Merge 415b34a028 into dd657a2cbd

update link

README.md

@@ -1,112 +1,132 @@
-# Qubes OS Community Project
+# Qubes-community resources have been moved to the [Qubes OS forum](https://forum.qubes-os.org)!
 
-**For more information about this project, please see [this
-page](https://qubes-community.github.io/).**
+**August 2023: the migration of qubes-community's resources is complete and qubes-community resources are now "live" in the forum. The content here is now in a (soft) read-only state.**
 
-This repository hosts user-contributed documentation and code/resources. 
+**Please see the related forum [announcement](https://forum.qubes-os.org/t/announcement-qubes-community-project-has-been-migrated-to-the-forum/20367).**
 
-Pending submissions, reviews and QA can be seen in this repository's
-[issues](https://github.com/Qubes-Community/Contents/issues) and [pull
-requests](https://github.com/Qubes-Community/Contents/pulls).
+**Thank you !**
+
+The qubes-community project admins.
+
+---
+
+**The content below is kept for reference only - please contribute new or related content in the forum.**
+
+For more information about this project, please see [this page](https://qubes-community.github.io/).
+
+This repository hosts user-contributed documentation and code/resources.
+
+Pending submissions, reviews and QA can be seen in this repository's [issues](https://github.com/Qubes-Community/Contents/issues) and [pull requests](https://github.com/Qubes-Community/Contents/pulls).
 
 ## User-contributed documentation and links (![](/_res/l.png) icon) to third party docs
 
-[Infrequently Asked Questions](/docs/misc/iaq.adoc)
+[Infrequently Asked Questions](/docs/misc/iaq.adoc) (forum [guide](https://forum.qubes-os.org/t/19122))
 
 `common-tasks`
-- [how to copy files (and sparse files) from a VM to dom0](/docs/common-tasks/copying-files-to-dom0.md)
-- [how to open URLs in another VM](/docs/common-tasks/opening-urls-in-vms.md)
+
+- [how to copy files (and sparse files) from a VM to dom0](/docs/common-tasks/copying-files-to-dom0.md) (forum [guide](https://forum.qubes-os.org/t/19025))
+- [how to open URLs in another VM](/docs/common-tasks/opening-urls-in-vms.md) (forum [guide](https://forum.qubes-os.org/t/19026))
 
 `configuration`
+
 - ![](/_res/l.png) [use Qubes 3.2 OS as a network server](https://github.com/Rudd-O/qubes-network-server)
 - ![](/_res/l.png) [use Qubes OS as a smartTV](https://github.com/Aekez/QubesTV)
 - ![](/_res/l.png) [VM hardening (fend off malware at VM startup)](https://github.com/tasket/Qubes-VM-hardening)
 - ![](/_res/l.png) [VPN configuration](https://github.com/tasket/Qubes-vpn-support)
-- [Run wireguard on server and use as VPN for Qubes](/docs/wireguard/README.md)
-- [Exposing Mumble server running in Qubes using Wireguard](/docs/mumble/README.md)
-- [Make an HTTP Filtering Proxy](/docs/configuration/http-proxy.md)
-- ![](/_res/l.png) [Ansible Qubes](https://github.com/Rudd-O/ansible-qubes) (see
-  Rudd-O's [other repos](https://github.com/Rudd-O?tab=repositories) as well)
-- [shrink VM volumes](/docs/configuration/shrink-volumes.md)
+- [Run wireguard on server and use as VPN for Qubes](/docs/wireguard/README.md) (forum [guide](https://forum.qubes-os.org/t/19082))
+- [Exposing Mumble server running in Qubes using Wireguard](/docs/mumble/README.md) (forum [guide](https://forum.qubes-os.org/t/19070))
+- [Make an HTTP Filtering Proxy](/docs/configuration/http-proxy.md) (forum [guide](https://forum.qubes-os.org/t/18986))
+- ![](/_res/l.png) [Ansible Qubes](https://github.com/Rudd-O/ansible-qubes) (see Rudd-O's [other repos](https://github.com/Rudd-O?tab=repositories) as well)
+- [shrink VM volumes](/docs/configuration/shrink-volumes.md) (forum [guide](https://forum.qubes-os.org/t/19027))
 - ![](/_res/l.png) [script to create Windows qubes automatically](https://github.com/elliotkillick/qvm-create-windows-qube)
-- [Manage Qubes via dmenu](/docs/configuration/qmenu.md)
+- [Manage Qubes via dmenu](/docs/configuration/qmenu.md) (forum [guide](https://forum.qubes-os.org/t/19058))
 - ![](/_res/l.png) [Pihole qube (old post, but also work on QubesOS 4.0)](https://blog.tufarolo.eu/how-to-configure-pihole-in-qubesos-proxyvm/)
 - ![](/_res/l.png) [Newer Pihole qube, with cloudflared or NextDNS servers](https://github.com/92VV3M42d3v8/PiHole/blob/master/PiHole%20Cloudflared)
 - ![](/_res/l.png) [qubes-dns](https://github.com/3hhh/qubes-dns/)
-- [Using multiple languages in dom0](/docs/localization/multi-language-support-dom0.md)
-- [How to manage Bluetooth graphically](/docs/configuration/bluetooth.md)
-- [How to persist Tailscale tunnel in AppVM](/docs/customization/tailscale.md)
+- [Using multiple languages in dom0](/docs/localization/multi-language-support-dom0.md) (forum [guide](https://forum.qubes-os.org/t/19068))
+- [How to manage Bluetooth graphically](/docs/configuration/bluetooth.md) (forum [guide](https://forum.qubes-os.org/t/18982))
+- [How to persist Tailscale tunnel in AppVM](/docs/customization/tailscale.md) (forum [guide](https://forum.qubes-os.org/t/19004))
 - ![](/_res/l.png) [Verify boot process without Heads or AEM on TPM 2.0](https://github.com/kennethrrosen/qubes-boot-verification)
 
