diff options
| author | Casper <me@skylarcloud.xyz> | 2024-12-23 10:30:47 -0700 |
|---|---|---|
| committer | Casper <me@skylarcloud.xyz> | 2024-12-23 10:30:47 -0700 |
| commit | a6b6ddbdbe56a103374f7600c3c36f55adbad710 (patch) | |
| tree | cb2bed1d01c87e4e4a4b0bce8b91e1b59c82bf14 | |
| parent | c4562c5bb241ad8f5dcadd51ba429ca635293ada (diff) | |
implemented split-browser for web qubes
| -rw-r--r-- | README.html | 396 | ||||
| -rw-r--r-- | README.md | 107 | ||||
| -rw-r--r-- | README.org | 87 | ||||
| -rw-r--r-- | dots/i3-config | 3 | ||||
| -rw-r--r-- | web/create-web-qubes.top | 9 | ||||
| -rw-r--r-- | web/qvm-app.sls | 137 | ||||
| -rw-r--r-- | web/qvm-tmpl.sls | 5 | ||||
| -rw-r--r-- | web/tmpl-configure-split-firefox.sls | 11 | ||||
| -rw-r--r-- | web/tmpl-pkgs.sls | 35 | ||||
| -rw-r--r-- | web/tmpl-split-pkgs.sls | 13 |
10 files changed, 238 insertions, 565 deletions
diff --git a/README.html b/README.html deleted file mode 100644 index 36ea874..0000000 --- a/README.html +++ /dev/null @@ -1,396 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" -"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> -<head> -<!-- 2024-12-19 Thu 11:15 --> -<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> -<meta name="viewport" content="width=device-width, initial-scale=1" /> -<title>README</title> -<meta name="generator" content="Org Mode" /> -<style type="text/css"> - #content { max-width: 60em; margin: auto; } - .title { text-align: center; - margin-bottom: .2em; } - .subtitle { text-align: center; - font-size: medium; - font-weight: bold; - margin-top:0; } - .todo { font-family: monospace; color: red; } - .done { font-family: monospace; color: green; } - .priority { font-family: monospace; color: orange; } - .tag { background-color: #eee; font-family: monospace; - padding: 2px; font-size: 80%; font-weight: normal; } - .timestamp { color: #bebebe; } - .timestamp-kwd { color: #5f9ea0; } - .org-right { margin-left: auto; margin-right: 0px; text-align: right; } - .org-left { margin-left: 0px; margin-right: auto; text-align: left; } - .org-center { margin-left: auto; margin-right: auto; text-align: center; } - .underline { text-decoration: underline; } - #postamble p, #preamble p { font-size: 90%; margin: .2em; } - p.verse { margin-left: 3%; } - pre { - border: 1px solid #e6e6e6; - border-radius: 3px; - background-color: #f2f2f2; - padding: 8pt; - font-family: monospace; - overflow: auto; - margin: 1.2em; - } - pre.src { - position: relative; - overflow: auto; - } - pre.src:before { - display: none; - position: absolute; - top: -8px; - right: 12px; - padding: 3px; - color: #555; - background-color: #f2f2f299; - } - pre.src:hover:before { display: inline; margin-top: 14px;} - /* Languages per Org manual */ - pre.src-asymptote:before { content: 'Asymptote'; } - pre.src-awk:before { content: 'Awk'; } - pre.src-authinfo::before { content: 'Authinfo'; } - pre.src-C:before { content: 'C'; } - /* pre.src-C++ doesn't work in CSS */ - pre.src-clojure:before { content: 'Clojure'; } - pre.src-css:before { content: 'CSS'; } - pre.src-D:before { content: 'D'; } - pre.src-ditaa:before { content: 'ditaa'; } - pre.src-dot:before { content: 'Graphviz'; } - pre.src-calc:before { content: 'Emacs Calc'; } - pre.src-emacs-lisp:before { content: 'Emacs Lisp'; } - pre.src-fortran:before { content: 'Fortran'; } - pre.src-gnuplot:before { content: 'gnuplot'; } - pre.src-haskell:before { content: 'Haskell'; } - pre.src-hledger:before { content: 'hledger'; } - pre.src-java:before { content: 'Java'; } - pre.src-js:before { content: 'Javascript'; } - pre.src-latex:before { content: 'LaTeX'; } - pre.src-ledger:before { content: 'Ledger'; } - pre.src-lisp:before { content: 'Lisp'; } - pre.src-lilypond:before { content: 'Lilypond'; } - pre.src-lua:before { content: 'Lua'; } - pre.src-matlab:before { content: 'MATLAB'; } - pre.src-mscgen:before { content: 'Mscgen'; } - pre.src-ocaml:before { content: 'Objective Caml'; } - pre.src-octave:before { content: 