Qubes: Difference between revisions
(my clock format) |
(update for Qubes 4.2) |
||
(26 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Note: after restoring from a backup make sure to recreate the templates from the base again to save disk space because of copy-on-write. |
|||
== VMs == |
|||
* DD (km-debian-10) |
|||
* media (km-fedora-30) |
|||
** flatpak: VLC, filezilla, transmission, picard |
|||
* personal (km-fedora-30) |
|||
** flatpak: Signal |
|||
* fopf (km-fedora-30) |
|||
* school (km-fedora-30) |
|||
* dev (km-fedora-30-dev) |
|||
* wm-ssh (fedora-30) |
|||
** firewall only allows ssh to bast4002.wikimedia.org |
|||
* gpg (km-fedora-30) |
|||
** no network |
|||
* vault (km-fedora-30) |
|||
** no network |
|||
* vault-gpg (fedora-30) |
|||
** no network |
|||
* sys-riseup-vpn (standlone from debian-10-minimal) |
|||
** see [[Qubes/riseup-vpn]] setup guide |
|||
== Template VMs == |
== Template VMs == |
||
In my Fedora VMs |
|||
* km-debian-10: fork: |
|||
⚫ | |||
** devscripts git-buildpackage dput-ng command-not-found gitk git-cola gir1.2-vte-2.91 (reportbug-gtk dep) webext-ublock-origin webext-https-everywhere dh-php php-dev lintian-brush lintian (from backports) dh-buildinfo apache2-dev ack |
|||
* <code>echo "vm.swappiness = 1" | sudo tee systemctl.conf</code> |
|||
* fedora-29: upstream |
|||
** I used this for Qubes 4.0 and 4.1, seeing if I don't need it for 4.2 |
|||
* fedora-30: upstream |
|||
* km-fedora-30: fork: |
|||
** enabled rpmfusion |
|||
** nextcloud-client-nautilus mozilla-https-everywhere mozilla-ublock-origin nano tree ack libgnome-keyring libreoffice quassel-client shotwell filezilla hugin mozilla-privacy-badger keepassxc pcsc-tools ffmpeg vlc |
|||
* km-fedora-30-dev: |
|||
** ack atom composer docker-ce fish git-cola gitk jq mosh mozilla-https-everywhere mozilla-privacy-badger mozilla-ublock-origin nano netxcloud-client-nautilus npm php pipenv podman pycharm-community python3-pyside python3-tox python34 python35 python36 python38 quassel-client tree |
|||
== Config == |
|||
* <code>/etc/qubes-rpc/policy/qubes.InputKeyboard</code> |
|||
** <code>sys-usb dom0 ask,default_target=dom0</code> |
|||
* <code>/etc/qubes-rpc/policy/qubes.InputTablet</code> |
|||
⚫ | |||
* <code>/etc/qubes-rpc/policy/qubes.Gpg</code> |
|||
⚫ | |||
** <code>dev gpg allow</code> |
|||
** <code>personal gpg allow</code> |
|||
* <code>/etc/qubes-rpc/policy/qubes.GpgImportKey</code> |
|||
** <code>DD gpg allow</code> |
|||
** <code>dev gpg allow</code> |
|||
** <code>personal gpg allow</code> |
|||
== dom0 == |
== dom0 == |
||
⚫ | |||
* RPC Policy: Set USB keyboards and mice to ask for being attached to dom0 |
|||
* <s>Follow https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md for getting it to work with my 4k display.</s> Went back to a non-4k display. |
|||
* <s>Appearance -> Style -> Adwaita-dark</s> |
|||
* Change global copy/paste to use Win+C and Win+V |
|||
⚫ | |||
⚫ | |||
<pre> |
<pre> |
||
#!/bin/sh |
#!/bin/sh |
||
Line 52: | Line 22: | ||
</pre> |
</pre> |
||
<s>Redshift, following https://www.bryceguinta.me/install-configure-and-autostart-redshift-on-qubes-40.html, except place the config file at <code>~/redshift.conf</code> so it gets included in dom0 backups and use Settings -> Session and Startup to add the autostart entry.</s> |
|||
Clock format: <code>%a %F %r</code> |
|||
== Advanced debugging == |
|||
In the grub bootloader you can press "E" on a menu item to edit both the Linux and Xen command lines before booting. Removing "quiet" from Linux will make the boot process verbose and you can see where you get stuck. |
|||
Boot a Qubes installer USB, select rescue mode. Select option #1, enter your decryption password. Ignore the error which says "You have no Linux partitions...", it's wrong and [https://github.com/QubesOS/qubes-issues/issues/5609 a known issue]. |
|||
If you run e.g. <code>fdisk -l</code>, you should see your disks and VMs. You should be able to mount dom0 with e.g. <code>mkdir /mnt/dom0 && mount /dev/qubes_dom0/root /mnt/dom0</code>. To do stuff in dom0, you might <code>chroot /mnt/dom0.</code> |
|||
If you need <code>/proc</code>, <code>/sys</code>, etc. inside the chroot, see [https://superuser.com/questions/165116/mount-dev-proc-sys-in-a-chroot-environment#417004 this post] for how to mount them. |
Latest revision as of 01:11, 19 May 2024
Note: after restoring from a backup make sure to recreate the templates from the base again to save disk space because of copy-on-write.
Template VMs
In my Fedora VMs
systemctl mask packagekit
echo "vm.swappiness = 1" | sudo tee systemctl.conf
- I used this for Qubes 4.0 and 4.1, seeing if I don't need it for 4.2
dom0
- RPC Policy: Set USB keyboards and mice to ask for being attached to dom0
Follow https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md for getting it to work with my 4k display.Went back to a non-4k display.Appearance -> Style -> Adwaita-dark- Change global copy/paste to use Win+C and Win+V
- Clock format:
%a %F %r
Create /usr/local/bin/vault
, mapped to ctrl+shift+x
#!/bin/sh exec qvm-run vault keepassxc
Redshift, following https://www.bryceguinta.me/install-configure-and-autostart-redshift-on-qubes-40.html, except place the config file at
~/redshift.conf
so it gets included in dom0 backups and use Settings -> Session and Startup to add the autostart entry.
Advanced debugging
In the grub bootloader you can press "E" on a menu item to edit both the Linux and Xen command lines before booting. Removing "quiet" from Linux will make the boot process verbose and you can see where you get stuck.
Boot a Qubes installer USB, select rescue mode. Select option #1, enter your decryption password. Ignore the error which says "You have no Linux partitions...", it's wrong and a known issue.
If you run e.g. fdisk -l
, you should see your disks and VMs. You should be able to mount dom0 with e.g. mkdir /mnt/dom0 && mount /dev/qubes_dom0/root /mnt/dom0
. To do stuff in dom0, you might chroot /mnt/dom0.
If you need /proc
, /sys
, etc. inside the chroot, see this post for how to mount them.