MirageOS, Split SSH, Docker fixes, and minor updates

Signed-off-by: tommytran732 <contact@tommytran.io>
2022-08-12 04:17:07 -04:00
parent 12e8e1ede5
commit c542a1fec6
9 changed files with 58 additions and 12 deletions
--- a/fedora/development-appvm.sh
+++ b/fedora/development-appvm.sh
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-#Run this in the appVM
-sudo mkdir -p /etc/qubes-bind-dirs.d
-sudo tee /etc/qubes-bind-dirs.d50_user.conf << EOF > /dev/null
-binds+=( '/var/lib/docker' )
-binds+=( '/etc/docker' )
-EOF
--- a/fedora/development.sh
+++ b/fedora/development.sh
@@ -9,4 +9,10 @@ sudo dnf config-manager --add-repo https://download.docker.com/linux/fedora/dock
 sudo dnf install docker-ce docker-compose-plugin github-desktop code java-latest-openjdk hugo
 sudo systemctl enable --now docker
 sudo usermod -aG docker $USER
-newgrp docker
+newgrp docker
+
+sudo mkdir -p /etc/qubes-bind-dirs.d
+sudo tee /etc/qubes-bind-dirs.d50_user.conf << EOF > /dev/null
+binds+=( '/var/lib/docker' )
+binds+=( '/etc/docker' )
+EOF
--- a/fedora/games.sh
+++ b/fedora/games.sh
@@ -3,4 +3,4 @@
 echo "color-scheme='prefer-dark'" | sudo tee -a /etc/dconf/local.d/custom
 sudo dconf update

-sudo dnf install -y gnome-chess gnome-2048
+sudo dnf install -y gnome-chess gnome-2048 gnome-mines
--- a/fedora/sysadmin-AppVM.sh
+++ b/fedora/sysadmin-AppVM.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+#Run this in an AppVM, not a TemplateVM
+
+echo '# SPLIT SSH CONFIGURATION >>>
+# replace "vault" with your AppVM name which stores the ssh private key(s)
+SSH_VAULT_VM="vault"
+
+if [ "$SSH_VAULT_VM" != "" ]; then
+  export SSH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
+  rm -f "$SSH_SOCK"
+  sudo -u user /bin/sh -c "umask 177 && exec socat 'UNIX-LISTEN:$SSH_SOCK,fork' 'EXEC:qrexec-client-vm $SSH_VAULT_VM qubes.SshAgent'" &
+fi
+# <<< SPLIT SSH CONFIGURATION' | sudo tee -a /rw/config/rc.local
+
+echo '# SPLIT SSH CONFIGURATION >>>
+# replace "vault" with your AppVM name which stores the ssh private key(s)
+SSH_VAULT_VM="vault"
+
+if [ "$SSH_VAULT_VM" != "" ]; then
+  export SSH_AUTH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
+fi
+# <<< SPLIT SSH CONFIGURATION' | tee -a ~/.bashrc
--- a/fedora/vault.sh
+++ b/fedora/vault.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+echo '#!/bin/sh
+# Qubes App Split SSH Script
+
+# Activate GPG Agent and set the correct SSH socket
+export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
+gpgconf --launch gpg-agent
+
+# safeguard - Qubes notification bubble for each ssh request
+notify-send "[$(qubesdb-read /name)] SSH agent access from: $QREXEC_REMOTE_DOMAIN"
+
+# SSH connection
+socat - "UNIX-CONNECT:$SSH_AUTH_SOCK"' | sudo tee /etc/qubes-rpc/qubes.SshAgent
+
+sudo chmod +x /etc/qubes-rpc/qubes.SshAgent