diff --git a/salt/ansible/README.md b/salt/ansible/README.md index de91a23b..9a65c789 100644 --- a/salt/ansible/README.md +++ b/salt/ansible/README.md @@ -16,18 +16,18 @@ Install Ansible and use it on the "ansible" app qube. - Top ```sh -qubesctl top.enable ansible -qubesctl --targets=tpl-ansible,ansible,ansible-minion state.apply -qubesctl top.disable ansible +sudo qubesctl top.enable ansible +sudo qubesctl --targets=tpl-ansible,ansible,ansible-minion state.apply +sudo qubesctl top.disable ansible ``` - State ```sh -qubesctl state.apply ansible.create -qubesctl --skip-dom0 --targets=tpl-ansible state.apply ansible.install -qubesctl --skip-dom0 --targets=ansible state.apply ansible.configure,zsh.touch-zshrc -qubesctl --skip-dom0 --targets=ansible-minion state.apply ansible.configure-minion,zsh.touch-zshrc +sudo qubesctl state.apply ansible.create +sudo qubesctl --skip-dom0 --targets=tpl-ansible state.apply ansible.install +sudo qubesctl --skip-dom0 --targets=ansible state.apply ansible.configure,zsh.touch-zshrc +sudo qubesctl --skip-dom0 --targets=ansible-minion state.apply ansible.configure-minion,zsh.touch-zshrc ``` diff --git a/salt/browser/README.md b/salt/browser/README.md index 4eeda43f..18594360 100644 --- a/salt/browser/README.md +++ b/salt/browser/README.md @@ -23,19 +23,19 @@ Firefox-ESR, W3M or Lynx. - Top ```sh -qubesctl top.enable browser -qubesctl --targets=tpl-browser,dvm-browser state.apply -qubesctl top.disable browser -qubesctl state.apply browser.appmenus +sudo qubesctl top.enable browser +sudo qubesctl --targets=tpl-browser,dvm-browser state.apply +sudo qubesctl top.disable browser +sudo qubesctl state.apply browser.appmenus ``` - State ```sh -qubesctl state.apply browser.create -qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install -qubesctl --skip-dom0 --targets=dvm-browser state.apply browser.configure -qubesctl state.apply browser.appmenus +sudo qubesctl state.apply browser.create +sudo qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install +sudo qubesctl --skip-dom0 --targets=dvm-browser state.apply browser.configure +sudo qubesctl state.apply browser.appmenus ``` @@ -46,28 +46,28 @@ to install: - Chromium: ```sh -qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install-chromium +sudo qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install-chromium ``` - Chrome: ```sh -qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install-chrome +sudo qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install-chrome ``` - Firefox-ESR: ```sh -qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install-firefox +sudo qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install-firefox ``` - W3M: ```sh -qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install-w3m +sudo qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install-w3m ``` - Lynx: ```sh -qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install-lynx +sudo qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install-lynx ``` Do not forget to sync the `appmenus`: ```sh -qubesctl state.apply browser.appmenus +sudo qubesctl state.apply browser.appmenus ``` ## Usage diff --git a/salt/debian-minimal/README.md b/salt/debian-minimal/README.md index dbdf3146..be2b54f2 100644 --- a/salt/debian-minimal/README.md +++ b/salt/debian-minimal/README.md @@ -17,16 +17,16 @@ it. - Top: ```sh -qubesctl top.enable debian-minimal -qubesctl --targets=debian-12-minimal state.apply -qubesctl top.disable debian-minimal +sudo qubesctl top.enable debian-minimal +sudo qubesctl --targets=debian-12-minimal state.apply +sudo qubesctl top.disable debian-minimal ``` - State: ```sh -qubesctl state.apply debian-minimal.create -qubesctl --skip-dom0 --targets=debian-12-minimal state.apply debian-minimal.install +sudo qubesctl state.apply debian-minimal.create +sudo qubesctl --skip-dom0 --targets=debian-12-minimal state.apply debian-minimal.install ``` diff --git a/salt/debian-xfce/README.md b/salt/debian-xfce/README.md index 6cf587be..ffe23b27 100644 --- a/salt/debian-xfce/README.md +++ b/salt/debian-xfce/README.md @@ -16,16 +16,16 @@ Creates the Debian Xfce Template as well as a Disposable Template based on it. - Top: ```sh -qubesctl top.enable debian-xfce -qubesctl --targets=debian-12-xfce state.apply -qubesctl top.disable debian-xfce +sudo qubesctl top.enable debian-xfce +sudo qubesctl --targets=debian-12-xfce state.apply +sudo qubesctl top.disable debian-xfce ``` - State: ```sh -qubesctl state.apply debian-xfce.create -qubesctl --skip-dom0 --targets=debian-12-xfce state.apply debian-xfce.install +sudo qubesctl state.apply debian-xfce.create +sudo qubesctl --skip-dom0 --targets=debian-12-xfce state.apply debian-xfce.install ``` diff --git a/salt/debian/README.md b/salt/debian/README.md index 272905bd..714ff614 100644 --- a/salt/debian/README.md +++ b/salt/debian/README.md @@ -16,16 +16,16 @@ Creates the Debian template as well as a Disposable Template based on it. - Top: ```sh -qubesctl top.enable debian -qubesctl --targets=debian-12 state.apply -qubesctl top.disable debian +sudo qubesctl top.enable debian +sudo qubesctl --targets=debian-12 state.apply +sudo qubesctl top.disable debian ``` - State: ```sh -qubesctl state.apply debian.create -qubesctl --skip-dom0 --targets=debian-12 state.apply debian.install +sudo qubesctl state.apply debian.create +sudo qubesctl --skip-dom0 --targets=debian-12 state.apply debian.install ``` diff --git a/salt/dev/README.md b/salt/dev/README.md index 2d161f91..18897c27 100644 --- a/salt/dev/README.md +++ b/salt/dev/README.md @@ -18,18 +18,18 @@ sys-ssh-agent. - Top ```sh -qubesctl top.enable dev -qubesctl --targets=tpl-dev,dvm-dev,dev state.apply -qubesctl top.disable dev +sudo qubesctl top.enable dev +sudo qubesctl --targets=tpl-dev,dvm-dev,dev state.apply +sudo qubesctl top.disable dev ``` - State ```sh -qubesctl state.apply dev.create -qubesctl --skip-dom0 --targets=tpl-dev state.apply dev.install -qubesctl --skip-dom0 --targets=dvm-dev state.apply dev.configure-dvm -qubesctl --skip-dom0 --targets=dev state.apply dev.configure +sudo qubesctl state.apply dev.create +sudo qubesctl --skip-dom0 --targets=tpl-dev state.apply dev.install +sudo qubesctl --skip-dom0 --targets=dvm-dev state.apply dev.configure-dvm +sudo qubesctl --skip-dom0 --targets=dev state.apply dev.configure ``` diff --git a/salt/docker/README.md b/salt/docker/README.md index cc7ebad5..991986cf 100644 --- a/salt/docker/README.md +++ b/salt/docker/README.md @@ -16,16 +16,16 @@ Setup docker in Qubes OS with the Docker repository. - Top ```sh -qubesctl top.enable docker -qubesctl --targets=tpl-qubes-builder,qubes-builder state.apply -qubesctl top.disable docker +sudo qubesctl top.enable docker +sudo qubesctl --targets=tpl-qubes-builder,qubes-builder state.apply +sudo qubesctl top.disable docker ``` - State ```sh -qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply docker.install -qubesctl --skip-dom0 --targets=qubes-builder state.apply docker.configure +sudo qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply docker.install +sudo qubesctl --skip-dom0 --targets=qubes-builder state.apply docker.configure ``` diff --git