Closed peakunshift closed 4 months ago
KDE is not necessary, but it is good to have it for usability reasons.
I can see that port forwarding only happens in some circumstances and I will remove it from the default installation.
I also propose to install it in the fetcher salt scripts, because it can be necessary to port-forward when torrenting.
It is true that port forwarding can be used in some formulas such as fetcher
, sys-pihole
, sys-cacher
, but without documenting in the Usage
section of the readme, I am not doing that currently because:
sys-cacher
: how to use a password is documented but port forwarding is not installed because the admin page can't be restricted per IP, every qube that can access the apt-cacher-ng port can keep trying the password unless something like fail2ban
is blocking failed loging attempts.sys-pihole
: no password because only localhost can check the admin page, for port forwading, a password need to be set with pihole -a -p
. The problem with setting a default password for pi-hole is that it is unecessary when I restrict the admin page only for localhost via firewalll and webserver. I started trying port forwarding one day but didn't accomplish a DNS connection with my mobile, port forwarding was working.sys-syncthing
: port forwading necessary because it is common to want to share files with other computers and mobile phones. Implemented and documented.sys-ssh
: Possible, but only for admins to remotely manage qubes. Undocumented and would require some SSH hardening.fetcher
: port forwarding useful for torrenting speeds but needs documentation, do you want to do it? If yes, please open a new issue for tracking each of the above that interests you, it is not the same as the goal of removing it from dom0 default installation.
Commitment
I confirm that I have read the following resources:
Current problem (if any)
dom0.port-forward
script is installed by default in theinit.sls
'sdom0
Salt installs, but seems to be currently used only bysys-syncthing
, thus not necessary as a default install.Proposed solution
Remove the
port-forward
line frominit.sls
. This is already present in syncthing's create script. I also propose to install it in the fetcher salt scripts, because it can be necessary to port-forward when torrenting.The value to a user, and who that user might be
Install only what's necessary when necessary.