 `coreboot`
-- [install coreboot on a Thinkpad x230](/docs/coreboot/x230.md)
+
+- [install coreboot on a Thinkpad x230](/docs/coreboot/x230.md) (forum [guide](https://forum.qubes-os.org/t/19063))
 
 `customization`
-- [change DPI scaling in dom0 and VMs](/docs/customization/dpi-scaling.md)
-- [setup mirage firewall](/docs/customization/mirage-firewall.md)
-- [gaming HVM with GPU passthrough](/docs/customization/gaming-hvm.md)
-- [Choose deafult terminal settings for a TemplateVM](/docs/customization/terminal-defaults.md)  
-- [AwesomeWM](/docs/customization/awesomewm.md)  
-- [Screenlockers](/docs/customization/screenlockers.md)  
+
+- [change DPI scaling in dom0 and VMs](/docs/customization/dpi-scaling.md) (forum [guide](https://forum.qubes-os.org/t/19064))
+- [setup mirage firewall](/docs/customization/mirage-firewall.md) (forum [guide](https://forum.qubes-os.org/t/19065))
+- [gaming HVM with GPU passthrough](/docs/customization/gaming-hvm.md) (forum [guide](https://forum.qubes-os.org/t/19000))
+- [Choose deafult terminal settings for a TemplateVM](/docs/customization/terminal-defaults.md) (forum [guide](https://forum.qubes-os.org/t/19067))
+- [AwesomeWM](/docs/customization/awesomewm.md) (forum [guide](https://forum.qubes-os.org/t/18995))
+- [Screenlockers](/docs/customization/screenlockers.md) (forum [guide](https://forum.qubes-os.org/t/19003))
 - ![](/_res/l.png) [QubesOS Autostart Menu](https://github.com/kennethrrosen/Qubes-OS-Autostart-Menu/)
 - ![](/_res/l.png) [sys-VPN notification setup](https://github.com/kennethrrosen/qubes_VPN_notifier)
 - ![](/_res/l.png) [PAM Distress login script](https://github.com/kennethrrosen/qubes-PAM-distress-login)
 
 `hardware`
-- [tips on choosing the right hardware](/docs/hardware/hardware-selection.md)
+
 
 `localization`
-- [how to use multiple keyboard layouts](/docs/localization/keyboard-multiple-layouts.md)
+
+- [how to use multiple keyboard layouts](/docs/localization/keyboard-multiple-layouts.md) (forum [guide](https://forum.qubes-os.org/t/19029))
 
 `misc`
+
 - ![](/_res/l.png) [Qubes 3.2 cheat sheet](https://github.com/Jeeppler/qubes-cheatsheet)
 - [infrequently asked questions](/docs/misc/iaq.adoc)
 
 `security`
-- [multifactor authentication](/docs/security/multifactor-authentication.md)
-- [security guidelines](/docs/security/security-guidelines.md)
-- [split bitcoin](/docs/security/split-bitcoin.md)
-- [split gpg](/docs/security/split-gpg.md)
-- [forensics](/docs/security/forensics.md)
+
+- [multifactor authentication](/docs/security/multifactor-authentication.md) (forum [guide](https://forum.qubes-os.org/t/19016))
+- [security guidelines](/docs/security/security-guidelines.md) (forum [guide](https://forum.qubes-os.org/t/19075))
+- [split bitcoin](/docs/security/split-bitcoin.md) (forum [guide](https://forum.qubes-os.org/t/19017))
+- [split gpg](/docs/security/split-gpg.md) (forum [guide](https://forum.qubes-os.org/t/19076))
+- [forensics](/docs/security/forensics.md) (forum [guide](https://forum.qubes-os.org/t/19015))
 
 `system`
-- [understanding and fixing issues with time/clock](/docs/system/clock-time.md)
-- [restoring 3.2 templates/standalones to 4.0](/docs/system/restore-3.2.md)
-- [connect to a VM console](/docs/system/vm-console.md)
-- [display reminders to make regular backups](/docs/system/backup-reminders.md)
-- [mount a VM's private storage volume in another VM](/docs/system/vm-image.md)
+
+- [understanding and fixing issues with time/clock](/docs/system/clock-time.md) (forum [guide](https://forum.qubes-os.org/t/19030))
+- [restoring 3.2 templates/standalones to 4.0](/docs/system/restore-3.2.md) (forum [guide](https://forum.qubes-os.org/t/19018))
+- [connect to a VM console](/docs/system/vm-console.md) (forum [guide](https://forum.qubes-os.org/t/19079))
+- [display reminders to make regular backups](/docs/system/backup-reminders.md) (forum [guide](https://forum.qubes-os.org/t/19078))
+- [mount a VM's private storage volume in another VM](/docs/system/vm-image.md) (forum [guide](https://forum.qubes-os.org/t/19080))
 
 `user-setups`
-- [examples of user setups](/docs/user-setups/) (templates and VMs used, productivity
-  tips, customizations, ...)
 
+- [examples of user setups](/docs/user-setups/) (templates and VMs used, productivity tips, customizations, ...)
 
