feat(qubes): Split SSH
This commit is contained in:
parent
55c26eb17a
commit
b836555422
16
.README.md
16
.README.md
@ -112,6 +112,12 @@ for file in ${BKDIR%/}/*(D); {
|
|||||||
vimdiff ${file} ./${file#${BKDIR}} }
|
vimdiff ${file} ./${file#${BKDIR}} }
|
||||||
```
|
```
|
||||||
|
|
||||||
|
To _upgrade_ to SSH (not compatible with Qubes proxy):
|
||||||
|
|
||||||
|
```sh
|
||||||
|
dotfiles remote set-url origin ssh://gitea@forge.chapril.org:222/michel_ouba/points.git
|
||||||
|
```
|
||||||
|
|
||||||
When the `fetch` configuration is not set, insert the following line in the
|
When the `fetch` configuration is not set, insert the following line in the
|
||||||
_remote_ section of `.dotfiles/config`:
|
_remote_ section of `.dotfiles/config`:
|
||||||
|
|
||||||
@ -185,6 +191,16 @@ source ~/.zshrc
|
|||||||
|
|
||||||
TODO: Insert random part in filenames.
|
TODO: Insert random part in filenames.
|
||||||
|
|
||||||
|
### AppVM without sys-net
|
||||||
|
|
||||||
|
```sh
|
||||||
|
# In TemplateVM:
|
||||||
|
qvm-copy .asdf .zim
|
||||||
|
# In AppVM:
|
||||||
|
asdf direnv setup --version latest
|
||||||
|
asdf global direnv 2.34.X
|
||||||
|
```
|
||||||
|
|
||||||
## ASDF & main plugins {#asdf}
|
## ASDF & main plugins {#asdf}
|
||||||
|
|
||||||
`.zshrc` will install `asdf`.
|
`.zshrc` will install `asdf`.
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
# https://wiki.debian.org/Xsession
|
# https://wiki.debian.org/Xsession
|
||||||
LOG=$HOME/.xsessionrc.log
|
LOG=$HOME/.xsessionrc.log
|
||||||
|
rm -f $LOG
|
||||||
touch $LOG
|
touch $LOG
|
||||||
|
|
||||||
export NC_STORAGE=$HOME/NC-Michel/Linux/michdell
|
export SSH_VAULT_VM="keepassXC"
|
||||||
export ALT_HISTORY_FILE=$HOME/NC-Michel/Linux/VQubes/history
|
|
||||||
|
|
||||||
export >> $LOG
|
export >> $LOG
|
||||||
|
25
.zshrc
25
.zshrc
@ -244,16 +244,6 @@ lg()
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Kitty
|
|
||||||
#
|
|
||||||
hg () { kitten hyperlinked_grep "$@" }
|
|
||||||
compdef hg=rg
|
|
||||||
|
|
||||||
# Neovim — nvim
|
|
||||||
#
|
|
||||||
# To choose an existing instance for nvr, use:
|
|
||||||
# `export NVIM=$(nvr --serverlist | fzf --exit-0 --select-1) && echo $NVIM`
|
|
||||||
|
|
||||||
|
|
||||||
# nnn - n³
|
# nnn - n³
|
||||||
#
|
#
|
||||||
@ -358,6 +348,18 @@ bindkey -M vicmd '\en' nnn-file-widget
|
|||||||
bindkey -M viins '\en' nnn-file-widget
|
bindkey -M viins '\en' nnn-file-widget
|
||||||
|
|
||||||
|
|
||||||
|
# SSH
|
||||||
|
#
|
||||||
|
if [[ -n "$SSH_VAULT_VM" ]]; then
|
||||||
|
# Qubes Split SSH
|
||||||
|
export SSH_AUTH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
|
||||||
|
[[ -v SSH_AGENT_PID ]] && { kill $SSH_AGENT_PID; unset SSH_AGENT_PID }
|
||||||
|
else
|
||||||
|
# KeePassXC SSH Agent
|
||||||
|
[[ -v SSH_AUTH_SOCK ]] || export SSH_AUTH_SOCK=$(echo /tmp/ssh-*/agent.*(U))
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
# Whiptail helper
|
# Whiptail helper
|
||||||
#
|
#
|
||||||
# see https://stackoverflow.com/questions/1970180/whiptail-how-to-redirect-output-to-environment-variable
|
# see https://stackoverflow.com/questions/1970180/whiptail-how-to-redirect-output-to-environment-variable
|
||||||
@ -473,9 +475,6 @@ export LESS=-iFRS
|
|||||||
export SYSTEMD_LESS='iFRSXMK'
|
export SYSTEMD_LESS='iFRSXMK'
|
||||||
export VISUAL=bat
|
export VISUAL=bat
|
||||||
|
|
||||||
# KeePassXC SSH Agent
|
|
||||||
[[ -v SSH_AUTH_SOCK ]] || export SSH_AUTH_SOCK=$(echo /tmp/ssh-*/agent.*(U))
|
|
||||||
|
|
||||||
|
|
||||||
###
|
###
|
||||||
### History
|
### History
|
||||||
|
@ -3,88 +3,30 @@
|
|||||||
|
|
||||||
alias xterm='xterm -bg black -fg white -fa Hack -fs 10'
|
alias xterm='xterm -bg black -fg white -fa Hack -fs 10'
