qubes-mirage-firewall
unikernels
qubes-mirage-firewall | unikernels | |
---|---|---|
5 | 1 | |
201 | 49 | |
0.0% | - | |
7.2 | 0.0 | |
11 days ago | over 2 years ago | |
OCaml | OCaml | |
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
qubes-mirage-firewall
-
Is running OpenBSD inside a QUBE as a router/firewall an interesting and good idea?
2) https://github.com/mirage/qubes-mirage-firewall is by far a better firewall for Qubes than OpenBSD ever will be - unikernels are far more secure than a traditional operating system is and you can read all about it on https://mirageos.org/
-
the maddening truth of using Qubes
That's correct. It does mean that the closest to a self-contained program you can run is a unikernel like the mirage-firewall, unfortunately. On the upside, those remain easily portable to essentially anything that can run VMs so long as you adjust the image format.
-
I had to relocate CHUNGUS because of the old warehouse I operate it is being torn down.
That sounds similar to a unikernel. There are actual uses for those in seL4 and Qubes OS such as a firewall-qube (in theory unikernel qubes should be able to take far less system resources to run than full Linux+distro qubes).
-
Ask HN: Examples of Microkernels?
Here's one that is "production" ready: the Mirage-Firewall microkernel running on Qubes OS.[0]
[0] : https://github.com/mirage/qubes-mirage-firewall
-
Qubes OS: A reasonably secure operating system
sys-net, sys-firewall and other administrative vms should slowly migrate to unikernels instead of running linux, which should help with ram usage. The mirage.io project seems to build a couple qubes vms, for example https://github.com/mirage/qubes-mirage-firewall is a firewall which they indicate to give 64Mb of ram.
unikernels
-
MirageOS v4.0.0 published: self-managed internet infrastructure with unikernels
Just substitute 'microservice' with 'unikernel' and you do broadly the same things. There's a prometheus library that you link with the MirageOS unikernel and it exports using that: https://github.com/mirage/prometheus
No FAQ for this sort of thing yet, but we should start assembling one sometime soon. Questions like this very welcome on the discussion forums: https://discuss.ocaml.org/t/ann-mirageos-4-0/9598 to help us get started.
There's a nice collection of unikernels over at: https://github.com/roburio/unikernels and https://github.com/tarides/unikernels for various infrastructure pieces (like https, smtp, dns, ip filters, etc) that are good to crib from for your own infrastructure.
What are some alternatives?
miragevpn - An opinionated implementation of the OpenVPN protocol
qubes-issues - The Qubes OS Project issue tracker
solo5 - A sandboxed execution environment for unikernels
unikraft - FlexOS is a Unikraft-based OS allowing users to easily specialize the safety and isolation strategy at compilation time.
prometheus - OCaml library for reporting metrics to a Prometheus server
reason - Simple, fast & type safe code that leverages the JavaScript & OCaml ecosystems
mirage - MirageOS is a library operating system that constructs unikernels
lk - LK embedded kernel
composite - A component-based OS
qubes-app-linux-usb-proxy - USBIP over qrexec proxy