Qubes: Difference between revisions
From Legoktm
(→Template VMs: one more) |
(→Template VMs: fix) |
||
| (8 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
== VMs == |
== VMs == |
||
| − | * DD (km- |
+ | * DD (km-d11) |
* media (km-f34) |
* media (km-f34) |
||
** flatpak: handbrake, kdenlive, picard |
** flatpak: handbrake, kdenlive, picard |
||
* personal (km-f34) |
* personal (km-f34) |
||
** flatpak: Signal, xournalpp, hexchat, runelite, dolphinemu |
** flatpak: Signal, xournalpp, hexchat, runelite, dolphinemu |
||
| − | * |
+ | * fpf (km-f34) |
| + | ** flatpak: Signal, Wire |
||
* school (km-f34) |
* school (km-f34) |
||
| − | * dev (km- |
+ | * dev (km-f34) |
| + | ** flatpak: Element |
||
* gpg (km-f34) |
* gpg (km-f34) |
||
** no network |
** no network |
||
| − | * vault (km-f34 |
+ | * vault (km-f34) |
** no network |
** no network |
||
* vault-gpg (fedora-34) |
* vault-gpg (fedora-34) |
||
| Line 21: | Line 23: | ||
== Template VMs == |
== Template VMs == |
||
| − | * km- |
+ | * km-d11: fork: |
| + | ** (from backports) devscripts git-buildpackage dput-ng lintian |
||
| − | ** devscripts git-buildpackage dput-ng command-not-found gitk git-cola gir1.2-vte-2.91 (reportbug-gtk dep) webext-ublock-origin webext-https-everywhere dh-php php-dev lintian-brush lintian (from backports) dh-buildinfo apache2-dev ack |
||
| + | ** command-not-found gitk git-cola webext-ublock-origin webext-https-everywhere dh-php php-dev dh-buildinfo apache2-dev ack webext-privacy-badger ubuntu-dev-tools pkg-kde-tools dh-python cython3 python3-setuptools neomutt vlc gnome-system-monitor curl php-mbstring php-intl php-sqlite3 php-apcu python3-isort python3-sphinx |
||
* fedora-34: upstream |
* fedora-34: upstream |
||
* km-f34: fork: |
* km-f34: fork: |
||
| Line 28: | Line 31: | ||
*** <code>sudo dnf config-manager --set-enabled rpmfusion-free</code> |
*** <code>sudo dnf config-manager --set-enabled rpmfusion-free</code> |
||
*** <code>sudo dnf config-manager --set-enabled rpmfusion-free-updates</code> |
*** <code>sudo dnf config-manager --set-enabled rpmfusion-free-updates</code> |
||
| ⚫ | |||
| − | ** fuse-exfat exfat-utils chromium ffmpeg vlc pcsc-tools mozilla-privacy-badger filezilla shotwell youtube-dl libreoffice libgnome-keyring tree ack nano mozilla-https-everywhere mozilla-ublock-origin nextcloud-client-nautilus quassel-client mosh mono-core mono-devel mono-locale-extras mediainfo curl transmission-gtk |
+ | ** fuse-exfat exfat-utils chromium ffmpeg vlc pcsc-tools mozilla-privacy-badger filezilla shotwell youtube-dl libreoffice libgnome-keyring tree ack nano mozilla-https-everywhere mozilla-ublock-origin nextcloud-client-nautilus quassel-client mosh mono-core mono-devel mono-locale-extras mediainfo curl transmission-gtk fish python3 python3.6 python3.7 python3.8 python3.9 python3.10 composer php-cli php-mysqli git-cola gitk podman pycharm-community codium nano keepassxc qubes-gpg-split pinentry-gtk tokei sqlite jq git-lfs tox poetry php-devel bind-utils gh mtr traceroute httpd-devel devscripts mariadb |
| − | * km-f33-dev: |
||
| ⚫ | |||
| − | ** quassel-client mozilla-https-everywhere mozilla-ublock-origin python3 python3.5 python3.6 python3.8 python3.9 python3.10 composer php npm tox fish pipenv git-cola gitk podman nano tree ack jq mosh mozilla-privacy-badger ffmpeg php-apcu ruby bind-utils devscripts poetry twine sqlite pycharm-community codium golang toolbox fpaste openssl-devel g++ vlc sqlite-devel php-gmp chromium redis mariadb-devel colordiff |
||
| − | * km-f33-vault: (fork of minimal) |
||
| − | ** nano keepassxc qubes-gpg-split pinentry-gtk |
||
== Config == |
== Config == |
||
| Line 43: | Line 42: | ||
** <code>DD gpg allow</code> |
** <code>DD gpg allow</code> |
||
** <code>dev gpg allow</code> |
** <code>dev gpg allow</code> |
||
| + | ** <code>fpf gpg allow</code> |
||
** <code>personal gpg allow</code> |
** <code>personal gpg allow</code> |
||
* <code>/etc/qubes-rpc/policy/qubes.GpgImportKey</code> |