a/salt/dom0/README.md b/salt/dom0/README.md index d79bec13..1c057996 100644 --- a/salt/dom0/README.md +++ b/salt/dom0/README.md @@ -17,21 +17,21 @@ etc. - Top ```sh -qubesctl top.enable dom0 -qubesctl state.apply -qubesctl top.disable dom0 +sudo qubesctl top.enable dom0 +sudo qubesctl state.apply +sudo qubesctl top.disable dom0 ``` - State ```sh -qubesctl state.apply dom0 +sudo qubesctl state.apply dom0 ``` If you need to develop in Dom0, install some goodies (bare bones): ```sh -qubesctl state.apply dom0.install-dev +sudo qubesctl state.apply dom0.install-dev ``` ## Usage diff --git a/salt/dotfiles b/salt/dotfiles index cc2e902a..7885c68c 160000 --- a/salt/dotfiles +++ b/salt/dotfiles @@ -1 +1 @@ -Subproject commit cc2e902ac130bb8d3884b79ad93fcdaf4dbba12b +Subproject commit 7885c68cc223922e501a2623c69d40157ccb1a61 diff --git a/salt/electrum/README.md b/salt/electrum/README.md index 1d785b62..5310ea8c 100644 --- a/salt/electrum/README.md +++ b/salt/electrum/README.md @@ -33,22 +33,22 @@ usage from ever connecting to the internet. - Top ```sh -qubesctl top.enable electrum -qubesctl --targets=tpl-electrum-builder,tpl-electrum,disp-electrum-builder,electrum,electrum-hot state.apply -qubesctl top.disable electrum -qubesctl state.apply electrum.appmenus +sudo qubesctl top.enable electrum +sudo qubesctl --targets=tpl-electrum-builder,tpl-electrum,disp-electrum-builder,electrum,electrum-hot state.apply +sudo qubesctl top.disable electrum +sudo qubesctl state.apply electrum.appmenus ``` - State ```sh -qubesctl state.apply electrum.create -qubesctl --skip-dom0 --targets=tpl-electrum-builder state.apply electrum.install-builder -qubesctl --skip-dom0 --targets=tpl-electrum state.apply electrum.install -qubesctl --skip-dom0 --targets=disp-electrum-builder state.apply electrum.configure-builder -qubesctl --skip-dom0 --targets=electrum state.apply electrum.configure -qubesctl --skip-dom0 --targets=electrum-hot state.apply electrum.configure-hot -qubesctl state.apply electrum.appmenus +sudo qubesctl state.apply electrum.create +sudo qubesctl --skip-dom0 --targets=tpl-electrum-builder state.apply electrum.install-builder +sudo qubesctl --skip-dom0 --targets=tpl-electrum state.apply electrum.install +sudo qubesctl --skip-dom0 --targets=disp-electrum-builder state.apply electrum.configure-builder +sudo qubesctl --skip-dom0 --targets=electrum state.apply electrum.configure +sudo qubesctl --skip-dom0 --targets=electrum-hot state.apply electrum.configure-hot +sudo qubesctl state.apply electrum.appmenus ``` diff --git a/salt/fedora-minimal/README.md b/salt/fedora-minimal/README.md index cb0f7761..4c29b593 100644 --- a/salt/fedora-minimal/README.md +++ b/salt/fedora-minimal/README.md @@ -18,16 +18,16 @@ it. - Top: ```sh -qubesctl top.enable fedora-minimal -qubesctl --targets=fedora-39-minimal state.apply -qubesctl top.disable fedora-minimal +sudo qubesctl top.enable fedora-minimal +sudo qubesctl --targets=fedora-39-minimal state.apply +sudo qubesctl top.disable fedora-minimal ``` - State: ```sh -qubesctl state.apply fedora-minimal.create -qubesctl --skip-dom0 --targets=fedora-39-minimal state.apply fedora-minimal.install +sudo qubesctl state.apply fedora-minimal.create +sudo qubesctl --skip-dom0 --targets=fedora-39-minimal state.apply fedora-minimal.install ``` diff --git a/salt/fedora-xfce/README.md b/salt/fedora-xfce/README.md index 0005d537..9121c98e 100644 --- a/salt/fedora-xfce/README.md +++ b/salt/fedora-xfce/README.md @@ -16,16 +16,16 @@ Creates the Fedora Xfce template as well as a Disposable Template based on it. - Top: ```sh -qubesctl top.enable fedora-xfce -qubesctl --targets=fedora-39-xfce state.apply -qubesctl top.disable fedora-xfce +sudo qubesctl top.enable fedora-xfce +sudo qubesctl --targets=fedora-39-xfce state.apply +sudo qubesctl top.disable fedora-xfce ``` - State: ```sh -qubesctl state.apply fedora-xfce.create -qubesctl --skip-dom0 --targets=fedora-39-xfce state.apply fedora-xfce.install +sudo qubesctl state.apply fedora-xfce.create +sudo qubesctl --skip-dom0 --targets=fedora-39-xfce state.apply fedora-xfce.install ``` diff --git a/salt/fedora/README.md b/salt/fedora/README.md index adef4620..be2cf12b 100644 --- a/salt/fedora/README.md +++ b/salt/fedora/README.md @@ -16,16 +16,16 @@ Creates the Fedora template as well as a Disposable Template based on it. - Top: ```sh -qubesctl top.enable fedora -qubesctl --targets=fedora-39 state.apply -qubesctl top.disable fedora +sudo qubesctl top.enable fedora +sudo qubesctl --targets=fedora-39 state.apply +sudo qubesctl top.disable fedora ``` - State: ```sh -qubesctl state.apply fedora.create -qubesctl --skip-dom0 --targets=fedora-39 state.apply fedora.install +sudo qubesctl state.apply fedora.create +sudo qubesctl --skip-dom0 --targets=fedora-39 state.apply fedora.install ``` diff --git a/salt/fetcher/README.md b/salt/fetcher/README.md index d2686006..0079a8e1 100644 --- a/salt/fetcher/README.md +++ b/salt/fetcher/README.md @@ -23,17 +23,17 @@ Supported protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, - Top: ```sh -qubesctl top.enable fetcher -qubesctl --targets=tpl-fetcher,dvm-fetcher state.apply -qubesctl top.disable fetcher +sudo qubesctl top.enable fetcher +sudo qubesctl --targets=tpl-fetcher,dvm-fetcher state.apply +sudo qubesctl top.disable fetcher ``` - State: ```sh -qubesctl state.apply fetcher.create -qubesctl --skip-dom0 --targets=tpl-fetcher state.apply fetcher.install -qubesctl --skip-dom0 --targets=dvm-fetcher state.apply fetcher.configure-dvm +sudo qubesctl state.apply fetcher.create +sudo qubesctl --skip-dom0 --targets=tpl-fetcher state.apply fetcher.install +sudo qubesctl --skip-dom0 --targets=dvm-fetcher state.apply fetcher.configure-dvm ``` diff --git a/salt/kicksecure-minimal/README.md b/salt/kicksecure-minimal/README.md index 8293838a..db28dccc 100644 --- a/salt/kicksecure-minimal/README.md +++ b/salt/kicksecure-minimal/README.md @@ -17,18 +17,18 @@ on it. - Top: ```sh -qubesctl top.enable kicksecure-minimal -qubesctl --targets=kicksecure-17-minimal state.apply -qubesctl top.disable kicksecure-minimal -qubesctl state.apply kicksecure-minimal.prefs +sudo qubesctl top.enable kicksecure-minimal +sudo qubesctl --targets=kicksecure-17-minimal state.apply +sudo qubesctl top.disable kicksecure-minimal +sudo qubesctl state.apply kicksecure-minimal.prefs ``` - State: ```sh -qubesctl state.apply kicksecure-minimal.create -qubesctl --skip-dom0 --targets=kicksecure-17-minimal state.apply kicksecure-minimal.install -qubesctl state.apply kicksecure-minimal.prefs +sudo qubesctl state.apply kicksecure-minimal.create +sudo qubesctl --skip-dom0 --targets=kicksecure-17-minimal state.apply kicksecure-minimal.install +sudo qubesctl state.apply kicksecure-minimal.prefs ``` @@ -38,24 +38,24 @@ If you want to help improve Kicksecure integration on Qubes, install packages that are known to be broken on Qubes and can break the boot of the Kicksecure Qube, to report bugs upstream (get a terminal with `qvm-console-dispvm`): ```sh -qubesctl --skip-dom0 --targets=kicksecure-17-minimal state.apply kicksecure-minimal.install-developers +sudo qubesctl --skip-dom0 --targets=kicksecure-17-minimal