 ## User-contributed code and links (![](/_res/l.png) icon) to third party resources
 
 **Prolific authors**
+
 - [Tasket](https://github.com/tasket)
 
 **`OS-administration`**
+
 - ![](/_res/l.png) [qubes4-multi-update](https://github.com/tasket/Qubes-scripts/blob/master/qubes4-multi-update): updates multiple template, standalone VMs and dom0 in R4.0 ([readme](https://github.com/tasket/Qubes-scripts#qubes4-multi-update))
 - [R4-universal-update-script.sh](/code/OS-administration/R4-universal-update-script.sh): bash script to automate VM updates
 - ![](/_res/l.png) [findpref](https://github.com/tasket/Qubes-scripts/blob/master/findpref): find all VMs that match a pref value and optionally set new values for them ([readme](https://github.com/tasket/Qubes-scripts#findpref))
-- ![](/_res/l.png) [qvm-portfwd-iptables](https://gist.github.com/fepitre/941d7161ae1150d90e15f778027e3248): port forwarding to allow external connections, see usage notes at bottom 
+- ![](/_res/l.png) [qvm-portfwd-iptables](https://gist.github.com/fepitre/941d7161ae1150d90e15f778027e3248): port forwarding to allow external connections, see usage notes at bottom
 - [mount_lvm_image.sh](/code/OS-administration/mount_lvm_image.sh): mount lvm image to a newly created DisposableVM
 - [build-archlinux.sh](/code/OS-administration/build-archlinux.sh): build the archlinux template
- 
+
 **`monitoring`**
+
 - [ls-qubes.sh](/code/monitoring/ls-qubes.sh): outputs the nb. of running qubes + total memory used; the output can be fed into a panel text applet (see comments in the script).
 - ![](/_res/l.png) [qubes-performance](https://github.com/3hhh/qubes-performance)
 - ![](/_res/l.png) [qrexec-proxy](https://github.com/3hhh/qubes-qrexec-proxy)
 - ![](/_res/l.png) [qubes-callbackd](https://github.com/3hhh/qubes-callbackd)
 
 **`multimedia`**
+
 - sound-control-scripts: toggle, volume up, volume down, ...
 
 **`productivity`**
+
 - toggle-fullscreen-scripts
 - screenshot-scripts
-- bash autocompletion script for `qvm-*` commands in dom0
+- ![](/_res/l.png) [bash autocompletion script for `qvm-*` commands in dom0](https://github.com/taradiddles/qubes-os/blob/master/qvm-cmds-bash-completion.bash)
 - ![](/_res/l.png) [qvm-screenshot-tool](https://github.com/evadogstar/qvm-screenshot-tool)
 - ![](/_res/l.png) [qubes-split-dm-crypt](https://github.com/rustybird/qubes-split-dm-crypt)
 - ![](/_res/l.png) [qcrypt](https://github.com/3hhh/qcrypt)
@@ -118,13 +138,9 @@ requests](https://github.com/Qubes-Community/Contents/pulls).
 - ![](/_res/l.png) [fedora-template-updater-script](https://github.com/kennethrrosen/qubes-fedora-upgrader)
 
 **`misc`**
-- ![](/_res/l.png)
-  [halt-vm-by-window](https://github.com/tasket/Qubes-scripts/blob/master/halt-vm-by-window):
-  shutdown a Qubes VM associated with the currently active window
-  ([readme](https://github.com/tasket/Qubes-scripts#halt-vm-by-window))
-- ![](/_res/l.png) [network traffic
-  analysis](http://zrubi.hu/en/2017/traffic-analysis-qubes/) (also see Zrubi's
-  [other Qubes blog posts](http://zrubi.hu/en/category/virtualization/qubes/) !)
+
+- ![](/_res/l.png) [halt-vm-by-window](https://github.com/tasket/Qubes-scripts/blob/master/halt-vm-by-window): shutdown a Qubes VM associated with the currently active window ([readme](https://github.com/tasket/Qubes-scripts#halt-vm-by-window))
+- ![](/_res/l.png) [network traffic analysis](http://zrubi.hu/en/2017/traffic-analysis-qubes/) (also see Zrubi's [other Qubes blog posts](http://zrubi.hu/en/category/virtualization/qubes/) !)
 - ![](/_res/l.png) [Ubuntu VMs](http://qubes.3isec.org/): repository with templates and packages to set up Ubuntu VMs
 - ![](/_res/l.png) [shadow-qube](https://github.com/kennethrrosen/qubes-shadow-dvm): A "Truly Disposable" Qube
 - ![](/_res/l.png) [Qubes for Journalists and free-speech defenders](https://github.com/kennethrrosen/journoSEC): a work-in-progress respository of scripts and advice for journalists and human rights workers.

code/productivity/qvm-cmds-bash-completion.bash

@@ -1,3 +1,12 @@
+# Note - Jun 2023 - this script is OUTDATED!
+#
+#  As the content of qubes-community is migrated to the forum (see issue #257)
+#  and the `Contents/` repository becomes read-only, up-to-date versions are now at:
+#
+#  https://github.com/taradiddles/qubes-os-qvm-bash-completion
+#
+
+
 # qvm-* commands bash auto completion
 
 # Copy this file to /etc/bash_completion.d/qvm.bash

docs/common-tasks/opening-urls-in-vms.md

@@ -1,128 +1,87 @@
-How to open URLs/files in other VMs
-===================================
+*Note: there is an ongoing [pull request](https://github.com/QubesOS/qubes-doc/pull/1314) to add most of the content of this document to the official Qubes OS documentation.*
 
-Qubes' philosophy is to assume you are already compromised and to partition your work / data in a way that even if all your VMs are compromised an attacker would not be able to extract any information. This document describes how to implement such compartmentalization when opening URLs and files from "secure" offline or firewalled VMs. Configuration samples throughout this document show how to setup a flexible and powerful workflow, mitigating the long starting time and resource usage of dispVMs that unfortunately often results in users not taking advantage of them.
+<!-- BEGIN PR content -->
 
-Naming convention:
+This page is about opening URLs and files from one qube in a different qube. The most straightforward way to do this is simply to [copy and paste URLs](/doc/how-to-copy-and-paste-text/) or [copy and move files](/doc/how-to-copy-and-move-files/) from the source qube to the target qube, then manually open them in the target qube. However, some users might wish to use [RPC policies](/doc/rpc-policy/) in order to regiment their workflows and safeguard themselves from making mistakes.
 
-- `srcVM` is the VM where the files/URLs are
-- `dstVM` is the VM we want to open them in ; `dstVM` can be any VM type - a DispVM, a regular AppVM, a Whonix workstation dvm, ...
+Naming conventions:
 
+- `<SOURCE_QUBE>` is the qube in which the URL or file originates.
+- `<TARGET_QUBE>` is the qube in which we wish to open the URL or file.
 
-Configuring dom0 RPC permissions
---------------------------------
+## Configuring RPC policies
 
-Opening files and URLs in other VMs rely on the `qubes.OpenInVM` and `qubes.OpenURL` [RPC services](https://www.qubes-os.org/doc/qrexec3/#qubes-rpc-services), which are called by `srcVM`'s `qvm-open-in-vm` and `qvm-open-in-dvm` shell scripts.
+The `qvm-open-in-vm` and `qvm-open-in-dvm` scripts are invoked in a qube to open files and URLs in another qube. Those scripts make use of the `qubes.OpenInVM` and `qubes.OpenURL` [RPC services](/doc/qrexec/#qubes-rpc-services). Qubes [RPC policies](/doc/rpc-policy/) control which RPC services are allowed between qubes.
 
-Qubes [RPC policies](https://www.qubes-os.org/doc/rpc-policy/) allow to fine tune how those RPC services can be used between VMs.
+Policy files are in `/etc/qubes/policy.d/`.
 
-### The (powerful) `ask` policy ###
+### Using the `ask` action
 
-A very powerful and convenient RPC policy rule is `ask`: in that case a dialog with the list of destination VMs pops up each time the RPC service is called, allowing the user to select a destination VM depending on his work's context (eg. the target URL's level of trust, protocol, file [MIME](https://en.wikipedia.org/wiki/Media_type) type, ...).
+This action displays a confirmation prompt in dom0 with a drop-down list of allowed target qubes each time the associated RPC service is called. This setup makes it possible to always control whether and in which qube a URL or file opened.
 
-It is impossible to overstate how flexible this is and how much security it can add to one's workflow: while opening things in dispVMs is the most secure approach the problem is starting a dispVM for *each* URL/file takes far too much time and resources, leading people to open files/URLs in persistent VMs instead.
+The selected qube will automatically start if it wasn't running. 
 
-The `ask` policy's VM selection dialog allows one to start any type of VM or dispVM (see section "Considerations on dispVMs" below), or send the URL/file to an already running (disp)VM. The first time an URL/file is opened the (disp)VM will start if it wasn't running. The next time another URL/file is sent, there's no need start a new (disp)VM, one can instead select the already running (disp)VM. It is also possible to choose 'cancel' in the dialog and nothing will launch.
+**Note:** When using `ask`, the target qube given as an argument to `qvm-open-in-vm` is ignored if no `allow` rule matches the current RPC service and source/target qubes.
 
-This setup makes it possible to control if and on which network (eg. "clearnet", TOR, VPN) an URL is requested - always. It also effectively mitigates the long starting times of dispVMs.
+### Using the `allow` action
 
-Note: when using the `ask` policy, the destination VM specified in `srcVM` by `qvm-open-in-vm` is ignored if no `allow` match exists for that given `srcVM`/`dstVM` combo.
+This action allows a specified RPC service to be invoked between source and target qubes without displaying a confirmation prompt in dom0.
 
+When an `allow` action is defined for a target other than `@dispvm`, the target qube is the one given as an argument to `qvm-open-in-vm` in `<SOURCE_QUBE>`. The corresponding RPC policies must be configured accordingly.
 
-### The `allow` policy ###
+**Warning:** Since there is no user confirmation with `allow`, applications in `<SOURCE_QUBE>` could leak data through URLs or file names.
 
-If an `allow` policy is configured with a destination other than `$dispvm` it is obviously up to `srcVM` to provide the name of the destination VM. The RPC policies should then be configured accordingly.
+### Using disposables and the `@dispvm` keyword in policies
 
-**Caveat**: even with offline `srcVM`s, `allow` policies allow applications in `srcVM` to leak data through URLs. You might notice that an URL has been open in the destination VM but it would be too late.
+It is possible to further restrict a target disposable qube by specifying the template on which it is based with the `@dispvm:<DISPOSABLE_TEMPLATE>` syntax ([learn more](/doc/how-to-use-disposables/#opening-a-link-in-a-disposable-based-on-a-non-default-disposable-template-from-a-qube)).
 
+**Note:** The keyword `@dispvm` designates any disposable based on the calling qube's default disposable template. It does *not* designate any disposable whatsoever. For example, if you were to run `qvm-open-in-vm @dispvm:<ONLINE_DISPOSABLE_TEMPLATE> https://www.qubes-os.org` in `<SOURCE_QUBE>` while `<ONLINE_DISPOSABLE_TEMPLATE>` is *not* `<SOURCE_QUBE>`'s default disposable template, it wouldn't work if your policy line merely had `@dispvm` as the target. You would have to use `@dispvm:<ONLINE_DISPOSABLE_TEMPLATE>` as the target instead.
 
