-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello,
I am developing some Salt Formulas for Qubes OS. You may find them in
the following link:
https://github.com/ben-grande/qusal
## Acknowledgments
I can't thank enough for everyone that made this possible. To Unman, as
I learned to Salt from his Shaker repository and it served as basis and
inspiration in many aspects to the project I am presenting today. To
Marmarek, for accepting changes that made the work of packagers easier
via drop-in configuration files, accepting adding minimal template
dependencies and replying to my Qrexec related questions, in the end,
making me understand it better. To Demi, for assigning herself to
improve qfile-dom0-unpacker.
I also want to thank everyone devoted to Qubes OS and Open Source,
without your dedication, each new release of Qubes OS would not be
possible. I stand on the shoulder of giants.
## Warning
Please read the warning in the main readme, at this moment, it is for
testing purposes only so I can breaking changes now instead of
maintaining legacy latter. Because of this, it is intended to developers
only.
This also means that I am not providing support at this time, I know
some things are broken and some may become broken.
## To whom this is for
This project is for everyone that wants to accomplish the following
tasks:
- - Networking:
- Web browsing with CTAP;
- File retrieval with rsync and curl;
- E-mail with Mutt;
- Messaging with Signal;
- Firewall with Qubes Firewall, Pi-Hole or VPN.
- - Misc storage:
- USB with Cryptsetup or Passkey with CTAP;
- Multimedia with VLC, MPV, ffmpeg etc;
- File sharing with sshfs, rsync, syncthing.
- - Admin:
- Remote administration with SSH, Remmina and split-ssh-agent;
- Remote task execution with Ansible, Docker and Terraform;
- Coding with split-gpg2 and split-git and split-ssh-agent.
Daily, I use many of these tools, sporadically I use the rest, but most
importantly, you don't need to install everything, the formulas are
modular. They may depend on other formulas by including SaltFiles, but
this is to avoid code duplication.
## Why minimal templates
You may ask why minimal templates, well:
- - On a low spec system, to run various qubes, this is the only option,
as less services running in each qube will result in a better
performance;
- - Decreases the attack surface of having less packages
installed;
- - `apt-cacher-ng` qube is provided, plus with `qubes-vm-update`,
it is so easy to update the templates. The con is that it will come
with higher disk usage than installing everything in the same
template. But templates are not supposed to be backed up most of the
times as they can be recreated easily with the formulas;
- - Installing external repos can be dangerous, this is a major point of
separate templates, but not necessary minimal ones;
- - Makes it easier to map the dependencies that each functionality
requires, instead of having everything installed, you will know what
is really necessary.
## Minimize attack surface
But the project doesn't stop at minimizing the qubes size by the
template, but also try to be portable to different distributions (mostly
tested on Debian, some can run on Fedora). In theory, user just want to
use the application provided by the qube, but in practice, a
distribution can always have a software lagging behind in security and
features, or even bugs that break the interaction with major qubes
components, such as updates for Dom0.
Packages that are installed via external means such as GitHub and are
not signed by the developer, but by GitHub Webflow, are warned before
installation, so you think before you install it. This can happen for
Mirage Firewall and Pi-Hole.
The states also remove unnecessary features from qubes that will never
use it, such as audiovm for the vault qube, which is more relevant now
as the audio qube is not Dom0 anymore and it can be exposed to the
external world via Bluetooth for example, or via networking, as some
cards might have audio together with networking. NetVM assignment also
follows the same procedure, but I tend not to change it if unnecessary.
## Disposables
When possible, the qubes are disposables, disp-sys-net,
disp-sys-firewall, but you can always use the AppVMs if you prefer.
Different disposable templates are provided for distinct
functionalities, dvm-reader is for opening files or URLs, while dvm-dev
is for testing new software, dvm-qubes-builder for the Qubes Executor,
dvm-browser for browsing the internet.
## User configuration
The states will never modify user configuration files:
- - /rw/config/rc.local
- - /rw/config/qubes-firewall-user-script,
- - /etc/qubes/policy.d/30-user.policy.
The states will however, modify some files in the user home directory,
the dotfiles, mostly for functionality, but some can source a local
configuration, such as:
- - ~/.gitconfig.local
- - ~/.vimrc.local
- - ~/.profile.local
These will never be managed by the project. You can also clone your own
dotfiles instead, but be sure to provide the same directory structure.
The dotfiles are very important, especially to adjust the XTerm font
size and resolution, but also to provide a smoother interaction in the
shell as well as some GUI applications. But it can also serve other
purposes, such as verifying Git merge automatically, always signing git
commit and tags etc.
Unfortunately, we don't support user input through Jinja yet to deeply
customize the configuration, it may be done in the future, but no
promises.
## Qrexec
The Qrexec policy is set to `allow` when not meant to be interactive,
else defaults to ask. Allow can appear in some cases where the argument
can be set to limit the scope of the call.
You can always limit the calls that can be made via customizing the user
policy, but if you find something that should be more restricted, I'm
open to conversation.
We could be more restrictive on the default Qubes OS policies, but this
is out of scope (as of now).
Improving the Qusal RPC input sanitization is in scope for example.
## Testing
Done manually, there is no CI/CD, but it would be a great addition in
the future.
## Questions
If you have more questions, take a look at the docs directory, if your
questions haven't been cleared, just reply to this mail.
- --
Benjamin Grande
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQRklnEdsUUe50UmvUUbcxS/DMyWhwUCZa7HagAKCRAbcxS/DMyW
h8otAP9XDNXRnLDPOoDzvT7L48FY7byugcaUyaUuJcin4eQv3wD/fY3haQNWEslx
i5cSh/rgADywcwsh75vBJxJ1xhRehgI=
=LGlq
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/Za7HbE049RObSmlc%40i1zmVEev.
