From 63e93be1d460bf63fe333e94516fa1364e430863 Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Sat, 13 Apr 2024 16:09:06 +0200 Subject: [PATCH] fix: GUI policy precedes sys-cacher policy Fixes: https://github.com/ben-grande/qusal/issues/45 --- salt/sys-cacher/README.md | 18 +++++++++++++++++- salt/sys-cacher/create.sls | 4 +++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/salt/sys-cacher/README.md b/salt/sys-cacher/README.md index 8f21dce2..945434b5 100644 --- a/salt/sys-cacher/README.md +++ b/salt/sys-cacher/README.md @@ -60,6 +60,22 @@ sudo qubesctl --skip-dom0 --targets="$(qvm-ls --no-spinner --raw-list --tags upd ## Usage +## Access control + +The distributed policy will take precedence over the ones set during first +installation or the GUI Global Config. If you want to use `sys-cacher` +and edit configuration for certain qubes to update over different proxys, you +can do so. + +Allow qubes with tag `whonix-updatevm` to use the proxy in `sys-alt-whonix` +and qube `dev` to use the proxy in `disp-sys-net`. +```qrexecpolicy +qubes.UpdatesProxy * @tag:whonix-updatevm @default allow target=sys-alt-whonix +qubes.UpdatesProxy * @tag:whonix-updatevm @anyvm deny +qubes.UpdatesProxy * dev @default allow target=disp-sys-net +qubes.UpdatesProxy * dev @anyvm deny +``` + ### Report Page and Maintenance Tasks The report page is available from `sys-cacher` and `sys-cacher-browser` at @@ -126,7 +142,7 @@ updates. Use `uninstall` or `install` as argument to the command `apt-cacher-ng-repo`: ```sh -sudo apt-cacher-ng-repo uninstal +sudo apt-cacher-ng-repo uninstall ``` ## Uninstallation diff --git a/salt/sys-cacher/create.sls b/salt/sys-cacher/create.sls index 15822de0..39a09241 100644 --- a/salt/sys-cacher/create.sls +++ b/salt/sys-cacher/create.sls @@ -95,8 +95,10 @@ features: {%- endload %} {{ load(defaults) }} +{% from 'utils/macros/policy.sls' import policy_unset with context -%} +{{ policy_unset(sls_path, '75') }} {% from 'utils/macros/policy.sls' import policy_set with context -%} -{{ policy_set(sls_path, '75') }} +{{ policy_set(sls_path, '45') }} "{{ slsdotpath }}-extend-volume": cmd.run: