Difference between revisions of "Qubes"

From Legoktm
(my clock format)
(update some)
Line 1: Line 1:
 
== VMs ==
 
== VMs ==
   
* DD (km-debian-10)
+
* DD (km-d10-dev)
* media (km-fedora-30)
+
* media (km-f32)
** flatpak: VLC, filezilla, transmission, picard
+
** flatpak: handbrake, kdenlive, picard
* personal (km-fedora-30)
+
* personal (km-f32)
** flatpak: Signal
+
** flatpak: Signal, xournalpp, hexchat, runelite, dolphinemu
* fopf (km-fedora-30)
+
* fopf (km-f32)
* school (km-fedora-30)
+
* school (km-f32)
* dev (km-fedora-30-dev)
+
* dev (km-f31-dev)
* wm-ssh (fedora-30)
+
* wm-ssh (fedora-32)
 
** firewall only allows ssh to bast4002.wikimedia.org
 
** firewall only allows ssh to bast4002.wikimedia.org
* gpg (km-fedora-30)
+
* gpg (km-f31)
 
** no network
 
** no network
 
* vault (km-fedora-30)
 
* vault (km-fedora-30)
Line 17: Line 17:
 
* vault-gpg (fedora-30)
 
* vault-gpg (fedora-30)
 
** no network
 
** no network
* sys-riseup-vpn (standlone from debian-10-minimal)
+
* sys-riseup-vpn (km-d10-leap)
 
** see [[Qubes/riseup-vpn]] setup guide
 
** see [[Qubes/riseup-vpn]] setup guide
   
 
== Template VMs ==
 
== Template VMs ==
* km-debian-10: fork:
+
* km-d10-dev: fork:
 
** devscripts git-buildpackage dput-ng command-not-found gitk git-cola gir1.2-vte-2.91 (reportbug-gtk dep) webext-ublock-origin webext-https-everywhere dh-php php-dev lintian-brush lintian (from backports) dh-buildinfo apache2-dev ack
 
** devscripts git-buildpackage dput-ng command-not-found gitk git-cola gir1.2-vte-2.91 (reportbug-gtk dep) webext-ublock-origin webext-https-everywhere dh-php php-dev lintian-brush lintian (from backports) dh-buildinfo apache2-dev ack
* fedora-29: upstream
+
* fedora-31: upstream
* fedora-30: upstream
+
* fedora-32: upstream
* km-fedora-30: fork:
+
* km-f32: fork:
 
** enabled rpmfusion
 
** enabled rpmfusion
  +
** fuse-exfat exfat-utils chromium ffmpeg vlc inkscape pcsc-tools mozilla-privacy-badger hugin filezilla shotwell youtube-dl libreoffice libgnome-keyring tree ack nano mozilla-https-everywhere mozilla-ublock-origin nextcloud-client-nautilus quassel-client mosh mono-core mono-devel mono-locale-extras mediainfo curl transmission-gtk
** nextcloud-client-nautilus mozilla-https-everywhere mozilla-ublock-origin nano tree ack libgnome-keyring libreoffice quassel-client shotwell filezilla hugin mozilla-privacy-badger keepassxc pcsc-tools ffmpeg vlc
 
* km-fedora-30-dev:
+
* km-f31-dev:
  +
** enabled codium, pycharm-community
** ack atom composer docker-ce fish git-cola gitk jq mosh mozilla-https-everywhere mozilla-privacy-badger mozilla-ublock-origin nano netxcloud-client-nautilus npm php pipenv podman pycharm-community python3-pyside python3-tox python34 python35 python36 python38 quassel-client tree
 
  +
** quassel-client mozilla-https-everywhere mozilla-ublock-origin python3 python3.5 python3.6 python3.8 python3.9 composer php npm tox fish pipenv git-cola gitk podman nano tree ack jq python3-pyside mosh mozilla-privacy-badger ffmpeg php-apcu ruby bind-utils devscripts poetry twine sqlite pycharm-community codium golang toolbox fpaste openssl-devel g++ vlc sqlite-devel php-gmp
   
 
== Config ==
 
== Config ==

Revision as of 23:21, 1 July 2020

VMs

  • DD (km-d10-dev)
  • media (km-f32)
    • flatpak: handbrake, kdenlive, picard
  • personal (km-f32)
    • flatpak: Signal, xournalpp, hexchat, runelite, dolphinemu
  • fopf (km-f32)
  • school (km-f32)
  • dev (km-f31-dev)
  • wm-ssh (fedora-32)
    • firewall only allows ssh to bast4002.wikimedia.org
  • gpg (km-f31)
    • no network
  • vault (km-fedora-30)
    • no network
  • vault-gpg (fedora-30)
    • no network
  • sys-riseup-vpn (km-d10-leap)

Template VMs

  • km-d10-dev: fork:
    • devscripts git-buildpackage dput-ng command-not-found gitk git-cola gir1.2-vte-2.91 (reportbug-gtk dep) webext-ublock-origin webext-https-everywhere dh-php php-dev lintian-brush lintian (from backports) dh-buildinfo apache2-dev ack
  • fedora-31: upstream
  • fedora-32: upstream
  • km-f32: fork:
    • enabled rpmfusion
    • fuse-exfat exfat-utils chromium ffmpeg vlc inkscape pcsc-tools mozilla-privacy-badger hugin filezilla shotwell youtube-dl libreoffice libgnome-keyring tree ack nano mozilla-https-everywhere mozilla-ublock-origin nextcloud-client-nautilus quassel-client mosh mono-core mono-devel mono-locale-extras mediainfo curl transmission-gtk
  • km-f31-dev:
    • enabled codium, pycharm-community
    • quassel-client mozilla-https-everywhere mozilla-ublock-origin python3 python3.5 python3.6 python3.8 python3.9 composer php npm tox fish pipenv git-cola gitk podman nano tree ack jq python3-pyside mosh mozilla-privacy-badger ffmpeg php-apcu ruby bind-utils devscripts poetry twine sqlite pycharm-community codium golang toolbox fpaste openssl-devel g++ vlc sqlite-devel php-gmp

Config

  • /etc/qubes-rpc/policy/qubes.InputKeyboard
    • sys-usb dom0 ask,default_target=dom0
  • /etc/qubes-rpc/policy/qubes.InputTablet
    • sys-usb dom0 allow
  • /etc/qubes-rpc/policy/qubes.Gpg
    • DD gpg allow
    • dev gpg allow
    • personal gpg allow
  • /etc/qubes-rpc/policy/qubes.GpgImportKey
    • DD gpg allow
    • dev gpg allow
    • personal gpg allow

dom0

/usr/local/bin/vault, mapped to ctrl+shift+x

#!/bin/sh
exec qvm-run vault keepassxc

Clock format: %a %F %r