2024-11-25 02:51:33 -05:00
5 changed files with 15 additions and 4 deletions
--- a/etc/systemd/system/dnat-to-ns-boot.service
+++ b/etc/systemd/system/dnat-to-ns-boot.service
@ -0,0 +1,11 @@
+[Unit]
+Description=Run /usr/lib/qubes/qubes-setup-dnat-to-ns 10 seconds after boot
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/sleep 10
+ExecStart=/usr/bin/systemctl restart systemd-resolved
+ExecStart=/usr/lib/qubes/qubes-setup-dnat-to-ns
+
+[Install]
+WantedBy=multi-user.target
--- a/fedora-gnome/fedora-gnome.sh
+++ b/fedora-gnome/fedora-gnome.sh
@ -23,6 +23,7 @@ sudo systemctl mask debug-shell.service
 sudo systemctl mask kdump.service

 # Setting umask to 077
+# Note: Qubes does something here that makes the umask for root stay at 022. Need to debug.
 umask 077
 sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
 echo 'umask 077' | sudo tee -a /etc/bashrc
--- a/fedora-gnome/ivpn.sh
+++ b/fedora-gnome/ivpn.sh
@ -21,17 +21,17 @@ unpriv(){
 sudo dnf config-manager --add-repo https://repo.ivpn.net/stable/fedora/generic/ivpn.repo
 sudo dnf install -y ivpn-ui

-umask 022
-
 sudo mkdir -p /etc/qubes-bind-dirs.d
 echo 'binds+=( '\'''/etc/opt/ivpn/mutable''\'' )' | sudo tee /etc/qubes-bind-dirs.d/50_user.conf 

 sudo mkdir /-p etc/systemd/system/systemd-resolved.service.d
 unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/systemd-resolved.service.d/override.conf | sudo tee /etc/systemd/system/systemd-resolved.service.d/override.conf

+unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/dnat-to-ns-boot.service | sudo tee /etc/systemd/system/dnat-to-ns-boot.service
 unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/dnat-to-ns.service | sudo tee /etc/systemd/system/dnat-to-ns.service
 unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/dnat-to-ns.path | sudo tee /etc/systemd/system/dnat-to-ns.path

+sudo systemctl enable dnat-to-ns-boot.service
 sudo systemctl enable dnat-to-ns.path

 # Follow these instructions on how to set up the ProxyVM: https://privsec.dev/posts/qubes/using-ivpn-on-qubes-os/#creating-the-proxyvm
--- a/fedora-gnome/microsoft-edge.sh
+++ b/fedora-gnome/microsoft-edge.sh
@ -14,6 +14,7 @@
 # License for the specific language governing permissions and limitations under
 # the License.

+# Note: Qubes does something that makes the umask for root stay at 022. Need to debug. The umask commands are unnecessary for now.
 umask 022

 # Install Edge
--- a/fedora-gnome/mullvad.sh
+++ b/fedora-gnome/mullvad.sh
@ -21,8 +21,6 @@ unpriv(){
 sudo dnf config-manager --add-repo https://repository.mullvad.net/rpm/stable/mullvad.repo
 sudo dnf install -y mullvad-vpn

-umask 022
-
 sudo mkdir -p /etc/qubes-bind-dirs.d
 echo 'binds+=( '\'''/etc/mullvad-vpn''\'' )' | sudo tee /etc/qubes-bind-dirs.d/50_user.conf