Skip to content

ZzMzaw/qubesos-scripts

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 

Repository files navigation

My QubesOS scripts

This repository regroups usefull scripts I developed in order to customize my Qubes OS installation.

sync-salt-dom0-from-vm.sh

This script is used to synchronize pillars, formulas and states from a virtual machine to dom0.

!!! WARNING !!! - Using this script could compromise/corrupt dom0

dom0 is isolated from anything else and has no easy way to transfer stuff from a VM for a very good reason:

A compromise of dom0 implies a compromise of the entire system.

You should verify twice what you will copy to dom0 and copy from a VM as safe as possible (disposable VM can be an option).

BEWARE this sync script pushes some entire folders hierarchy to dom0.

What does sync script do

Sync script pulls pillars, formulas and states from source domain <domain> to dom0. Pillars, formulas and states must all be part of the base salt environment to take advantage of the built-in modules and formulas.

Regarding pillars and states, myq folder is recursively copied (i.e. children are included) from respective source folders qubesos-pillars and qubesos-states. They are pushed to folders /srv/pillar and /srv/salt respectively to make sure they will be loaded in base salt environment with the built-in Qubes OS salt configuration.

Regarding formulas, the myq folder, if any, is recursively copied (i.e. children are included) from every folder ending with -formula in source folder qubesos-formulas. -formula folder is included in the copy with only the myq folder in it so formula won’t be copied unless it contain the expected myq folder. They are pushed to folder /srv/formulas/myq and the generated configuration loads them in the base salt environment.

Deploy sync script

Move sync script to dom0 by executing following command in dom0 after replacing ${SRC_VM} and ${SRC_DIR} as per your environment:

qvm-run --pass-io ${SRC_VM} "cat ${SRC_DIR}/sync-salt-dom0-from.sh" > sync-salt-dom0-from.sh
chmod u+x sync-salt-dom0-from.sh

Use sync script

Just execute the script with root privileges in dom0:

sudo ./sync-salt-dom0-from.sh <source-domain>

More arguments exist, look at the help for more details:

sudo ./sync-salt-dom0-from.sh -h

About

Scripts used to customize Qubes OS

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages