1
0
mirror of https://github.com/tommytran732/QubesOS-Scripts synced 2024-11-04 18:11:34 -05:00

MirageOS, Split SSH, Docker fixes, and minor updates

Signed-off-by: tommytran732 <contact@tommytran.io>
This commit is contained in:
tommytran732 2022-08-12 04:17:07 -04:00
parent 12e8e1ede5
commit c542a1fec6
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
9 changed files with 58 additions and 12 deletions

View File

@ -16,9 +16,12 @@ qvm-service --enable work qubes-u2f-proxy
echo "export QT_QPA_PLATFORMTHEME=gtk2" | sudo tee /etc/environment
#Obviously replace vault-gpg with the actual GPG backend that you are using https://www.qubes-os.org/doc/split-gpg/
#Obviously replace vault with the actual GPG backend that you are using https://www.qubes-os.org/doc/split-gpg/
echo "emails vault allow" | sudo tee /etc/qubes-rpc/policy/qubes.Gpg
echo "@anyvm @anyvm ask,default_target=vault-gpg" | sudo tee -a /etc/qubes-rpc/policy/qubes.Gpg
echo "@anyvm @anyvm ask,default_target=vault" | sudo tee -a /etc/qubes-rpc/policy/qubes.Gpg
#Same thing, but for split SSH. No default allow here because here though because there will not be a timeout or anything like that.
echo "@anyvm @anyvm ask,default_target=vault" | sudo tee /etc/qubes-rpc/policy/qubes.SshAgent
#Enabling VMAuth - if you want to get the prompt you will still need to configure the guest VMs tho
echo "/usr/bin/echo 1" | sudo tee /etc/qubes-rpc/qubes.VMAuth

View File

@ -1,3 +1,4 @@
#!/bin/bash
#This is a bit meh, use MiargeOS instead if you can.
sudo dnf install -y qubes-core-agent-networking qubes-core-agent-dom0-updates

View File

@ -1,8 +0,0 @@
#!/bin/bash
#Run this in the appVM
sudo mkdir -p /etc/qubes-bind-dirs.d
sudo tee /etc/qubes-bind-dirs.d50_user.conf << EOF > /dev/null
binds+=( '/var/lib/docker' )
binds+=( '/etc/docker' )
EOF

View File

@ -9,4 +9,10 @@ sudo dnf config-manager --add-repo https://download.docker.com/linux/fedora/dock
sudo dnf install docker-ce docker-compose-plugin github-desktop code java-latest-openjdk hugo
sudo systemctl enable --now docker
sudo usermod -aG docker $USER
newgrp docker
newgrp docker
sudo mkdir -p /etc/qubes-bind-dirs.d
sudo tee /etc/qubes-bind-dirs.d50_user.conf << EOF > /dev/null
binds+=( '/var/lib/docker' )
binds+=( '/etc/docker' )
EOF

View File

@ -3,4 +3,4 @@
echo "color-scheme='prefer-dark'" | sudo tee -a /etc/dconf/local.d/custom
sudo dconf update
sudo dnf install -y gnome-chess gnome-2048
sudo dnf install -y gnome-chess gnome-2048 gnome-mines

23
fedora/sysadmin-AppVM.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
#Run this in an AppVM, not a TemplateVM
echo '# SPLIT SSH CONFIGURATION >>>
# replace "vault" with your AppVM name which stores the ssh private key(s)
SSH_VAULT_VM="vault"
if [ "$SSH_VAULT_VM" != "" ]; then
export SSH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
rm -f "$SSH_SOCK"
sudo -u user /bin/sh -c "umask 177 && exec socat 'UNIX-LISTEN:$SSH_SOCK,fork' 'EXEC:qrexec-client-vm $SSH_VAULT_VM qubes.SshAgent'" &
fi
# <<< SPLIT SSH CONFIGURATION' | sudo tee -a /rw/config/rc.local
echo '# SPLIT SSH CONFIGURATION >>>
# replace "vault" with your AppVM name which stores the ssh private key(s)
SSH_VAULT_VM="vault"
if [ "$SSH_VAULT_VM" != "" ]; then
export SSH_AUTH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
fi
# <<< SPLIT SSH CONFIGURATION' | tee -a ~/.bashrc

16
fedora/vault.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
echo '#!/bin/sh
# Qubes App Split SSH Script
# Activate GPG Agent and set the correct SSH socket
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
gpgconf --launch gpg-agent
# safeguard - Qubes notification bubble for each ssh request
notify-send "[$(qubesdb-read /name)] SSH agent access from: $QREXEC_REMOTE_DOMAIN"
# SSH connection
socat - "UNIX-CONNECT:$SSH_AUTH_SOCK"' | sudo tee /etc/qubes-rpc/qubes.SshAgent
sudo chmod +x /etc/qubes-rpc/qubes.SshAgent

5
mirageos/README.md Normal file
View File

@ -0,0 +1,5 @@
# MirageOS
This is my own build of MirageOS 3.10. As of this writing, the Dockerfile on the main branch of Mirage is broken, so the SHA256SUm will not match with what they have officially.
The SHA256Sum of this build is `0342f3a1c450cfa46de07d3f3181afd1cd4d17d731bfe3b022eec35009539416`.

BIN
mirageos/vmlinuz Executable file

Binary file not shown.