Update 19 files

- /home/.chezmoiscripts/darwin/run_onchange_after_10-configure-macos.sh.tmpl
- /home/.chezmoiscripts/darwin/run_onchange_after_20-ensure-zsh-macos.sh.tmpl
- /home/.chezmoiscripts/darwin/run_onchange_after_21-set-wallpaper.sh.tmpl
- /home/.chezmoiscripts/darwin/run_onchange_before_10-install-darwin-dependencies.sh.tmpl
- /home/.chezmoiscripts/darwin/run_onchange_before_20-ensure-user-group.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_10-configure-macos.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_20-ensure-zsh-macos.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_after_21-set-wallpaper.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_before_10-install-darwin-dependencies.sh.tmpl
- /home/.chezmoiscripts/universal/run_onchange_before_20-ensure-user-group.sh.tmpl
- /home/.chezmoiscripts/qubes/run_onchange_after_11-set-wallpaper.sh.tmpl
- /home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui.sh.tmpl
- /home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb.sh.tmpl
- /home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall.sh.tmpl
- /home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms.sh.tmpl
- /home/.chezmoiscripts/qubes/run_onchange_before_15-install-unofficial-templates.sh.tmpl
- /home/.chezmoiscripts/qubes/run_onchange_before_14-ensure-minimal-vms-passwordless.sh.tmpl
- /home/.chezmoiscripts/qubes/run_onchange_before_13-install-official-templates.sh.tmpl
- /home/.chezmoiscripts/qubes/run_onchange_before_12-update-dom0.sh.tmpl
This commit is contained in:
Brian Zalewski 2023-04-15 23:18:34 +00:00
parent 380a546e8d
commit a5b4203496
14 changed files with 18 additions and 0 deletions

View file

@ -1,3 +1,4 @@
{{- if (eq .host.distro.id "qubes") -}}
#!/usr/bin/env bash #!/usr/bin/env bash
# @file Qubes Set Wallpaper # @file Qubes Set Wallpaper
# @brief Ensures the Qubes wallpaper is set to the Betelgeuse wallpaper for Qubes. # @brief Ensures the Qubes wallpaper is set to the Betelgeuse wallpaper for Qubes.
@ -6,3 +7,4 @@
# using the `ksetwallpaper` script found in `~/.local/bin/ksetwallpaper`. # using the `ksetwallpaper` script found in `~/.local/bin/ksetwallpaper`.
ksetwallpaper --file /usr/local/share/wallpapers/Betelgeuse/contents/images/3440x1440.jpg ksetwallpaper --file /usr/local/share/wallpapers/Betelgeuse/contents/images/3440x1440.jpg
{{ end -}}

View file

@ -1,3 +1,4 @@
{{- if (eq .host.distro.id "qubes") -}}
#!/usr/bin/env bash #!/usr/bin/env bash
# @file Qubes Update dom0 # @file Qubes Update dom0
# @brief Ensures Qubes dom0 is up-to-date, includes all the Qubes repository definitions, and that `sys-whonix` is running # @brief Ensures Qubes dom0 is up-to-date, includes all the Qubes repository definitions, and that `sys-whonix` is running
@ -35,3 +36,4 @@ done
### Ensure sys-whonix is running ### Ensure sys-whonix is running
logg info 'Ensuring `sys-whonix` is running' logg info 'Ensuring `sys-whonix` is running'
qvm-start sys-whonix --skip-if-running qvm-start sys-whonix --skip-if-running
{{ end -}}

View file

@ -1,3 +1,4 @@
{{- if (eq .host.distro.id "qubes") -}}
#!/usr/bin/env bash #!/usr/bin/env bash
# @file Qubes Install Templates # @file Qubes Install Templates
# @brief Ensures the templates defined in `.qubes.templates` in the `home/.chezmoidata.yaml` file are installed # @brief Ensures the templates defined in `.qubes.templates` in the `home/.chezmoidata.yaml` file are installed
@ -11,3 +12,4 @@ for TEMPLATE of {{ .qubes.templates | toString | replace "[" "" | replace "]" ""
sudo qubes-dom0-update "qubes-template-$TEMPLATE" sudo qubes-dom0-update "qubes-template-$TEMPLATE"
fi fi
done done
{{ end -}}

View file

@ -1,3 +1,4 @@
{{- if (eq .host.distro.id "qubes") -}}
#!/usr/bin/env bash #!/usr/bin/env bash
# @file Qubes Passwordless Templates # @file Qubes Passwordless Templates
# @brief Ensures the minimal templates defined in `.qubes.templates` in the `home/.chezmoidata.yaml` file are configured to be passwordless # @brief Ensures the minimal templates defined in `.qubes.templates` in the `home/.chezmoidata.yaml` file are configured to be passwordless
@ -18,3 +19,4 @@ for TEMPLATE of {{ .qubes.templates | toString | replace "[" "" | replace "]" ""
fi fi
fi fi
done done
{{ end -}}

