Qubes Onlykey Proxy

Installation

Create the template
- Create a template based on Fedora that has all the Onlykey tooling installed
  - You can use pipx to install onlykey and onlykey-agent from the template
- Install ./src/vm/onlykey.SshAgent to /etc/qubes-rpc/onlykey.SshAgent, and make it executable
- Install ./systemd/onlykey-agent.socket and ./systemd/onlykey-agent.service to /etc/systemd/user/
- Install the udev rules
Create the sys VM
- Create an AppVM based on that template
- As a user, run systemctl --user enable onlykey-agent.socket and systemctl --user start onlykey-agent.socket
- You will also need to enable the onlykey-agent.socket service from the Qube's settings
Install the RPC policy in dom0
- Install the policy in ./src/dom0/49-onlykey.policy to /etc/qubes/policy.d/49-onlykey.policy

Plug in your Onlykey
Enter your PIN
Start sys-onlykey
Pass your Onlykey from your USB qube to sys-onlykey
In your development (client) qube, start the proxy:
```
ok-ssh-proxy # QUBES_ONLYKEY_DOMAIN must be set
```

In sys-onlykey, add identities like so:

onlykey-agent "${identity}" >> "${XDG_CONFIG_DIR}/onlykey/ssh-agent.conf"

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
.build		.build
post-install.d		post-install.d
rpm_spec		rpm_spec
src		src
systemd		systemd
.envrc		.envrc
.gitignore		.gitignore
LICENSE		LICENSE
LICENSE.md		LICENSE.md
Makefile		Makefile
README.md		README.md
version		version