Re: [qubes-users] Qubes in a corporate network behind HTTP proxy [R4.0.x]
On 2020-07-15 09:28, pr0xy wrote: > I have been running R3.2 for about as long as I can. Time to upgrade to > R4.0.x > > Original 2017 thread where I got this working in R3.2: > https://groups.google.com/d/msg/qubes-users/K_etKdhnqLA/KyJ16z8JCwAJ > > It appears that some of the R3.2 tweaks I used to get Qubes to work > nicely with my corporate proxy are no longer valid in 4.0.x. To > summarize, my company network has a very restrictive proxy that forces > internet traffic through an HTTP/HTTPS proxy like: > > proxy.example.com:8080 > > In R4.0.x how and where would I set this proxy for the Qubes Updates > Proxy? sys-net? sys-firewall? TemplateVMs? If I understand the documentation correctly... https://qubes-os.org/doc/software-update-domu/#updates-proxy we have TinyProxy running in sys-net, and this proxy is used for TemplateVM updates. In the default R4.0.3 install, sys-net is based on a Fedora 30 template. In the fedora-30 templateVM I tried editing /etc/tinyproxy/tinyproxy.conf to add the IP of my company's HTTP proxy as the upstream proxy Upstream http 10.0.0.1:8080 That does not seem to work. In R3.2 I could switch the NetVM of a template to something that worked, like sys-whonix. That doesn't seem to work in R4.x. At the moment I cannot update dom0 or other templates aside from Whonix. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/30cadaa83ba9c35077ca2734898b4e1a%40riseup.net.
[qubes-users] Re: saltstack used to update firefox profile
On 2020-07-15 14:09, unman wrote: I agree to use salt-KISS but, with using the command line in salt renders it somehow less useful from my point of view. For example I've to be careful not to execute that script twice etc. Actually, in this case you*dont* need to worry about that, because afaik firefox will only keep the last entry and will prune the others. You're right with the second try. I just mixed 2 solutions into 1 during copying. This one fails basically with the same error. Any other suggestions? unman, as always very appreciated for your help. That did the trick. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ac650b11-acff-e0d5-475c-2314e9c42768%40gmx.de.
Re: [qubes-users] Re: saltstack used to update firefox profile
On Mon, Jul 13, 2020 at 06:22:57PM +0100, lik...@gmx.de wrote:
> On 2020-07-13 13:48, unman wrote:
> > On Sun, Jul 12, 2020 at 05:55:56PM +0100,
> > liked2-mmb7mzph...@public.gmane.org wrote:
> > > Hi,
> > >
> > > I'm trying to build up my AppVms with saltstack and currently stuck with
> > > updating my firefox profile because it's located in a randomly generated
> > > directory (where xxx are random alpha-numerics):
> > > /home/user/.mozilla/firefox/xxx.default-release/prefs.js
> > >
> > I'm a great believer in keeping salt as simple as possible.
> > In this case:
> > ```
> > echo 'user_pref("browser.startup.homepage", "https://www.qubes-os.org"; ); '
> > >> /home/user/.mozilla/firefox/*.default-release/prefs.js :
> >cmd.run
> >
> > ```
> >
> > If you *do* want complexity, your 1st try is a non-starter, as you've
> > discovered.
> > In the 2nd, I wouldn't use a variable name which is also the name of a
> > salt module. Nor would I use `ls` and `file.find` together - what's the
> > point? Otherwise that looks workable.
> >
>
> I agree to use salt-KISS but, with using the command line in salt renders it
> somehow less useful from my point of view. For example I've to be careful not
> to execute that script twice etc.
Actually, in this case you *dont* need to worry about that, because
afaik firefox will only keep the last entry and will prune the others.
>
> You're right with the second try. I just mixed 2 solutions into 1 during
> copying.
> This one fails basically with the same error.
> Any other suggestions?
>
```
{% set filenames=salt['file.find']('/home/user/.mozilla/firefox',
'name=prefs.js') %}
{% for value in filenames %}
{{ value }}:
file.append:
- text: 'user_pref("browser.startup.homepage", "https://www.qubes-os.org";);
'
{% endfor %}
```
The problem with this is that it relies on you having started firefox
already (to generate the .mozilla entries).
You used to be able to get the same effect before opening by editing
/etc/firefox-esr/firefox-esr.js , but that doesn't seem to work. In any
case you would need to do this in the template.
I'm sure you can find the right place to edit *before* starting firefox.
unman
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20200715130911.GA16571%40thirdeyesecurity.org.
[qubes-users] Qubes in a corporate network behind HTTP proxy [R4.0.x]
I have been running R3.2 for about as long as I can. Time to upgrade to R4.0.x Original 2017 thread where I got this working in R3.2: https://groups.google.com/d/msg/qubes-users/K_etKdhnqLA/KyJ16z8JCwAJ It appears that some of the R3.2 tweaks I used to get Qubes to work nicely with my corporate proxy are no longer valid in 4.0.x. To summarize, my company network has a very restrictive proxy that forces internet traffic through an HTTP/HTTPS proxy like: proxy.example.com:8080 In R4.0.x how and where would I set this proxy for the Qubes Updates Proxy? sys-net? sys-firewall? TemplateVMs? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e3b58b5b86280b1723548d049bba4802%40riseup.net.
