Improve workspaces management #35

New Issue

DarkFeather · 2024-02-04T17:46:06-06:00

DarkFeather commented

2024-02-04 17:46:06 -06:00

We need to improve how we allocate our workspaces. Two of our workspaces are pretty well defined:

ArchLinux x86_64 is our primary server architecture and offers consistent rolling release to support deploying new tools & services.
Raspberry Pi OS offers lightweight, low-power compute such as for our hubs & nodelets.

However, we have been trying to use ArchLinux for a desktop environment, and this has been running into limitations. While still viable for controlled and secured deployments, we're hitting a lot of edge support issues, particularly in environments we don't control, such as GSuite & gaming. With some makers like MSI jailing their laptop hardware into Windows-signed Secure Boot firmwares, relying on a dual-boot ecosystem is complicating our supply chain.

As such, we are looking reintroducing Windows in the same capacity as Android into the ecosystem. We'll compile an app list to install on these client devices.

To still offer a secured compute environment natively on these devices, we'll recommend using VirtualBox with a Kali ISO or a flashdrive burned with the same for a read-only OS offering command-line Git, SSH, & web browsing options.

This brings our total support space to four operating systems, which is a bit more diverse than our original design. However, because the client space is popularly managed & tested, it increases the layuser's ability to use the ecosystem. To assist in this, we will further harden the network in a zero-trust model such that these client devices can be insulated from the rest of the network.

Initial work list

Document handling

Google Chrome for browsing
LibreOffice for documents, powerpoints, and sheets
Brother iPrint&Scan for printing and scanning

Multimedia

VLC for local playback
OBS for streaming and recording
gIMP for image editing
KDENlive for video & audio editing

Cryptography

Integrations

Steam for main game emulation -- other installers like GOG, Epic, etc. viable
VisualBoy Advance for handheld game emulation
Google Play for mobile emulation
Discord
GDrive

Admins

Git for code development & revision control
VirtualBox with Kali for pentesting

Test cases:

Users should be able to open Discord, GDrive & AniNIX SSHFS from UI buttons.
Users should be open any relevant documents, pictures, videos with the preferred tools from the share.
User should be able to use their passwords from KeePassXC as opened from SSHFS to log into relevant accounts within Google Chrome.
User should be able to scan and print intuitively (see DarkFeather/MSN0#9).
User should be able to mount their phone to the device to pull files & to USB tether -- they should know how to USB tether their Internet connection and connect to NordVPN.
User should be able to launch games from Steam or VisualBoy intuitively.
For admins, the following additional criteria must be met:
a. They should be able to boot a Kali ISO from flashdrive and from VirtualBox.
b. They should be able to clone their HomeDir repo and SSH into the network.

Closure criteria

This issue can be closed when this toolset is accepted, codified for ShadowArch deployment via playbook, and documented in the README.md.

We need to improve how we allocate our workspaces. Two of our workspaces are pretty well defined: * ArchLinux x86_64 is our primary server architecture and offers consistent rolling release to support deploying new tools & services. * Raspberry Pi OS offers lightweight, low-power compute such as for our hubs & nodelets. However, we have been trying to use ArchLinux for a desktop environment, and this has been running into limitations. While still viable for controlled and secured deployments, we're hitting a lot of edge support issues, particularly in environments we don't control, such as GSuite & gaming. With some makers like MSI jailing their laptop hardware into Windows-signed Secure Boot firmwares, relying on a dual-boot ecosystem is complicating our supply chain. As such, we are looking reintroducing Windows in the same capacity as Android into the ecosystem. We'll compile an app list to install on these client devices. To still offer a secured compute environment natively on these devices, we'll recommend using VirtualBox with a Kali ISO or a flashdrive burned with the same for a read-only OS offering command-line Git, SSH, & web browsing options. This brings our total support space to four operating systems, which is a bit more diverse than our original design. However, because the client space is popularly managed & tested, it increases the layuser's ability to use the ecosystem. To assist in this, we will further harden the network in a zero-trust model such that these client devices can be insulated from the rest of the network. ----- # Initial work list ## Document handling * [Google Chrome](https://www.google.com/chrome/) for browsing * [LibreOffice](https://www.libreoffice.org/) for documents, powerpoints, and sheets * [Brother iPrint&Scan](https://support.brother.com/g/b/downloadhowto.aspx?c=us&lang=en&prod=mfcj430w_all&os=10013&dlid=dlf004735_000&flang=8&type3=11) for printing and scanning ## Multimedia * [VLC](https://www.videolan.org/vlc/) for local playback * [OBS](https://obsproject.com/download) for streaming and recording * [gIMP](https://www.gimp.org/) for image editing * [KDENlive](https://kdenlive.org/en/download/) for video & audio editing ## Cryptography * [KeePassXC](https://keepassxc.org/download/#windows) * [NordVPN](https://nordvpn.com/download/) * [SSHFS](https://github.com/evsar3/sshfs-win-manager) ## Integrations * [Steam](https://steampowered.com/) for main game emulation -- other installers like GOG, Epic, etc. viable * [VisualBoy Advance](https://visualboyadvance.org/install-windows/) for handheld game emulation * [Google Play](https://play.google.com/googleplaygames?pcampaignid=merch-FCC-gpg-titlelaunch-klondike-adventures-web) for mobile emulation * [Discord](https://discordapp.com) * [GDrive](https://www.google.com/drive/download/) ## Admins * [Git](https://git-scm.com/downloads) for code development & revision control * [VirtualBox](https://www.virtualbox.org/wiki/Downloads) with [Kali](https://www.kali.org/get-kali/#kali-live) for pentesting ----- # Test cases: 1. Users should be able to open Discord, GDrive & AniNIX SSHFS from UI buttons. 1. Users should be open any relevant documents, pictures, videos with the preferred tools from the share. 1. User should be able to use their passwords from KeePassXC as opened from SSHFS to log into relevant accounts within Google Chrome. 1. User should be able to scan and print intuitively (see DarkFeather/MSN0#9). 1. User should be able to mount their phone to the device to pull files & to USB tether -- they should know how to USB tether their Internet connection and connect to NordVPN. 1. User should be able to launch games from Steam or VisualBoy intuitively. 1. For admins, the following additional criteria must be met: a. They should be able to boot a Kali ISO from flashdrive and from VirtualBox. b. They should be able to clone their HomeDir repo and SSH into the network. ----- # Closure criteria This issue can be closed when this toolset is accepted, codified for ShadowArch deployment via playbook, and documented in the README.md.

DarkFeather self-assigned this 2024-02-04 17:52:56 -06:00

Sign in to join this conversation.