From 68a8e1777c12c32439e58b5b4eb7da01382fa3c6 Mon Sep 17 00:00:00 2001
From: Wojtek Porczyk <woju@invisiblethingslab.com>
Date: Thu, 30 Jul 2015 14:19:21 +0200
Subject: [PATCH] liveusb: add qubes-specific configuration

---
 conf/liveusb.ks | 24 ++++++++++++++++++++++++
 live/livesys    |  4 ++++
 2 files changed, 28 insertions(+)

diff --git a/conf/liveusb.ks b/conf/liveusb.ks
index cb1a954..9f7843c 100644
--- a/conf/liveusb.ks
+++ b/conf/liveusb.ks
@@ -78,6 +78,30 @@ fi
 echo 'File created by kickstart. See systemd-update-done.service(8).' \
     | tee /etc/.updated >/var/.updated
 
+
+#
+# setup Qubes
+#
+
+# TODO: appmenus
+
+# we won't do `useradd qubes`, since his creation depends of persistent home
+# feature; see /etc/rc.d/init.d/livesys
+
+qvm-create  --offline-mode --force-root --net --label red sys-net
+qvm-create  --offline-mode --force-root --proxy --label green sys-firewall
+
+qvm-prefs   --offline-mode --force-root --set sys-firewall netvm sys-net
+qubes-prefs --set default-netvm sys-firewall
+
+qvm-create  --offline-mode --force-root work --label green
+qvm-create  --offline-mode --force-root banking --label green
+qvm-create  --offline-mode --force-root personal --label yellow
+qvm-create  --offline-mode --force-root untrusted --label red
+
+chgrp -R qubes /var/lib/qubes
+chmod -R g+w /var/lib/qubes
+
 %end
 
 
diff --git a/live/livesys b/live/livesys
index dc8da08..0ffd5d8 100755
--- a/live/livesys
+++ b/live/livesys
@@ -102,6 +102,10 @@ if ! strstr "`cat /proc/cmdline`" nopersistenthome && [ -n "$homedev" ] ; then
   action "Mounting persistent /home" mountPersistentHome
 fi
 
+for dev in $(/sbin/lspci -mm -n | sed -ne 's/^\([0-9][0-9]:[0-9][0-9].[0-9]\) "02.*/\1/p'); do
+    /usr/bin/qvm-pci -a sys-net $dev
+done
+
 if [ -n "$configdone" ]; then
   exit 0
 fi