|
||||||
|
|
||||||
|
## Proof of execution
|
||||||
## Mount dev folders
|
|
||||||
#
|
#
|
||||||
# Note: To be done first, so other actions can use mounted folders.
|
# touch ${0}.touched
|
||||||
|
|
||||||
|
|
||||||
|
## Qubes: Template Cleaning
|
||||||
#
|
#
|
||||||
[[ -x $HOME/bin/mount_dev.zsh ]] &&
|
sudo apt clean
|
||||||
xterm -geometry 120x40 -title "Mount devices" -hold -e $HOME/bin/mount_dev.zsh
|
|
||||||
|
|
||||||
|
|
||||||
## Qubes Template
|
## Qubes: Split SSH
|
||||||
#
|
#
|
||||||
# sudo apt clean
|
# https://forum.qubes-os.org/t/split-ssh/19060
|
||||||
|
|
||||||
|
|
||||||
## Start periodic actions
|
|
||||||
#
|
#
|
||||||
|
if [[ -n "$SSH_VAULT_VM" ]]; then
|
||||||
eval xterm -hold -e env $(cat ~/.config/environment.d/variables.conf) $HOME/bin/every-hour.zsh
|
|
||||||
|
|
||||||
|
|
||||||
## Wait for an Internet connection
|
|
||||||
#
|
|
||||||
while ! nm-online -t 5 ; do
|
|
||||||
List=( $(nmcli connection show | grep wifi | cut -d' ' -f1) )
|
|
||||||
|
|
||||||
Menu=()
|
|
||||||
for Name in $List;
|
|
||||||
Menu+=( "$Name" "$Name" )
|
|
||||||
|
|
||||||
Conn=$(kdialog --menu "Aucune connexion active\nLaquelle choisir?" $Menu)
|
|
||||||
if [[ $? -eq 0 ]]; then
|
|
||||||
nmcli radio wifi on
|
|
||||||
sleep 3
|
|
||||||
nmcli connection up $Conn
|
|
||||||
else
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
|
|
||||||
## Activating services
|
|
||||||
#
|
|
||||||
# See:
|
|
||||||
# - https://software.opensuse.org/download.html?project=home%3Anpreining%3Adebian-ubuntu-onedrive&package=onedrive
|
|
||||||
# - https://software.opensuse.org/download.html?project=home%3Ajstaf&package=onedriver
|
|
||||||
|
|
||||||
PATH=$PATH:$HOME/bin
|
|
||||||
PATH=$PATH:$HOME/.asdf/bin
|
|
||||||
|
|
||||||
Services=(
|
|
||||||
'firefox -P michel' 'off' ''
|
|
||||||
'firefox -P vedecom' 'off' ''
|
|
||||||
'firefox -P ''$oft''' 'off' ''
|
|
||||||
'asdf update; asdf plugin update --all' 'off' 'xterm'
|
|
||||||
)
|
|
||||||
|
|
||||||
Menu=()
|
|
||||||
count=0
|
|
||||||
for i in {1..$#Services..3} ; {
|
|
||||||
(( count+=1 ))
|
|
||||||
|
|
||||||
Command=${Services[$i]}
|
|
||||||
Enable=${Services[$i+1]}
|
|
||||||
|
|
||||||
Menu+=( ${count} ${Command} ${Enable} )
|
|
||||||
}
|
|
||||||
|
|
||||||
Indexes=( $(kdialog --geometry 600x300 --checklist "Applications à démarrer" $Menu) )
|
|
||||||
for i in $Indexes ;
|
|
||||||
{
|
{
|
||||||
i=${i//\"/}
|
umask u=rw,go=
|
||||||
i=$((3*i - 2))
|
SSH_SOCK="/home/user/.SSH_AGENT_$SSH_VAULT_VM"
|
||||||
|
rm -f "$SSH_SOCK"
|
||||||
|
socat "UNIX-LISTEN:$SSH_SOCK,fork" "EXEC:qrexec-client-vm $SSH_VAULT_VM qubes.SshAgent"
|
||||||
|
} &!
|
||||||
|
fi
|
||||||
|
|
||||||
Command=${Services[$i]}
|
|
||||||
Option=${Services[$i+2]}
|
|
||||||
|
|
||||||
case ${Option} in
|
## XFCE: Default Terminal
|
||||||
xterm)
|
#
|
||||||
xterm -hold -e ${Command} &
|
SHLVL=0 exo-open --launch TerminalEmulator &!
|
||||||
;;
|
|
||||||
*)
|
|
||||||
${=Command} &
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
Loading…
Reference in New Issue
Block a user