'Octave'; } - pre.src-org:before { content: 'Org mode'; } - pre.src-oz:before { content: 'OZ'; } - pre.src-plantuml:before { content: 'Plantuml'; } - pre.src-processing:before { content: 'Processing.js'; } - pre.src-python:before { content: 'Python'; } - pre.src-R:before { content: 'R'; } - pre.src-ruby:before { content: 'Ruby'; } - pre.src-sass:before { content: 'Sass'; } - pre.src-scheme:before { content: 'Scheme'; } - pre.src-screen:before { content: 'Gnu Screen'; } - pre.src-sed:before { content: 'Sed'; } - pre.src-sh:before { content: 'shell'; } - pre.src-sql:before { content: 'SQL'; } - pre.src-sqlite:before { content: 'SQLite'; } - /* additional languages in org.el's org-babel-load-languages alist */ - pre.src-forth:before { content: 'Forth'; } - pre.src-io:before { content: 'IO'; } - pre.src-J:before { content: 'J'; } - pre.src-makefile:before { content: 'Makefile'; } - pre.src-maxima:before { content: 'Maxima'; } - pre.src-perl:before { content: 'Perl'; } - pre.src-picolisp:before { content: 'Pico Lisp'; } - pre.src-scala:before { content: 'Scala'; } - pre.src-shell:before { content: 'Shell Script'; } - pre.src-ebnf2ps:before { content: 'ebfn2ps'; } - /* additional language identifiers per "defun org-babel-execute" - in ob-*.el */ - pre.src-cpp:before { content: 'C++'; } - pre.src-abc:before { content: 'ABC'; } - pre.src-coq:before { content: 'Coq'; } - pre.src-groovy:before { content: 'Groovy'; } - /* additional language identifiers from org-babel-shell-names in - ob-shell.el: ob-shell is the only babel language using a lambda to put - the execution function name together. */ - pre.src-bash:before { content: 'bash'; } - pre.src-csh:before { content: 'csh'; } - pre.src-ash:before { content: 'ash'; } - pre.src-dash:before { content: 'dash'; } - pre.src-ksh:before { content: 'ksh'; } - pre.src-mksh:before { content: 'mksh'; } - pre.src-posh:before { content: 'posh'; } - /* Additional Emacs modes also supported by the LaTeX listings package */ - pre.src-ada:before { content: 'Ada'; } - pre.src-asm:before { content: 'Assembler'; } - pre.src-caml:before { content: 'Caml'; } - pre.src-delphi:before { content: 'Delphi'; } - pre.src-html:before { content: 'HTML'; } - pre.src-idl:before { content: 'IDL'; } - pre.src-mercury:before { content: 'Mercury'; } - pre.src-metapost:before { content: 'MetaPost'; } - pre.src-modula-2:before { content: 'Modula-2'; } - pre.src-pascal:before { content: 'Pascal'; } - pre.src-ps:before { content: 'PostScript'; } - pre.src-prolog:before { content: 'Prolog'; } - pre.src-simula:before { content: 'Simula'; } - pre.src-tcl:before { content: 'tcl'; } - pre.src-tex:before { content: 'TeX'; } - pre.src-plain-tex:before { content: 'Plain TeX'; } - pre.src-verilog:before { content: 'Verilog'; } - pre.src-vhdl:before { content: 'VHDL'; } - pre.src-xml:before { content: 'XML'; } - pre.src-nxml:before { content: 'XML'; } - /* add a generic configuration mode; LaTeX export needs an additional - (add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */ - pre.src-conf:before { content: 'Configuration File'; } - - table { border-collapse:collapse; } - caption.t-above { caption-side: top; } - caption.t-bottom { caption-side: bottom; } - td, th { vertical-align:top; } - th.org-right { text-align: center; } - th.org-left { text-align: center; } - th.org-center { text-align: center; } - td.org-right { text-align: right; } - td.org-left { text-align: left; } - td.org-center { text-align: center; } - dt { font-weight: bold; } - .footpara { display: inline; } - .footdef { margin-bottom: 1em; } - .figure { padding: 1em; } - .figure p { text-align: center; } - .equation-container { - display: table; - text-align: center; - width: 100%; - } - .equation { - vertical-align: middle; - } - .equation-label { - display: table-cell; - text-align: right; - vertical-align: middle; - } - .inlinetask { - padding: 10px; - border: 2px solid gray; - margin: 10px; - background: #ffffcc; - } - #org-div-home-and-up - { text-align: right; font-size: 