Skip to content

Commit

Permalink
fix: install securedrop-whonix-config into whonix-gateway template, n…
Browse files Browse the repository at this point in the history 
…ot sd-whonix

We can do this safely because the securedrop-whonix-config service is
only run when that service is enabled at the Qubes level: i.e., on
sd-whonix and not on sys-whonix, which doesn't have the necessary
QubesDB keys anyway.
  • Loading branch information
@cfm
cfm committed May 29, 2024
1 parent 27f03ad commit ebcabf6
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
3 changes: 3 additions & 0 deletions dom0/sd-whonix.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ sd-whonix:
- add:
- sd-workstation
- sd-{{ sdvars.distribution }}
- features:
- enable:
- service.securedrop-whonix-config
- require:
- sls: sd-upgrade-templates
- sls: sd-sys-whonix-vms
Expand Down
4 changes: 2 additions & 2 deletions dom0/sd-workstation.top
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,6 @@ base:
- sd-gpg-files
sd-app:
- sd-mime-handling
sd-whonix:
- sd-whonix-config
'sd-fedora-39-dvm,sys-usb':
- match: list
- sd-usb-autoattach-add
Expand All @@ -47,6 +45,8 @@ base:
- sd-mime-handling
sd-proxy:
- sd-mime-handling
whonix-gateway-17:
- sd-whonix-config

# "Placeholder" config to trigger TemplateVM boots,
# so upgrades can be applied automatically via cron.
Expand Down

0 comments on commit ebcabf6

Please sign in to comment.