mirror of
https://github.com/unman/shaker.git
synced 2025-01-14 00:39:30 -05:00
Mullvad - spec file
This commit is contained in:
parent
c1b59feb08
commit
1ae0910811
70
mullvad.spec
Normal file
70
mullvad.spec
Normal file
@ -0,0 +1,70 @@
|
||||
Name: 3isec-qubes-mullvad-vpn
|
||||
Version: 1.0
|
||||
Release: 1%{?dist}
|
||||
Summary: Set up a Mullvad wireguard proxy in Qubes
|
||||
|
||||
License: GPLv3+
|
||||
SOURCE0: mullvad
|
||||
|
||||
%description
|
||||
This package sets up a VPN gateway, named MullvadVPN
|
||||
It follows the method detailed in the Mullvad docs,
|
||||
https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/
|
||||
|
||||
This package is for use with wireguard.
|
||||
If you use openvpn, install the 3isec-qubes-openvpn package.
|
||||
|
||||
The package creates a qube called MullvadVPN based on the debian-11-minimal
|
||||
template. If the debian-11-minimal template is not present, it will
|
||||
be downloaded and installed - this may take some time depending on your
|
||||
net connection.
|
||||
|
||||
There are changes to the firewall rules on MullvadVPN to ensure
|
||||
blocking of outbound connections.
|
||||
Only traffic to the Mullvad gateway is allowed.
|
||||
|
||||
After installing the package, copy your Mullvad configuration file or
|
||||
zip file to MullvadVPN.
|
||||
A menu item for "Setup Mullvad VPN" will be created on the main Qubes Menu.
|
||||
Run this to set up the VPN.
|
||||
When finished, restart MullvadVPN.
|
||||
|
||||
To use the VPN, set MullvadVPN as the netvm for your qubes(s).
|
||||
All traffic will go through the VPN.
|
||||
The VPN will fail closed if the connection drops.
|
||||
No traffic will go through clear.
|
||||
|
||||
If you remove the package, the salt files will be removed.
|
||||
**The MullvadVPN gateway will also be removed.**
|
||||
To do this ALL qubes will be checked to see if they use MullvadVPN.
|
||||
If they do, their netvm will be set to `none`.
|
||||
|
||||
You can, of course, use template-mullvad to create other VPN gateways.
|
||||
|
||||
%install
|
||||
rm -rf %{buildroot}
|
||||
mkdir -p %{buildroot}/srv/salt
|
||||
cp -rv %{SOURCE0}/ %{buildroot}/srv/salt
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
/srv/salt/mullvad/*
|
||||
|
||||
%post
|
||||
if [ $1 -eq 1 ]; then
|
||||
qubesctl state.apply mullvad.clone
|
||||
qubesctl --skip-dom0 --targets=template-mullvad state.apply mullvad.install
|
||||
qubesctl state.apply mullvad.create
|
||||
qubesctl --skip-dom0 --targets=MullvadVPN state.apply mullvad.configure
|
||||
fi
|
||||
|
||||
%postun
|
||||
if [ $1 -eq 0 ]; then
|
||||
for i in `qvm-ls -O NAME,NETVM | awk '/ MullvadVPN/{ print $1 }'`;do qvm-prefs $i netvm none; done
|
||||
qvm-kill MullvadVPN
|
||||
qvm-remove --force MullvadVPN template-mullvad
|
||||
fi
|
||||
|
||||
%changelog
|
||||
* Mon Aug 08 2022 unman <unman@thirdeyesecurity.org> - 1.0
|
||||
- First Build
|
Loading…
Reference in New Issue
Block a user