shaker/cacher
unman 9ea89964a4
Block Whonix templates from repository rewriting.
Assumes that whonix templates all have nodename 'host'.
2022-08-22 10:25:54 +00:00
..
50_user.conf Moved cacher files to new subdirectory 2021-02-02 04:48:48 +00:00
acng.conf Salt - caching proxy - general tidy up 2022-05-15 14:36:33 +00:00
archlx_mirrors Salt - caching proxy - add updated fedora and arch mirror lists 2022-05-15 14:32:19 +00:00
change_templates.sls Block Whonix templates from repository rewriting. 2022-08-22 10:25:54 +00:00
change_templates.top Block Whonix templates from repository rewriting. 2022-08-22 10:25:54 +00:00
clone.sls Fix call to qvm.template_installed 2022-07-30 13:09:00 +00:00
clone.top Moved cacher files to new subdirectory 2021-02-02 04:48:48 +00:00
configure.sls Salt - caching proxy - general tidy up 2022-05-15 14:36:33 +00:00
configure.top Salt - caching proxy - general tidy up 2022-05-15 14:36:33 +00:00
create.sls Salt - caching proxy - inherit default netvm 2022-07-18 13:55:40 +00:00
create.top Moved cacher files to new subdirectory 2021-02-02 04:48:48 +00:00
fedora_mirrors Salt - caching proxy - update fedora mirror list 2022-07-08 15:18:04 +00:00
install.sls Salt - caching proxy - general tidy up 2022-05-15 14:36:33 +00:00
install.top Moved cacher files to new subdirectory 2021-02-02 04:48:48 +00:00
README Salt - caching proxy -fix whitespace in baseurl definition. 2022-08-19 10:47:13 +00:00
restore_templates.sls Salt - caching proxy -fix whitespace in baseurl definition. 2022-08-19 10:47:13 +00:00
restore_templates.top Salt - caching proxy - Restore repo definitions on package removal 2022-05-15 14:48:23 +00:00
use.sls Salt - caching proxy - fix interaction with Whonix. 2022-08-21 00:12:12 +00:00
use.top Moved cacher files to new subdirectory 2021-02-02 04:48:48 +00:00

This is a caching proxy, based on apt-cacher-ng.  

Config files are included, which will work out of the box for Debian,Ubuntu,Arch, and Fedora.  
The cache and log directories are bind-mounted in /rw in the cacher qube.

Copy directory to /srv/salt, then run:  
qubesctl state.apply cacher.create
qubesctl --skip-dom0 --targets=template-cacher state.apply cacher.install  
qubesctl --skip-dom0 --targets=cacher state.apply cacher.configure

To automatically use the proxy run:  
qubesctl state.apply cacher.use  
This will configure /etc/qubes/policy.d/30-user.policy to use the caching proxy by default.

apt-cacher-ng will cache HTTPS requests if you change https:// to http://HTTPS/// in repo source lists.
To configure all templates to use the proxy in this way, run:  
qubesctl --skip-dom0 --templates state.apply cacher.change_templates  
Or target individual templates, as you wish:
qubesctl --skip-dom0 --targets=TEMPLATE1,TEMPLATE2  state.apply cacher.change_templates  


N.B
apt-cacher-ng works well for Debian,Ubuntu,and Arch.  
It works reasonably well for Fedora, but may require further tweaking of the apt-cacher-ng control file, and the fedora_mirrors lists.

To restore a template to the default state, a state is provided, restore_templates.sls.
Apply it like this:
qubesctl --skip-dom0 --targets=TEMPLATE1,TEMPLATE2  state.apply cacher.restore_templates  

The qrexec policy file at  /etc/qubes/policy.d/30-user.policy should be edited so that these templates use the default system proxy.