Qubes: Difference between revisions
From Legoktm
(ack) |
(→Template VMs: fix) |
||
| (26 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | Note: after restoring from a backup make sure to recreate the templates from the base again to save disk space because of copy-on-write. |
||
| + | |||
== VMs == |
== VMs == |
||
| − | * DD ( |
+ | * DD (km-d11) |
| − | * media (km- |
+ | * media (km-f34) |
| − | ** flatpak: |
+ | ** flatpak: handbrake, kdenlive, picard |
| − | * personal (km- |
+ | * personal (km-f34) |
| − | ** flatpak: Signal |
+ | ** flatpak: Signal, xournalpp, hexchat, runelite, dolphinemu |
| − | * |
+ | * fpf (km-f34) |
| + | ** flatpak: Signal, Wire |
||
| − | * school (km-fedora-30) |
||
| − | * |
+ | * school (km-f34) |
| − | * |
+ | * dev (km-f34) |
| + | ** flatpak: Element |
||
| − | ** firewall only allows ssh to bast4002.wikimedia.org |
||
| − | * gpg (km- |
+ | * gpg (km-f34) |
** no network |
** no network |
||
| − | * vault (km- |
+ | * vault (km-f34) |
** no network |
** no network |
||
| − | * vault-gpg (fedora- |
+ | * vault-gpg (fedora-34) |
** no network |
** no network |
||
| + | * sys-mullvad-vpn (fedora-34) |
||
| + | ** see [https://micahflee.com/2019/11/using-mullvad-in-qubes/ Micah's setup guide] |
||
== Template VMs == |
== Template VMs == |
||
| − | * |
+ | * km-d11: fork: |
| + | ** (from backports) devscripts git-buildpackage dput-ng lintian |
||
| − | * debian-10: modified: |
||
| − | ** |
+ | ** command-not-found gitk git-cola webext-ublock-origin webext-https-everywhere dh-php php-dev dh-buildinfo apache2-dev ack webext-privacy-badger ubuntu-dev-tools pkg-kde-tools dh-python cython3 python3-setuptools neomutt vlc gnome-system-monitor curl php-mbstring php-intl php-sqlite3 php-apcu python3-isort python3-sphinx |
| − | * fedora- |
+ | * fedora-34: upstream |
| − | * |
+ | * km-f34: fork: |
| − | * km-fedora-30: fork: |
||
** enabled rpmfusion |
** enabled rpmfusion |
||
| + | *** <code>sudo dnf config-manager --set-enabled rpmfusion-free</code> |
||
| − | ** nextcloud-client-nautilus mozilla-https-everywhere mozilla-ublock-origin nano tree ack libgnome-keyring libreoffice quassel-client shotwell filezilla hugin mozilla-privacy-badger keepassxc pcsc-tools ffmpeg vlc |
||
| + | *** <code>sudo dnf config-manager --set-enabled rpmfusion-free-updates</code> |
||
| − | * km-fedora-30-dev: |
||
| + | ** enabled pycharm-community, vscodium |
||
| − | ** ack atom composer docker-ce fish git-cola gitk jq mosh mozilla-https-everywhere mozilla-privacy-badger mozilla-ublock-origin nano netxcloud-client-nautilus npm php pipenv podman pycharm-community python3-pyside python3-tox python34 python35 python36 python38 quassel-client tree |
||
| + | ** fuse-exfat exfat-utils chromium ffmpeg vlc pcsc-tools mozilla-privacy-badger filezilla shotwell youtube-dl libreoffice libgnome-keyring tree ack nano mozilla-https-everywhere mozilla-ublock-origin nextcloud-client-nautilus quassel-client mosh mono-core mono-devel mono-locale-extras mediainfo curl transmission-gtk fish python3 python3.6 python3.7 python3.8 python3.9 python3.10 composer php-cli php-mysqli git-cola gitk podman pycharm-community codium nano keepassxc qubes-gpg-split pinentry-gtk tokei sqlite jq git-lfs tox poetry php-devel bind-utils gh mtr traceroute httpd-devel devscripts mariadb |
||
== Config == |
== Config == |
||
| Line 38: | Line 42: | ||
** <code>DD gpg allow</code> |
** <code>DD gpg allow</code> |
||
** <code>dev gpg allow</code> |
** <code>dev gpg allow</code> |
||
| + | ** <code>fpf gpg allow</code> |
||
** <code>personal gpg allow</code> |
** <code>personal gpg allow</code> |
||
* <code>/etc/qubes-rpc/policy/qubes.GpgImportKey</code> |
* <code>/etc/qubes-rpc/policy/qubes.GpgImportKey</code> |
||
** <code>DD gpg allow</code> |
** <code>DD gpg allow</code> |
||
** <code>dev gpg allow</code> |
** <code>dev gpg allow</code> |
||
| + | ** <code>fpf gpg allow</code> |
||
** <code>personal gpg allow</code> |
** <code>personal gpg allow</code> |
||
| + | <s>Follow https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md for getting it to work with my 4k display.</s> Went back to a non-4k display. |
