install.fairie/docs/scripts/before/run_onchange_before_17-install-mirage-firewall.sh.tmpl.md
2023-11-05 01:46:18 +00:00

2.5 KiB

title description sidebar_label slug githubLocation scriptLocation repoLocation
Qubes Mirage Firewall Ensures the Mirage firewall kernel VM is installed in dom0 17 Qubes Mirage Firewall /scripts/before/run_onchange_before_17-install-mirage-firewall.sh.tmpl https://github.com/megabyte-labs/install.doctor/blob/master/home/.chezmoiscripts/universal/run_onchange_before_17-install-mirage-firewall.sh.tmpl https://github.com/megabyte-labs/install.doctor/raw/master/home/.chezmoiscripts/universal/run_onchange_before_17-install-mirage-firewall.sh.tmpl home/.chezmoiscripts/universal/run_onchange_before_17-install-mirage-firewall.sh.tmpl

Qubes Mirage Firewall

Ensures the Mirage firewall kernel VM is installed in dom0

Overview

This script first ensures the TemplateVMs are updated and then downloads the Mirage firewall. It configures Mirage firewall so it can be used as a unikernel firewall VM.

Source Code

{{- if (eq .host.distro.id "qubes") -}}
#!/usr/bin/env bash
# @file Qubes Mirage Firewall
# @brief Ensures the Mirage firewall kernel VM is installed in dom0
# @description
#     This script first ensures the TemplateVMs are updated and then downloads the Mirage firewall. It configures
#     Mirage firewall so it can be used as a unikernel firewall VM.

### Update TemplateVMs
logg info 'Updating TemplateVMs via qubesctl'
timeout 900 qubesctl --show-output --skip-dom0 --templates state.sls update.qubes-vm

### Ensure mirage-firewall kernel folder setup
if [ ! -d /var/lib/qubes/vm-kernels/mirage-firewall ]; then
  logg info 'Creating the /var/lib/qubes/vm-kernels/mirage-firewall directory'
  sudo mkdir -p /var/lib/qubes/vm-kernels/mirage-firewall
fi

### Install the mirage-firewall kernel
if [ ! -f /var/lib/qubes/vm-kernels/mirage-firewall/vmlinuz ]; then
  logg info 'Downloading the pre-compiled mirage firewall kernel in the {{ .qubes.provisionVM }} VM'
  qvm-run provision 'curl -sSL {{ .qubes.mirageUrl }} > ~/Downloads/mirage-firewall.tar.gz && tar xjf ~/Downloads/mirage-firewall.tar.gz -C ~/Downloads'
  logg info 'Transferring mirage-firewall kernel to dom0 from the {{ .qubes.provisionVM }} VM'
  qvm-run --pass-io {{ .qubes.provisionVM }} 'cat /home/user/Downloads/mirage-firewall/vmlinuz' > /var/lib/qubes/vm-kernels/mirage-firewall/vmlinuz
fi

### Create dummy initrmfs for the mirage-firewall kernel
if [ ! -f/var/lib/qubes/vm-kernels/mirage-firewall/initramfs ]; then
  logg info 'Adding dummy initrmfs file to the mirage-firewall kernel folder'
  gzip -n9 < /dev/null > /var/lib/qubes/vm-kernels/mirage-firewall/initramfs
fi
{{ end -}}