Git-Mirrors/shaker
1
0
Fork 0
mirror of https://github.com/unman/shaker.git synced 2024-10-01 01:25:41 -04:00
Code Issues Packages Projects Releases Wiki Activity

Syncthing -set menu items.

Browse Source 
Prepare intraqube service
This commit is contained in:
unman 2022-09-07 23:15:15 +00:00
parent bf1fb723c2
commit 2e09546473
No known key found for this signature in database
GPG Key ID: FDD1B8244731B36C
5 changed files with 80 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
syncthing/clone.sls
View File

@ -6,3 +6,9 @@ syncthing_clone:
qvm.clone:
- name: template-syncthing
- source: debian-11-minimal
echo -e 'syncthing-start.desktop\nsyncthing-ui.desktop\nxterm.desktop' | qvm-appmenus --set-whitelist=- --update template-syncthing:
cmd.run:
- runas: user
- requires:
- qvm: template-syncthing

6
syncthing/create.sls
View File

@ -16,3 +16,9 @@ qvm-prefs-id:
'qvm-volume extend syncthing:private 50G' :
cmd.run
syncthing_policy:
file.prepend:
- name: /etc/qubes/policy.d/30-user.policy
- text: 'qubes.Syncthing * @anyvm @anyvm deny'
- makedirs: True

48
syncthing/install.sls
View File

@ -2,7 +2,6 @@
#
#
#
{% if grains['nodename'] != 'dom0' %}
/usr/share/keyrings/syncthing-archive-keyring.gpg:
@ -21,6 +20,29 @@
- group: root
- makedirs: True
{% if salt['qvm.exists']('cacher') %}
{% for repo in salt['file.find']('/etc/apt/sources.list.d/', name='*list') %}
{{ repo }}_baseurl:
file.replace:
- name: {{ repo }}
- pattern: 'https://'
- repl: 'http://HTTPS///'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
- backup: False
{% endfor %}
/etc/apt/sources.list:
file.replace:
- names:
- /etc/apt/sources.list
- /etc/apt/sources.list.d/qubes-r4.list
- pattern: 'https://'
- repl: 'http://HTTPS///'
- flags: [ 'IGNORECASE', 'MULTILINE' ]
{% endif %}
syncthing:
pkg.uptodate:
- refresh: True
@ -32,4 +54,28 @@ installed:
- syncthing
- qubes-core-agent-networking
/etc/qubes-rpc/qubes.Syncthing:
file.managed:
- source:
- salt://syncthing/qubes.Syncthing
- user: root
- group: root
- mode: 755
- makedirs: True
/lib/systemd/system/qubes-syncthing.service:
file.managed:
- source:
- salt://syncthing/qubes-syncthing.service
- user: root
- group: root
- mode: 755
- makedirs: True
systemctl mask syncthing@user.service:
cmd.run
systemctl enable qubes-syncthing.service:
cmd.run
{% endif %}

19
syncthing/qubes-syncthing.service Normal file
View File

@ -0,0 +1,19 @@
[Unit]
Description=Syncthing over qrexec for Qubes
After=qubes-qrexec-agent.service
ConditionPathExists=/var/run/qubes-service/qubes-syncthing
[Service]
ExecStart=/usr/bin/socat TCP4-LISTEN:22001,reuseaddr,fork,end-close EXEC:"qrexec-client-vm syncthing qubes.Syncthing"
Restart=on-failur
RestartSec=3
# Hardening
ProtectSystem=full
PrivateTmp=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target

2
syncthing/qubes.Syncthing Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec socat STDIO TCP:localhost:22000