View file

@ -1,3 +1,4 @@
{{- if (eq .host.distro.id "qubes") -}}
#!/usr/bin/env bash #!/usr/bin/env bash
# @file Qubes Passwordless Templates # @file Qubes Passwordless Templates
# @brief Ensures unofficial templates defined in `.qubes.templatesUnofficial` in the `home/.chezmoidata.yaml` file are made available to dom0 # @brief Ensures unofficial templates defined in `.qubes.templatesUnofficial` in the `home/.chezmoidata.yaml` file are made available to dom0
@ -24,3 +25,4 @@ for TEMPLATE_URL of {{ .qubes.templatesUnofficial | toString | replace "[" "" |
logg info "$TEMPLATE is already installed" logg info "$TEMPLATE is already installed"
fi fi
done done
{{ end -}}

View file

@ -1,3 +1,4 @@
{{- if (eq .host.distro.id "qubes") -}}
#!/usr/bin/env bash #!/usr/bin/env bash
# @file Qubes Update TemplateVMs # @file Qubes Update TemplateVMs
# @brief Ensures the templates available in dom0 are all up-to-date # @brief Ensures the templates available in dom0 are all up-to-date
@ -9,3 +10,4 @@
### Update TemplateVMs ### Update TemplateVMs
logg info 'Updating TemplateVMs via `qubesctl`' logg info 'Updating TemplateVMs via `qubesctl`'
timeout 900 qubesctl --show-output --skip-dom0 --templates state.sls update.qubes-vm timeout 900 qubesctl --show-output --skip-dom0 --templates state.sls update.qubes-vm
{{ end -}}

View file

@ -1,3 +1,4 @@
{{- if (eq .host.distro.id "qubes") -}}
#!/usr/bin/env bash #!/usr/bin/env bash
# @file Qubes Mirage Firewall # @file Qubes Mirage Firewall
# @brief Ensures the Mirage firewall kernel VM is installed in dom0 # @brief Ensures the Mirage firewall kernel VM is installed in dom0
@ -28,3 +29,4 @@ if [ ! -f/var/lib/qubes/vm-kernels/mirage-firewall/initramfs ]; then
logg info 'Adding dummy initrmfs file to the mirage-firewall kernel folder' logg info 'Adding dummy initrmfs file to the mirage-firewall kernel folder'
gzip -n9 < /dev/null > /var/lib/qubes/vm-kernels/mirage-firewall/initramfs gzip -n9 < /dev/null > /var/lib/qubes/vm-kernels/mirage-firewall/initramfs
fi fi
{{ end -}}

View file

@ -1,3 +1,4 @@
{{- if (eq .host.distro.id "qubes") -}}
#!/usr/bin/env bash #!/usr/bin/env bash
# @file Qubes `sys-usb` # @file Qubes `sys-usb`
# @brief Enables `sys-usb` and configures it with ideal security settings # @brief Enables `sys-usb` and configures it with ideal security settings
@ -27,3 +28,4 @@ fi
### Configure USB mouse settings ### Configure USB mouse settings
logg info 'Ensuring newly connected USB mouse devices are only allowed to connect after a prompt is accepted' logg info 'Ensuring newly connected USB mouse devices are only allowed to connect after a prompt is accepted'
echo "sys-usb dom0 ask,default_target=dom0" | sudo tee /etc/qubes-rpc/policy/qubes.InputMouse echo "sys-usb dom0 ask,default_target=dom0" | sudo tee /etc/qubes-rpc/policy/qubes.InputMouse
{{ end -}}

View file

@ -1,3 +1,4 @@
{{- if (eq .host.distro.id "qubes") -}}
#!/usr/bin/env bash #!/usr/bin/env bash
# @file Qubes `sys-gui-gpu` # @file Qubes `sys-gui-gpu`
# @brief Enables `sys-gui-gpu` if a compatible GPU controller is found on Qubes dom0 # @brief Enables `sys-gui-gpu` if a compatible GPU controller is found on Qubes dom0
@ -29,3 +30,4 @@ elif qvm-pci list | grep 'VGA compatible controller' | grep 'NVIDIA'; then
qvm-pci attach sys-gui-gpu "$ID" --persistent -o permissive=true qvm-pci attach sys-gui-gpu "$ID" --persistent -o permissive=true
done done
fi fi
{{ end -}}