state.apply kicksecure-minimal.install-developers ``` Choose the `kernel` according to the `virt_mode` you want for the template: - `hvm`: ```sh -qubesctl state.apply kicksecure-minimal.kernel-hvm +sudo qubesctl state.apply kicksecure-minimal.kernel-hvm ``` - `pvh`: ```sh -qubesctl state.apply kicksecure-minimal.kernel-pv +sudo qubesctl state.apply kicksecure-minimal.kernel-pv ``` - Dom0 provided kernel (resets `virt_mode` to `pvh`): ```sh -qubesctl state.apply kicksecure-minimal.kernel-default +sudo qubesctl state.apply kicksecure-minimal.kernel-default ``` ## Usage diff --git a/salt/mail/README.md b/salt/mail/README.md index ee045fe5..b5d14b55 100644 --- a/salt/mail/README.md +++ b/salt/mail/README.md @@ -76,24 +76,24 @@ exploitation, as `msmtp` still needs to parse the mail to be sent. - Top ```sh -qubesctl top.enable mail reader -qubesctl --targets=tpl-mail-fetcher,tpl-mail-reader,tpl-mail-sender,dvm-mail-fetcher,mail-reader,dvm-mail-sender,tpl-reader state.apply -qubesctl top.disable mail reader -qubesctl state.apply mail.appmenus,reader.appmenus +sudo qubesctl top.enable mail reader +sudo qubesctl --targets=tpl-mail-fetcher,tpl-mail-reader,tpl-mail-sender,dvm-mail-fetcher,mail-reader,dvm-mail-sender,tpl-reader state.apply +sudo qubesctl top.disable mail reader +sudo qubesctl state.apply mail.appmenus,reader.appmenus ``` - State ```sh -qubesctl state.apply mail.create -qubesctl --skip-dom0 --targets=tpl-reader state.apply reader.install -qubesctl --skip-dom0 --targets=tpl-mail-fetcher state.apply mail.install-fetcher -qubesctl --skip-dom0 --targets=tpl-mail-reader state.apply mail.install-reader -qubesctl --skip-dom0 --targets=tpl-mail-sender state.apply mail.install-sender -qubesctl --skip-dom0 --targets=dvm-mail-fetcher state.apply mail.configure-fetcher -qubesctl --skip-dom0 --targets=mail-reader state.apply mail.configure-reader -qubesctl --skip-dom0 --targets=dvm-mail-sender state.apply mail.configure-sender -qubesctl state.apply mail.appmenus,reader.appmenus +sudo qubesctl state.apply mail.create +sudo qubesctl --skip-dom0 --targets=tpl-reader state.apply reader.install +sudo qubesctl --skip-dom0 --targets=tpl-mail-fetcher state.apply mail.install-fetcher +sudo qubesctl --skip-dom0 --targets=tpl-mail-reader state.apply mail.install-reader +sudo qubesctl --skip-dom0 --targets=tpl-mail-sender state.apply mail.install-sender +sudo qubesctl --skip-dom0 --targets=dvm-mail-fetcher state.apply mail.configure-fetcher +sudo qubesctl --skip-dom0 --targets=mail-reader state.apply mail.configure-reader +sudo qubesctl --skip-dom0 --targets=dvm-mail-sender state.apply mail.configure-sender +sudo qubesctl state.apply mail.appmenus,reader.appmenus ``` diff --git a/salt/media/README.md b/salt/media/README.md index bb3ceb4b..7e79169d 100644 --- a/salt/media/README.md +++ b/salt/media/README.md @@ -18,17 +18,17 @@ files in a named disposable "disp-media" via MIME configuration. - Top: ```sh -qubesctl top.enable media -qubesctl --targets=tpl-media,media state.apply -qubesctl top.disable media +sudo qubesctl top.enable media +sudo qubesctl --targets=tpl-media,media state.apply +sudo qubesctl top.disable media ``` - State: ```sh -qubesctl state.apply media.create -qubesctl --skip-dom0 --targets=tpl-media state.apply media.install -qubesctl --skip-dom0 --targets=media state.apply media.configure +sudo qubesctl state.apply media.create +sudo qubesctl --skip-dom0 --targets=tpl-media state.apply media.install +sudo qubesctl --skip-dom0 --targets=media state.apply media.configure ``` diff --git a/salt/mgmt/README.md b/salt/mgmt/README.md index 270edd33..81bbad9a 100644 --- a/salt/mgmt/README.md +++ b/salt/mgmt/README.md @@ -18,18 +18,18 @@ of a qube or for Salt Management on DomUs. - Top: ```sh -qubesctl top.enable mgmt -qubesctl --targets=tpl-mgmt state.apply -qubesctl top.disable mgmt -qubesctl state.apply mgmt.prefs +sudo qubesctl top.enable mgmt +sudo qubesctl --targets=tpl-mgmt state.apply +sudo qubesctl top.disable mgmt +sudo qubesctl state.apply mgmt.prefs ``` - State: ```sh -qubesctl state.apply mgmt.create -qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install -qubesctl state.apply mgmt.prefs +sudo qubesctl state.apply mgmt.create +sudo qubesctl --skip-dom0 --targets=tpl-mgmt state.apply mgmt.install +sudo qubesctl state.apply mgmt.prefs ``` diff --git a/salt/mirage-builder/README.md b/salt/mirage-builder/README.md index bda5aa32..f2fbbf81 100644 --- a/salt/mirage-builder/README.md +++ b/salt/mirage-builder/README.md @@ -23,17 +23,17 @@ the hosting provider however, don't install this package. - Top ```sh -qubesctl top.enable mirage-builder -qubesctl --targets=tpl-mirage-builder,mirage-builder state.apply -qubesctl top.disable mirage-builder +sudo qubesctl top.enable mirage-builder +sudo qubesctl --targets=tpl-mirage-builder,mirage-builder state.apply +sudo qubesctl top.disable mirage-builder ``` - State ```sh -qubesctl state.apply mirage-builder.create -qubesctl --skip-dom0 --targets=tpl-mirage-builder state.apply mirage-builder.install -qubesctl --skip-dom0 --targets=mirage-builder state.apply mirage-builder.configure +sudo qubesctl state.apply mirage-builder.create +sudo qubesctl --skip-dom0 --targets=tpl-mirage-builder state.apply mirage-builder.install +sudo qubesctl --skip-dom0 --targets=mirage-builder state.apply mirage-builder.configure ``` diff --git a/salt/opentofu/README.md b/salt/opentofu/README.md index 210de362..ca918dfd 100644 --- a/salt/opentofu/README.md +++ b/salt/opentofu/README.md @@ -17,16 +17,16 @@ of Terraform. - Top: ```sh -qubesctl top.enable opentofu -qubesctl --targets=tpl-opentofu state.apply -qubesctl top.disable opentofu +sudo qubesctl top.enable opentofu +sudo qubesctl --targets=tpl-opentofu state.apply +sudo qubesctl top.disable opentofu ``` - State: ```sh -qubesctl state.apply opentofu.create -qubesctl --skip-dom0 --targets=tpl-opentofu state.apply opentofu.install +sudo qubesctl state.apply opentofu.create +sudo qubesctl --skip-dom0 --targets=tpl-opentofu state.apply opentofu.install ``` diff --git a/salt/qubes-builder/README.md b/salt/qubes-builder/README.md index d484453b..47678a15 100644 --- a/salt/qubes-builder/README.md +++ b/salt/qubes-builder/README.md @@ -32,18 +32,18 @@ template. - Top ```sh -qubesctl top.enable qubes-builder -qubesctl --targets=tpl-qubes-builder,dvm-qubes-builder,qubes-builder state.apply -qubesctl top.disable qubes-builder +sudo qubesctl top.enable qubes-builder +sudo qubesctl --targets=tpl-qubes-builder,dvm-qubes-builder,qubes-builder state.apply +sudo qubesctl top.disable qubes-builder ``` - State ```sh -qubesctl state.apply qubes-builder.create -qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply qubes-builder.install -qubesctl --skip-dom0 --targets=dvm-qubes-builder state.apply qubes-builder.configure-qubes-executor -qubesctl --skip-dom0 --targets=qubes-builder state.apply qubes-builder.configure +sudo qubesctl state.apply qubes-builder.create +sudo qubesctl --skip-dom0 --targets=tpl-qubes-builder state.apply qubes-builder.install +sudo qubesctl --skip-dom0 --targets=dvm-qubes-builder state.apply qubes-builder.configure-qubes-executor +sudo qubesctl --skip-dom0 --targets=qubes-builder state.apply qubes-builder.configure ``` diff --git a/salt/reader/README.md b/salt/reader/README.md index c800fad5..47f4a5e5 100644 --- a/salt/reader/README.md +++ b/salt/reader/README.md @@ -20,19 +20,19 @@ necessary packages will be installed in the template. - Top: ```sh -qubesctl top.enable reader -qubesctl --targets=tpl-reader,dvm-reader state.apply -qubesctl top.disable reader -qubesctl state.apply reader.appmenus +sudo qubesctl top.enable reader +sudo qubesctl --targets=tpl-reader,dvm-reader state.apply +sudo qubesctl top.disable reader +sudo qubesctl state.apply reader.appmenus ``` - State: ```sh -qubesctl state.apply reader.create -qubesctl --skip-dom0 --targets=tpl-reader state.apply reader.install -qubesctl --skip-dom0 --targets=dvm-reader state.apply reader.configure -qubesctl state.apply reader.appmenus +sudo qubesctl state.apply reader.create +sudo qubesctl --skip-dom0 --targets=tpl-reader state.apply reader.install +sudo qubesctl --skip-dom0 --targets=dvm-reader state.apply reader.configure +sudo qubesctl state.apply reader.appmenus ``` diff --git a/salt/remmina/README.md b/salt/remmina/README.md index 78b45c54..7d9992b0 100644 --- a/salt/remmina/README.md +++ b/salt/remmina/README.md @@ -18,18 +18,18 @@ you prefer to use an app qube, a qube named "remmina" will also be created. - Top: ```sh -qubesctl top.enable remmina -qubesctl --targets=tpl-remmina state.apply -qubesctl top.disable remmina -qubesctl state.apply remmina.appmenus +sudo qubesctl top.enable remmina +sudo qubesctl --targets=tpl-remmina state.apply +sudo qubesctl top.disable remmina +sudo qubesctl state.apply remmina.appmenus ``` - State: ```sh -qubesctl state.apply remmina.create -qubesctl --skip-dom0 --targets=tpl-remmina state.apply remmina.install -qubesctl state.apply remmina.appmenus +sudo qubesctl state.apply remmina.create +sudo qubesctl --skip-dom0 --targets=tpl-remmina state.apply remmina.install +sudo qubesctl state.apply remmina.appmenus ``` diff --git a/salt/signal/README.md b/salt/signal/README.md index a647a612..67b63611 100644 --- a/salt/signal/README.md +++ b/salt/signal/README.md @@ -16,19 +16,19 @@ Install Signal Desktop and creates an app qube named "signal". - Top: ```sh -qubesctl top.enable signal -qubesctl --targets=tpl-signal,signal state.appply -qubesctl top.disable signal -qubesctl state.apply signal.appmenus +sudo qubesctl top.enable signal +sudo qubesctl --targets=tpl-signal,signal state.appply +sudo qubesctl top.disable signal +sudo qubesctl state.apply signal.appmenus ``` - State: ```sh -qubesctl state.apply signal.create -qubesctl --skip-dom0 --targets=tpl-signal state.apply signal.install -qubesctl --skip-dom0 --targets=signal state.apply signal.configure -qubesctl state.apply signal.appmenus +sudo qubesctl state.apply signal.create +sudo qubesctl --skip-dom0 --targets=tpl-signal state.apply signal.install +sudo qubesctl --skip-dom0 --targets=signal state.apply signal.configure +sudo qubesctl state.apply signal.appmenus ``` diff --git a/salt/ssh/README.md b/salt/ssh/README.md index bd46310b..9539bbba 100644 --- a/salt/ssh/README.md +++ b/salt/ssh/README.md @@ -20,17 +20,17 @@ in as a one time connection or to an untrusted host use a DispVM based on - Top: ```sh -qubesctl top.enable ssh -qubesctl --targets=tpl-ssh,dvm-ssh,ssh state.apply -qubesctl top.disable ssh +sudo qubesctl top.enable ssh +sudo qubesctl --targets=tpl-ssh,dvm-ssh,ssh state.apply +sudo qubesctl top.disable ssh ``` - State: ```sh -qubesctl state.apply ssh.create -qubesctl --skip-dom0 --targets=tpl-ssh state.apply ssh.install -qubesctl --skip-dom0 --targets=dvm-ssh,ssh state.apply ssh.configure +sudo qubesctl state.apply ssh.create +sudo qubesctl --skip-dom0 --targets=tpl-ssh state.apply ssh.install +sudo qubesctl --skip-dom0 --targets=dvm-ssh,ssh state.apply ssh.configure ``` diff --git a/salt/sys-audio/README.md b/salt/sys-audio/README.md index 44e9a5a5..3d3aa095 100644 --- a/salt/sys-audio/README.md +++ b/salt/sys-audio/README.md @@ -26,23 +26,23 @@ the necessary packages for bluetooth with the provided state. - Top ```sh -qubesctl top.enable sys-audio -qubesctl --targets=tpl-sys-audio,dvm-sys-audio state.apply -qubesctl top.disable sys-audio +sudo qubesctl top.enable sys-audio +sudo qubesctl --targets=tpl-sys-audio,dvm-sys-audio state.apply +sudo qubesctl top.disable sys-audio ``` - State ```sh -qubesctl state.apply sys-audio.create -qubesctl --skip-dom0 --targets=tpl-sys-audio state.apply sys-audio.install -qubesctl --skip-dom0 --targets=dvm-sys-audio state.apply sys-audio.configure-dvm +sudo qubesctl state.apply sys-audio.create +sudo qubesctl --skip-dom0 --targets=tpl-sys-audio state.apply sys-audio.install +sudo qubesctl --skip-dom0 --targets=dvm-sys-audio state.apply sys-audio.configure-dvm ``` If you need Bluetooth support, install the dependencies: ```sh -qubesctl --skip-dom0 --targets=tpl-sys-audio state.apply sys-audio.install-bluetooth +sudo qubesctl --skip-dom0 --targets=tpl-sys-audio state.apply sys-audio.install-bluetooth ``` ## Usage diff --git a/salt/sys-bitcoin/README.md b/salt/sys-bitcoin/README.md index 1a4ee1e2..b561bbf7 100644 --- a/salt/sys-bitcoin/README.md +++ b/salt/sys-bitcoin/README.md @@ -48,40 +48,40 @@ At least `1TB` of disk space is required. At block `829054` (2024-02-05), - Top ```sh -qubesctl top.enable sys-bitcoin -qubesctl --targets=sys-bitcoin-gateway,tpl-sys-bitcoin,disp-sys-bitcoin-builder,sys-bitcoin,bitcoin state.apply -qubesctl top.disable sys-bitcoin -qubesctl state.apply sys-bitcoin.appmenus +sudo qubesctl top.enable sys-bitcoin +sudo qubesctl --targets=sys-bitcoin-gateway,tpl-sys-bitcoin,disp-sys-bitcoin-builder,sys-bitcoin,bitcoin state.apply +sudo qubesctl top.disable sys-bitcoin +sudo qubesctl state.apply sys-bitcoin.appmenus ``` - State ```sh -qubesctl state.apply sys-bitcoin.create -qubesctl --skip-dom0 --targets=sys-bitcoin-gateway state.apply sys-bitcoin.configure-gateway -qubesctl --skip-dom0 --targets=tpl-sys-bitcoin state.apply sys-bitcoin.install -qubesctl --skip-dom0 --targets=disp-bitcoin-builder state.apply sys-bitcoin.configure-builder -qubesctl --skip-dom0 --targets=sys-bitcoin state.apply sys-bitcoin.configure -qubesctl --skip-dom0 --targets=bitcoin state.apply sys-bitcoin.configure-client -qubesctl state.apply sys-bitcoin.appmenus +sudo qubesctl state.apply sys-bitcoin.create +sudo qubesctl --skip-dom0 --targets=sys-bitcoin-gateway state.apply sys-bitcoin.configure-gateway +sudo qubesctl --skip-dom0 --targets=tpl-sys-bitcoin state.apply sys-bitcoin.install +sudo qubesctl --skip-dom0 --targets=disp-bitcoin-builder state.apply sys-bitcoin.configure-builder +sudo qubesctl --skip-dom0 --targets=sys-bitcoin state.apply sys-bitcoin.configure +sudo qubesctl --skip-dom0 --targets=bitcoin state.apply sys-bitcoin.configure-client +sudo qubesctl state.apply sys-bitcoin.appmenus ``` If you prefer to build from source (will take approximately 1 hour to build): ```sh -qubesctl --skip-dom0 --targets=tpl-sys-bitcoin state.apply sys-bitcoin.install-source -qubesctl --skip-dom0 --targets=disp-bitcoin-builder state.apply