share' + diff --git a/share/create.top b/share/create.top new file mode 100644 index 0000000..6ec208a --- /dev/null +++ b/share/create.top @@ -0,0 +1,4 @@ +base: + dom0: + - match: nodegroup + - share.create diff --git a/share/install.sls b/share/install.sls new file mode 100644 index 0000000..6c70217 --- /dev/null +++ b/share/install.sls @@ -0,0 +1,38 @@ +# vim: set syntax=yaml ts=2 sw=2 sts=2 et : + +/etc/apt/sources.list: + file.replace: + - pattern: 'https:' + - repl: 'http://HTTPS/' + - flags: [ 'IGNORECASE', 'MULTILINE' ] + +/etc/apt/sources.list.d/qubes-r4.list: + file.replace: + - pattern: 'https:' + - repl: 'http://HTTPS/' + - flags: [ 'IGNORECASE', 'MULTILINE' ] + +allow-testing: + file.uncomment: + - name: /etc/apt/sources.list.d/qubes-r4.list + - regex: ^deb\s.*qubes-os.org.*-testing + - backup: false + +installed: + pkg.installed: + - pkgs: + - openssh-server + - socat + +disable: + cmd.run: + - name: | + systemctl stop ssh + systemctl disable ssh + systemctl mask ssh + +/etc/qubes-rpc/qubes.ssh: + file.append: + - text: | + #!/bin/sh + exec socat STDIO TCP:localhost:22 diff --git a/share/install.top b/share/install.top new file mode 100644 index 0000000..d098f7c --- /dev/null +++ b/share/install.top @@ -0,0 +1,5 @@ +# vim: set syntax=yaml ts=2 sw=2 sts=2 et : + +base: + template-share: + - share.install