-### Sample policy ###
+## Sample RPC user policy
 
-In the following example, opening URLs in specific VMs is explicitely forbidden to prevent mistakenly selecting such VM, opening URLs in regular dispVMs is always allowed (see notes below), and the default policy is to have the selection dialog pop up for everything else with the "dispBrowser" VM preselected.
+_See the main document, [RPC policies](/doc/rpc-policy/), for more information._
 
-`/etc/qubes-rpc/policy/qubes.OpenURL`:
+The following is a partial example of the kinds of `qubes.OpenInVM` and `qubes.OpenURL` rules that you could write in `/etc/qubes/policy.d/30-user.policy`:
 
 ~~~
-@anyvm vault deny
-@anyvm private deny
-@anyvm banking deny
-@anyvm @dispvm allow
-@anyvm @anyvm ask,default_target=dispBrowser
+# Deny opening files or URLs from or in 'vault'
+qubes.OpenInVM   *   @anyvm   vault         deny
+qubes.OpenURL    *   @anyvm   vault         deny
+qubes.OpenInVM   *   vault    @anyvm        deny
+qubes.OpenURL    *   vault    @anyvm        deny
+
+# Allow 'work' to open URLs in disposable qubes without prompting the user
+qubes.OpenURL    *   work     @dispvm       allow
+
+# Allow 'work' to open files in 'untrusted' without prompting the user
+qubes.OpenInVM   *   work     @dispvm       allow target=untrusted
+
+# Allow any qube to open files and URLs in disposables based on the
+# disposable templates 'foo' and 'bar'
+qubes.OpenInVM   *   @anyvm   @dispvm:foo   allow
+qubes.OpenURL    *   @anyvm   @dispvm:bar   allow
+
+# Prompt the user before opening any file or URL in any other qube, but prefill
+# the target with 'personal' for files and 'untrusted' for URLs
+qubes.OpenInVM   *   @anyvm   @anyvm        ask default_target=personal
+qubes.OpenURL    *   @anyvm   @anyvm        ask default_target=untrusted
 ~~~
 
-`/etc/qubes-rpc/policy/qubes.OpenInVM`:
+## Configuring application handlers
 
-~~~
-@anyvm @anyvm ask
-~~~
+It is possible to (re)define a default application handler so that it is automatically called by *any* application in `<SOURCE_QUBE>` to open files or URLs provided that the applications adhere to the [freedesktop](https://en.wikipedia.org/wiki/Freedesktop.org) standard (which is almost always the case nowadays).
 
-Notes about the `@dispvm` syntax:
+For application-specific configurations or applications that don't adhere to the freedesktop standard, please refer to the unofficial, external [community documentation](https://github.com/Qubes-Community/Contents/blob/master/docs/common-tasks/opening-urls-in-vms.md).
 
-- it is possible to further restrict the target dispVM by specifying the template it's based on with the `@dispvm:templatename` syntax. See the [official doc](https://www.qubes-os.org/doc/disposablevm/#opening-a-link-in-a-disposablevm-based-on-a-non-default-disposablevm-template-from-a-qube) for further details. 
-- caveat: `@dispvm` means "DisposableVMs based on the default DisposableVM template of the calling VM", not "*any* DisposableVMs". If you were to run `qvm-open-in-vm @dispvm:web https://www.qubes-os.org` with the policy sample above and `web` wasn't the default dvm template for the calling VM, `@anyvm @dispvm allow` wouldn't be matched and you'd be shown the selection dialog window because of the last `ask` line.
+Defining a new handler simply requires creating a [.desktop](https://specifications.freedesktop.org/desktop-entry-spec/latest/) file and registering it. The following example shows how to open http/https URLs (along with common "web" [media types](https://en.wikipedia.org/wiki/Media_type)) with `qvm-open-in-vm`:
 
-
-Considerations on dispVMs
--------------------------
-
-### Re-using dispVMs ###
-
-In the section above we've seen how using the 'ask' RPC policy allowed us to start a (disp)VM once and use it for opening subsequent URLs (or files) to avoid having to wait insane amounts of time for dispVMs to start. However this comes at the price of a loss in compartmentalization. It is thus up to the user to carefully pick destination VMs and to manage the lifecycle of dispVMs, killing it/them when necessary when a clean state is required.
-
-### Managing changes ###
-
-When opening and modifying a document in a dispVM the content is sent back to `srcVM` when the dispVM's process (eg. LibreOffice) closes. The dispVM's private volume is then wiped and any change that was made to the VM are discarded - eg. automatically updated add-ons, blacklists, tweaked browser preferences, ... ; The following ideas show how to cope with those "deliberate" changes:
-
-- inter-VM copy/paste is probably the easiest way to synchronize small amounts of data in text form from the dispVM to `srcVM` (or to another dedicated VM like the oft-used 'vault' VM). Eg.:
-   - passwords: copy/paste from/to KeepassX (or one of its forks).
-   - bookmarks: copy/paste from/to
-      - a plain text file
-      - or an html bookmark file (most browsers can export/import such file)
-      - or a dedicated bookmark manager like [buku](https://github.com/jarun/Buku) (command line manager, available in Fedora 28 repo - `dnf install buku`).
-- other content/changes will have to be copied, usually to the dispVM templateVM. Care must be taken not to replicate compromised files: working with a freshly started dispVM and performing only the required update actions before synchronizing files with the templateVM is a good idea.
-
-### Using "named" dispVMs ###
-
-If for some reason a user needs to have use a dispVM with a given name - which is for instance handy when using `allow` RPC policies - he/she can do like so (replace `fedora-28-dvm` with the dvm template you want to use):
-
-~~~
-qvm-create -C DispVM -t fedora-28-dvm -l red dstVM
-~~~
-
-This VM works like a regular VM, with the difference that its private disk is wiped after it's powered off. However it doesn't "auto power off" like random dispVMs so it's up to the user to power off (and optionaly restart) the VM when he/she deems necessary.
-
-### Sample real-world workflow ###
-
-Here's an example of a real-world, thoroughly used setup/workflow:
-
-Disposable VMs are based on the following templates:
-
-- dvm-offline (many apps, libreoffice, VLC etc. -- no network)
-- dvm-online (minimal with firefox only)
-- dvm-anon (whonix workstation)
-
-AppVMs are highly specialized: vault (offline), documents (offline), media (offline), email (firewalled). Those is where information lives. But files do not get opened nor worked on there ... only on instances of dvm-offline.
-
-
-Configuring `srcVM`
--------------------
-
-The subsections below list various approaches on opening URLs/files from `srcVM` in destination VMs. A hassle-free but very powerful setup is to use the application-independent approach documented in the next subsection with the `ask` RPC policy.
-
-
-### Application-independent setup ###
-
-It is possible to (re)define a *default* handler for programs/URLs so that this handler is automatically called by *all* the applications in `srcVM` - provided that the applications adhere to the [freedesktop](https://en.wikipedia.org/wiki/Freedesktop.org) standard which is most always the case nowadays.
-
-Defining a new handler simply requires creating a [.desktop](https://specifications.freedesktop.org/desktop-entry-spec/latest/) file and registering it. The following example shows how to open http/https URLs (along with some other common "web" Mime types) with `qvm-open-in-vm`:
-
-- create `$HOME/.local/share/applications/browser_vm.desktop` with the following text:
+- Create `$HOME/.local/share/applications/mybrowser.desktop` with the following content:
 