70%; white-space: nowrap; } - textarea { overflow-x: auto; } - .linenr { font-size: smaller } - .code-highlighted { background-color: #ffff00; } - .org-info-js_info-navigation { border-style: none; } - #org-info-js_console-label - { font-size: 10px; font-weight: bold; white-space: nowrap; } - .org-info-js_search-highlight - { background-color: #ffff00; color: #000000; font-weight: bold; } - .org-svg { } -</style> -</head> -<body> -<div id="content" class="content"> -<h1 class="title">README</h1> -<div id="outline-container-orgb513d84" class="outline-2"> -<h2 id="orgb513d84">Installation</h2> -<div class="outline-text-2" id="text-orgb513d84"> -</div> -<div id="outline-container-org7a267b0" class="outline-3"> -<h3 id="org7a267b0">Setup salt user-dirs</h3> -<div class="outline-text-3" id="text-org7a267b0"> -<div class="org-src-container"> -<pre class="src src-bash"><span style="color: #5B6268;"># </span><span style="color: #5B6268;">In dom0</span> -<span style="color: #ee7b29;">sudo</span> qubesctl state.sls qubes.user-dirs -</pre> -</div> - -<p> -I sometimes run into the issue described here on a new install: <a href="https://github.com/QubesOS/qubes-issues/issues/8491">https://github.com/QubesOS/qubes-issues/issues/8491</a>. The solution that works consistantly for me is: -</p> - -<div class="org-src-container"> -<pre class="src src-bash"><span style="color: #5B6268;"># </span><span style="color: #5B6268;">In dom0</span> -<span style="color: #ee7b29;">ln</span> -s /srv/salt/qubes/user-dirs.top /srv/salt/_tops/base/user-dirs.top -</pre> -</div> -</div> -</div> -<div id="outline-container-orgbfad215" class="outline-3"> -<h3 id="orgbfad215">Clone my repo</h3> -<div class="outline-text-3" id="text-orgbfad215"> -<p> -Open a terminal in some networked app qube (with git installed!), and clone my repository: -</p> - -<div class="org-src-container"> -<pre class="src src-bash"><span style="color: #5B6268;"># </span><span style="color: #5B6268;">In dispXXXX</span> -<span style="color: #ee7b29;">git</span> clone https://git.skylarcloud.xyz/salt-repo.git -</pre> -</div> -</div> -</div> -<div id="outline-container-org12b1608" class="outline-3"> -<h3 id="org12b1608">Move it to dom0</h3> -<div class="outline-text-3" id="text-org12b1608"> -<p> -First, we’ll turn the repo into an archive with tar: -</p> - -<div class="org-src-container"> -<pre class="src src-bash"><span style="color: #5B6268;"># </span><span style="color: #5B6268;">In dispXXXX</span> -tar -cf /tmp/salt-archive.tar salt-repo -</pre> -</div> - -<p> -Then, in dom0: -</p> - -<div class="org-src-container"> -<pre class="src src-bash"><span style="color: #5B6268;"># </span><span style="color: #5B6268;">in dom0</span> -<span style="color: #5B6268;"># </span><span style="color: #5B6268;">Pulls the content of the archive from dispXXXX to dom0</span> -<span style="color: #ee7b29;">sudo</span> qvm-run --pass-io dispXXXX <span style="color: #4fb3d8;">'</span><span style="color: #4fb3d8;">cat</span><span style="color: #4fb3d8;"> /tmp/salt-archive.tar'</span> > /tmp/salt-archive.tar - -<span style="color: #5B6268;"># </span><span style="color: #5B6268;">Unpack the archive</span> -<span style="color: #ee7b29;">sudo</span> <span style="color: #ee7b29;">cd</span> /tmp && tar -xf salt-archive.tar - -<span style="color: #5B6268;"># </span><span style="color: #5B6268;">Delete the default /srv/user_salt directory</span> -<span style="color: #5B6268;"># </span><span style="color: #5B6268;">Make sure you haven't put anything important there</span> -<span style="color: #ee7b29;">sudo</span> <span style="color: #ee7b29;">rm</span> -fr /srv/user_salt - -<span style="color: #5B6268;"># </span><span style="color: #5B6268;">Move the repo to /srv/user_salt</span> -<span style="color: #ee7b29;">sudo</span> <span style="color: #ee7b29;">mv</span> /tmp/salt-repo /srv/user_salt -</pre> -</div> -</div> -</div> -<div id="outline-container-org187ae22" class="outline-3"> -<h3 id="org187ae22">Change your username</h3> -<div class="outline-text-3" id="text-org187ae22"> -<p> -There’s a variable in <i>/wm/wm-setup.sls</i> that you should change to match your username. That file needs to write files to your home directory in dom0, and needs the username for those paths. -</p> -</div> -</div> -<div id="outline-container-org5e73ac0" class="outline-3"> -<h3 id="org5e73ac0">Apply the configuration</h3> -<div class="outline-text-3" id="text-org5e73ac0"> -<p> -There are many directories with .sls and .top files inside of them. You can enable a feature and apply it with just a couple commands: -</p> - -<div class="org-src-container"> -<pre class="src src-bash"><span style="color: #5B6268;"># </span><span style="color: #5B6268;">In dom0</span> -<span style="color: #ee7b29;">sudo</span> qubesctl top.enable wm.wm-setup <span style="color: #5B6268;"># </span><span style="color: #5B6268;">This enables the top file at /srv/user_salt/wm/wm-setup.top</span> -<span style="color: #ee7b29;">sudo</span> qubesctl state.apply <span style="color: #5B6268;"># </span><span style="color: #5B6268;">Applies dom0 states</span> -<span style="color: #ee7b29;">sudo</span> qubesctl --targets=tmpl-XXXX <span style="color: #5B6268;"># </span><span style="color: #5B6268;">Applies dom0 states and states for tmpl-XXXX</span> -</pre> -</div> -</div> -</div> -</div> -<div id="outline-container-org0c726a0" class="outline-2"> -<h2 id="org0c726a0">Features</h2> -<div class="outline-text-2" id="text-org0c726a0"> -</div> -<div id="outline-container-org21ec0cc" class="outline-3"> -<h3 id="org21ec0cc">3isec</h3> -<div class="outline-text-3" id="text-org21ec0cc"> -<p> -Sets up the 3isec repository and graphical installer. This has lots of handy states I use for various utilities. -</p> -</div> -</div> -<div id="outline-container-orgea1b99f" class="outline-3"> -<h3 id="orgea1b99f">Chromium</h3> -<div class="outline-text-3" id="text-orgea1b99f"> -<p> -Creates <i>tmpl-chromium</i> and <i>web-yt</i>. I usually avoid Chromium, but YouTube performs better on it than Librewolf, so I use it for that site. -</p> - -<p> -Blueman is installed in <i>tmpl-chromium</i> so it’s easy to pass your bluetooth controller to <i>web-yt</i> and listen with bluetooth headphones. -</p> -</div> -</div> -<div id="outline-container-org9a2e064" class="outline-3"> -<h3 id="org9a2e064">Emacs</h3> -<div class="outline-text-3" id="text-org9a2e064"> -<p> -Creates <i>tmpl-emacs</i> and two app qubes, <i>emacs-org</i> and <i>emacs-salt</i>, with Doom Emacs’ dependencies. I do all of my personal organization in Emacs org-mode, and <i>emacs-salt</i> is for editing my saltstack configuration. -</p> - -<p> -It also places two scripts in dom0, <i>/usr/bin/fetch-salt-from-emacs</i> and <i>/usr/bin/push-salt-to-emacs</i>. Run these as root in dom0 to easily move your repo back and forth as you please. -</p> -</div> -</div> -<div id="outline-container-orgf86d8d3" class="outline-3"> -<h3 id="orgf86d8d3">Email</h3> -<div class="outline-text-3" id="text-orgf86d8d3"> -<p> -Creates <i>tmpl-email</i> and two app qubes, <i>email-personal</i> and <i>email-work</i>, with Thunderbird. -</p> -</div> -</div> -<div id="outline-container-org58d03e1" class="outline-3"> -<h3 id="org58d03e1">IRC</h3> -<div class="outline-text-3" id="text-org58d03e1"> -<p> -Creates <i>tmpl-irc</i> and <i>irc</i> with Hexchat installed, for chatting on IRC over Tor. -</p> -</div> -</div> -<div id="outline-container-org5f413ed" class="outline-3"> -<h3 id="org5f413ed">SSH</h3> -<div class="outline-text-3" id="text-org5f413ed"> -<p> -Creates <i>tmpl-ssh</i> and <i>ssh-vps</i>, simple qubes to ssh into my VPS with. -</p> -</div> -</div> -<div id="outline-container-org47e978b" class="outline-3"> -<h3 id="org47e978b">Torrenting</h3> -<div class="outline-text-3" id="text-org47e978b"> -<p> -Creates <i>tmpl-torrenting</i> and <i>bitz</i> with qBitTorrent installed, for torrenting. Route this qube’s traffic through a VPN if you plan on downloading anything illegal. -</p> -</div> -</div> -<div