opened 11:29PM - 24 May 19 UTC
T: enhancement
C: core
P: default
I'm currently working on Qubes Server Formulas for providing a server example co…nfiguration like:
```
.-------------. .---------------.
| wan-sys-net | | admin-sys-net |
'------.------' '-------.-------'
| |
.---------'--------. .---------|----------.
| wan-sys-firewall | | admin-sys-firewall |
'---------.--------' '---------.----------'
| |
.------------------. .-------'-------.
| dmz-sys-firewall | | admin-openvpn |
'-.-------.------.-' '-------.-------'
| \ \ .--------. |
' \ '---- dmz-ns | .------'-----.
/ ' '--------' | admin-mgmt |
.------------------. / .------'------. '------------'
| lan-sys-firewall |' | dmz-sys-net |
'---.------------.-' '-------------'
/ | \
.-----'----. | .----'---.
| lan-dhcp | | | lan-ns |
'----------' | '--------'
|
.------'------.
| lan-sys-net |
'-------------'
```
It intends to provide sufficient built-in Qubes materials for bringing Qubes to the edge of server environments. In the case of the example provided above, each 'sys-net' can be with physical nic, bridged nic, routed nic from another specific VM having for example a bond interface or multiples VLANs networks.
Here is the a list of tasks related to this work:
- [x] provide ```qvm-console``` to connect to a VM from an admin vm
- [x] handle network configuration in case of non default 'eth0'
- [x] create core-admin-addon-bridge-device for handling bridge devices (dom0 side)
- [x] create core-agent-linux-addon-bridge-device for handling bridge devices (vm side)
- [x] create configurations for netvm having bond and vlan interfaces
- [ ] create documentation
- [x] provide Salt formulas for basic services (nameserver, dhcp, openvpn)
- [ ] provide Salt formulas with different topologies
- [ ] build specific ISO with Anaconda initial-setup with a server configuration
- [ ] write Qubes article about the subject