sys-bitcoin.configure-builder-source +sudo qubesctl --skip-dom0 --targets=tpl-sys-bitcoin state.apply sys-bitcoin.install-source +sudo qubesctl --skip-dom0 --targets=disp-bitcoin-builder state.apply sys-bitcoin.configure-builder-source ``` If you want to relay blocks (listening node): ```sh -qubesctl --skip-dom0 --targets=sys-bitcoin-gateway state.apply sys-bitcoin.configure-gateway-listen -qubesctl --skip-dom0 --targets=sys-bitcoin state.apply sys-bitcoin.configure-listen +sudo qubesctl --skip-dom0 --targets=sys-bitcoin-gateway state.apply sys-bitcoin.configure-gateway-listen +sudo qubesctl --skip-dom0 --targets=sys-bitcoin state.apply sys-bitcoin.configure-listen ``` Add the tag `bitcoin-client` to the client and install in the client template: ```sh -qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-bitcoin.install-client +sudo qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-bitcoin.install-client ``` diff --git a/salt/sys-cacher/README.md b/salt/sys-cacher/README.md index 92efc498..5d0a2421 100644 --- a/salt/sys-cacher/README.md +++ b/salt/sys-cacher/README.md @@ -37,23 +37,23 @@ specify otherwise. - Top ```sh -qubesctl top.enable sys-cacher browser -qubesctl --targets=tpl-browser,sys-cacher-browser,tpl-sys-cacher,sys-cacher state.apply -qubesctl top.disable sys-cacher browser -qubesctl state.apply sys-cacher.appmenus,sys-cacher.tag -qubesctl --skip-dom0 --templates state.apply sys-cacher.install-client +sudo qubesctl top.enable sys-cacher browser +sudo qubesctl --targets=tpl-browser,sys-cacher-browser,tpl-sys-cacher,sys-cacher state.apply +sudo qubesctl top.disable sys-cacher browser +sudo qubesctl state.apply sys-cacher.appmenus,sys-cacher.tag +sudo qubesctl --skip-dom0 --templates state.apply sys-cacher.install-client ``` - State ```sh -qubesctl state.apply sys-cacher.create -qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install -qubesctl --skip-dom0 --targets=tpl-sys-cacher state.apply sys-cacher.install -qubesctl --skip-dom0 --targets=sys-cacher state.apply sys-cacher.configure -qubesctl --skip-dom0 --targets=sys-cacher-browser state.apply sys-cacher.configure-browser -qubesctl state.apply sys-cacher.appmenus,sys-cacher.tag -qubesctl --skip-dom0 --templates state.apply sys-cacher.install-client +sudo qubesctl state.apply sys-cacher.create +sudo qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install +sudo qubesctl --skip-dom0 --targets=tpl-sys-cacher state.apply sys-cacher.install +sudo qubesctl --skip-dom0 --targets=sys-cacher state.apply sys-cacher.configure +sudo qubesctl --skip-dom0 --targets=sys-cacher-browser state.apply sys-cacher.configure-browser +sudo qubesctl state.apply sys-cacher.appmenus,sys-cacher.tag +sudo qubesctl --skip-dom0 --templates state.apply sys-cacher.install-client ``` @@ -98,7 +98,7 @@ By default, only templates will use the proxy to update, if you want to cache Non-TemplateVMs updates or simply make them functional again, the qube will need the `service.updates-proxy-setup` feature set: ```sh -qubesctl --skip-dom0 --targets=QUBE state.apply sys-cacher.install-client +sudo qubesctl --skip-dom0 --targets=QUBE state.apply sys-cacher.install-client qvm-tags add QUBE updatevm-sys-cacher qvm-features QUBE service.updates-proxy-setup 1 ``` @@ -117,21 +117,21 @@ sudo systemctl restart qubes-updates-proxy-forwarder.socket - Top: ```sh -qubesctl top.enable sys-cacher.deinit -qubesctl --templates state.apply -qubesctl top.disable sys-cacher.deinit +sudo qubesctl top.enable sys-cacher.deinit +sudo qubesctl --templates state.apply +sudo qubesctl top.disable sys-cacher.deinit ``` - State: ```sh -qubesctl state.apply sys-cacher.remove-policy -qubesctl state.apply sys-cacher.untag -qubesctl --skip-dom0 --templates state.apply sys-cacher.uninstall-client +sudo qubesctl state.apply sys-cacher.remove-policy +sudo qubesctl state.apply sys-cacher.untag +sudo qubesctl --skip-dom0 --templates state.apply sys-cacher.uninstall-client ``` If you want to use the standard proxy for a few templates: ```sh -qubesctl --skip-dom0 --targets=TEMPLATE state.apply sys-cacher.uninstall-client +sudo qubesctl --skip-dom0 --targets=TEMPLATE state.apply sys-cacher.uninstall-client qvm-tags del TEMPLATE updatevm-sys-cacher ``` diff --git a/salt/sys-electrs/README.md b/salt/sys-electrs/README.md index 7b2b9780..bbf8a47a 100644 --- a/salt/sys-electrs/README.md +++ b/salt/sys-electrs/README.md @@ -28,19 +28,19 @@ This formula depends on [sys-bitcoin](../sys-bitcoin/README.md). - Top ```sh -qubesctl top.enable sys-electrs -qubesctl --targets=tpl-electrs-builder,tpl-sys-electrs,disp-electrs-builder,sys-electrs state.apply -qubesctl top.disable sys-electrs +sudo qubesctl top.enable sys-electrs +sudo qubesctl --targets=tpl-electrs-builder,tpl-sys-electrs,disp-electrs-builder,sys-electrs state.apply +sudo qubesctl top.disable sys-electrs ``` - State ```sh -qubesctl state.apply sys-electrs.create -qubesctl --skip-dom0 --targets=tpl-electrs-builder state.apply sys-electrs.install-builder -qubesctl --skip-dom0 --targets=tpl-sys-electrs state.apply sys-electrs.install -qubesctl --skip-dom0 --targets=disp-electrs-builder state.apply sys-electrs.configure-builder -qubesctl --skip-dom0 --targets=sys-electrs state.apply sys-electrs.configure +sudo qubesctl state.apply sys-electrs.create +sudo qubesctl --skip-dom0 --targets=tpl-electrs-builder state.apply sys-electrs.install-builder +sudo qubesctl --skip-dom0 --targets=tpl-sys-electrs state.apply sys-electrs.install +sudo qubesctl --skip-dom0 --targets=disp-electrs-builder state.apply sys-electrs.configure-builder +sudo qubesctl --skip-dom0 --targets=sys-electrs state.apply sys-electrs.configure ``` diff --git a/salt/sys-electrumx/README.md b/salt/sys-electrumx/README.md index b0b483db..de3da5a4 100644 --- a/salt/sys-electrumx/README.md +++ b/salt/sys-electrumx/README.md @@ -28,19 +28,19 @@ This formula depends on [sys-bitcoin](../sys-bitcoin/README.md). - Top ```sh -qubesctl top.enable sys-electrumx -qubesctl --targets=tpl-electrumx-builder,tpl-sys-electrumx,disp-electrumx-builder,sys-electrumx state.apply -qubesctl top.disable sys-electrumx +sudo qubesctl top.enable sys-electrumx +sudo qubesctl --targets=tpl-electrumx-builder,tpl-sys-electrumx,disp-electrumx-builder,sys-electrumx state.apply +sudo qubesctl top.disable sys-electrumx ``` - State ```sh -qubesctl state.apply sys-electrumx.create -qubesctl --skip-dom0 --targets=tpl-electrumx-builder state.apply sys-electrumx.install-builder -qubesctl --skip-dom0 --targets=tpl-sys-electrumx state.apply sys-electrumx.install -qubesctl --skip-dom0 --targets=disp-electrumx-builder state.apply sys-electrumx.configure-builder -qubesctl --skip-dom0 --targets=sys-electrumx state.apply sys-electrumx.configure +sudo qubesctl state.apply sys-electrumx.create +sudo qubesctl --skip-dom0 --targets=tpl-electrumx-builder state.apply sys-electrumx.install-builder +sudo qubesctl --skip-dom0 --targets=tpl-sys-electrumx state.apply sys-electrumx.install +sudo qubesctl --skip-dom0 --targets=disp-electrumx-builder state.apply sys-electrumx.configure-builder +sudo qubesctl --skip-dom0 --targets=sys-electrumx state.apply sys-electrumx.configure ``` diff --git a/salt/sys-firewall/README.md b/salt/sys-firewall/README.md index dad01f5c..c683d615 100644 --- a/salt/sys-firewall/README.md +++ b/salt/sys-firewall/README.md @@ -30,24 +30,24 @@ the installation. - Top: ```sh -qubesctl top.enable sys-firewall -qubesctl --targets=tpl-sys-firewall state.apply -qubesctl top.disable sys-firewall -qubesctl state.apply sys-firewall.prefs-disp +sudo qubesctl top.enable sys-firewall +sudo qubesctl --targets=tpl-sys-firewall state.apply +sudo qubesctl top.disable sys-firewall +sudo qubesctl state.apply sys-firewall.prefs-disp ``` - State: ```sh -qubesctl state.apply sys-firewall.create -qubesctl --skip-dom0 --targets=tpl-sys-firewall state.apply sys-firewall.install -qubesctl state.apply sys-firewall.prefs-disp +sudo qubesctl state.apply sys-firewall.create +sudo qubesctl --skip-dom0 --targets=tpl-sys-firewall state.apply sys-firewall.install +sudo qubesctl state.apply sys-firewall.prefs-disp ``` Alternatively, if you prefer to have an app qube as the firewall: ```sh -qubesctl state.apply sys-firewall.prefs +sudo qubesctl state.apply sys-firewall.prefs ``` ## Usage diff --git a/salt/sys-git/README.md b/salt/sys-git/README.md index 9c6a4277..d54f5c8e 100644 --- a/salt/sys-git/README.md +++ b/salt/sys-git/README.md @@ -78,23 +78,23 @@ trust the origin, don't use it. - Top ```sh -qubesctl top.enable sys-git -qubesctl --targets=tpl-sys-git,sys-git state.apply -qubesctl top.disable sys-git +sudo qubesctl top.enable sys-git +sudo qubesctl --targets=tpl-sys-git,sys-git state.apply +sudo qubesctl top.disable sys-git ``` - State ```sh -qubesctl state.apply sys-git.create -qubesctl --skip-dom0 --targets=tpl-sys-git state.apply sys-git.install -qubesctl --skip-dom0 --targets=sys-git state.apply sys-git.configure +sudo qubesctl state.apply sys-git.create +sudo qubesctl --skip-dom0 --targets=tpl-sys-git state.apply sys-git.install +sudo qubesctl --skip-dom0 --targets=sys-git state.apply sys-git.configure ``` Installation on the client template: ```sh -qubesctl --skip-dom0 --targets=tpl-dev state.apply sys-git.install-client +sudo qubesctl --skip-dom0 --targets=tpl-dev state.apply sys-git.install-client ``` ## Access control diff --git a/salt/sys-mirage-firewall/README.md b/salt/sys-mirage-firewall/README.md index 630a4527..5e1dbfcb 100644 --- a/salt/sys-mirage-firewall/README.md +++ b/salt/sys-mirage-firewall/README.md @@ -28,15 +28,15 @@ and local checksum matched when comparing the same release. - Top ```sh -qubesctl top.enable sys-mirage-firewall -qubesctl state.apply -qubesctl top.disable sys-mirage-firewall +sudo qubesctl top.enable sys-mirage-firewall +sudo qubesctl state.apply +sudo qubesctl top.disable sys-mirage-firewall ``` - State ```sh -qubesctl state.apply sys-mirage-firewall.create +sudo qubesctl state.apply sys-mirage-firewall.create ``` diff --git a/salt/sys-net/README.md b/salt/sys-net/README.md index 40876270..5c30b680 100644 --- a/salt/sys-net/README.md +++ b/salt/sys-net/README.md @@ -31,29 +31,29 @@ DNS is working, after that, proceed with the installation. - Top: ```sh -qubesctl top.enable sys-net -qubesctl --targets=tpl-sys-net state.apply -qubesctl top.disable sys-net -qubesctl state.apply sys-net.prefs-disp +sudo qubesctl top.enable sys-net +sudo qubesctl --targets=tpl-sys-net state.apply +sudo qubesctl top.disable sys-net +sudo qubesctl state.apply sys-net.prefs-disp ``` - State: ```sh -qubesctl state.apply sys-net.create -qubesctl --skip-dom0 --targets=tpl-sys-net state.apply sys-net.install -qubesctl state.apply sys-net.prefs-disp +sudo qubesctl state.apply sys-net.create +sudo qubesctl --skip-dom0 --targets=tpl-sys-net state.apply sys-net.install +sudo qubesctl state.apply sys-net.prefs-disp ``` If you need to debug a net qube, install some helper tools: ```sh -qubesctl --skip-dom0 --targets=tpl-sys-net state.apply sys-net.install-debug +sudo qubesctl --skip-dom0 --targets=tpl-sys-net state.apply sys-net.install-debug ``` If you prefer to have an app qube as the net qube: ```sh -qubesctl state.apply sys-net.prefs +sudo qubesctl state.apply sys-net.prefs ``` You might need to install some firmware on the template for your network diff --git a/salt/sys-pgp/README.md b/salt/sys-pgp/README.md index 3ca8f8a4..4355c228 100644 --- a/salt/sys-pgp/README.md +++ b/salt/sys-pgp/README.md @@ -19,23 +19,23 @@ and access to them is made from the client through Qrexec. - Top: ```sh -qubesctl top.enable sys-pgp -qubesctl --targets=tpl-sys-pgp,sys-pgp state.apply -qubesctl top.disable sys-pgp +sudo qubesctl top.enable sys-pgp +sudo qubesctl --targets=tpl-sys-pgp,sys-pgp state.apply +sudo qubesctl top.disable sys-pgp ``` - State: ```sh -qubesctl state.apply sys-pgp.create -qubesctl --skip-dom0 --targets=tpl-sys-pgp state.apply sys-pgp.install -qubesctl --skip-dom0 --targets=sys-pgp state.apply sys-pgp.configure +sudo qubesctl state.apply sys-pgp.create +sudo qubesctl --skip-dom0 --targets=tpl-sys-pgp state.apply sys-pgp.install +sudo qubesctl --skip-dom0 --targets=sys-pgp state.apply sys-pgp.configure ``` Install on the client template: ```sh -qubesctl --skip-dom0 --targets=tpl-qubes-builder,tpl-dev state.apply sys-pgp.install-client +sudo qubesctl --skip-dom0 --targets=tpl-qubes-builder,tpl-dev state.apply sys-pgp.install-client ``` The client qube requires the split GPG client service to be enabled: diff --git a/salt/sys-pihole/README.md b/salt/sys-pihole/README.md index f83b693b..2f7c7f52 100644 --- a/salt/sys-pihole/README.md +++ b/salt/sys-pihole/README.md @@ -33,20 +33,20 @@ provider however, don't install this package. - Top: ```sh -qubesctl top.enable sys-pihole browser -qubesctl --targets=tpl-browser,sys-pihole-browser,sys-pihole state.apply -qubesctl top.disable sys-pihole browser -qubesctl state.apply sys-pihole.appmenus +sudo qubesctl top.enable sys-pihole browser +sudo qubesctl --targets=tpl-browser,sys-pihole-browser,sys-pihole state.apply +sudo qubesctl top.disable sys-pihole browser +sudo qubesctl state.apply sys-pihole.appmenus ``` - State: ```sh -qubesctl state.apply sys-pihole.create -qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install -qubesctl --skip-dom0 --targets=sys-pihole state.apply sys-pihole.install -qubesctl --skip-dom0 --targets=sys-pihole-browser state.apply sys-pihole.configure-browser -qubesctl state.apply sys-pihole.appmenus +sudo qubesctl state.apply sys-pihole.create +sudo qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install +sudo qubesctl --skip-dom0 --targets=sys-pihole state.apply sys-pihole.install +sudo qubesctl --skip-dom0 --targets=sys-pihole-browser state.apply sys-pihole.configure-browser +sudo qubesctl state.apply sys-pihole.appmenus ``` @@ -54,7 +54,7 @@ If you want to change the global preferences `updatevm` and `default_netvm` and the per-qube preference `netvm` of all qubes from `sys-firewall` to `sys-pihole`, run: ```sh -qubesctl state.apply sys-pihole.prefs +sudo qubesctl state.apply sys-pihole.prefs ``` ## Usage diff --git a/salt/sys-rsync/README.md b/salt/sys-rsync/README.md index 8e6b4fb0..4c5dfacf 100644 --- a/salt/sys-rsync/README.md +++ b/salt/sys-rsync/README.md @@ -28,23 +28,23 @@ the user. - Top: ```sh -qubesctl top.enable sys-rsync -qubesctl --targets=tpl-sys-rsync,sys-rsync state.apply -qubesctl top.disable sys-rsync +sudo qubesctl top.enable sys-rsync +sudo qubesctl --targets=tpl-sys-rsync,sys-rsync state.apply +sudo qubesctl top.disable sys-rsync ``` - State: ```sh -qubesctl state.apply sys-rsync.create -qubesctl --skip-dom0 --targets=tpl-sys-rsync state.apply sys-rsync.install -qubesctl --skip-dom0 --targets=sys-rsync state.apply sys-rsync.configure +sudo qubesctl state.apply sys-rsync.create +sudo qubesctl --skip-dom0 --targets=tpl-sys-rsync state.apply sys-rsync.install +sudo qubesctl --skip-dom0 --targets=sys-rsync state.apply sys-rsync.configure ``` Install on the client template: ```sh -qubesctl --skip-dom0 --targets=TEMPLATE state.apply sys-rsync.install-client +sudo qubesctl --skip-dom0 --targets=TEMPLATE state.apply sys-rsync.install-client ``` The client qube requires the Rsync forwarder service to be enabled: diff --git a/salt/sys-ssh-agent/README.md b/salt/sys-ssh-agent/README.md index 2158c046..12f608d2 100644 --- a/salt/sys-ssh-agent/README.md +++ b/salt/sys-ssh-agent/README.md @@ -54,23 +54,23 @@ A rogue client has full control of the allowed agent, therefore it can: - Top: ```sh -qubesctl top.enable sys-ssh-agent -qubesctl --targets=tpl-sys-ssh-agent,sys-ssh-agent state.apply -qubesctl top.disable sys-ssh-agent +sudo qubesctl top.enable sys-ssh-agent +sudo qubesctl --targets=tpl-sys-ssh-agent,sys-ssh-agent state.apply +sudo qubesctl top.disable sys-ssh-agent ``` - State: ```sh -qubesctl state.apply sys-ssh-agent.create -qubesctl --skip-dom0 --targets=tpl-sys-ssh-agent state.apply sys-ssh-agent.install -qubesctl --skip-dom0 --targets=sys-ssh-agent state.apply sys-ssh-agent.configure +sudo qubesctl state.apply sys-ssh-agent.create +sudo qubesctl --skip-dom0 --targets=tpl-sys-ssh-agent state.apply sys-ssh-agent.install +sudo qubesctl --skip-dom0 --targets=sys-ssh-agent state.apply sys-ssh-agent.configure ``` Installation on the client template: ```sh -qubesctl --skip-dom0 --targets=TEMPLATE state.apply sys-ssh-agent.install-client +sudo qubesctl --skip-dom0 --targets=TEMPLATE state.apply sys-ssh-agent.install-client ``` ## Access Control diff --git a/salt/sys-ssh/README.md b/salt/sys-ssh/README.md index c63403df..1cb9ffd3 100644 --- a/salt/sys-ssh/README.md +++ b/salt/sys-ssh/README.md @@ -29,23 +29,23 @@ server qube directly. - Top: ```sh -qubesctl top.enable sys-ssh -qubesctl --targets=tpl-sys-ssh,sys-ssh state.apply -qubesctl top.disable sys-ssh +sudo qubesctl top.enable sys-ssh +sudo qubesctl --targets=tpl-sys-ssh,sys-ssh state.apply +sudo qubesctl top.disable sys-ssh ``` - State: ```sh -qubesctl state.apply sys-ssh.create -qubesctl --skip-dom0 --targets=tpl-sys-ssh state.apply sys-ssh.install -qubesctl --skip-dom0 --targets=sys-ssh state.apply sys-ssh.configure +sudo qubesctl state.apply sys-ssh.create +sudo qubesctl --skip-dom0 --targets=tpl-sys-ssh state.apply sys-ssh.install +sudo qubesctl --skip-dom0 --targets=sys-ssh state.apply sys-ssh.configure ``` Install on the client template: ```sh -qubesctl --skip-dom0 --targets=TEMPLATE state.apply sys-ssh.install-client +sudo qubesctl --skip-dom0 --targets=TEMPLATE state.apply sys-ssh.install-client ``` The client qube requires the SSH forwarder service to be enabled: diff --git a/salt/sys-syncthing/README.md b/salt/sys-syncthing/README.md index 05233979..3997b581 100644 --- a/salt/sys-syncthing/README.md +++ b/salt/sys-syncthing/README.md @@ -25,10 +25,10 @@ accessible externally. - Top: ```sh -qubesctl top.enable sys-syncthing browser -qubesctl --targets=tpl-browser,sys-syncthing-browser,tpl-sys-syncthing,sys-syncthing state.apply -qubesctl top.disable sys-syncthing browser -qubesctl state.apply sys-syncthing.appmenus +sudo qubesctl top.enable sys-syncthing browser +sudo qubesctl --targets=tpl-browser,sys-syncthing-browser,tpl-sys-syncthing,sys-syncthing state.apply +sudo qubesctl top.disable sys-syncthing browser +sudo qubesctl state.apply sys-syncthing.appmenus qvm-port-forward -a add -q sys-syncthing -n tcp -p 22000 qvm-port-forward -a add -q sys-syncthing -n udp -p 22000 ``` @@ -36,12 +36,12 @@ qvm-port-forward -a add -q sys-syncthing -n udp -p 22000 - State: ```sh -qubesctl state.apply sys-syncthing.create -qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install -qubesctl --skip-dom0 --targets=tpl-sys-syncthing state.apply sys-syncthing.install -qubesctl --skip-dom0 --targets=sys-syncthing state.apply sys-syncthing.configure -qubesctl --skip-dom0 --targets=sys-syncthing-browser state.apply sys-syncthing.configure-browser -qubesctl state.apply sys-syncthing.appmenus +sudo qubesctl state.apply sys-syncthing.create +sudo qubesctl --skip-dom0 --targets=tpl-browser state.apply browser.install +sudo qubesctl --skip-dom0 --targets=tpl-sys-syncthing state.apply sys-syncthing.install +sudo qubesctl --skip-dom0 --targets=sys-syncthing state.apply sys-syncthing.configure +sudo qubesctl --skip-dom0 --targets=sys-syncthing-browser state.apply sys-syncthing.configure-browser +sudo qubesctl state.apply sys-syncthing.appmenus qvm-port-forward -a add -q sys-syncthing -n tcp -p 22000 qvm-port-forward -a add -q sys-syncthing -n udp -p 22000 ``` @@ -49,7 +49,7 @@ qvm-port-forward -a add -q sys-syncthing -n udp -p 22000 Install Syncthing on the client template: ```sh -qubesctl --skip-dom0 --targets=TEMPLATE state.apply sys-syncthing.install-client +sudo qubesctl --skip-dom0 --targets=TEMPLATE state.apply sys-syncthing.install-client ``` The client qube requires the split Syncthing service to be enabled: @@ -119,8 +119,8 @@ Uninstallation procedure: ```sh qvm-port-forward -a del -q sys-syncthing -n tcp -p 22000 qvm-port-forward -a del -q sys-syncthing -n udp -p 22000 -qubesctl --skip-dom0 --targets=sys-syncthing state.apply sys-syncthing.cancel -qubesctl state.apply sys-syncthing.clean +sudo qubesctl --skip-dom0 --targets=sys-syncthing state.apply sys-syncthing.cancel +sudo qubesctl state.apply sys-syncthing.clean ``` diff --git a/salt/sys-usb/README.md b/salt/sys-usb/README.md index a7423f08..203f6999 100644 --- a/salt/sys-usb/README.md +++ b/salt/sys-usb/README.md @@ -19,37 +19,37 @@ the USB controllers to different qubes is possible. - Top: ```sh -qubesctl top.enable sys-usb -qubesctl --targets=tpl-sys-usb state.apply -qubesctl top.disable sys-usb +sudo qubesctl top.enable sys-usb +sudo qubesctl --targets=tpl-sys-usb state.apply +sudo qubesctl top.disable sys-usb ``` - State: ```sh -qubesctl state.apply sys-usb.create -qubesctl --skip-dom0 --targets=tpl-sys-usb state.apply sys-usb.install +sudo qubesctl state.apply sys-usb.create +sudo qubesctl --skip-dom0 --targets=tpl-sys-usb state.apply sys-usb.install ``` If you use an USB keyboard, also run: ```sh -qubesctl state.apply sys-usb.keyboard +sudo qubesctl state.apply sys-usb.keyboard ``` Install the proxy on the client template: ```sh -qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-usb.install-client-proxy +sudo qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-usb.install-client-proxy ``` If the client requires decrypting a device, install on the client template: ```sh -qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-usb.install-client-cryptsetup +sudo qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-usb.install-client-cryptsetup ``` If the client requires a FIDO device, install on the client template: ```sh -qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-usb.install-client-fido +sudo qubesctl --skip-dom0 --targets=tpl-QUBE state.apply sys-usb.install-client-fido ``` And enable the CTAP Proxy service for the client qubes: ```sh diff --git a/salt/sys-wireguard/README.md b/salt/sys-wireguard/README.md index 88a115c3..8e29d0e3 100644 --- a/salt/sys-wireguard/README.md +++ b/salt/sys-wireguard/README.md @@ -18,17 +18,17 @@ other qubes through the VPN with fail closed mechanism. - Top: ```sh -qubesctl top.enable sys-wireguard -qubesctl --targets=tpl-sys-wireguard,sys-wireguard state.apply -qubesctl top.disable sys-wireguard +sudo qubesctl top.enable sys-wireguard +sudo qubesctl --targets=tpl-sys-wireguard,sys-wireguard state.apply +sudo qubesctl top.disable sys-wireguard ``` - State: ```sh -qubesctl state.apply sys-wireguard.create -qubesctl --skip-dom0 --targets=tpl-sys-wireguard state.apply sys-wireguard.install -qubesctl --skip-dom0 --targets=sys-wireguard state.apply sys-wireguard.configure +sudo qubesctl state.apply sys-wireguard.create +sudo qubesctl --skip-dom0 --targets=tpl-sys-wireguard state.apply sys-wireguard.install +sudo qubesctl --skip-dom0 --targets=sys-wireguard state.apply sys-wireguard.configure ``` diff --git a/salt/terraform/README.md b/salt/terraform/README.md index a7bb1f98..07d3a402 100644 --- a/salt/terraform/README.md +++ b/salt/terraform/README.md @@ -16,16 +16,16 @@ Install Terraform and use it on the "terraform" app qube. - Top: ```sh -qubesctl top.enable terraform -qubesctl --targets=tpl-terraform state.apply -qubesctl top.disable terraform +sudo qubesctl top.enable terraform +sudo qubesctl --targets=tpl-terraform state.apply +sudo qubesctl top.disable terraform ``` - State: ```sh -qubesctl state.apply terraform.create -qubesctl --skip-dom0 --targets=tpl-terraform state.apply terraform.install +sudo qubesctl state.apply terraform.create +sudo qubesctl --skip-dom0 --targets=tpl-terraform state.apply terraform.install ``` diff --git a/salt/usb/README.md b/salt/usb/README.md index 5897e0d8..19d35cc9 100644 --- a/salt/usb/README.md +++ b/salt/usb/README.md @@ -17,16 +17,16 @@ you can base disposable qubes, geared towards USB client usage. - Top: ```sh -qubesctl top.enable usb -qubesctl --targets=tpl-usb state.apply -qubesctl top.disable usb +sudo qubesctl top.enable usb +sudo qubesctl --targets=tpl-usb state.apply +sudo qubesctl top.disable usb ``` - State: ```sh -qubesctl state.apply usb.create -qubesctl --skip-dom0 --targets=tpl-usb state.apply usb.install +sudo qubesctl state.apply usb.create +sudo qubesctl --skip-dom0 --targets=tpl-usb state.apply usb.install ``` diff --git a/salt/utils/tools/builder/README.md b/salt/utils/tools/builder/README.md index 690e3c9d..c0385995 100644 --- a/salt/utils/tools/builder/README.md +++ b/salt/utils/tools/builder/README.md @@ -17,11 +17,11 @@ building packages in UNIX distributions. Install builder tools on templates: ```sh -qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.builder.core +sudo qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.builder.core ``` Install documentation tools on templates: ```sh -qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.builder.doc +sudo qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.builder.doc ``` ## Usage diff --git a/salt/utils/tools/zsh/README.md b/salt/utils/tools/zsh/README.md index 3f28a739..970d1b91 100644 --- a/salt/utils/tools/zsh/README.md +++ b/salt/utils/tools/zsh/README.md @@ -17,16 +17,16 @@ warnings. - Top ```sh -qubesctl top.enable utils.tools.zsh -qubesctl --targets=TARGET state.apply -qubesctl top.disable utils.tools.zsh +sudo qubesctl top.enable utils.tools.zsh +sudo qubesctl --targets=TARGET state.apply +sudo qubesctl top.disable utils.tools.zsh ``` - State ```sh -qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.zsh.change-shell -qubesctl --skip-dom0 --targets=APPVMS state.apply utils.tools.zsh.touch-zshrc +sudo qubesctl --skip-dom0 --targets=TEMPLATEVMS state.apply utils.tools.zsh.change-shell +sudo qubesctl --skip-dom0 --targets=APPVMS state.apply utils.tools.zsh.touch-zshrc ``` diff --git a/salt/vault/README.md b/salt/vault/README.md index 2d7d7dd5..a7f817e4 100644 --- a/salt/vault/README.md +++ b/salt/vault/README.md @@ -18,18 +18,18 @@ keys. - Top: ```sh -qubesctl top.enable vault -qubesctl --targets=tpl-vault state.apply -qubesctl top.disable vault -qubesctl state.apply vault.appmenus +sudo qubesctl top.enable vault +sudo qubesctl --targets=tpl-vault state.apply +sudo qubesctl top.disable vault +sudo qubesctl state.apply vault.appmenus ``` - State: ```sh -qubesctl state.apply vault.create -qubesctl --skip-dom0 --targets=tpl-vault state.apply vault.install -qubesctl state.apply vault.appmenus +sudo qubesctl state.apply vault.create +sudo qubesctl --skip-dom0 --targets=tpl-vault state.apply vault.install +sudo qubesctl state.apply vault.appmenus ``` diff --git a/salt/whonix-gateway/README.md b/salt/whonix-gateway/README.md index 5c2ff4c4..19372506 100644 --- a/salt/whonix-gateway/README.md +++ b/salt/whonix-gateway/README.md @@ -17,18 +17,18 @@ it. - Top: ```sh -qubesctl top.enable whonix-gateway -qubesctl --targets=whonix-gateway-17 state.apply -qubesctl top.disable whonix-gateway -qubesctl state.apply whonix-gateway.appmenus +sudo qubesctl top.enable whonix-gateway +sudo qubesctl --targets=whonix-gateway-17 state.apply +sudo qubesctl top.disable whonix-gateway +sudo qubesctl state.apply whonix-gateway.appmenus ``` - State: ```sh -qubesctl state.apply whonix-gateway.create -qubesctl --skip-dom0 --targets=whonix-gateway-17 state.apply whonix-gateway.install -qubesctl state.apply whonix-gateway.appmenus +sudo qubesctl state.apply whonix-gateway.create +sudo qubesctl --skip-dom0 --targets=whonix-gateway-17 state.apply whonix-gateway.install +sudo qubesctl state.apply whonix-gateway.appmenus ``` diff --git a/salt/whonix-workstation/README.md b/salt/whonix-workstation/README.md index b5ab5609..e1309251 100644 --- a/salt/whonix-workstation/README.md +++ b/salt/whonix-workstation/README.md @@ -17,18 +17,18 @@ based on it. - Top: ```sh -qubesctl top.enable whonix-workstation -qubesctl --targets=whonix-workstation-17 state.apply -qubesctl top.disable whonix-workstation -qubesctl state.apply whonix-workstation.appmenus +sudo qubesctl top.enable whonix-workstation +sudo qubesctl --targets=whonix-workstation-17 state.apply +sudo qubesctl top.disable whonix-workstation +sudo qubesctl state.apply whonix-workstation.appmenus ``` - State: ```sh -qubesctl state.apply whonix-workstation.create -qubesctl --skip-dom0 --targets=whonix-workstation-17 state.apply whonix-workstation.install -qubesctl state.apply whonix-workstation.appmenus +sudo qubesctl state.apply whonix-workstation.create +sudo qubesctl --skip-dom0 --targets=whonix-workstation-17 state.apply whonix-workstation.install +sudo qubesctl state.apply whonix-workstation.appmenus ```