mirror of
https://github.com/tommytran732/QubesOS-Scripts
synced 2024-11-25 02:51:33 -05:00
Compare commits
No commits in common. "8ed948c0083cf431e45d976ac1051786755c3110" and "9d23ed263d383f06240be4730977fd7697dd0694" have entirely different histories.
8ed948c008
...
9d23ed263d
11
etc/systemd/system/dnat-to-ns-boot.service
Normal file
11
etc/systemd/system/dnat-to-ns-boot.service
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Run /usr/lib/qubes/qubes-setup-dnat-to-ns 10 seconds after boot
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/bin/sleep 10
|
||||||
|
ExecStart=/usr/bin/systemctl restart systemd-resolved
|
||||||
|
ExecStart=/usr/lib/qubes/qubes-setup-dnat-to-ns
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -23,6 +23,7 @@ sudo systemctl mask debug-shell.service
|
|||||||
sudo systemctl mask kdump.service
|
sudo systemctl mask kdump.service
|
||||||
|
|
||||||
# Setting umask to 077
|
# Setting umask to 077
|
||||||
|
# Note: Qubes does something here that makes the umask for root stay at 022. Need to debug.
|
||||||
umask 077
|
umask 077
|
||||||
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
|
||||||
echo 'umask 077' | sudo tee -a /etc/bashrc
|
echo 'umask 077' | sudo tee -a /etc/bashrc
|
||||||
|
@ -21,17 +21,17 @@ unpriv(){
|
|||||||
sudo dnf config-manager --add-repo https://repo.ivpn.net/stable/fedora/generic/ivpn.repo
|
sudo dnf config-manager --add-repo https://repo.ivpn.net/stable/fedora/generic/ivpn.repo
|
||||||
sudo dnf install -y ivpn-ui
|
sudo dnf install -y ivpn-ui
|
||||||
|
|
||||||
umask 022
|
|
||||||
|
|
||||||
sudo mkdir -p /etc/qubes-bind-dirs.d
|
sudo mkdir -p /etc/qubes-bind-dirs.d
|
||||||
echo 'binds+=( '\'''/etc/opt/ivpn/mutable''\'' )' | sudo tee /etc/qubes-bind-dirs.d/50_user.conf
|
echo 'binds+=( '\'''/etc/opt/ivpn/mutable''\'' )' | sudo tee /etc/qubes-bind-dirs.d/50_user.conf
|
||||||
|
|
||||||
sudo mkdir /-p etc/systemd/system/systemd-resolved.service.d
|
sudo mkdir /-p etc/systemd/system/systemd-resolved.service.d
|
||||||
unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/systemd-resolved.service.d/override.conf | sudo tee /etc/systemd/system/systemd-resolved.service.d/override.conf
|
unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/systemd-resolved.service.d/override.conf | sudo tee /etc/systemd/system/systemd-resolved.service.d/override.conf
|
||||||
|
|
||||||
|
unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/dnat-to-ns-boot.service | sudo tee /etc/systemd/system/dnat-to-ns-boot.service
|
||||||
unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/dnat-to-ns.service | sudo tee /etc/systemd/system/dnat-to-ns.service
|
unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/dnat-to-ns.service | sudo tee /etc/systemd/system/dnat-to-ns.service
|
||||||
unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/dnat-to-ns.path | sudo tee /etc/systemd/system/dnat-to-ns.path
|
unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/dnat-to-ns.path | sudo tee /etc/systemd/system/dnat-to-ns.path
|
||||||
|
|
||||||
|
sudo systemctl enable dnat-to-ns-boot.service
|
||||||
sudo systemctl enable dnat-to-ns.path
|
sudo systemctl enable dnat-to-ns.path
|
||||||
|
|
||||||
# Follow these instructions on how to set up the ProxyVM: https://privsec.dev/posts/qubes/using-ivpn-on-qubes-os/#creating-the-proxyvm
|
# Follow these instructions on how to set up the ProxyVM: https://privsec.dev/posts/qubes/using-ivpn-on-qubes-os/#creating-the-proxyvm
|
@ -14,6 +14,7 @@
|
|||||||
# License for the specific language governing permissions and limitations under
|
# License for the specific language governing permissions and limitations under
|
||||||
# the License.
|
# the License.
|
||||||
|
|
||||||
|
# Note: Qubes does something that makes the umask for root stay at 022. Need to debug. The umask commands are unnecessary for now.
|
||||||
umask 022
|
umask 022
|
||||||
|
|
||||||
# Install Edge
|
# Install Edge
|
||||||
|
@ -21,8 +21,6 @@ unpriv(){
|
|||||||
sudo dnf config-manager --add-repo https://repository.mullvad.net/rpm/stable/mullvad.repo
|
sudo dnf config-manager --add-repo https://repository.mullvad.net/rpm/stable/mullvad.repo
|
||||||
sudo dnf install -y mullvad-vpn
|
sudo dnf install -y mullvad-vpn
|
||||||
|
|
||||||
umask 022
|
|
||||||
|
|
||||||
sudo mkdir -p /etc/qubes-bind-dirs.d
|
sudo mkdir -p /etc/qubes-bind-dirs.d
|
||||||
echo 'binds+=( '\'''/etc/mullvad-vpn''\'' )' | sudo tee /etc/qubes-bind-dirs.d/50_user.conf
|
echo 'binds+=( '\'''/etc/mullvad-vpn''\'' )' | sudo tee /etc/qubes-bind-dirs.d/50_user.conf
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user