mirror of
https://github.com/unman/shaker.git
synced 2024-12-27 00:09:41 -05:00
Mullvad - spec file
This commit is contained in:
unman
parent
c1b59feb08
commit
1ae0910811
70
mullvad.spec
Normal file
70
mullvad.spec
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
Name: 3isec-qubes-mullvad-vpn
|
||||||
|
Version: 1.0
|
||||||
|
Release: 1%{?dist}
|
||||||
|
Summary: Set up a Mullvad wireguard proxy in Qubes
|
||||||
|
|
||||||
|
License: GPLv3+
|
||||||
|
SOURCE0: mullvad
|
||||||
|
|
||||||
|
%description
|
||||||
|
This package sets up a VPN gateway, named MullvadVPN
|
||||||
|
It follows the method detailed in the Mullvad docs,
|
||||||
|
https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/
|
||||||
|
|
||||||
|
This package is for use with wireguard.
|
||||||
|
If you use openvpn, install the 3isec-qubes-openvpn package.
|
||||||
|
|
||||||
|
The package creates a qube called MullvadVPN based on the debian-11-minimal
|
||||||
|
template. If the debian-11-minimal template is not present, it will
|
||||||
|
be downloaded and installed - this may take some time depending on your
|
||||||
|
net connection.
|
||||||
|
|
||||||
|
There are changes to the firewall rules on MullvadVPN to ensure
|
||||||
|
blocking of outbound connections.
|
||||||
|
Only traffic to the Mullvad gateway is allowed.
|
||||||
|
|
||||||
|
After installing the package, copy your Mullvad configuration file or
|
||||||
|
zip file to MullvadVPN.
|
||||||
|
A menu item for "Setup Mullvad VPN" will be created on the main Qubes Menu.
|
||||||
|
Run this to set up the VPN.
|
||||||
|
When finished, restart MullvadVPN.
|
||||||
|
|
||||||
|
To use the VPN, set MullvadVPN as the netvm for your qubes(s).
|
||||||
|
All traffic will go through the VPN.
|
||||||
|
The VPN will fail closed if the connection drops.
|
||||||
|
No traffic will go through clear.
|
||||||
|
|
||||||
|
If you remove the package, the salt files will be removed.
|
||||||
|
**The MullvadVPN gateway will also be removed.**
|
||||||
|
To do this ALL qubes will be checked to see if they use MullvadVPN.
|
||||||
|
If they do, their netvm will be set to `none`.
|
||||||
|
|
||||||
|
You can, of course, use template-mullvad to create other VPN gateways.
|
||||||
|
|
||||||
|
%install
|
||||||
|
rm -rf %{buildroot}
|
||||||
|
mkdir -p %{buildroot}/srv/salt
|
||||||
|
cp -rv %{SOURCE0}/ %{buildroot}/srv/salt
|
||||||
|
|
||||||
|
%files
|
||||||
|
%defattr(-,root,root,-)
|
||||||
|
/srv/salt/mullvad/*
|
||||||
|
|
||||||
|
%post
|
||||||
|
if [ $1 -eq 1 ]; then
|
||||||
|
qubesctl state.apply mullvad.clone
|
||||||
|
qubesctl --skip-dom0 --targets=template-mullvad state.apply mullvad.install
|
||||||
|
qubesctl state.apply mullvad.create
|
||||||
|
qubesctl --skip-dom0 --targets=MullvadVPN state.apply mullvad.configure
|
||||||
|
fi
|
||||||
|
|
||||||
|
%postun
|
||||||
|
if [ $1 -eq 0 ]; then
|
||||||
|
for i in `qvm-ls -O NAME,NETVM | awk '/ MullvadVPN/{ print $1 }'`;do qvm-prefs $i netvm none; done
|
||||||
|
qvm-kill MullvadVPN
|
||||||
|
qvm-remove --force MullvadVPN template-mullvad
|
||||||
|
fi
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Mon Aug 08 2022 unman <unman@thirdeyesecurity.org> - 1.0
|
||||||
|
- First Build
|
||||||
Loading…
Reference in New Issue
Block a user