id="outline-container-orgfe754f8" class="outline-3"> -<h3 id="orgfe754f8">Web</h3> -<div class="outline-text-3" id="text-orgfe754f8"> -<p> -Creates <i>tmpl-web</i> and a few <i>web-XXX</i> qubes, with Librewolf. -</p> -</div> -</div> -<div id="outline-container-org621949b" class="outline-3"> -<h3 id="org621949b">WM</h3> -<div class="outline-text-3" id="text-org621949b"> -<p> -This does many things to set up a convenient i3 environment. -</p> -<ul class="org-ul"> -<li>Installs a few packages in dom0</li> -<li>Moves my i3 config into place</li> -<li>Prioritizes xfce4-terminal and st in <i>/usr/bin/qubes-i3-sensible-terminal</i></li> -<li>Moves my xrandr screenlayout in place</li> -<li>Moves my nitrogen wallpaper files in place</li> -<li>Enables tap-to-click and natural scrolling</li> -<li>Replaces dmenu with rofi</li> -</ul> -</div> -</div> -</div> -</div> -<div id="postamble" class="status"> -<p class="date">Created: 2024-12-19 Thu 11:15</p> -</div> -</body> -</html> diff --git a/README.md b/README.md new file mode 100644 index 0000000..996e888 --- /dev/null +++ b/README.md @@ -0,0 +1,107 @@ +# Installation + +## Setup salt user-dirs + + # In dom0 + sudo qubesctl state.sls qubes.user-dirs + +I sometimes run into the issue described here on a new install: <https://github.com/QubesOS/qubes-issues/issues/8491>. The solution that works consistantly for me is: + + # In dom0 + ln -s /srv/salt/qubes/user-dirs.top /srv/salt/_tops/base/user-dirs.top + +## Clone my repo + +Open a terminal in some networked app qube (with git installed!), and clone my repository: + + # In dispXXXX + git clone https://git.skylarcloud.xyz/salt-repo.git + +## Move it to dom0 + +First, we'll turn the repo into an archive with tar: + + # In dispXXXX + tar -cf /tmp/salt-archive.tar salt-repo + +Then, in dom0: + + # in dom0 + # Pulls the content of the archive from dispXXXX to dom0 + sudo qvm-run --pass-io dispXXXX 'cat /tmp/salt-archive.tar' > /tmp/salt-archive.tar + + # Unpack the archive + sudo cd /tmp && tar -xf salt-archive.tar + + # Delete the default /srv/user_salt directory + # Make sure you haven't put anything important there + sudo rm -fr /srv/user_salt + + # Move the repo to /srv/user_salt + sudo mv /tmp/salt-repo /srv/user_salt + +## Change your username + +There's a variable in */wm/wm-setup.sls* that you should change to match your username. That file needs to write files to your home directory in dom0, and needs the username for those paths. + +## Apply the configuration + +There are many directories with .sls and .top files inside of them. You can enable a feature and apply it with just a couple commands: + + # In dom0 + sudo qubesctl top.enable wm.wm-setup # This enables the top file at /srv/user_salt/wm/wm-setup.top + sudo qubesctl state.apply # Applies dom0 states + sudo qubesctl --targets=tmpl-XXXX # Applies dom0 states and states for tmpl-XXXX + +# Features + +## 3isec + +Sets up the 3isec repository and graphical installer. This has lots of handy states I use for various utilities. + +## Chromium + +Creates *tmpl-chromium* and *web-yt*. I usually avoid Chromium, but YouTube performs better on it than Librewolf, so I use it for that site. + +Blueman is installed in *tmpl-chromium* so it’s easy to pass your bluetooth controller to *web-yt* and listen with bluetooth headphones. + +## Emacs + +Creates *tmpl-emacs* and two app qubes, *emacs-org* and *emacs-salt*, with Doom Emacs’ dependencies. I do all of my personal organization in Emacs org-mode, and *emacs-salt* is for editing my saltstack configuration. + +It also places two scripts in dom0, */usr/bin/fetch-salt-from-emacs* and */usr/bin/push-salt-to-emacs*. Run these as root in dom0 to easily move your repo back and forth as you please. + +## Email + +Creates *tmpl-email* and two app qubes, *email-personal* and *email-work*, with Thunderbird. + +## IRC + +Creates *tmpl-irc* and *irc* with Hexchat installed, for chatting on IRC over Tor. + +## SSH + +Creates *tmpl-ssh* and *ssh-vps*, simple qubes I