* <code>/etc/qubes-rpc/policy/qubes.GpgImportKey</code> |
||
** <code>DD gpg allow</code> |
** <code>DD gpg allow</code> |
||
** <code>dev gpg allow</code> |
** <code>dev gpg allow</code> |
||
| + | ** <code>fpf gpg allow</code> |
||
** <code>personal gpg allow</code> |
** <code>personal gpg allow</code> |
||
| + | |||
| + | <s>Follow https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md for getting it to work with my 4k display.</s> Went back to a non-4k display. |
||
== dom0 == |
== dom0 == |
||
| Line 58: | Line 61: | ||
</pre> |
</pre> |
||
| + | In Qubes 4.1 that no longer works and you need ([https://forum.qubes-os.org/t/how-to-update-the-copy-paste-key-combination-in-4-1/5056/7 source]):<syntaxhighlight lang="shell-session"> |
||
| ⚫ | |||
| + | $ qvm-features dom0 gui-default-secure-copy-sequence 'Mod4-c' |
||
| + | $ qvm-features dom0 gui-default-secure-paste-sequence 'Mod4-v' |
||
| + | |||
| + | </syntaxhighlight> |
||
| + | |||
| + | |||
| ⚫ | |||
<pre> |
<pre> |
||
#!/bin/sh |
#!/bin/sh |
||
Revision as of 17:17, 1 June 2022
Note: after restoring from a backup make sure to recreate the templates from the base again to save disk space because of copy-on-write.
VMs
- DD (km-d11)
- media (km-f34)
- flatpak: handbrake, kdenlive, picard
- personal (km-f34)
- flatpak: Signal, xournalpp, hexchat, runelite, dolphinemu
- fpf (km-f34)
- flatpak: Signal, Wire
- school (km-f34)
- dev (km-f34)
- flatpak: Element
- gpg (km-f34)
- no network
- vault (km-f34)
- no network
- vault-gpg (fedora-34)
- no network
- sys-mullvad-vpn (fedora-34)
Template VMs
- km-d11: fork:
- (from backports) devscripts git-buildpackage dput-ng lintian
- command-not-found gitk git-cola webext-ublock-origin webext-https-everywhere dh-php php-dev dh-buildinfo apache2-dev ack webext-privacy-badger ubuntu-dev-tools pkg-kde-tools dh-python cython3 python3-setuptools neomutt vlc gnome-system-monitor curl php-mbstring php-intl php-sqlite3 php-apcu python3-isort python3-sphinx
- fedora-34: upstream
- km-f34: fork:
- enabled rpmfusion
sudo dnf config-manager --set-enabled rpmfusion-freesudo dnf config-manager --set-enabled rpmfusion-free-updates
- enabled pycharm-community, vscodium
- fuse-exfat exfat-utils chromium ffmpeg vlc pcsc-tools mozilla-privacy-badger filezilla shotwell youtube-dl libreoffice libgnome-keyring tree ack nano mozilla-https-everywhere mozilla-ublock-origin nextcloud-client-nautilus quassel-client mosh mono-core mono-devel mono-locale-extras mediainfo curl transmission-gtk fish python3 python3.6 python3.7 python3.8 python3.9 python3.10 composer php-cli php-mysqli git-cola gitk podman pycharm-community codium nano keepassxc qubes-gpg-split pinentry-gtk tokei sqlite jq git-lfs tox poetry php-devel bind-utils gh mtr traceroute httpd-devel devscripts mariadb
- enabled rpmfusion
Config
/etc/qubes-rpc/policy/qubes.InputKeyboardsys-usb dom0 ask,default_target=dom0
/etc/qubes-rpc/policy/qubes.InputTabletsys-usb dom0 allow
/etc/qubes-rpc/policy/qubes.GpgDD gpg allowdev gpg allowfpf gpg allowpersonal gpg allow
/etc/qubes-rpc/policy/qubes.GpgImportKeyDD gpg allowdev gpg allowfpf gpg allowpersonal gpg allow
Follow https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md for getting it to work with my 4k display. Went back to a non-4k display.
dom0
Appearance -> Style -> Adwaita-dark
In /etc/qubes/guid.conf:
secure_copy_sequence = "Mod4-c"; secure_paste_sequence = "Mod4-v";
In Qubes 4.1 that no longer works and you need (source):
$ qvm-features dom0 gui-default-secure-copy-sequence 'Mod4-c'
$ qvm-features dom0 gui-default-secure-paste-sequence 'Mod4-v'
Create /usr/local/bin/vault, mapped to ctrl+shift+x
#!/bin/sh exec qvm-run vault keepassxc
Clock format: %a %F %r
Redshift, following https://www.bryceguinta.me/install-configure-and-autostart-redshift-on-qubes-40.html, except place the config file at ~/redshift.conf so it gets included in dom0 backups and use Settings -> Session and Startup to add the autostart entry.
