Commit be3263ff authored by Clark's avatar Clark
Browse files

Adding NetVMs throughout, specifying more programs

parent 697aa9a5
......@@ -128,30 +128,42 @@ rectangle System_Wrapper {
rectangle << System >> {
entity dom0
entity dom0 {
{static} NetVM <none>
}
entity "default-mgmt-dvm" as default_mgmt_dvm {
{static} template <f30>
{static} TemplateVM <f30>
{static} NetVM <none>
}
entity "sys-net" as sys_net {
{static} template <f30>
}
rectangle << NetVMs >> {
entity "sys-usb" as sys_usb {
{static} template <f30>
entity "sys-net" as sys_net {
{static} TemplateVM <f30>
{static} NetVM <none>
}
entity "sys-firewall" as sys_firewall {
{static} template <f30>
{static} TemplateVM <f30>
{static} NetVM <sys-net>
}
entity "sys-vpn" as sys_vpn {
{static} template < ???? >
{static} TemplateVM < ??? >
{static} NetVM <sys-firewall>
}
entity "sys-whonix" as sys_whonix {
{static} template <w15-gw>
{static} TemplateVM <w15-gw>
{static} NetVM <sys-firewall>
}
}
entity "sys-usb" as sys_usb {
{static} TemplateVM <f30>
{static} NetVM <none>
}
}
......@@ -163,98 +175,138 @@ rectangle UserSpace_Wrapper {
rectangle << UserSpace >> {
class "bytecache-dev" as bytecache_dev {
{static} template <d10-ws>
{static} network <sys-vpn>
{static} TemplateVM <d10-ws>
{static} NetVM <sys-vpn>
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#rust Rust]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#python-3 Python3]]
}
class "bytecache-email" as bytecache_email {
{static} template <d10-email>
{static} network <sys-vpn>
{static} TemplateVM <d10-email>
{static} NetVM <sys-vpn>
{method} #Thunderbird
{method} #ProtonMail Bridge
}
class "bytecache-matrix" as bytecache_matrix {
{static} template <d10-social>
{static} network <sys-vpn>
{static} TemplateVM <d10-social>
{static} NetVM <sys-vpn>
{method} #Element
}
class "bytecache-user" as bytecache_user {
{static} template <w15-ws>
{static} network <sys-vpn>
{static} TemplateVM <w15-ws>
{static} NetVM <sys-whonix>
}
class "bytecache-gpg-vault" as bytecache_gpg_vault {
{static} template < ???? >
{static} TemplateVM < ??? >
{static} NetVM <none>
}
class "bytecache-ssh-vault" as bytecache_ssh_vault {
{static} template <f30-ssh-vault>
{static} TemplateVM <f30-ssh-vault>
{static} NetVM <none>
}
class "anon-whonix" as anon_whonix {
{static} template <w15-ws>
{static} network <sys-vpn>
{static} TemplateVM <w15-ws>
{static} NetVM <sys-vpn>
}
enum "u18-dev-dvm" as ubuntu_dvm {
{static} template <u18-dev>
{static} network <sys-vpn>
enum "u18-ws-dvm" as ubuntu_ws_dvm {
{static} TemplateVM <u18-ws>
{static} NetVM <sys-whonix>
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#ethereum Ethereum]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#rust Rust]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#python-3 Python3]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#r R]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#gdb GDB]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#radare-2 Radare 2]]
}
enum "d10-ws-dvm" as debian_ws_dvm {
{static} template <d10-ws>
{static} network <sys-vpn>
{static} TemplateVM <d10-ws>
{static} NetVM <sys-whonix>
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#rust Rust]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#python-3 Python3]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#r R]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#gdb GDB]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#radare-2 Radare 2]]
}
enum "f30-dvm" as fedora_dvm {
{static} template <f30>
{static} network <sys-vpn>
{static} TemplateVM <f30>
{static} NetVM <sys-whonix>
}
class "untrusted" as untruster {
{static} template <d10-ws>
{static} network <sys-vpn>
{static} TemplateVM <d10-ws>
{static} NetVM <sys-whonix>
}
enum "w15-ws-dvm" as whonix_ws_dvm {
{static} template <w15-ws>
{static} network <sys-vpn>
{static} TemplateVM <w15-ws>
{static} NetVM <sys-whonix>
}
class "work-email" as work_email {
{static} template <d10>
{static} network <sys-vpn>
{static} TemplateVM <d10>
{static} NetVM <sys-vpn>
{method} #Thunderbird
}
class "work-dev" as work_dev {
{static} template <u18-dev>
{static} network <sys-vpn>
{static} TemplateVM <u18-dev>
{static} NetVM <sys-vpn>
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#ethereum Ethereum]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#rust Rust]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#python-3 Python3]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#gdb GDB]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#radare-2 Radare 2]]
}
class "work-audit-gold-image" as work_audit_gold_image {
{static} template <u18-dev>
{static} network <sys-vpn>
{static} TemplateVM <u18-dev>
{static} NetVM <sys-vpn>
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#ethereum Ethereum]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#rust Rust]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#python-3 Python3]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#gdb GDB]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#radare-2 Radare 2]]
}
class "work-social" as work_social {
{static} template <d10-social>
{static} TemplateVM <d10-social>
{static} NetVM <sys-vpn>
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} #Zoom
{method} #Slack
}
class "work-gpg-vault" as work_gpg_vault {
{static} template < ???? >
{static} TemplateVM < ??? >
{static} NetVM <none>
}
class "work-ssh-vault" as work_ssh_vault {
{static} template <f30-ssh-vault>
{static} TemplateVM <f30-ssh-vault>
{static} NetVM <none>
}
class "backup-vault" as backup_vault {
{static} template <f30>
{static} TemplateVM <f30>
{static} NetVM <none>
}
class "pw-vault" as pw_vault {
{static} template <f30>
{static} TemplateVM <f30>
{static} NetVM <none>
}
}
......@@ -263,7 +315,7 @@ class "pw-vault" as pw_vault {
rectangle Template_Wrapper {
cloud << Templates >> {
cloud << TemplateVMs >> {
rectangle << Debian >> {
......@@ -280,6 +332,7 @@ abstract "d10-ws" as debian_ws {
abstract "d10-email" as debian_email {
{method} #ProtonMail Bridge
{method} #Thunderbird
}
abstract "d10-social" as debian_social {
......@@ -295,7 +348,7 @@ rectangle << Ubuntu >> {
interface "u18" as ubuntu
abstract "u18-dev" as ubuntu_dev {
abstract "u18-ws" as ubuntu_ws {
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#ethereum Ethereum]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#rust Rust]]
......@@ -346,27 +399,16 @@ sys_net -- sys_firewall
sys_firewall -- sys_vpn
sys_firewall -- sys_whonix
'sys_vpn -- work_email
'sys_vpn -- work_dev
'sys_vpn -- work_audit_gold_image
'sys_vpn -- work_social
'sys_vpn -- bytecache_dev
'sys_whonix -- whonix_ws_dvm
'sys_whonix -- bytecache_email
'sys_whonix -- bytecache_matrix
'sys_whonix -- bytecache_user
debian <.. debian_ws
debian <.. debian_email
debian <.. debian_social
fedora <.. fedora_ssh_vault
ubuntu <.. ubuntu_dev
ubuntu <.. ubuntu_ws
#+end_src
#+RESULTS[b16e217697ed9a822b93a6db4a96d2253e7cddcf]:
#+RESULTS[a31702b504e47ebc4d678a603e0ccf395b64522f]:
[[file:img/Qubes-VM-architecture.svg]]
* TODO Enforce VPN Routing -> Move this to a NetVM (Qubes)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment