deeplow

Results 493 comments of deeplow

Unused kernels can fill up template disk - distro equivalent of autoremove should be applied automatically.

> That's not entirely right place - if python3-apt is installed, the API version is used: https://github.com/QubesOS/qubes-core-admin-linux/blob/a954e6595948aad7cf33f450d6144da40461230e/vmupdate/agent/source/apt/apt_api.py Makes sense. Thanks! > BTW, in bookworm apt dist-upgrade seems to automatically remove...

Unused kernels can fill up template disk - distro equivalent of autoremove should be applied automatically.

Thanks for all the context @legoktm!

refactor service configuration from Salt (at provisioning) to systemd (at boot)

Instead of changing behavior based on hostname, we could [qubes services](https://www.qubes-os.org/doc/qubes-service/) instead. The only differences are: - use of `ConditionPathExists=` instead of `ConditionHost=` - we could enable / disable services...

refactor service configuration from Salt (at provisioning) to systemd (at boot)

This started being tackled a while ago via https://github.com/freedomofpress/securedrop-workstation/pull/840/ and its cousins (https://github.com/freedomofpress/securedrop-builder/pull/396/ and https://github.com/freedomofpress/securedrop-client/pull/1677) . I can try to bring it back into reviewable state after discussing with @zenmonkeykstop,...

refactor service configuration from Salt (at provisioning) to systemd (at boot)

What if we instead call them with `init` or `bootstrap` prefix? (`init-sd-app` or `bootstrap-sd-app`). In my mind that makes a bit clearer what the service goal is. Because in reality...

refactor service configuration from Salt (at provisioning) to systemd (at boot)

> As a practical case is if we want to add a new "sd-log-whatever" service in a VM, we'd have to also do a corresponding workstation patch to enable the...

refactor service configuration from Salt (at provisioning) to systemd (at boot)

To summarize some of the (new) arguments for the use of services (as opposed to hostnames): - **code reuse** - the the moment we have something which runs in multiple...

refactor service configuration from Salt (at provisioning) to systemd (at boot)

From [my calculations](https://github.com/freedomofpress/securedrop-workstation/issues/973#issue-2230977875), the biggest bottleneck to provisioning is the need to provision files in app qubes. ## Breakdown of what salt is provisioning (in VMs) ``` sd-gpg: - sd-gpg-files:...

refactor service configuration from Salt (at provisioning) to systemd (at boot)

I have move the mime-handling conversation to its own separate issue to keep this one focused how to approach this systemd provisioning in general. I hope that's OK. (I should...

refactor service configuration from Salt (at provisioning) to systemd (at boot)

> So for now my proposal would be to: > > Make disposable + provision via systemd + qubes services: > - sd-proxy > - sd-devices-dvm > - sd-viewer >...