||
| − | == Helper scripts == |
||
| + | |||
| ⚫ | |||
| + | == dom0 == |
||
| + | Appearance -> Style -> Adwaita-dark |
||
| + | |||
| + | In <code>/etc/qubes/guid.conf</code>: |
||
| + | <pre> |
||
| + | secure_copy_sequence = "Mod4-c"; |
||
| + | secure_paste_sequence = "Mod4-v"; |
||
| + | </pre> |
||
| + | |||
| + | In Qubes 4.1 that no longer works and you need ([https://forum.qubes-os.org/t/how-to-update-the-copy-paste-key-combination-in-4-1/5056/7 source]):<syntaxhighlight lang="shell-session"> |
||
| + | $ qvm-features dom0 gui-default-secure-copy-sequence 'Mod4-c' |
||
| + | $ qvm-features dom0 gui-default-secure-paste-sequence 'Mod4-v' |
||
| + | |||
| + | </syntaxhighlight> |
||
| + | |||
| + | |||
| ⚫ | |||
<pre> |
<pre> |
||
#!/bin/sh |
#!/bin/sh |
||
exec qvm-run vault keepassxc |
exec qvm-run vault keepassxc |
||
</pre> |
</pre> |
||
| + | |||
| + | Clock format: <code>%a %F %r</code> |
||
| + | |||
| + | Redshift, following https://www.bryceguinta.me/install-configure-and-autostart-redshift-on-qubes-40.html, except place the config file at <code>~/redshift.conf</code> so it gets included in dom0 backups and use Settings -> Session and Startup to add the autostart entry. |
||
Revision as of 17:17, 1 June 2022
Note: after restoring from a backup make sure to recreate the templates from the base again to save disk space because of copy-on-write.
VMs
- DD (km-d11)
- media (km-f34)
- flatpak: handbrake, kdenlive, picard
- personal (km-f34)
- flatpak: Signal, xournalpp, hexchat, runelite, dolphinemu
- fpf (km-f34)
- flatpak: Signal, Wire
- school (km-f34)
- dev (km-f34)
- flatpak: Element
- gpg (km-f34)
- no network
- vault (km-f34)
- no network
- vault-gpg (fedora-34)
- no network
- sys-mullvad-vpn (fedora-34)
Template VMs
- km-d11: fork:
- (from backports) devscripts git-buildpackage dput-ng lintian
- command-not-found gitk git-cola webext-ublock-origin webext-https-everywhere dh-php php-dev dh-buildinfo apache2-dev ack webext-privacy-badger ubuntu-dev-tools pkg-kde-tools dh-python cython3 python3-setuptools neomutt vlc gnome-system-monitor curl php-mbstring php-intl php-sqlite3 php-apcu python3-isort python3-sphinx
- fedora-34: upstream
- km-f34: fork:
- enabled rpmfusion
sudo dnf config-manager --set-enabled rpmfusion-freesudo dnf config-manager --set-enabled rpmfusion-free-updates
- enabled pycharm-community, vscodium
- fuse-exfat exfat-utils chromium ffmpeg vlc pcsc-tools mozilla-privacy-badger filezilla shotwell youtube-dl libreoffice libgnome-keyring tree ack nano mozilla-https-everywhere mozilla-ublock-origin nextcloud-client-nautilus quassel-client mosh mono-core mono-devel mono-locale-extras mediainfo curl transmission-gtk fish python3 python3.6 python3.7 python3.8 python3.9 python3.10 composer php-cli php-mysqli git-cola gitk podman pycharm-community codium nano keepassxc qubes-gpg-split pinentry-gtk tokei sqlite jq git-lfs tox poetry php-devel bind-utils gh mtr traceroute httpd-devel devscripts mariadb
- enabled rpmfusion
Config
/etc/qubes-rpc/policy/qubes.InputKeyboardsys-usb dom0 ask,default_target=dom0
/etc/qubes-rpc/policy/qubes.InputTabletsys-usb dom0 allow
/etc/qubes-rpc/policy/qubes.GpgDD gpg allowdev gpg allowfpf gpg allowpersonal gpg allow
/etc/qubes-rpc/policy/qubes.GpgImportKeyDD gpg allowdev gpg allowfpf gpg allowpersonal gpg allow
Follow https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md for getting it to work with my 4k display. Went back to a non-4k display.
dom0
Appearance -> Style -> Adwaita-dark
In /etc/qubes/guid.conf:
secure_copy_sequence = "Mod4-c"; secure_paste_sequence = "Mod4-v";
In Qubes 4.1 that no longer works and you need (source):
$ qvm-features dom0 gui-default-secure-copy-sequence 'Mod4-c'
$ qvm-features dom0 gui-default-secure-paste-sequence 'Mod4-v'
Create /usr/local/bin/vault, mapped to ctrl+shift+x
#!/bin/sh exec qvm-run vault keepassxc
Clock format: %a %F %r
Redshift, following https://www.bryceguinta.me/install-configure-and-autostart-redshift-on-qubes-40.html, except place the config file at ~/redshift.conf so it gets included in dom0 backups and use Settings -> Session and Startup to add the autostart entry.