 	~~~
 	[Desktop Entry]
 	Encoding=UTF-8
-	Name=BrowserVM
-	Exec=qvm-open-in-vm dstVM %u
+	Name=MyBrowser
+	Exec=qvm-open-in-vm <TARGET_QUBE> %u
 	Terminal=false
 	X-MultipleArgs=false
 	Type=Application
@@ -130,79 +89,99 @@ Defining a new handler simply requires creating a [.desktop](https://specificati
 	MimeType=x-scheme-handler/unknown;x-scheme-handler/about;text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
 	~~~
 
-- register the .desktop file you've just created with `xdg-settings set default-web-browser browser_vm.desktop`. 
+- Register the `.desktop` file with `xdg-settings set default-web-browser mybrowser.desktop`. 
 
-The same can be done with any Mime type (see `man xdg-mime` and `xdg-settings`); you could either reuse the .desktop created above and add Mime types to the `MimeType=` line, or create and register another .desktop file.
+The same can be done with any other media type (see `man xdg-mime` and `xdg-settings`).
 
-Notes:
+### Notes
 
-- for some reasons some applications may not honor the new xdg application/handler (eg. if you had previously configured default applications), in which case you'd have to manually select the xdg application (see section below).
-- `qvm-open-in-vm dstVM` can be replaced by a user written wrapper with custom logic for selecting a specific `dstVM` depending on the URL/file type, site level of trust, ... ; The RPC policies should be configured accordingly.
-- very security conscious users should consider basing AppVMs on minimal templates; that way, unless the default handler is set, nothing else is usually there to open those files (little risk, plus the VMs are firewalled or offline).
+- Some applications may not use the new XDG application handler (e.g., if you had previously configured default applications), in which case you'd have to manually configure the application to use the XDG handler.
 
+- `qvm-open-in-vm target-qube %u` can be replaced by a user wrapper with custom logic for selecting different target qubes depending on the URL/file type, level of trust, etc. The RPC policies should be configured accordingly.
 
-### Application-specific setup ###
+- Advanced users may wish to consider basing app qubes on [minimal templates](/doc/templates/minimal/). That way, unless a default handler is set, it is unlikely that any other program will be present that can open the URL or file.
+
+<!-- END PR content -->
+
+## Configuring specific applications
 
 Most applications provide a way to select a given program to use for opening specific URL/file (MIME) types. We can use that feature to select the `/usr/bin/qvm-open-in-{vm,dvm}` scripts instead of the default programs.
 
-The subsections below show how to configure popular applications.
+The subsections below show how to configure popular applications in case the "default handler" approach above doesn't work / isn't sufficient.
 
-
-#### Firefox, Chrome/Chromium ####
+### Firefox, Chrome/Chromium
 
 Those browsers have an option to define programs associated to a file (MIME) type. It is pretty straightforward to configure and is outside the scope of this document.
 
 An alternative is to use Raffaele Florio's [qubes-url-redirector](https://github.com/raffaeleflorio/qubes-url-redirector) add-on, which provides a lot of flexibility when opening links without the hassle of having to write custom shell wrappers to `qvm-open-in-vm`. For instance links can be opened with a context menu and the add-on's default behavior can be configured, even with whitelist regexes.
 
 Notes:
+
 - the qubes-url-redirector add-on will likely be included officialy in Qubes (see [this](https://github.com/QubesOS/qubes-issues/issues/3152) issue).
-- the add-on can actually be used with applications other than firefox/chrome/chromium, the only requirement is that URLs open in a browser in `srcVM`. It works like so:
-   - the application in `srcVM` opens an URL in the default browser in `srcVM` (eg. firefox)
-   - firefox starts on `srcVM`, the add-on processes the URL and according to its configuration "sends" the URL to the destination VM with `qubes.OpenURL`
-   - the URL opens in the destination VM's browser
+- the add-on can actually be used with applications other than firefox/chrome/chromium, the only requirement is that URLs open in a browser in `<SOURCE_QUBE>`. It works like so:
+  - the application in `<SOURCE_QUBE>` opens an URL in the default browser in `<SOURCE_QUBE>` (eg. firefox)
+  - firefox starts on `<SOURCE_QUBE>`, the add-on processes the URL and according to its configuration "sends" the URL to `<TARGET_QUBE>` with `qubes.OpenURL`
+  - the URL opens in the `<TARGET_QUBE>`'s browser
 
+### Thunderbird
 
-#### Thunderbird ####
-
-**Opening attachements**: "actions" must be defined, see section "Download Actions" settings" in [this document](http://kb.mozillazine.org/Actions_for_attachment_file_types).
+**Opening attachments**: "actions" must be defined, see section "Download Actions" settings" in [this document](http://kb.mozillazine.org/Actions_for_attachment_file_types).
 
