mirror of
https://github.com/tommytran732/QubesOS-Scripts
synced 2024-11-04 18:11:34 -05:00
MirageOS, Split SSH, Docker fixes, and minor updates
Signed-off-by: tommytran732 <contact@tommytran.io>
This commit is contained in:
parent
12e8e1ede5
commit
c542a1fec6
7
dom0.sh
7
dom0.sh
@ -16,9 +16,12 @@ qvm-service --enable work qubes-u2f-proxy
|
||||
|
||||
echo "export QT_QPA_PLATFORMTHEME=gtk2" | sudo tee /etc/environment
|
||||
|
||||
#Obviously replace vault-gpg with the actual GPG backend that you are using https://www.qubes-os.org/doc/split-gpg/
|
||||
#Obviously replace vault with the actual GPG backend that you are using https://www.qubes-os.org/doc/split-gpg/
|
||||
echo "emails vault allow" | sudo tee /etc/qubes-rpc/policy/qubes.Gpg
|
||||
echo "@anyvm @anyvm ask,default_target=vault-gpg" | sudo tee -a /etc/qubes-rpc/policy/qubes.Gpg
|
||||
echo "@anyvm @anyvm ask,default_target=vault" | sudo tee -a /etc/qubes-rpc/policy/qubes.Gpg
|
||||
|
||||
#Same thing, but for split SSH. No default allow here because here though because there will not be a timeout or anything like that.
|
||||
echo "@anyvm @anyvm ask,default_target=vault" | sudo tee /etc/qubes-rpc/policy/qubes.SshAgent
|
||||
|
||||
#Enabling VMAuth - if you want to get the prompt you will still need to configure the guest VMs tho
|
||||
echo "/usr/bin/echo 1" | sudo tee /etc/qubes-rpc/qubes.VMAuth
|
||||
|
@ -1,3 +1,4 @@
|
||||
#!/bin/bash
|
||||
|
||||
#This is a bit meh, use MiargeOS instead if you can.
|
||||
sudo dnf install -y qubes-core-agent-networking qubes-core-agent-dom0-updates
|
||||
|
@ -1,8 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
#Run this in the appVM
|
||||
sudo mkdir -p /etc/qubes-bind-dirs.d
|
||||
sudo tee /etc/qubes-bind-dirs.d50_user.conf << EOF > /dev/null
|
||||
binds+=( '/var/lib/docker' )
|
||||
binds+=( '/etc/docker' )
|
||||
EOF
|
@ -9,4 +9,10 @@ sudo dnf config-manager --add-repo https://download.docker.com/linux/fedora/dock
|
||||
sudo dnf install docker-ce docker-compose-plugin github-desktop code java-latest-openjdk hugo
|
||||
sudo systemctl enable --now docker
|
||||
sudo usermod -aG docker $USER
|
||||
newgrp docker
|
||||
newgrp docker
|
||||
|
||||
sudo mkdir -p /etc/qubes-bind-dirs.d
|
||||
sudo tee /etc/qubes-bind-dirs.d50_user.conf << EOF > /dev/null
|
||||
binds+=( '/var/lib/docker' )
|
||||
binds+=( '/etc/docker' )
|
||||
EOF
|
@ -3,4 +3,4 @@
|
||||
echo "color-scheme='prefer-dark'" | sudo tee -a /etc/dconf/local.d/custom
|
||||
sudo dconf update
|
||||
|
||||
sudo dnf install -y gnome-chess gnome-2048
|
||||
sudo dnf install -y gnome-chess gnome-2048 gnome-mines
|
23
fedora/sysadmin-AppVM.sh
Normal file
23
fedora/sysadmin-AppVM.sh
Normal file
@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
|
||||
#Run this in an AppVM, not a TemplateVM
|
||||
|
||||
echo '# SPLIT SSH CONFIGURATION >>>
|
||||
# replace "vault" with your AppVM name which stores the ssh private key(s)
|
||||
SSH_VAULT_VM="vault"
|
||||
|
||||
if [ "$SSH_VAULT_VM" != "" ]; then
|
||||
export SSH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
|
||||
rm -f "$SSH_SOCK"
|
||||
sudo -u user /bin/sh -c "umask 177 && exec socat 'UNIX-LISTEN:$SSH_SOCK,fork' 'EXEC:qrexec-client-vm $SSH_VAULT_VM qubes.SshAgent'" &
|
||||
fi
|
||||
# <<< SPLIT SSH CONFIGURATION' | sudo tee -a /rw/config/rc.local
|
||||
|
||||
echo '# SPLIT SSH CONFIGURATION >>>
|
||||
# replace "vault" with your AppVM name which stores the ssh private key(s)
|
||||
SSH_VAULT_VM="vault"
|
||||
|
||||
if [ "$SSH_VAULT_VM" != "" ]; then
|
||||
export SSH_AUTH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
|
||||
fi
|
||||
# <<< SPLIT SSH CONFIGURATION' | tee -a ~/.bashrc
|
16
fedora/vault.sh
Normal file
16
fedora/vault.sh
Normal file
@ -0,0 +1,16 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo '#!/bin/sh
|
||||
# Qubes App Split SSH Script
|
||||
|
||||
# Activate GPG Agent and set the correct SSH socket
|
||||
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
|
||||
gpgconf --launch gpg-agent
|
||||
|
||||
# safeguard - Qubes notification bubble for each ssh request
|
||||
notify-send "[$(qubesdb-read /name)] SSH agent access from: $QREXEC_REMOTE_DOMAIN"
|
||||
|
||||
# SSH connection
|
||||
socat - "UNIX-CONNECT:$SSH_AUTH_SOCK"' | sudo tee /etc/qubes-rpc/qubes.SshAgent
|
||||
|
||||
sudo chmod +x /etc/qubes-rpc/qubes.SshAgent
|
5
mirageos/README.md
Normal file
5
mirageos/README.md
Normal file
@ -0,0 +1,5 @@
|
||||
# MirageOS
|
||||
|
||||
This is my own build of MirageOS 3.10. As of this writing, the Dockerfile on the main branch of Mirage is broken, so the SHA256SUm will not match with what they have officially.
|
||||
|
||||
The SHA256Sum of this build is `0342f3a1c450cfa46de07d3f3181afd1cd4d17d731bfe3b022eec35009539416`.
|
BIN
mirageos/vmlinuz
Executable file
BIN
mirageos/vmlinuz
Executable file
Binary file not shown.
Loading…
Reference in New Issue
Block a user