From 81f5417313a7286e776235ee82e43b57e2b359eb Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Fri, 20 Dec 2024 17:27:47 -0800 Subject: [PATCH] qubes split gpg/ssh setup --- qubes/.config/qubes/appvm/rw/config/gpg-split-domain | 1 + .../qubes/appvm/rw/config/qubes-bind-dirs.d/50_user.conf | 2 ++ qubes/.config/qubes/dom0/etc/qubes-rpc/policy/qubes.Gpg | 1 + qubes/.config/qubes/dom0/etc/qubes-rpc/policy/qubes.SshAgent | 1 + 4 files changed, 5 insertions(+) create mode 100644 qubes/.config/qubes/appvm/rw/config/gpg-split-domain create mode 100644 qubes/.config/qubes/appvm/rw/config/qubes-bind-dirs.d/50_user.conf create mode 100644 qubes/.config/qubes/dom0/etc/qubes-rpc/policy/qubes.Gpg create mode 100644 qubes/.config/qubes/dom0/etc/qubes-rpc/policy/qubes.SshAgent diff --git a/qubes/.config/qubes/appvm/rw/config/gpg-split-domain b/qubes/.config/qubes/appvm/rw/config/gpg-split-domain new file mode 100644 index 0000000..4c0870e --- /dev/null +++ b/qubes/.config/qubes/appvm/rw/config/gpg-split-domain @@ -0,0 +1 @@ +vault diff --git a/qubes/.config/qubes/appvm/rw/config/qubes-bind-dirs.d/50_user.conf b/qubes/.config/qubes/appvm/rw/config/qubes-bind-dirs.d/50_user.conf new file mode 100644 index 0000000..3804081 --- /dev/null +++ b/qubes/.config/qubes/appvm/rw/config/qubes-bind-dirs.d/50_user.conf @@ -0,0 +1,2 @@ +binds+=('/var/lib/docker') +binds+=('/var/lib/containerd') diff --git a/qubes/.config/qubes/dom0/etc/qubes-rpc/policy/qubes.Gpg b/qubes/.config/qubes/dom0/etc/qubes-rpc/policy/qubes.Gpg new file mode 100644 index 0000000..9f6f953 --- /dev/null +++ b/qubes/.config/qubes/dom0/etc/qubes-rpc/policy/qubes.Gpg @@ -0,0 +1 @@ +@anyvm @anyvm ask default_target=vault diff --git a/qubes/.config/qubes/dom0/etc/qubes-rpc/policy/qubes.SshAgent b/qubes/.config/qubes/dom0/etc/qubes-rpc/policy/qubes.SshAgent new file mode 100644 index 0000000..9f6f953 --- /dev/null +++ b/qubes/.config/qubes/dom0/etc/qubes-rpc/policy/qubes.SshAgent @@ -0,0 +1 @@ +@anyvm @anyvm ask default_target=vault