Git-Mirrors/Qubes-Community-Content
1
0
Fork 0
mirror of https://github.com/Qubes-Community/Contents.git synced 2024-10-01 01:05:51 -04:00
Code Issues Packages Projects Releases Wiki Activity
f4bb2d8e91
Qubes-Community-Content/docs/user-setups/taradiddles/README.md
taradiddles f4bb2d8e91 rpm: mpv -> mplayer (uses less resources)
2019-01-11 15:05:53 +02:00

5.6 KiB
Raw Blame History

User setup / @taradiddles

Hardware

Lenovo Thinkpad T450s

TemplateVMs and VMs

(see the TemplateVMs customization section for how to configure the templateVMs)

TemplateVM 'fedora-minimal'

Custom minimal template for:

  • VM 'sys-firewall'
  • VM 'sys-net'
  • VM 'vault': not networked; used for keepassxc (password manager) and split gpg

TemplateVM 'fedora-medium

Custom default template with libreoffice, thunderbird, ...

  • VM 'work': firewalled, ssh to known hosts and to mail server; used for emails/office work, storing non confidential documents, and terminals (with tmux).
  • VM 'banking': firewalled, only a few IPs allowed; used only for e-banking
  • VM 'halftrusted': used only for e-shopping
  • VM 'private': not networked; used for opening and storing private documents

TemplateVM 'fedora-heavy'

Larger custom template with programs from non-fedora repos (multimedia, non free, ...)

  • VM 'untrusted': firewalled, only a few IPs allowed (eg. nextcloud server, ...); used for opening multimedia files, and content that is thought to be OK. See this comment for the rationale behind keeping this VM without full Internet access.
  • VM 'sys-usb': firewalled, only 1 IP allowed (playing music from a NAS to a USB soundcard).
  • dispVM 'dispBrowser': doc / WIP; used for casual browsing. Using with a customized firefox profile with privacy extensions and a custom user.js file (adapted from here).
  • dispVMs: used for opening content downloaded from unknown/dodgy sources as well as browsing sites that won't work with the restricted firefox profile of 'dispBrowser'.

Other VMs

  • a few Windows 7 VMs without network for CAD/3D drawing, programing controllers with a Windows-only toolkit, ... ;
  • a StandaloneVM based on fedora with third-party drivers installed for a networked printer. Firewalled to allow only the network printer's IP.

DOM0 customization

Xterm

Open xterm instead of xfce4-terminal: in /etc/xdg/xfce4/helpers.rc, set

TerminalEmulator=xterm

Xresources for xterm are in $HOME/.Xresources

Power management

See https://github.com/taradiddles/qubes-os/tree/master/powermgnt

(not clear how much it helps with battery usage - never had the time to do proper testing; shouldn't hurt though).

Productivity tweaks

Define application shortcuts with Qubes Menu -> System Tools -> Keyboard -> Application Shortcuts; for instance:

  • ctrl-alt C: open a calculator in VM untrusted ; shortcut: qvm-run -q -a untrusted galculator
  • ctrl-alt X: open a popup windows to open xterm in a given VM (script here, screenshot there). Shortcut: popup-appmenu xterm.
  • ctrl-alt F: ditto, but with firefox
  • ctrl-alt K: open keepassxc in VM vault; shortcut: qvm-run -q -a vault keepassxc

VMs customization

sys-net: since nm-applet isn't started by default in all VMs (see section below), start it with a .desktop file in $HOME/.config/autostart (note: can't use rc.local because Xorg isn't started yet when rc.local runs).

TemplateVMs customization

fedora-minimal

Installed ITL's fedora-26-minimal rpm + installed the following rpms:

qubes-core-agent-passwordless-root
qubes-core-agent-networking
qubes-core-agent-network-manager
qubes-core-agent-dom0-updates
qubes-usb-proxy
network-manager-applet
polkit
less
pciutils
psmisc
NetworkManager-wifi
dejavu-sans-fonts
dejavu-sans-mono-fonts
tcpdump
telnet
wireless-tools
iwl7260-firmware
keepassxc pwgen
sharutils
rsync
qubes-gpg-split
qubes-core-agent-nautilus
bzip2
encfs
openssl

Fixes/tweaks:

  • /usr/lib/qubes-tweak:
    • fix-xdg: remove autostart stuff in /etc/xdg/autostart; this will prevent for instance nm-applet from starting in all VMs while it's only required in sys-net.
    • setxkbmap.desktop: multiple keyboard layouts (see this doc).
    • solarized.vim2, vimrc.add.colors: configure vim to use the solarized color scheme.
    • Xresources and xresources.desktop: load Xresources at boot (can't simply use /etc/X11/xresources because xinit runs xrdb -merge without the preprocessor, which breaks the solarized color scheme definitions.
  • /etc/profile.d/interactive-commands.sh: ask before deleting/overwriting files with rm/cp/mv

fedora-medium

Cloned fedora-minimal above and installed the following rpms:

tigervnc
firefox
thunderbird
tmux
proxychains
nfs-utils
gimp
libreoffice-calc libreoffice-writer libreoffice-draw libreoffice-impress
units
fuse-sshfs
p7zip
perl-Image-ExifTool
qpdf
vim-enhanced
man
glibc-langpack-en
nfs-utils
eog
evince
thunderbird-qubes
qubes-img-converter
qubes-pdf-converter
git
thunderbird-enigmail

Fixes:

set LANG=en_US.UTF-8 in /etc/locale.conf

fedora-heavy

Cloned fedora-medium above.

Installed the following repos:

  • Google Chrome
  • rpmfusion-free
  • rpmfusion-nonfree

And installed the following rpms:

calibre
nextcloud-client
ufraw
viking
java-1.8.0-openjdk
mc
google-chrome-stable
gphoto2
gvfs-mtp
gvfs-gphoto2
gvfs-fuse
simple-mtpfs
qubes-vm-recommended
whois
bind-utils
galculator
fuse-exfat
unrar
ffmpeg
mplayer
qgis-python