Git-Mirrors/anonymousland
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/anonymousland.git synced 2024-10-01 11:49:49 -04:00
Code Issues Packages Projects Releases Wiki Activity
45dd500622
anonymousland/_information/Qubes-OS.md
deathrow 79d05db279
Add additional articles
2022-12-21 18:29:00 -05:00

7.0 KiB
Raw Blame History

layout description title permalink
default1 For Qubes OS Qubes OS /qubes
A collection of Qubes OS-related information.

Website: https://qubes-os.org Tor


Table of contents:

->> Best Practices
->> Template Setup

->> Links & Resources


Best Practices

  • All repositories should be routed over Tor and onionized

  • Each application should be installed in its own separate minimal template Qube (provided your system has applicable resources for such)

  • sys-usb should be configured on a laptop

  • Avoid using sleep on a Qubes system

  • Read all of the Qubes documentation

  • Frequently visit the Qubes forums

  • Consider creating a shutdown script / shortcut

  • Consider if you would benefit by creating backups of your Qubes system

  • Update frequently

  • Harden Qubes if applicable (Debian kicksecure, Fedora CORP hardened-malloc, etc.)


Template Setup

Small notes for template setup


Debian

Running in Dom0:

sudo qubes-dom0-update qubes-template-debian-11-minimal

qvm-run --pass-io -u root template-debian-11-minimal 'apt instal qubes-core-agent-passwordless-root'

Running inside the template:

sudo apt update

Installing packages

sudo apt install qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git apt-transport-tor curl

Configuring git proxy

git config --global http.proxy http://127.0.0.1:8082/

Debian Security

sudo apt-get install grub2 qubes-kernel-vm-support

sudo apt-get -t bullseye-backports --no-install-recommends install linux-image-amd64 linux-headers-amd64

sudo grub-install /dev/xvda

Adding the Kicksecure repository:

curl --proxy http://127.0.0.1:8082/ --tlsv1.3 --proto =https --max-time 180 --output ~/derivative.asc https://www.kicksecure.com/derivative.asc

sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc

echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list

Installing Kicksecure package:

kicksecure-qubes-cli and kicksecure-qubes-gui are available.

sudo apt install --no-install-recommends kicksecure-qubes-cli

Installing LKRG:

sudo apt install --no-install-recommends lkrg-dkms

Enabling Hardened Malloc:

echo "/usr/lib/libhardened_malloc.so/libhardened_malloc.so" | sudo tee /etc/ld.so.preload

Fedora

Running in Dom0:

sudo qubes-dom0-update qubes-template-fedora-36-minimal

qvm-run --pass-io -u root template-fedora-36-minimal 'apt instal qubes-core-agent-passwordless-root'

Running inside the template:

sudo dnf update

Installing packages

sudo dnf install qubes-core-agent-passwordless-root qubes-core-agent-dom0-updates qubes-usb-proxy qubes-gpg-split qubes-core-agent-networking git

Configuring git proxy

git config --global http.proxy http://127.0.0.1:8082/

Upgrading Fedora

Running in Dom0:

qvm-clone fedora-35 fedora-36

truncate -s 5GB /var/tmp/template-upgrade-cache.img

qvm-run -a fedora-36 gnome-terminal

dev=$(sudo losetup -f --show /var/tmp/template-upgrade-cache.img)

qvm-block attach fedora-36 dom0:${dev##*/}

Running inside Fedora-36:

sudo mkfs.ext4 /dev/xvdi

sudo mount /dev/xvdi /mnt/removable

sudo dnf clean all

sudo dnf --releasever=36--setopt=cachedir=/mnt/removable --best --allowerasing distro-sync

Running inside Dom0:

qvm-shutdown fedora-36

sudo losetup -d $dev

rm /var/tmp/template-upgrade-cache.img

Whonix

Whonix-GW and Whonix-WS should be upgraded via:

upgrade-nonroot

Installing LKRG:

sudo apt install --no-install-recommends lkrg-dkms

Enabling Hardened Malloc:

echo "/usr/lib/libhardened_malloc.so/libhardened_malloc.so" | sudo tee /etc/ld.so.preload

Links & Resources


Customizations


Guides


Templates


Wiki