Qubes: Difference between revisions

From Legoktm
(switch to mullvad)
(→‎Template VMs: updates)
Line 4: Line 4:


* DD (km-d10-dev)
* DD (km-d10-dev)
* media (km-f33)
* media (km-f34)
** flatpak: handbrake, kdenlive, picard
** flatpak: handbrake, kdenlive, picard
* personal (km-f33)
* personal (km-f34)
** flatpak: Signal, xournalpp, hexchat, runelite, dolphinemu
** flatpak: Signal, xournalpp, hexchat, runelite, dolphinemu
* fopf (km-f33)
* fopf (km-f34)
* school (km-f33)
* school (km-f34)
* dev (km-f33-dev)
* dev (km-f33-dev)
* gpg (km-f33)
* gpg (km-f34)
** no network
** no network
* vault (km-f33-vault)
* vault (km-f34-vault)
** no network
** no network
* vault-gpg (fedora-33)
* vault-gpg (fedora-34)
** no network
** no network
* sys-mullvad-vpn (fedora-34)
* sys-mullvad-vpn (fedora-34)
Line 23: Line 23:
* km-d10-dev: fork:
* km-d10-dev: fork:
** devscripts git-buildpackage dput-ng command-not-found gitk git-cola gir1.2-vte-2.91 (reportbug-gtk dep) webext-ublock-origin webext-https-everywhere dh-php php-dev lintian-brush lintian (from backports) dh-buildinfo apache2-dev ack
** devscripts git-buildpackage dput-ng command-not-found gitk git-cola gir1.2-vte-2.91 (reportbug-gtk dep) webext-ublock-origin webext-https-everywhere dh-php php-dev lintian-brush lintian (from backports) dh-buildinfo apache2-dev ack
* fedora-33: upstream
* fedora-34: upstream
* km-f33: fork:
* km-f34: fork:
** enabled rpmfusion
** enabled rpmfusion
*** <code>sudo dnf config-manager --set-enabled rpmfusion-free</code>
** fuse-exfat exfat-utils chromium ffmpeg vlc inkscape pcsc-tools mozilla-privacy-badger hugin filezilla shotwell youtube-dl libreoffice libgnome-keyring tree ack nano mozilla-https-everywhere mozilla-ublock-origin nextcloud-client-nautilus quassel-client mosh mono-core mono-devel mono-locale-extras mediainfo curl transmission-gtk
*** <code>sudo dnf config-manager --set-enabled rpmfusion-free-updates</code>
** fuse-exfat exfat-utils chromium ffmpeg vlc pcsc-tools mozilla-privacy-badger filezilla shotwell youtube-dl libreoffice libgnome-keyring tree ack nano mozilla-https-everywhere mozilla-ublock-origin nextcloud-client-nautilus quassel-client mosh mono-core mono-devel mono-locale-extras mediainfo curl transmission-gtk nautilus-sendto
* km-f33-dev:
* km-f33-dev:
** enabled codium, pycharm-community, rpmfusion
** enabled codium, pycharm-community, rpmfusion

Revision as of 05:58, 1 December 2021

Note: after restoring from a backup make sure to recreate the templates from the base again to save disk space because of copy-on-write.

VMs

  • DD (km-d10-dev)
  • media (km-f34)
    • flatpak: handbrake, kdenlive, picard
  • personal (km-f34)
    • flatpak: Signal, xournalpp, hexchat, runelite, dolphinemu
  • fopf (km-f34)
  • school (km-f34)
  • dev (km-f33-dev)
  • gpg (km-f34)
    • no network
  • vault (km-f34-vault)
    • no network
  • vault-gpg (fedora-34)
    • no network
  • sys-mullvad-vpn (fedora-34)

Template VMs

  • km-d10-dev: fork:
    • devscripts git-buildpackage dput-ng command-not-found gitk git-cola gir1.2-vte-2.91 (reportbug-gtk dep) webext-ublock-origin webext-https-everywhere dh-php php-dev lintian-brush lintian (from backports) dh-buildinfo apache2-dev ack
  • fedora-34: upstream
  • km-f34: fork:
    • enabled rpmfusion
      • sudo dnf config-manager --set-enabled rpmfusion-free
      • sudo dnf config-manager --set-enabled rpmfusion-free-updates
    • fuse-exfat exfat-utils chromium ffmpeg vlc pcsc-tools mozilla-privacy-badger filezilla shotwell youtube-dl libreoffice libgnome-keyring tree ack nano mozilla-https-everywhere mozilla-ublock-origin nextcloud-client-nautilus quassel-client mosh mono-core mono-devel mono-locale-extras mediainfo curl transmission-gtk nautilus-sendto
  • km-f33-dev:
    • enabled codium, pycharm-community, rpmfusion
    • quassel-client mozilla-https-everywhere mozilla-ublock-origin python3 python3.5 python3.6 python3.8 python3.9 python3.10 composer php npm tox fish pipenv git-cola gitk podman nano tree ack jq mosh mozilla-privacy-badger ffmpeg php-apcu ruby bind-utils devscripts poetry twine sqlite pycharm-community codium golang toolbox fpaste openssl-devel g++ vlc sqlite-devel php-gmp chromium redis mariadb-devel colordiff
  • km-f33-vault: (fork of minimal)
    • nano keepassxc qubes-gpg-split pinentry-gtk

Config

  • /etc/qubes-rpc/policy/qubes.InputKeyboard
    • sys-usb dom0 ask,default_target=dom0
  • /etc/qubes-rpc/policy/qubes.InputTablet
    • sys-usb dom0 allow
  • /etc/qubes-rpc/policy/qubes.Gpg
    • DD gpg allow
    • dev gpg allow
    • personal gpg allow
  • /etc/qubes-rpc/policy/qubes.GpgImportKey
    • DD gpg allow
    • dev gpg allow
    • personal gpg allow

dom0

Appearance -> Style -> Adwaita-dark

In /etc/qubes/guid.conf: 

secure_copy_sequence = "Mod4-c";
secure_paste_sequence = "Mod4-v";

/usr/local/bin/vault, mapped to ctrl+shift+x 

#!/bin/sh
exec qvm-run vault keepassxc

Clock format: %a %F %r

Redshift, following https://www.bryceguinta.me/install-configure-and-autostart-redshift-on-qubes-40.html, except place the config file at ~/redshift.conf so it gets included in dom0 backups and use Settings -> Session and Startup to add the autostart entry.

Retrieved from "https://legoktm.com/w/index.php?title=Qubes&oldid=209"