 **Opening URLs**: changing the way http and https URLs are opened requires tweaking configuration options; see [this](http://kb.mozillazine.org/Changing_the_web_browser_invoked_by_Thunderbird) and [this](http://kb.mozillazine.org/Network.protocol-handler.expose-all) document for more information. Those changes can be made in Thunderbird's built-in config editor, or by adding the following lines to `$HOME/.thunderbird/user.js`:
 
-~~~
+```
 user_pref("network.protocol-handler.warn-external.http", true);
 user_pref("network.protocol-handler.warn-external.https", true);
 user_pref("network.protocol-handler.expose-all", true);
-~~~
+```
 
-Thunderbird will then ask which program to use the next time a link is opened. If `dstVM` is a standard (random) dispVM, choose `/usr/bin/qvm-open-in-dvm`. Otherwise you'll have to create a wrapper to `qvm-open-in-vm` since arguments cannot be passed to programs selected in Thunderbird's dialog gui. For instance, put the following text in `$HOME/bin/thunderbird-open-url`, make it executable, and select that program when asked which program to use:
+Thunderbird will then ask which program to use the next time a link is opened. If `<TARGET_QUBE>` is a standard (random) dispVM, choose `/usr/bin/qvm-open-in-dvm`. Otherwise you'll have to create a wrapper to `qvm-open-in-vm` since arguments cannot be passed to programs selected in Thunderbird's dialog gui. For instance, put the following text in `$HOME/bin/thunderbird-open-url`, make it executable, and select that program when asked which program to use:
 
-~~~
+```
 #!/bin/sh
-qvm-open-in-vm dstVM "$@"
-~~~
+qvm-open-in-vm <TARGET_QUBE> "$@"
+```
 
-#### Vi ####
+### Vi
 
 Opening URLs: put the following in `$HOME/.vimrc`:
 
-~~~
-let g:netrw_browsex_viewer = 'qvm-open-in-vm dstVM'
-~~~
+```
+let g:netrw_browsex_viewer = 'qvm-open-in-vm <TARGET_QUBE>'
+```
 
-Typing `gx` when the cursor is over an URL will then open it in `dstVM` (or will trigger a dialog if `ask` policy is configured, ignoring the `dstVM` argument).
+Typing `gx` when the cursor is over an URL will then open it in `<TARGET_QUBE>` (or will trigger a dialog if `ask` policy is configured, ignoring the `<TARGET_QUBE>` argument).
 
 
-### Inter-VM copy/paste and file copy ###
+# Considerations on dispVMs
 
-This approach is obvious and is the simplest one:
+## Re-using dispVMs
 
-- URLs: [copy/paste](https://www.qubes-os.org/doc/copy-paste/) the link in `dstVM`.
-- Files: [copy](https://www.qubes-os.org/doc/copying-files/) the file to `dstVM` (provided that `qubes.Filecopy` RPC service's policy allows it - it does by default), and open it from there.
+In the section above we've seen how using the 'ask' RPC policy allowed us to start a (disp)VM once and use it for opening subsequent URLs (or files) to avoid having to wait insane amounts of time for dispVMs to start. However this comes at the price of a loss in compartmentalization. It is thus up to the user to carefully pick destination VMs and to manage the lifecycle of dispVMs, killing it/them when necessary when a clean state is required.
+
+## Managing changes
+
+When opening and modifying a document in a dispVM the content is sent back to `<SOURCE_QUBE>` when the dispVM's process (eg. LibreOffice) closes. The dispVM's private volume is then wiped and any change that was made to the VM are discarded - eg. automatically updated add-ons, blacklists, tweaked browser preferences, ... ; The following ideas show how to cope with those "deliberate" changes:
+
+- inter-VM copy/paste is probably the easiest way to synchronize small amounts of data in text form from the dispVM to `<SOURCE_QUBE>` (or to another dedicated VM like the oft-used 'vault' VM). Eg.:
+  - passwords: copy/paste from/to KeepassX (or one of its forks).
+  - bookmarks: copy/paste from/to
+    - a plain text file
+    - or an html bookmark file (most browsers can export/import such file)
+    - or a dedicated bookmark manager like [buku](https://github.com/jarun/Buku) (command line manager, available in Fedora 28 repo - `dnf install buku`).
+- other content/changes will have to be copied, usually to the dispVM templateVM. Care must be taken not to replicate compromised files: working with a freshly started dispVM and performing only the required update actions before synchronizing files with the templateVM is a good idea.
+
+## Using "named" dispVMs
+
+If for some reason a user needs to have use a dispVM with a given name - which is for instance handy when using `allow` RPC policies - he/she can do like so (replace `fedora-28-dvm` with the dvm template you want to use):
+
+```
+qvm-create -C DispVM -t fedora-28-dvm -l red <TARGET_QUBE>
+```
+
+This VM works like a regular VM, with the difference that its private disk is wiped after it's powered off. However it doesn't "auto power off" like random dispVMs so it's up to the user to power off (and optionally restart) the VM when he/she deems necessary.
 
 
----
-
-`Contributors`: @neowutran, @SvenSemmler, @Aekez, @taradiddles
+------------------------------------------------------------------------
 
 `Credits:` @raffaeleflorio, [Micah Lee](https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/)
-

docs/configuration/install-nvidia-driver.md

@@ -64,20 +64,18 @@ Reboot.
 
 ## Manual installation
 
-This process is quite complicated: First - download the source from nvidia.com site. Here "NVIDIA-Linux-x86\_64-260.19.44.run" is used. Copy it to dom0. Every next step is done in dom0.
+This process is quite complicated: First - download the source from nvidia.com site. Here "NVIDIA-Linux-x86\_64-525.116.04" is used. Copy it to dom0. Every next step is done in dom0.
 
 See [this page](https://www.qubes-os.org/doc/copy-to-dom0/) for instructions on how to transfer files to Dom0 (where there is normally no networking).
 
