-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make dotfiles installation optional #17
Comments
Did you know you can configure my dotfiles to have your own settings loaded after the defaults? It does not prevent my settings from being loaded, but you can override it anyway. On one hand, I agree with you that they are my personal preference. On the other hand, I simply dislike using the small screen Xterm, the small font in Xterm, the non select-to-copy Xterm, not having handy aliases in the Shell. This is why on most projects I install at least: include:
- dotfiles.copy-sh
- dotfiles.copy-x11
You only need to fork and delete files (not directories) in each dotfile configuration and no dotfiles will be applied (I haven't tested to check if this works). For example, delete all sh files: cd dotfiles/files
find sh -type f -follow -delete
And this... some projects require my dotfiles to succeed because they expect files in certain directories. See the Electrum Xprofile for example, my dotfiles allow extra Xprofiles that are loaded when X starts, loading No defauls shell files in Debian or Fedora or any distro is so versatile as my dotfiles to allow conditional inclusion of files instead of having to append to In other words, my dotfiles, especially the
Opting-out is possible, but this would require some work, not difficult, but time consuming, that I am not sure it is worth it.
There arre currently
And this is a long, long work.
I am not closing this issue now because I tend to agree on a less personal preferences approach, but I also let the user deploy their own dotfiles, the only thing it really requires are the # copy-sh.sls
echo hello:
cmd.run But then some integration might break, and this integration can't be brought up here, to Qusal, because I either loose the power of my dotfiles or duplicate work that I make in my dotfiles to a more bare bones approach to Qusal, which means doubling code and this leads to eventually forgetting to update both codes and mess is created... I agree that something needs to be done, but I don't know how to make it less time consuming for me over the time, especially not duplicating code. Can you please point out which personal preference you find contradictory, just as an example? |
Thanks for your detailed response! I totally understand your points, but your explanation shows how closely the current state of Qusal is tight to your personal use cases, which is also understandable because you built it for yourself first and you specified that it's not production-ready. But then it makes it more difficult for new users to use it, because we not only install a project but also someone else's personal settings and preferences, and it partly deviates from QubesOS's philosophy. Ideally it would be completely separated, but as you pointed out it would require a lot of work and maintenance. My main concern is regarding changing Can we at least think about updating some Essentials tasks? For example I didn't install Electrum one, and for this case I won't mind installing the Dotfiles, but for the base ones that everyone installs I think it can be a good thing to make it more general. I already love Qusal and what it allows, I'd be happy to contribute! |
My dotfiles can be skipped for Let's take for example KDE, this is my personal preference that I brought up to Qusal, still, my personal preference. I have no problems using Xfce in a normal Linux system, but Qubes menu is so huge that KDE just makes that experience much better.
I have plans for that, but upstream (Qubes OS) does not have a good integration with
Mapping this has to be done by manually because I don't remember every project that has integration with my dotfiles, but for the sake of answering, I don't believe there are many. For now, I can only find the aforementioned Electrum and Mirage-Builder, but any project that puts files in
Thank you! I need to understand what you expect from a more compact version of my dotfiles, I need to see what you are imagining. A lot of dotfiles use external plugins to provide functionality, mine does not do that at all, so this impacts on the size of my dotfiles, but allows us to avoid making network connections and having a long loading time. Although you are free to discuss this issue, this is not a starter task, it not difficult, but time consuming. In order for me to see you are really committed to this long task, hang around, do smaller tasks, so I can have some expectation that you will be around over the time and eventually we will be able to close this issue as completed. For this issue to be fixed, I need to do changes changes in Qusal and my dotfiles. Qusal will hold a minimal configuration that can load extra files |
Of course I don't want to mess everything up, I'll see what I can do with the time I have, I'll send PRs for quick-wins and let's keep the discussion open for these bigger topics! |
I started doing this change but I noticed the changes are going to take some days to complete because I have to recreate the qubes, as my dotfiles can't be in there, they need to be absent and the best method is to remove and create the qubes. And this is only for testing, not involving the writing of the changes. See below my re-analysis of this matter.
How can I decide what is general and what is not? Let's take tpope/vim-sensible and tmux-plugins/tmux-sensible for example. These projects do not aim to respect default settings, but to set sensible values. vim-sensible:
tmux-sensible:
The phrase set of defaults that (hopefully) everyone can agree on is a difficult goal because then the provided solution becomes so minimal that doesn't cover most use cases, just the basic. So back to your request, on making my dotfiles more general, I think my dotfiles can be more general, it was built in a modular way. You may consider it also as a base anyone can built upon via the drop-in directories and the % cat ~/.gitconfig.local
; vim: ft=gitconfig
[user]
name = Ben Grande
email = [email protected]
signingKey = DF3834875B65758713D92E91A475969DE4E371E3 This way I can share my dotfiles without making the user change the defaults, only build upon it. The dotfiles are not only providing a modular configuration but also a safe configuration The git configuration Same thing with the gpg.conf, which unfortunately does not have a drop-in configuration file and hopefully will be substituted by Sequoia-PGP when possible. This GPG configuration is used for every GnuPG interaction with keys, I enforce a safe configuration, remove old ciphers, print keys in the long format etc. Same thing with the ssh configuration. My SSH configuration, client side, was not vulnerable to terrapin attack that affected almost all OpenSSH servers and clients. Instead of waiting for upstream patches, I can enforce safe ciphers by default and when you update, you get them before distro releases. Even security fixes from upstream distributions takes time. Note that my dotfiles do not cover the SSH server configuration, but the client can reject to connect if the server provided algorythms and ciphers are not allowed by the client. Although there is an OpenSSH server in the ansible formula, it is not make over the network, but over Qrexec. Xfce Thunar does not search for the Many other things are usability features, that I provide drop-in configuration for the user to modify without worrying that my formula will replace their configuration, no need to maintain a fork, just maintain your own configurations and apply them after the provided dotfiles. Yes, the dotfiles have features that I find useful both security and usability wise, they are not however, unique to me, they serve anyone that are using the tools that I provide in Qusal, the SSH client hardening make sense if the client qube You can continue to discuss for a more general approach directly on the dotfiles repo. Treat it as a dotfiles targetted at Qubes users that use minimal templates and use packages provided by the Qusal formula.
