--- layout: default1 description: A page containing various information related to QubesOS title: Qubes OS permalink: /qubes ---
A collection of Qubes OS-related information.

Website: [https://qubes-os.org](https://qubes-os.org)
#### Table of contents: -\>> [Best Practices](#best-practices)
-\>> [Template Setup](#template-setup)
- -\> *[Debian](#debian)*
- -\> *[Security](#debian-security)*
- -\> *[Fedora](#fedora)*
- -\> *[Upgrading Fedora](#upgrading-fedora)*
- -\> *[Whonix](#whonix)*
-\>> [Links & Resources](#links--resources)
- -\> *[Customizations](#customizations)*
- -\> *[Guides](#guides)*
- -\> *[Templates](#templates)*
- -\> *[Wiki](#wiki)*

### Best Practices - All repositories should be routed over Tor and [onionized](https://anonymousland.org/#onionizing-repositories) - Each application should be installed in its own separate minimal template Qube (provided your system has applicable resources for such) - `sys-usb` should be configured on a laptop - Avoid using `sleep` on a Qubes system - Read all of the Qubes documentation - Frequently visit the Qubes forums - Consider creating a shutdown script / shortcut - Consider if you would benefit by creating backups of your Qubes system - Update frequently - Harden Qubes if applicable (Debian kicksecure, Fedora CORP hardened-malloc, etc.) - Setup a bios password along with a power-on password - Use an SSD for the Qubes system
### Template Setup Small notes for template setup Proxying `wget`: Edit ``/etc/wgetrc`` Add: ``` use_proxy=yes http_proxy=127.0.0.1:8082 https_proxy=127.0.0.1:8082 ```
#### Debian Running in Dom0: ``` sudo qubes-dom0-update qubes-template-debian-11-minimal ``` ``` qvm-run --pass-io -u root template-debian-11-minimal 'apt instal qubes-core-agent-passwordless-root' ``` Running inside the template: ``` sudo apt update ``` Installing packages ``` sudo apt install qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git apt-transport-tor curl ``` Configuring git proxy ``` git config --global http.proxy http://127.0.0.1:8082/ ```
#### Debian Security ``` sudo apt-get install grub2 qubes-kernel-vm-support ``` ``` sudo apt-get -t bullseye-backports --no-install-recommends install linux-image-amd64 linux-headers-amd64 ``` ``` sudo grub-install /dev/xvda ``` Adding the Kicksecure repository: ``` curl --proxy http://127.0.0.1:8082/ --tlsv1.3 --proto =https --max-time 180 --output ~/derivative.asc https://www.kicksecure.com/derivative.asc ``` ``` sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc ``` ``` echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list ``` Installing Kicksecure package: ``kicksecure-qubes-cli`` and ``kicksecure-qubes-gui`` are available. ``` sudo apt install --no-install-recommends kicksecure-qubes-cli ``` Installing LKRG: ``` sudo apt install --no-install-recommends lkrg-dkms ``` Enabling Hardened Malloc: ``` echo "/usr/lib/libhardened_malloc.so/libhardened_malloc.so" | sudo tee /etc/ld.so.preload ```
#### Fedora Running in Dom0: ``` sudo qubes-dom0-update qubes-template-fedora-37-minimal ``` ``` qvm-run --pass-io -u root template-fedora-36-minimal 'apt instal qubes-core-agent-passwordless-root' ``` Running inside the template: ``` sudo dnf update ``` Installing packages ``` sudo dnf install qubes-core-agent-passwordless-root qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git ``` Configuring git proxy ``` git config --global http.proxy http://127.0.0.1:8082/ ```
#### Upgrading Fedora Running in Dom0: ``` qvm-clone fedora-36 fedora-37 ``` ``` truncate -s 5GB /var/tmp/template-upgrade-cache.img ``` ``` qvm-run -a fedora-37 gnome-terminal ``` ``` dev=$(sudo losetup -f --show /var/tmp/template-upgrade-cache.img) ``` ``` qvm-block attach fedora-37 dom0:${dev##*/} ``` Running inside Fedora-37: ``` sudo mkfs.ext4 /dev/xvdi ``` ``` sudo mount /dev/xvdi /mnt/removable ``` ``` sudo dnf clean all ``` ``` sudo dnf --releasever=37--setopt=cachedir=/mnt/removable --best --allowerasing distro-sync ``` Running inside Dom0: ``` qvm-shutdown fedora-37 ``` ``` sudo losetup -d $dev ``` ``` rm /var/tmp/template-upgrade-cache.img ```
#### Whonix Whonix-GW and Whonix-WS should be upgraded via: ``` upgrade-nonroot ``` Installing LKRG: ``` sudo apt install --no-install-recommends lkrg-dkms ``` Enabling Hardened Malloc: ``` echo "/usr/lib/libhardened_malloc.so/libhardened_malloc.so" | sudo tee /etc/ld.so.preload ```
### Links & Resources - [qpowerkill](https://github.com/NobodySpecial256/qpowerkill) - [Qubes for security auditing](https://forum.qubes-os.org/t/qubes-for-organizational-security-auditing-talk-notes/199) - [Qubes-lite with KVM and Wayland](https://roscidus.com/blog/blog/2021/03/07/qubes-lite-with-kvm-and-wayland/)
#### Customizations - [Wallpapers](https://forum.qubes-os.org/t/qubes-os-wallpapers/2819) - [KDE](https://forum.qubes-os.org/t/kde-changing-the-way-you-use-qubes/4730) - [XFCE Global Dark Mode](https://forum.qubes-os.org/t/guide-xfce-global-dark-mode-in-qubes-4-0-4-1/10757)
#### Guides - [Using Kloak](https://forum.qubes-os.org/t/tutorial-how-to-use-kloak-with-usb-keyboards/14134) - [Advanced Browser Fingerprinting](https://forum.qubes-os.org/t/advanced-browser-fingerprinting/12379) - [Monero Wallet Isolation](https://forum.qubes-os.org/t/monero-wallet-daemon-isolation-with-qubes-whonix/1121) - [Fom’s giant list of Qubes OS workarounds, tweaks and shenanigans](https://forum.qubes-os.org/t/fom-s-giant-list-of-qubes-os-workarounds-tweaks-and-shenanigans/15162) - [Fully ephemeral dispvms](https://forum.qubes-os.org/t/fully-ephemeral-dispvms/12030) - [Opening all files in disposable qube](https://forum.qubes-os.org/t/opening-all-files-in-disposable-qube/4674) - [Kicksecure Guide](https://forum.qubes-os.org/t/guide-kicksecure-for-disp-sys/13324) - [Qubes OS installation encrypted boot and header](https://forum.qubes-os.org/t/qubes-os-installation-detached-encrypted-boot-and-header/6205) - [Trezor Bridge in 4.1](https://forum.qubes-os.org/t/how-to-set-up-the-trezor-bridge-in-4-1/11103) - [split-ProtonMail](https://forum.qubes-os.org/t/guide-split-protonmail-offline-send-receive-qubes-pm-bridge-vm/11096) - [How to create an Android Qube](https://forum.qubes-os.org/t/how-to-create-an-android-qube/8467)
#### Templates - [Windows](https://github.com/elliotkillick/qvm-create-windows-qube) - [Minimal](https://www.qubes-os.org/doc/templates/minimal/)
#### Wiki - [Hardened-Kernel](https://www.kicksecure.com/wiki/Hardened-kernel) - [VM Fingerprinting](https://www.whonix.org/wiki/VM_Fingerprinting)