 **WARNING**: Nvidia doesn't sign their files. To make it worse, you are forced to download them over a plaintext connection. This means there are virtually dozens of possibilities for somebody to modify this file and provide you with a malicious/backdoored file. You should realize that installing untrusted files into your Dom0 is a bad idea. Perhaps it might be a better idea to just get a new laptop with integrated Intel GPU? You have been warned.
 
-
-
 ### Userspace components
 
 Install libraries, Xorg driver, configuration utilities. This can by done by nvidia-installer:
 
 ~~~
-./NVIDIA-Linux-x86_64-260.19.44.run --ui=none --no-x-check --keep --no-nouveau-check --no-kernel-module
+./NVIDIA-Linux-x86_64-525.116.04.run --ui=none --no-x-check --keep --extract
 ~~~
 
 ### Kernel module
@@ -88,43 +86,25 @@ You will need:
 -   kernel-devel package installed
 -   gcc, make, etc
 
-This installation must be done manually, because nvidia-installer refused to install it on Xen kernel. Firstly ensure that kernel-devel package installed all needed files. This should consist of:
+This installation must be done manually, because nvidia-installer refuses to install it on Xen kernel.
 
--   */usr/src/kernels/2.6.34.1-12.xenlinux.qubes.x86\_64*
--   */lib/modules/2.6.34.1-12.xenlinux.qubes.x86\_64/build* symlinked to the above directory
--   */usr/src/kernels/2.6.34.1-12.xenlinux.qubes.x86\_64/arch/x64/include/mach-xen* should be present (if not - take it from kernel sources)
-
-If all the files are not there correct the errors manually. To build the kernel module, enter *NVIDIA-Linux-x86\_64-260.19.44/kernel* directory and execute:
+To build the kernel module, enter *NVIDIA-Linux-x86\_64-525.116.04/kernel* directory and execute:
 
 ~~~
-make
-IGNORE_XEN_PRESENCE=1 CC="gcc -DNV_VMAP_4_PRESENT -DNV_SIGNAL_STRUCT_RLIM" make -f Makefile.kbuild
-mv /lib/modules/2.6.34.1-12.xenlinux.qubes.x86_64/kernel/drivers/video/nvidia.ko /lib/modules/2.6.34.1-12.xenlinux.qubes.x86_64/extra/
+make IGNORE_XEN_PRESENCE=1 CC="gcc -DNV_VMAP_4_PRESENT -DNV_SIGNAL_STRUCT_RLIM"
+mv nvidia.ko /lib/modules/$(uname -r)/kernel/drivers/video/
+depmod -a
 ~~~
 
-Ignore any errors while inserting nvidia.ko (at the end of make phase). 
+### Disable nouveau
 
-### Disable nouveau:
+Add `rd.driver.blacklist=nouveau` option in `/etc/default/grub` (at the end of line `GRUB_CMDLINE_LINUX`).
 
-~~~
-cat /etc/modprobe.d/nouveau-disable.conf
-# blacklist isn't enough...
-install nouveau /bin/true
-~~~
+Install the new grub config with `grub2-mkconfig -o /boot/efi/EFI/qubes/grub.cfg`.
 
-Add *rdblacklist=nouveau* option to /boot/grub/menu.lst (at the end of line containing *vmlinuz*).
+### Reboot
 
-### Configure Xorg
-
-Finally, you should configure Xorg to use nvidia driver. You can use *nvidia-xconfig* or do it manually:
-
-~~~
-X -configure
-mv /root/xorg.conf.new /etc/X11/xorg.conf
-# replace Driver in Device section by "nvidia"
-~~~
-
-Reboot to verify all this works.
+Reboot to verify all this works. You can ensure the module is loaded by running `lsmod | grep nvidia` which should display a single output line, and `lsmod | grep nouveau` should have no output.
 
 ## Troubleshooting lack of video output during installation
 

docs/configuration/split-ssh.md

@@ -118,7 +118,7 @@ If you still want to encrypt your keys you must refer to the [Securing Your Priv
       Type=Application
       ```
         
-   **Note:** If you've specified a custom name for your key using *-f*, you should adjust `Exec=ssh-add` to `Exec=ssh-add <path-to-your-key-file>`.
+   **Note:** If you've specified a custom name for your key using *-f*, you should adjust `Exec=ssh-add -c` to `Exec=ssh-add -c <path-to-your-key-file>` (the path must be absolute, e.g. `/home/user/.ssh/my_key`).
 
 ## Setting Up VM Interconnection
 

docs/configuration/vpn.md

@@ -285,9 +285,10 @@ Before proceeding, you will need to download a copy of your VPN provider's confi
    VPN_CLIENT='openvpn'
    VPN_OPTIONS='--cd /rw/config/vpn/ --config openvpn-client.ovpn --daemon'
    
+   su - -c 'notify-send "$(hostname): Starting $VPN_CLIENT..." --icon=network-idle' user
    groupadd -rf qvpn ; sleep 2s
    sg qvpn -c "$VPN_CLIENT $VPN_OPTIONS"
-   su - -c 'notify-send "$(hostname): Starting $VPN_CLIENT..." --icon=network-idle' user
+   
    ~~~
 
    If you are using anything other than OpenVPN, change the `VPN_CLIENT` and `VPN_OPTIONS` variables to match your VPN software.

docs/security/replacing-passwordless-root-with-dom0-prompt.md

@@ -1,6 +1,6 @@
 # Replacing passwordless root with a dom0 prompt
 
-For context, please see [passwordless root](https://www.qubes-os.org/doc/passwordless-root/).
+For context, please see [passwordless root](https://www.qubes-os.org/doc/vm-sudo/)).
 
 Some Qubes users may wish to enable user/root isolation in VMs.
 This is not officially supported, but of course nothing is preventing the user from modifying his or her own system.