From Lines 18 to 23 in 5f10271
When I wrote You can consider the dotfiles projects as an extension of Qusal, a module, instead of being simply my personal preference. Like the Salt states, my dotfiles enforce a specific configuration, that can be changed per user discretion. If there is something that makes the dotfiles specific to me but not to a larger user base of Qusal users, please open an issue at the dotfiles repository. I want to make the dotfiles reusable. I can also say that Producing a minimal dotfile is of course possible but not something that I will be doing because after I start writing the first lines, I will think: why not add this, and this, and this and more thing are added. This is how my dotfiles grew, over time, it was very small in the beginning. To answer the title: Making dotfiles installation optional I do not aim to make it optional, it requires more work for me to do and I can't see clear benefits now, after my reanalysis. The dotfiles is a user configuration file that I created to be reusable and not only usable my me. Also, opting-in and opting-out is not easy with Salt, there is no GUI pane for the user to select Salt options. Technically, with Jinja pillars, this would be possible, to opt-in or opt-out, but still doesn't cover the case where the states expect the dotfiles to be installed for certain functionalities. |
By Essentials I mean Salt states as defined in the BOOTSTRAP doc. These will be the most installed and common ones, so it can the ones who are more general. I see your distinctions between personal and defaults (that everyone can agree on). I do agree that we should provide the defaults one. My proposal of making the dotfiles optional is also a matter of giving the user control and clarity over what is done. Currently Qusal is tigh to your usage and preferences (personal or default choices), we need to trust you on what is done when we run one single command. And usually opt-in is better that opt-out, because the user has better control. It's also easier to install than remove. Your personal choices made on Qusal can also diverge from QubesOS philosophy. For example, some things are installed in dom0, and that's strongly discouraged. What you install here is not mandatory or necessary, it eases the experience in dom0, but if dom0 is that painful to interact with, it's also for a reason, because of the security choices. And in the future, dom0 won't even be accessible when used with sys-gui-gpu for example. I personally don't mind polluting a VM because it can be recreated easily, but dom0 is completely different and I don't want to install anything but the strict necessary in it. Here is a matter of personal preferences, but Qusal enforces a point of view. I understand your points, it seems to be a lot of work, I hope in the future Qusal will be more generic, allows opt-ins and more clarity and control for the user. Thanks for all your clarifications, as no actionables come from this issue I won't continue the debate. If I see any quick improvements I will open other issues! |
I defined hopefully all formulas in the bootstrap doc. The only thing special is that it is organized per function.
You already need to trust me on whatever is done if you are running something you don't fully understand. I understand that the dotfiles do increase the amount of code that you need to trust.
Qubes documentation regarding installation of software in dom0 states: since software running in dom0 can potentially exercise full control over the system, it is important to install only trusted software in dom0 The problem with installing software in dom0 is not that one extra package is against QubesOS philosophy, but that we should prefer delegating the task that requires a package to a DomU so we don't increase our TCB (Trusted Computing Base). Installation of software in Dom0 is not wrong in it is needed. The And yes, Qusal enforces a point of view, install packages in Dom0 when necessary. I trust the dotfiles because I wrote them. You can consider
It can be in the future, just can't focus on this now. About control for the user and opt-ins, this is also a difficult choice, I want a good usability by default, asking for non-experts to write YAML for Salt Pillars to give users a choice during Salt states is also a complicated matter, one to be discussed in the future.
Please do. |
@peakunshift check out #74 |
Commitment
I confirm that I have read the following resources:
How to ask questions The Smart Way
Writing the perfect question
Question checklist
Could you please make my preference the defafault?
Current problem (if any)
Some files from creator's personal Dotfiles are required during some installation. As stated in the design guidlines, Qusal sould "provides a minimal modular isolated environment", and "should not focus on a specific Qubes OS user base". Currently we need to fork all Dotfiles which are personal settings.
Proposed solution
If some of these files are required for the installation to succeed, put them in this project. Otherwise, define a way to make dotfiles installation optionnal, by opting-in or opting-out.
The value to a user, and who that user might be
Make the installation process more generic without any personal preferences.
The text was updated successfully, but these errors were encountered: