`dom0.port-forward` installed by default in `dom0` Salt scripts but used only by `sys-syncthing`

[peakunshift]

Commitment

I confirm that I have read the following resources:

• How to ask questions The Smart Way
• Writing the perfect question
• Question checklist
• Could you please make my preference the default?

Current problem (if any)

dom0.port-forward script is installed by default in the init.sls's dom0 Salt installs, but seems to be currently used only by sys-syncthing, thus not necessary as a default install.

Proposed solution

Remove the port-forward line from init.sls. This is already present in syncthing's create script. I also propose to install it in the fetcher salt scripts, because it can be necessary to port-forward when torrenting.

The value to a user, and who that user might be

Install only what's necessary when necessary.

[ben-grande]

KDE is not necessary, but it is good to have it for usability reasons.

I can see that port forwarding only happens in some circumstances and I will remove it from the default installation.

I also propose to install it in the fetcher salt scripts, because it can be necessary to port-forward when torrenting.

It is true that port forwarding can be used in some formulas such as fetcher, sys-pihole, sys-cacher, but without documenting in the Usage section of the readme, I am not doing that currently because:

• sys-cacher: how to use a password is documented but port forwarding is not installed because the admin page can't be restricted per IP, every qube that can access the apt-cacher-ng port can keep trying the password unless something like fail2ban is blocking failed loging attempts.
• sys-pihole: no password because only localhost can check the admin page, for port forwading, a password need to be set with pihole -a -p. The problem with setting a default password for pi-hole is that it is unecessary when I restrict the admin page only for localhost via firewalll and webserver. I started trying port forwarding one day but didn't accomplish a DNS connection with my mobile, port forwarding was working.
• sys-syncthing: port forwading necessary because it is common to want to share files with other computers and mobile phones. Implemented and documented.
• sys-ssh: Possible, but only for admins to remotely manage qubes. Undocumented and would require some SSH hardening.
• fetcher: port forwarding useful for torrenting speeds but needs documentation, do you want to do it? If yes, please open a new issue for tracking each of the above that interests you, it is not the same as the goal of removing it from dom0 default installation.