Commit 230cd3bb authored by o's avatar o
Browse files

fixing lots of things

parent 5cb907a2
data.img
## Starting an ibox as qubes AppVM
# Starting an ibox as qubes AppVM
## Setting up the template
The main idea is to have:
......@@ -23,20 +25,66 @@ sh setup-ibox.sh
Troubleshoot: If updating centos-8-minimal fails you might have a broken template. Removing and re-installing the `qubes-template-centos-8-minimal` might help.
Now all the vms are created and we can start setting up the `ibox-template` template. Start
the VM and execute [setup/ibox.sh](setup/ibox.sh) in it, as root. It installs all
the VM and execute `setup/ibox-template.sh` in it, as root. It installs all
required packages and repositories.
Stop the `ibox-template` VM again.
Now, start the `ibox-instance` and download the ibox repo:
Finally, you need to allow your devqube to issue commands to ibox.
To that end add the following line to `/etc/qubes-rpc/policy/qubes.VMShell`:
```
devqube ibox-instance allow
```
## Initialize ibox instance
To create an ibox as an appVM do:
```
qvm-create --label gray --template ibox-template ibox-instance
```
or to create a standalone do:
```
qvm-clone --label gray ibox-template ibox-instance
```
To initialize an `ibox-instance` do the following:
```
cat init.sh | qvm-run-vm ibox-instance "cat - > init.sh && sh init.sh"
dns=`resolvectl dns | grep Global | cut -d' ' -f2`
echo "resolvconf::nameservers: ['$dns']" | qvm-run-vm ibox-instance "cat - >> ibox/hieradata/vagrant.yaml"
```
You only need to do this once. All data ends up in rw volumes.
Finally on `ibox-instance`
```
sudo -i /home/user/ibox/bin/local_apply.sh
```
## Sync back changes
To sync back your changes from the ibox to your local copy of the boilerplate repo use:
```
./sync.sh ibox-instance /path/to/boilerplate-repo
```
## Secondary disk
Some modules need a secondary data disk. On your development qube create a block device and attach it:
```
# on devqube
truncate -s 1024m data.img
sudo losetup /dev/loop0 data.img
# on dom0
qvm-attach ibox-instance devqube:loop0
```
Modules might create huge volumes. Either use a huge disk, or reduce their size. E.g.:
```
git clone https://code.immerda.ch/immerda/ibox/boilerplate.git ibox
cd ibox
git submodule update --init --recursive
cp hieradata/vagrant.yaml.sample hieradata/vagrant.yaml
sudo su -
hostnamectl set-hostname ibox1.local
cd /home/user/ibox
bin/local_apply.sh
ib_disks::datavgs::www::size_data: '500mb'
```
#!/bin/sh
set -e
sudo hostnamectl set-hostname `hostname -s`.local
sudo bash -c "echo 'hostnamectl set-hostname `hostname -s`.local' >> /rw/config/rc.local"
sudo chmod +x /rw/config/rc.local
sudo systemctl start NetworkManager
git clone https://code.immerda.ch/immerda/ibox/boilerplate.git ibox
cd ibox
git submodule update --init --recursive
cp hieradata/vagrant.yaml.sample hieradata/vagrant.yaml
......@@ -4,4 +4,3 @@ qvm-shutdown centos-8-minimal
qvm-clone centos-8-minimal ibox-template
qvm-run -p -u root ibox-template 'dnf install qubes-core-agent-passwordless-root qubes-core-agent-passwordless-networking'
qvm-shutdown ibox-template
qvm-create --label gray --template ibox-template ibox-instance
......@@ -132,7 +132,7 @@ EOF
dnf update
dnf remove -y unbound-libs python3-unbound
dnf install -y ebtables firewalld-filesystem ipset python3-firewall
dnf install -y --allowerasing man-pages mlocate vim-enhanced termite-terminfo wget which virt-what sudo puppet-agent puppet-release puppet-agent-extensions epel-release drpm tmux bash-completion rkhunter cryptsetup gpm chrony tuned dnf-automatic git yum rxvt-unicode
dnf install -y --allowerasing man-pages mlocate vim-enhanced termite-terminfo wget which virt-what sudo puppet-agent puppet-release puppet-agent-extensions epel-release drpm tmux bash-completion rkhunter cryptsetup gpm chrony tuned dnf-automatic git yum rxvt-unicode rsync lvm2
# for trocla
cat <<-EOF >/etc/puppetlabs/puppet/troclarc.yaml
......@@ -149,32 +149,3 @@ EOF
mkdir /etc/puppet
ln -s /home/user/ibox /etc/puppet/ibox
cat <<-EOF >> /etc/X11/Xresources
URxvt*background: #202020
URxvt*foreground: #ffffff
URxvt.color0 : #000000
URxvt.color8 : #555555
URxvt.color1 : #AA0000
URxvt.color9 : #FF5555
URxvt.color2 : #00AA00
URxvt.color10 : #55FF55
URxvt.color3 : #AA5500
URxvt.color11 : #FFFF55
URxvt.color4 : #0000AA
URxvt.color12 : #5555FF
URxvt.color5 : #AA00AA
URxvt.color13 : #FF55FF
URxvt.color6 : #00AAAA
URxvt.color14 : #55FFFF
URxvt.color7 : #AAAAAA
URxvt.color15 : #FFFFFF
URxvt*internalBorder: 1
URxvt*saveLines: 32767
URxvt*visualBell: false
URxvt*scrollTtyKeypress: true
URxvt*scrollWithBuffer: false
URxvt*scrollTtyOutput: false
URxvt*scrollBar: false
URxvt.perl-ext-common: default,selection-to-clipboard
EOF
#!/bin/sh
set -e
rm -f /tmp/ibox.tar
qvm-run-vm $1 "tar --exclude .git -cf - ibox" > /tmp/ibox.tar
pushd /tmp > /dev/null
tar xf ibox.tar
popd > /dev/null
rsync -r /tmp/ibox/ $2
rm -rf /tmp/ibox /tmp/ibox.tar
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment