Skip to content

Commit

Permalink
feat: remove audiovm setting when unnecessary
Browse files Browse the repository at this point in the history 
Decrease audio attack surface to qubes that will never need to use it.
  • Loading branch information
@ben-grande
ben-grande committed Jan 20, 2024
1 parent 78333dd commit 02ae9e2
Show file tree
Hide file tree
Showing 38 changed files with 437 additions and 125 deletions.
4 changes: 4 additions & 0 deletions salt/ansible/create.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ force: True
require:
- sls: {{ slsdotpath }}.clone
prefs:
- audiovm: ""
- memory: 300
- maxmem: 400
features:
Expand All @@ -24,6 +25,7 @@ features:
{%- endload %}
{{ load(defaults) }}
{% load_yaml as defaults -%}
name: {{ slsdotpath }}
force: True
require:
Expand All @@ -35,6 +37,7 @@ prefs:
- template: tpl-{{ slsdotpath }}
- label: purple
- netvm: ""
- audiovm: ""
- vcpus: 1
- memory: 400
- maxmem: 500
Expand All @@ -61,6 +64,7 @@ prefs:
- template: tpl-{{ slsdotpath }}
- label: purple
- netvm: ""
- audiovm: ""
- vcpus: 1
- memory: 400
- maxmem: 500
Expand Down
2 changes: 2 additions & 0 deletions salt/browser/create.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ force: True
require:
- sls: {{ slsdotpath }}.clone
prefs:
- audiovm: ""
- memory: 300
- maxmem: 2000
features:
Expand All @@ -34,6 +35,7 @@ present:
- label: red
prefs:
- label: red
- audiovm: "*default*"
- memory: 300
- maxmem: 2000
- vcpus: 1
Expand Down
30 changes: 16 additions & 14 deletions salt/debian-minimal/create.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,46 +18,48 @@ include:
- {{ template.template }}-dvm
{% load_yaml as defaults -%}
name: dvm-{{ template.template_clean }}
name: {{ template.template }}
force: True
require:
- sls: {{ template.template_clean }}.clone
present:
- template: {{ template.template }}
- label: red
- label: black
prefs:
- template: {{ template.template }}
- label: red
- label: black
- audiovm: ""
- memory: 300
- maxmem: 400
- maxmem: 600
- vcpus: 1
- template_for_dispvms: True
- include_in_backups: False
features:
- enable:
- appmenus-dispvm
- set:
- menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
- default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
{%- endload %}
{{ load(defaults) }}
{% load_yaml as defaults -%}
name: {{ template.template }}
name: dvm-{{ template.template_clean }}
force: True
require:
- sls: {{ template.template_clean }}.clone
present:
- label: black
- template: {{ template.template }}
- label: red
prefs:
- label: black
- template: {{ template.template }}
- label: red
- audiovm: ""
- memory: 300
- maxmem: 600
- maxmem: 400
- vcpus: 1
- template_for_dispvms: True
- include_in_backups: False
features:
- enable:
- appmenus-dispvm
- set:
- menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
- default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
{%- endload %}
{{ load(defaults) }}
Expand Down
34 changes: 18 additions & 16 deletions salt/debian-xfce/create.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,45 +18,47 @@ include:
- {{ template.template }}-dvm
{% load_yaml as defaults -%}
name: dvm-{{ template.template_clean }}
name: {{ template.template }}
force: True
require:
- sls: {{ slsdotpath }}.clone
present:
- template: {{ template.template }}
- label: red
- label: black
prefs:
- template: {{ template.template }}
- label: red
- memory: 300
- maxmem: 800
- label: black
- audiovm: ""
- vcpus: 1
- template_for_dispvms: True
- memory: 300
- maxmem: 600
- include_in_backups: False
features:
- enable:
- appmenus-dispvm
- set:
- menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
- default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
{%- endload %}
{{ load(defaults) }}
{% load_yaml as defaults -%}
name: {{ template.template }}
name: dvm-{{ template.template_clean }}
force: True
require:
- sls: {{ slsdotpath }}.clone
present:
- label: black
- template: {{ template.template }}
- label: red
prefs:
- label: black
- memory: 300
- maxmem: 600
- template: {{ template.template }}
- label: red
- audiovm: ""
- vcpus: 1
- memory: 300
- maxmem: 800
- template_for_dispvms: True
- include_in_backups: False
features:
- enable:
- appmenus-dispvm
- set:
- menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
- default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
{%- endload %}
{{ load(defaults) }}
34 changes: 18 additions & 16 deletions salt/debian/create.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,45 +18,47 @@ include:
- {{ template.template }}-dvm
{% load_yaml as defaults -%}
name: dvm-{{ template.template_clean }}
name: {{ template.template }}
force: True
require:
- sls: {{ slsdotpath }}.clone
present:
- template: {{ template.template }}
- label: red
- label: black
prefs:
- template: {{ template.template }}
- label: red
- memory: 300
- maxmem: 800
- label: black
- audiovm: ""
- vcpus: 1
- template_for_dispvms: True
- memory: 300
- maxmem: 600
- include_in_backups: False
features:
- enable:
- appmenus-dispvm
- set:
- menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
- default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
{%- endload %}
{{ load(defaults) }}
{% load_yaml as defaults -%}
name: {{ template.template }}
name: dvm-{{ template.template_clean }}
force: True
require:
- sls: {{ slsdotpath }}.clone
present:
- label: black
- template: {{ template.template }}
- label: red
prefs:
- label: black
- memory: 300
- maxmem: 600
- template: {{ template.template }}
- label: red
- audiovm: ""
- vcpus: 1
- memory: 300
- maxmem: 800
- template_for_dispvms: True
- include_in_backups: False
features:
- enable:
- appmenus-dispvm
- set:
- menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
- default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
{%- endload %}
{{ load(defaults) }}
13 changes: 13 additions & 0 deletions salt/dev/create.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,16 @@ SPDX-License-Identifier: AGPL-3.0-or-later
include:
- .clone
{% load_yaml as defaults -%}
name: tpl-{{ slsdotpath }}
force: True
require:
- sls: {{ slsdotpath }}.clone
prefs:
- audiovm: ""
{%- endload %}
{{ load(defaults) }}
{% load_yaml as defaults -%}
name: {{ slsdotpath }}
force: True
Expand All @@ -20,6 +30,7 @@ present:
prefs:
- template: tpl-{{ slsdotpath }}
- label: purple
- audiovm: ""
- vcpus: 1
- memory: 400
- maxmem: 600
Expand All @@ -46,6 +57,7 @@ present:
prefs:
- template: tpl-{{ slsdotpath }}
- label: red
- audiovm: ""
- vcpus: 1
- memory: 400
- maxmem: 600
Expand Down Expand Up @@ -73,6 +85,7 @@ present:
prefs:
- template: dvm-{{ slsdotpath }}
- label: red
- audiovm: ""
- vcpus: 1
- memory: 400
- maxmem: 600
Expand Down
34 changes: 18 additions & 16 deletions salt/fedora-minimal/create.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,45 +18,47 @@ include:
- {{ template.template }}-dvm
{% load_yaml as defaults -%}
name: dvm-{{ template.template_clean }}
name: {{ template.template }}
force: True
require:
- sls: {{ template.template_clean }}.clone
present:
- template: {{ template.template }}
- label: red
- label: black
prefs:
- template: {{ template.template }}
- label: red
- memory: 300
- maxmem: 400
- label: black
- audiovm: ""
- vcpus: 1
- template_for_dispvms: True
- memory: 300
- maxmem: 600
- include_in_backups: False
features:
- enable:
- appmenus-dispvm
- set:
- menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
- default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
{%- endload %}
{{ load(defaults) }}
{% load_yaml as defaults -%}
name: {{ template.template }}
name: dvm-{{ template.template_clean }}
force: True
require:
- sls: {{ template.template_clean }}.clone
present:
- label: black
- template: {{ template.template }}
- label: red
prefs:
- label: black
- memory: 300
- maxmem: 600
- template: {{ template.template }}
- label: red
- audiovm: ""
- vcpus: 1
- memory: 300
- maxmem: 400
- template_for_dispvms: True
- include_in_backups: False
features:
- enable:
- appmenus-dispvm
- set:
- menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
- default-menu-items: "qubes-open-file-manager.desktop qubes-run-terminal.desktop qubes-start.desktop"
{%- endload %}
{{ load(defaults) }}
Loading

0 comments on commit 02ae9e2

Please sign in to comment.