mirror of
https://github.com/unman/shaker.git
synced 2024-10-01 01:25:41 -04:00
Move tunnelling script to common direcctory
This commit is contained in:
parent
56ec5d6781
commit
d1318fa767
@ -1,16 +1,24 @@
|
||||
Name: 3isec-qubes-syncthing
|
||||
Version: 1.2
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: Syncthing in Qubes
|
||||
|
||||
License: GPLv3+
|
||||
SOURCE0: syncthing
|
||||
Requires: 3isec-qubes-common
|
||||
|
||||
%description
|
||||
Creates a syncthing template and active syncthing qube.
|
||||
By default the syncthing qube will be attached to sys-firewall, or sys-pihole if that qube exists.
|
||||
It makes no sense to run this with syncthing attached to a VPN or Tor proxy.
|
||||
This package opens up the qubes-firewall, so that the syncthing qube is accessible externally.
|
||||
|
||||
A qubes.Syncthing service is created, to allow use of syncthing over qrexec.
|
||||
A default policy is set in /etc/qubes/policy.d/30-user.policy to deny all.
|
||||
If you want to allow syncthing between qubes, insert a line at the top of the policy file to allow. E.g:
|
||||
qubes.Syncthing * FROM TO allow
|
||||
|
||||
A script is provided in /srv/salt/3isec-common/.in.sh to allow for inbound connections.
|
||||
This script opens up the qubes-firewall, so that the syncthing qube is accessible externally.
|
||||
If sys-net has more than one network card the FIRST external interface will be used by default.
|
||||
(If this is incorrect, you must change it manually. In dom0:
|
||||
/srv/salt/syncthing/in.sh delete syncthing tcp 22000 -a -p
|
||||
@ -19,17 +27,10 @@ If sys-net has more than one network card the FIRST external interface will be u
|
||||
/srv/salt/syncthing/in.sh add syncthing udp 22000 -p
|
||||
This will let you choose the NIC.)
|
||||
|
||||
A qubes.Syncthing service is created, to allow use of syncthing over qrexec.
|
||||
A default policy is set in /etc/qubes/policy.d/30-user.policy to deny all.
|
||||
If you want to allow syncthing between qubes, insert a line at the top of the policy file to allow. E.g:
|
||||
qubes.Syncthing * FROM TO allow
|
||||
|
||||
|
||||
The package can be uninstalled using:
|
||||
sudo dnf remove 3isec-qubes-syncthing
|
||||
The syncthing qube will NOT be removed, but the Syncthing service on that qube will be stopped.
|
||||
The firewall rules will be reverted so the qube will not be accessible externally.
|
||||
N.B. If you have manually set rules you must manually revert them.
|
||||
N.B. If you have manually set firewall rules you must manually revert them.
|
||||
The qrexec policy will be reverted to stop Syncthing between qubes.
|
||||
|
||||
The package includes qubes-rsyncthing.service.
|
||||
@ -73,6 +74,10 @@ fi
|
||||
%postun
|
||||
|
||||
%changelog
|
||||
* Thu Jun 12 2024 unman <unman@thirdeyesecurity.org> - 1.2.2
|
||||
- Improve script for inbound connections
|
||||
- Drop automatic configuration in favor of manual.
|
||||
- Move script to common files for general use
|
||||
* Sat Jan 20 2024 unman <unman@thirdeyesecurity.org> - 1.2
|
||||
- Update for 4.2 - new base template, remove iptables references.
|
||||
* Mon Feb 20 2023 unman <unman@thirdeyesecurity.org> - 1.1
|
||||
|
Loading…
Reference in New Issue
Block a user