feat(qubes): Split SSH

2024-10-13 19:34:23 +02:00 · 2024-10-13 19:34:23 +02:00 · b836555422
commit b836555422
parent 55c26eb17a
4 changed files with 48 additions and 91 deletions
--- a/.README.md
+++ b/.README.md
@ -112,6 +112,12 @@ for file in ${BKDIR%/}/*(D); {
  vimdiff ${file} ./${file#${BKDIR}} }
 ```

+To _upgrade_ to SSH (not compatible with Qubes proxy):
+
+```sh
+dotfiles remote set-url origin ssh://gitea@forge.chapril.org:222/michel_ouba/points.git
+```
+
 When the `fetch` configuration is not set, insert the following line in the
 _remote_ section of `.dotfiles/config`:

@ -185,6 +191,16 @@ source ~/.zshrc

 TODO: Insert random part in filenames.

+### AppVM without sys-net
+
+```sh
+ # In TemplateVM:
+qvm-copy .asdf .zim
+ # In AppVM:
+asdf direnv setup --version latest
+asdf global direnv 2.34.X
+```
+
 ## ASDF & main plugins {#asdf}

 `.zshrc` will install `asdf`.
--- a/.xsessionrc
+++ b/.xsessionrc
@ -1,8 +1,8 @@
 # https://wiki.debian.org/Xsession
 LOG=$HOME/.xsessionrc.log
+rm -f $LOG
 touch $LOG

-export NC_STORAGE=$HOME/NC-Michel/Linux/michdell
-export ALT_HISTORY_FILE=$HOME/NC-Michel/Linux/VQubes/history
+export SSH_VAULT_VM="keepassXC"

 export >> $LOG
--- a/.zshrc
+++ b/.zshrc
@ -244,16 +244,6 @@ lg()
  fi
 }

-# Kitty
-#
-hg () { kitten hyperlinked_grep "$@" }
-compdef hg=rg
-
-# Neovim — nvim
-#
-# To choose an existing instance for nvr, use:
-#   `export NVIM=$(nvr --serverlist | fzf --exit-0 --select-1) && echo $NVIM`
-

 # nnn - n³
 #
@ -358,6 +348,18 @@ bindkey -M vicmd '\en' nnn-file-widget
 bindkey -M viins '\en' nnn-file-widget


+# SSH
+#
+if [[ -n "$SSH_VAULT_VM" ]]; then
+  # Qubes Split SSH
+  export SSH_AUTH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
+  [[ -v SSH_AGENT_PID ]] && { kill $SSH_AGENT_PID; unset SSH_AGENT_PID }
+else
+  # KeePassXC SSH Agent
+  [[ -v SSH_AUTH_SOCK ]] || export SSH_AUTH_SOCK=$(echo /tmp/ssh-*/agent.*(U))
+fi
+
+
 # Whiptail helper
 #
 # see https://stackoverflow.com/questions/1970180/whiptail-how-to-redirect-output-to-environment-variable
@ -473,9 +475,6 @@ export LESS=-iFRS
 export SYSTEMD_LESS='iFRSXMK'
 export VISUAL=bat

-# KeePassXC SSH Agent
-[[ -v SSH_AUTH_SOCK ]] || export SSH_AUTH_SOCK=$(echo /tmp/ssh-*/agent.*(U))
-

 ###
 ### History
--- a/bin/once-connected.zsh
+++ b/bin/once-connected.zsh
@ -3,88 +3,30 @@

 alias xterm='xterm -bg black -fg white -fa Hack -fs 10'

-
-## Mount dev folders
+## Proof of execution
 #
-# Note: To be done first, so other actions can use mounted folders.
+# touch ${0}.touched
+
+
+## Qubes: Template Cleaning
 #
-[[ -x $HOME/bin/mount_dev.zsh ]] &&
-xterm -geometry 120x40 -title "Mount devices" -hold -e $HOME/bin/mount_dev.zsh
+sudo apt clean


-## Qubes Template
+## Qubes: Split SSH
 #
-# sudo apt clean
-
-
-## Start periodic actions
+# https://forum.qubes-os.org/t/split-ssh/19060
 #
-
-eval xterm -hold -e env $(cat ~/.config/environment.d/variables.conf) $HOME/bin/every-hour.zsh
+if [[ -n "$SSH_VAULT_VM" ]]; then
+  {
+    umask u=rw,go=
+    SSH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
+    rm -f "$SSH_SOCK"
+    socat "UNIX-LISTEN:$SSH_SOCK,fork" "EXEC:qrexec-client-vm $SSH_VAULT_VM qubes.SshAgent"
+  } &!
+fi


-## Wait for an Internet connection
+## XFCE: Default Terminal
 #
-while ! nm-online -t 5 ; do
-  List=( $(nmcli connection show | grep wifi | cut -d' ' -f1) )
-
-  Menu=()
-  for Name in $List;
-    Menu+=( "$Name" "$Name" )
-
-  Conn=$(kdialog --menu "Aucune connexion active\nLaquelle choisir?" $Menu)
-  if [[ $? -eq 0 ]]; then
-    nmcli radio wifi on
-    sleep 3
-    nmcli connection up $Conn
-  else
-    exit 1
-  fi
-done
-
-
-## Activating services
-#
-# See:
-#   - https://software.opensuse.org/download.html?project=home%3Anpreining%3Adebian-ubuntu-onedrive&package=onedrive
-#   - https://software.opensuse.org/download.html?project=home%3Ajstaf&package=onedriver
-
-PATH=$PATH:$HOME/bin
-PATH=$PATH:$HOME/.asdf/bin
-
-Services=(
-  'firefox -P michel'				'off'	''
-  'firefox -P vedecom'				'off'	''
-  'firefox -P ''$oft'''				'off'	''
-  'asdf update; asdf plugin update --all'	'off'	'xterm'
-)
-
-Menu=()
-count=0
-for i in {1..$#Services..3} ; {
-  (( count+=1 ))
-
-  Command=${Services[$i]}
-  Enable=${Services[$i+1]}
-
-  Menu+=( ${count} ${Command} ${Enable} )
-}
-
-Indexes=( $(kdialog --geometry 600x300 --checklist "Applications à démarrer" $Menu) )
-for i in $Indexes ;
-{
-  i=${i//\"/}
-  i=$((3*i - 2))
-
-  Command=${Services[$i]}
-  Option=${Services[$i+2]}
-
-  case ${Option} in
-    xterm)
-      xterm -hold -e ${Command} &
-      ;;
-    *)
-      ${=Command} &
-      ;;
-  esac
-}
+SHLVL=0 exo-open --launch TerminalEmulator &!