Qubes: Difference between revisions

VMs

• DD (km-debian-10)
• media (km-fedora-30)
  • flatpak: VLC, filezilla, transmission, picard
• personal (km-fedora-30)
  • flatpak: Signal
• fopf (km-fedora-30)
• school (km-fedora-30)
• dev (km-fedora-30-dev)
• wm-ssh (fedora-30)
  • firewall only allows ssh to bast4002.wikimedia.org
• gpg (km-fedora-30)
  • no network
• vault (km-fedora-30)
  • no network
• vault-gpg (fedora-30)
  • no network
• sys-riseup-vpn (standlone from debian-10-minimal)
  • see Qubes/riseup-vpn setup guide

Template VMs

• km-debian-10: fork:
  • devscripts git-buildpackage dput-ng command-not-found gitk git-cola gir1.2-vte-2.91 (reportbug-gtk dep) webext-ublock-origin webext-https-everywhere dh-php php-dev lintian-brush lintian (from backports) dh-buildinfo apache2-dev ack
• fedora-29: upstream
• fedora-30: upstream
• km-fedora-30: fork:
  • enabled rpmfusion
  • nextcloud-client-nautilus mozilla-https-everywhere mozilla-ublock-origin nano tree ack libgnome-keyring libreoffice quassel-client shotwell filezilla hugin mozilla-privacy-badger keepassxc pcsc-tools ffmpeg vlc
• km-fedora-30-dev:
  • ack atom composer docker-ce fish git-cola gitk jq mosh mozilla-https-everywhere mozilla-privacy-badger mozilla-ublock-origin nano netxcloud-client-nautilus npm php pipenv podman pycharm-community python3-pyside python3-tox python34 python35 python36 python38 quassel-client tree

Config

• /etc/qubes-rpc/policy/qubes.InputKeyboard
  • sys-usb dom0 ask,default_target=dom0
• /etc/qubes-rpc/policy/qubes.InputTablet
  • sys-usb dom0 allow
• /etc/qubes-rpc/policy/qubes.Gpg
  • DD gpg allow
  • dev gpg allow
  • personal gpg allow
• /etc/qubes-rpc/policy/qubes.GpgImportKey
  • DD gpg allow
  • dev gpg allow
  • personal gpg allow

Helper scripts

/usr/local/bin/vault, mapped to ctrl+shift+x

#!/bin/sh
exec qvm-run vault keepassxc