feat: use native TCP socket with Qrexec

salt/sys-net/files/server/rpc/qusal.ConnectTCP

@@ -34,4 +34,4 @@ if test "${#port}" -gt 5 || test "${port}" -gt 65535; then
   exit 1
 fi
 
-exec socat - "TCP:${host}:${port}"
+exec socat STDIO "TCP:${host}:${port}"

salt/sys-print/install-client.sls

@@ -5,6 +5,15 @@ SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <[email protected]>
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
+"{{ slsdotpath }}-installed-client":
+  pkg.installed:
+    - require:
+      - sls: utils.tools.common.update
+    - install_recommends: False
+    - skip_suggestions: True
+    - pkgs:
+      - socat
+
 "{{ slsdotpath }}-client-systemd-print-forwarder":
   file.managed:
     - name: /usr/lib/systemd/system/qusal-print-forwarder.service

salt/sys-print/install.sls

@@ -43,12 +43,21 @@ include:
       - user
 
 "{{ slsdotpath }}-rpc":
-  file.managed:
+  file.symlink:
     - name: /etc/qubes-rpc/qusal.Print
-    - source: salt://{{ slsdotpath }}/files/server/rpc/qusal.Print
-    - mode: '0755'
+    - target: /dev/tcp/127.0.0.1/631
+    - user: root
+    - group: root
+    - force: True
+    - makedirs: True
+
+"{{ slsdotpath }}-rpc-config":
+  file.symlink:
+    - name: /etc/qubes/rpc-config/qusal.Print
+    - target: /etc/qubes/rpc-config/qubes.ConnectTCP
     - user: root
     - group: root
+    - force: True
     - makedirs: True
 
 "{{ slsdotpath }}-bind-dirs":

salt/sys-rsync/install.sls

@@ -18,7 +18,6 @@ include:
     - skip_suggestions: True
     - pkgs:
       - rsync
-      - socat
       - man-db
 
 "{{ slsdotpath }}-stop-rsync":
@@ -42,14 +41,22 @@ include:
     - group: root
     - makedirs: True
 
-"{{ slsdotpath }}-set-rpc-services":
-  file.recurse:
-    - name: /etc/qubes-rpc/
-    - source: salt://{{ slsdotpath }}/files/server/rpc/
-    - dir_mode: '0755'
-    - file_mode: '0755'
+"{{ slsdotpath }}-rpc":
+  file.symlink:
+    - name: /etc/qubes-rpc/qusal.Rsync
+    - target: /dev/tcp/127.0.0.1/873
     - user: root
     - group: root
+    - force: True
+    - makedirs: True
+
+"{{ slsdotpath }}-rpc-config":
+  file.symlink:
+    - name: /etc/qubes/rpc-config/qusal.Rsync
+    - target: /etc/qubes/rpc-config/qubes.ConnectTCP
+    - user: root
+    - group: root
+    - force: True
     - makedirs: True
 
 {% endif -%}

salt/sys-ssh/install.sls

@@ -18,7 +18,6 @@ include:
     - skip_suggestions: True
     - pkgs:
       - openssh-server
-      - socat
       - man-db
 
 "{{ slsdotpath }}-stop-ssh":
@@ -33,14 +32,22 @@ include:
   service.masked:
     - name: ssh
 
-"{{ slsdotpath }}-set-rpc-services":
-  file.recurse:
-    - name: /etc/qubes-rpc/
-    - source: salt://{{ slsdotpath }}/files/server/rpc/
-    - dir_mode: '0755'
-    - file_mode: '0755'
+"{{ slsdotpath }}-rpc":
+  file.symlink:
+    - name: /etc/qubes-rpc/qusal.Ssh
+    - target: /dev/tcp/127.0.0.1/22
     - user: root
     - group: root
+    - force: True
+    - makedirs: True
+
+"{{ slsdotpath }}-rpc-config":
+  file.symlink:
+    - name: /etc/qubes/rpc-config/qusal.Ssh
+    - target: /etc/qubes/rpc-config/qubes.ConnectTCP
+    - user: root
+    - group: root
+    - force: True
     - makedirs: True
 
 "{{ slsdotpath }}-sshd-config":

salt/sys-syncthing/install.sls

@@ -26,18 +26,26 @@ include:
       - qubes-core-agent-networking
       - syncthing
       - jq
-      - socat
       - qubes-core-agent-thunar
       - thunar
       - man-db
 
-"{{ slsdotpath }}-rpc-service":
-  file.managed:
+"{{ slsdotpath }}-rpc":
+  file.symlink:
     - name: /etc/qubes-rpc/qusal.Syncthing
-    - source: salt://{{ slsdotpath }}/files/server/rpc/qusal.Syncthing
+    - target: /dev/tcp/127.0.0.1/22000
+    - user: root
+    - group: root
+    - force: True
+    - makedirs: True
+
+"{{ slsdotpath }}-rpc-config":
+  file.symlink:
+    - name: /etc/qubes/rpc-config/qusal.Syncthing
+    - target: /etc/qubes/rpc-config/qubes.ConnectTCP
     - user: root
     - group: root
-    - mode: '0755'
+    - force: True
     - makedirs: True
 
 "{{ slsdotpath }}-mask-syncthing":