use to ssh into my VPS with. + +## Torrenting + +Creates *tmpl-torrenting* and *bitz* with qBitTorrent installed, for torrenting. Route this qube's traffic through a VPN if you plan on downloading anything frowned upon in your jurisdicion (copyrighted movies for example). + +## Web + +This uses the *split-browser* package to securely store bookmarks and logins for use in disposable qubes. It creates *tmpl-web*, *web-dvm*, *tmpl-split-web*, and *split-web*, then sets them up for use with *split-browser*. + +Instructions on its use are here: https://github.com/rustybird/qubes-app-split-browser + +Other than *split-browser*, Firefox has no modifications. If you want to configure it permanently, for now you'll need to open it in *web-dvm*, make your configurations (themes, extensions, settings), then new disposables will inherit those modifications. + +## WM + +This does many things to set up a convenient i3 environment. + +- Installs a few packages in dom0 +- Moves my i3 config into place +- Prioritizes xfce4-terminal and st in */usr/bin/qubes-i3-sensible-terminal* +- Enables tap-to-click and natural scrolling +- Replaces dmenu with rofi + diff --git a/README.org b/README.org deleted file mode 100644 index fd078e8..0000000 --- a/README.org +++ /dev/null @@ -1,87 +0,0 @@ -#+title: README -#+OPTIONS: num:nil toc:nil -* Installation -** Setup salt user-dirs - #+begin_src bash -# In dom0 -sudo qubesctl state.sls qubes.user-dirs - #+end_src - - I sometimes run into the issue described here on a new install: https://github.com/QubesOS/qubes-issues/issues/8491. The solution that works consistantly for me is: - - #+begin_src bash -# In dom0 -ln -s /srv/salt/qubes/user-dirs.top /srv/salt/_tops/base/user-dirs.top -#+end_src -** Clone my repo -Open a terminal in some networked app qube (with git installed!), and clone my repository: - -#+begin_src bash -# In dispXXXX -git clone https://git.skylarcloud.xyz/salt-repo.git -#+end_src -** Move it to dom0 -First, we'll turn the repo into an archive with tar: - -#+begin_src bash -# In dispXXXX -tar -cf /tmp/salt-archive.tar salt-repo -#+end_src - -Then, in dom0: - -#+begin_src bash -# in dom0 -# Pulls the content of the archive from dispXXXX to dom0 -sudo qvm-run --pass-io dispXXXX 'cat /tmp/salt-archive.tar' > /tmp/salt-archive.tar - -# Unpack the archive -sudo cd /tmp && tar -xf salt-archive.tar - -# Delete the default /srv/user_salt directory -# Make sure you haven't put anything important there -sudo rm -fr /srv/user_salt - -# Move the repo to /srv/user_salt -sudo mv /tmp/salt-repo /srv/user_salt -#+end_src -** Change your username - There's a variable in //wm/wm-setup.sls/ that you should change to match your username. That file needs to write files to your home directory in dom0, and needs the username for those paths. -** Apply the configuration -There are many directories with .sls and .top files inside of them. You can enable a feature and apply it with just a couple commands: - -#+begin_src bash -# In dom0 -sudo qubesctl top.enable wm.wm-setup # This enables the top file at /srv/user_salt/wm/wm-setup.top -sudo qubesctl state.apply # Applies dom0 states -sudo qubesctl --targets=tmpl-XXXX # Applies dom0 states and states for tmpl-XXXX -#+end_src - -* Features -** 3isec -Sets up the 3isec repository and graphical installer. This has lots of handy states I use for various utilities. -** Chromium -Creates /tmpl-chromium/ and /web-yt/. I usually avoid Chromium, but YouTube performs better on it than Librewolf, so I use it for that site. - -Blueman is installed in /tmpl-chromium/ so it's easy to pass your bluetooth controller to /web-yt/ and listen with bluetooth headphones. -** Emacs -Creates /tmpl-emacs/ and two app qubes, /emacs-org/ and /emacs-salt/, with Doom Emacs' dependencies. I do all of my personal organization in Emacs org-mode, and /emacs-salt/ is for editing my saltstack configuration. - -It also places two scripts in dom0, //usr/bin/fetch-salt-from-emacs/ and //usr/bin/push-salt-to-emacs/. Run these as root in dom0 to easily move your repo back and forth as you please. -** Email -Creates /tmpl-email/ and two app qubes, /email-personal/ and /email-work/, with Thunderbird. -** IRC -Creates /tmpl-irc/ and /irc/ with Hexchat installed, for chatting on IRC over Tor. -** SSH -Creates /tmpl-ssh/ and /ssh-vps/, simple qubes to ssh into my VPS with. -** Torrenting -Creates /tmpl-torrenting/ and /bitz/ with qBitTorrent installed, for torrenting. Route this qube's traffic through a VPN if you plan on downloading anything illegal. -** Web -Creates /tmpl-web/ and a few /web-XXX/ qubes, with Librewolf. -** WM -This does many things to set up a convenient i3 environment. -- Installs a few packages in dom0 -- Moves my i3 config into place -- Prioritizes xfce4-terminal and st in //usr/bin/qubes-i3-sensible-terminal/ -- Enables tap-to-click and natural scrolling -- Replaces dmenu with rofi diff --git a/dots/i3-config b/dots/i3-config index 616b756..8c0de8a 100644 --- a/dots/i3-config +++ b/dots/i3-config @@ -275,6 +275,9 @@ bar { # Avoids screen size fingerprinting for_window [title="Tor Browser"] floating enable +# Make any instance of rofi float +for_window [title="rofi"] floating enable + # Make sure all xdg autostart entries are started, this is (among other things) # necessary to make sure transient vm's come up exec --no-startup-id qubes-i3-xdg-autostart diff --git a/web/create-web-qubes.top b/web/create-web-qubes.top index 445ebc1..7d134e9 100644 --- a/web/create-web-qubes.top +++ b/web/create-web-qubes.top @@ -1,6 +1,9 @@ user: dom0: - - web.qvm-app - - web.qvm-tmpl + - web.qvm-tmpl # Creates tmpl-web, tmpl-split-web + - web.qvm-app # Creates web-dvm, split-web tmpl-web: - - web.tmpl-pkgs + - web.tmpl-pkgs # Installs tmpl-web pkgs + - web.tmpl-configure-split-firefox # Configures split-browser for FF + tmpl-split-web: + - web.tmpl-split-pkgs # Installs tmpl-split-web pkgs diff --git a/web/qvm-app.sls b/web/qvm-app.sls index 0d77f90..6d49a07 100644 --- a/web/qvm-app.sls +++ b/web/qvm-app.sls @@ -1,6 +1,6 @@ -web--create-browsing-qube: +web--create-web-qube: qvm.vm: - - name: browsing-dvm + - name: web-dvm - present: - template: tmpl-web - label: yellow @@ -8,87 +8,94 @@ web--create-browsing-qube: - template_for_dispvms: True - features: - set: - - menu-items: librewolf.desktop + - menu-items: xfce4-terminal.desktop - require: - qvm: web--create-template -browsing-features_dvm: +web-features_dvm: qvm.features: - - name: browsing-dvm + - name: web-dvm - disable: - service.cups - service.cups-browsed - service.tinyproxy - set: - - menu-items: librewolf.desktop + - menu-items: xfce4-terminal.desktop - appmenus-dispvm: True -web--create-vps-admin-qube: +split-web--create-qube: qvm.vm: - - name: web-vps-admin + - name: split-web - present: - - template: tmpl-web - - label: blue + - template: tmpl-split-web + - label: gray - prefs: - - label: blue + - default-dispvm: web-dvm + - netvm: none - features: - set: - - menu-items: librewolf.desktop + - menu-items: split-browser.desktop xterm.desktop - require: - - qvm: web--create-template + - web--create-split-template -web--create-home-admin-qube: - qvm.vm: - - name: web-home-admin - - present: - - template: tmpl-web - - label: blue - - prefs: - - label: blue - - features: - - set: - - menu-items: librewolf.desktop - - require: - - qvm: web--create-template +# web--create-vps-admin-qube: +# qvm.vm: +# - name: web-vps-admin +# - present: +# - template: tmpl-web +# - label: blue +# - features: +# - set: +# - menu-items: librewolf.desktop +# - require: +# - qvm: web--create-template -web--create-banking-qube: - qvm.vm: - - name: web-banking - - present: - - template: tmpl-web - - label: blue - - prefs: - - label: blue - - features: - - set: - - menu-items: librewolf.desktop - - require: - - qvm: web--create-template +# web--create-home-admin-qube: +# qvm.vm: +# - name: web-home-admin +# - present: +# - template: tmpl-web +# - label: blue +# - features: +# - set: +# - menu-items: librewolf.desktop +# - require: +# - qvm: web--create-template -web--create-work-qube: - qvm.vm: - - name: web-work - - present: - - template: tmpl-web - - label: blue - - prefs: - - label: blue - - features: - - set: - - menu-items: librewolf.desktop - - require: - - qvm: web--create-template +# web--create-banking-qube: +# qvm.vm: +# - name: web-banking +# - present: +# - template: tmpl-web +# - label: blue +# - features: +# - set: +# - menu-items: librewolf.desktop +# - require: +# - qvm: web--create-template -web--create-shopping-qube: - qvm.vm: - - name: web-shopping - - present: - - template: tmpl-web - - label: blue - - prefs: - - label: blue - - features: - - set: - - menu-items: librewolf.desktop - - require: - - qvm: web--create-template +# web--create-work-qube: +# qvm.vm: +# - name: web-work +# - present: +# - template: tmpl-web +# - label: blue +# - mem: 6000 +# - vcpus: 4 +# - features: +# - set: +# - menu-items: librewolf.desktop +# - require: +# - qvm: web--create-template + +# web--create-shopping-qube: +# qvm.vm: +# - name: web-shopping +# - present: +# - template: tmpl-web +# - label: blue +# - features: +# - set: +# - menu-items: librewolf.desktop +# - require: +# - qvm: web--create-template diff --git a/web/qvm-tmpl.sls b/web/qvm-tmpl.sls index 1a06153..4aa9730 100644 --- a/web/qvm-tmpl.sls +++ b/web/qvm-tmpl.sls @@ -2,3 +2,8 @@ web--create-template: qvm.clone: - name: tmpl-web - source: debian-12-minimal + +web--create-split-template: + qvm.clone: + - name: tmpl-split-web + - source: debian-12-xfce # TODO make this a minimal template diff --git a/web/tmpl-configure-split-firefox.sls b/web/tmpl-configure-split-firefox.sls new file mode 100644 index 0000000..f740622 --- /dev/null +++ b/web/tmpl-configure-split-firefox.sls @@ -0,0 +1,11 @@ +# Split-browser tries to use torbrowser by default, so we'll disable it +split-web--disable-tor-browser: + cmd.run: + - name: 'mv /etc/split-browser-disp/21-tor-browser.bash /etc/split-browser-disp/21-tor-browser.bash.EXAMPLE' + - creates: '/etc/split-browser-disp/21-tor-browser.bash.EXAMPLE' + +# Enabling the firefox config so split-browser knows where to find the executable +split-web--enable-firefox: + cmd.run: + - name: 'mv /etc/split-browser-disp/22-firefox.bash.EXAMPLE /etc/split-browser-disp/22-firefox.bash' + - creates: '/etc/split-browser-disp/22-firefox.bash' diff --git a/web/tmpl-pkgs.sls b/web/tmpl-pkgs.sls index f02112a..245d7ee 100644 --- a/web/tmpl-pkgs.sls +++ b/web/tmpl-pkgs.sls @@ -1,3 +1,8 @@ +web--tmpl-split-browser-pkgs: + pkg.installed: + - pkgs: + - qubes-repo-contrib + web--tmpl-pkgs: pkg.installed: - pkgs: @@ -6,25 +11,27 @@ web--tmpl-pkgs: - qubes-core-agent-networking - qubes-core-agent-thunar - pulseaudio-qubes + - qubes-split-browser-disp + - firefox-esr -{% if grains['os_family']|lower == 'debian' %} +# {% if grains['os_family']|lower == 'debian' %} -extrepo: - pkg.installed +# extrepo: +# pkg.installed -'http_proxy=http://127.0.0.1:8082 https_proxy=http://127.0.0.1:8082 extrepo enable librewolf': - cmd.run +# 'http_proxy=http://127.0.0.1:8082 https_proxy=http://127.0.0.1:8082 extrepo enable librewolf': +# cmd.run -{% else %} +# {% else %} -'dnf config-manager --add-repo https://rpm.librewolf.net/librewolf-repo.repo': - cmd.run +# 'dnf config-manager --add-repo https://rpm.librewolf.net/librewolf-repo.repo': +# cmd.run -{% endif %} +# {% endif %} -librewolf-updated: - pkg.uptodate: - - refresh: True +# librewolf-updated: +# pkg.uptodate: +# - refresh: True -librewolf: - pkg.installed +# librewolf: +# pkg.installed diff --git a/web/tmpl-split-pkgs.sls b/web/tmpl-split-pkgs.sls new file mode 100644 index 0000000..9903014 --- /dev/null +++ b/web/tmpl-split-pkgs.sls @@ -0,0 +1,13 @@ +split-web--contrib-repo: + pkg.installed: + - pkgs: + - qubes-repo-contrib + +split-web--pkgs: + pkg.installed: + - pkgs: + - qubes-split-browser + # - qubes-core-agent-passwordless-root + # - qubes-mgmt-salt-vm-connector + # - qubes-core-agent-thunar + # - qubes-desktop-linux-common |