Title: Qubes OS dom0 files workflow using fossil
       Author: Solène
       Date: 04 June 2023
       Tags: qubesos fossil
       Description: In this article, you will learn how to manage your Qubes
       OS dom0 files in a revision control system, and how to synchronize it.
       
       # Introduction
       
       Since I'm using Qubes OS, I always faced an issue; I need a proper
       tracking of the configuration files for my systemthis can be done using
       Salt as I explained in a previous blog post.  But what I really want is
       a version control system allowing me to synchronize changes to a remote
       repository (it's absurd to backup dom0 for every change I make to a
       salt file).  So far, git is too complicated to achieve that.
       
       I gave a try with fossil, a tool I like (I wrote about this one too ;)
       ), and it was surprisingly easy to setup remote access leveraging
       Qubes'qvm-run.
       
       In this blog post, you will learn how to setup a remote fossil
       repository, and how to use it from your dom0.
       
 (HTM) Previous article about Fossil cheatsheet
       
       # Repository creation
       
       On the remote system where you want to store the fossil repository
       (it's a single file), run `fossil init my-repo.fossil`.
       
       The only requirement for this remote system is to be reachable over SSH
       by an AppVM in your Qubes OS.
       
       # dom0 clone
       
       Now, we will clone this remote repository in our dom0, I'm personnally
       fine with storing such files in `/root/` directory.
       
       In the following example, the file `my-repo.fossil` was created on the
       machine `10.42.42.200` with the path
       `/home/solene/devel/my-repo.fossil`.  I'm using the AppVM `qubes-devel`
       to connect to the remote host using SSH.
       
       ```command
       [root@dom0 ~#] fossil clone --ssh-command "qvm-run --pass-io --no-gui -u user qubes-devel 'ssh'" ssh://10.42.42.200://home/solene/devel/my-repo.fossil /root/my-repo.fossil
       ```
       
       This command clone a remote fossil repository by piping the SSH command
       through qubes-devel AppVM, allowing fossil to reach the remote host.
       
       Cool fact with fossil's clone command, it keeps the proxy settings, so
       no further changes are required.
       
       With a Split SSH setup, I'm asked everytime fossil is synchronizing; by
       default fossil has "autosync" mode enabled, for every commit done the
       database is synced with the remote repository.
       
       # Open the repository (reminder about fossil usage)
       
       As I said, fossil works with repository files.  Now you cloned the
       repository in `/root/my-repo.fossil`, you could for instance open it in
       `/srv/` to manage all your custom changes to the dom0 salt.
       
       This can be achieved with the following command:
       
       ```shell
       [root@dom0 ~#] cd /srv/
       [root@dom0 ~#] fossil open --force /root/my-repo.fossil
       ```
       
       The `--force` flag is needed because we need to open the repository in
       a non-empty directory.
       
       # Conclusion
       
       Finally, I figured a proper way to manage my dom0 files, and my whole
       host.  I'm very happy of this easy and reliable setup, especially since
       I'm already a fossil user.  I don't really enjoy git, so demonstrating
       alternatives working fine always feel great.
       
       If you want to use Git, I have a hunch that something could be done
       using `git bundle`, but this requires some investigation.