From bf5940fe47f3953ab8e3d7ba097e71a644ac8818 Mon Sep 17 00:00:00 2001 From: Death Grippin <57326449+deathgrippin@users.noreply.github.com> Date: Sat, 22 Feb 2020 12:05:39 -0500 Subject: [PATCH 1/2] Reformat packages into lists --- user/managing-os/minimal-templates.md | 56 ++++++++++++++------------- 1 file changed, 29 insertions(+), 27 deletions(-) diff --git a/user/managing-os/minimal-templates.md b/user/managing-os/minimal-templates.md index eb41de07..a4ac68fa 100644 --- a/user/managing-os/minimal-templates.md +++ b/user/managing-os/minimal-templates.md @@ -125,24 +125,18 @@ To access the `journald` log, use the `journalctl` command. ### Debian -As you would expect, the required packages can be installed in the running template with any apt-based command. -For example : (Replace `packages` with a space-delimited list of packages to be installed.) +The following list provides an overview of which packages are needed for which purpose. +As usual, the required packages are to be installed in the running template with the following command (replace `packages` with a space-delimited list of packages to be installed): [user@your-new-clone ~]$ sudo apt install packages -Use case | Description | Required steps ---- | --- | --- -**Standard utilities** | If you need the commonly used utilities | Install the following packages: `pciutils` `vim-minimal` `less` `psmisc` `gnome-keyring` -**Networking** | If you want networking | Install qubes-core-agent-networking -**Audio** | If you want sound from your VM... | Install `pulseaudio-qubes` -**FirewallVM** | You can use the minimal template as a template for a [FirewallVM](/doc/firewall/), like `sys-firewall` | Install `qubes-core-agent-networking`. Also install `qubes-core-agent-dom0-updates` if you want to use a qube based on the template as an updateVM (normally sys-firewall). -**NetVM** | You can use this template as the basis for a NetVM such as `sys-net` | Install the following packages: `qubes-core-agent-networking`, `qubes-core-agent-network-manager`. -**NetVM (extra firmware)** | If your network devices need extra packages for a network VM | Use the `lspci` command to identify the devices, then find the package that provides necessary firnware and install it. -**Network utilities** | If you need utilities for debugging and analyzing network connections | Install the following packages: `tcpdump` `telnet` `nmap` `nmap-ncat` -**USB** | If you want to use this template as the basis for a [USB](/doc/usb/) qube such as `sys-usb` | Install `qubes-usb-proxy`. To use USB mouse or keyboard install `qubes-input-proxy-sender`. -**VPN** | You can use this template as basis for a [VPN](/doc/vpn/) qube | You may need to install network-manager VPN packages, depending on the VPN technology you'll be using. After creating a machine based on this template, follow the [VPN howto](/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it. +- Commonly used utilities: `pciutils` `vim-minimal` `less` `psmisc` `gnome-keyring` +- Audio: `pulseaudio-qubes` +- [FirewallVM](/doc/firewall/), such as the template for `sys-firewall`: at least `qubes-core-agent-networking`, and also `qubes-core-agent-dom0-updates` if you want to use it as the `UpdateVM` (which is normally `sys-firewall`). +- NetVM, such as the template for `sys-net`: `qubes-core-agent-networking` `qubes-core-agent-network-manager`. If your network devices need extra packages for a network VM, use the `lspci` command to identify the devices, then find the package that provides necessary firnware and install it. If you need utilities for debugging and analyzing network connections, install the following packages: `tcpdump` `telnet` `nmap` `nmap-ncat`. + - [USB qube](/doc/usb-qubes/), such as the template for `sys-usb`: `qubes-usb-proxy` to provide USB devices to other Qubes and `qubes-input-proxy-sender` to provide keyboard or mouse input to dom0. + - [VPN qube](/doc/vpn/): You may need to install network-manager VPN packages, depending on the VPN technology you'll be using. After creating a machine based on this template, follow the [VPN howto](/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it. - In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be needed to make the customized minimal template work properly. These packages are: @@ -175,20 +169,28 @@ As is the case with above-mentioned Minimal Templates, the required packages are [user@your-new-clone ~]$ sudo yum install packages -Use case | Description | Required steps ---- | --- | --- -**Standard utilities** | If you need the commonly used utilities | Install the following packages: `pciutils` `vim-minimal` `less` `psmisc` `gnome-keyring` -**Networking** | If you want networking | Install `qubes-core-agent-networking` `qubes-core-agent-network-manager` `NetworkManager-wifi` `network-manager-applet` `wireless-tools` `notification-daemon` `gnome-keyring` -**Audio** | If you want sound from your VM... | Install `pulseaudio-qubes` -**FirewallVM** | You can use the minimal template as a template for a [FirewallVM](/doc/firewall/), like `sys-firewall` | Install `qubes-core-agent-networking`. Also install `qubes-core-agent-dom0-updates`(script required to handle `dom0` updates), if you want to use a qube based on the template as an updateVM (normally sys-firewall). -**NetVM** | You can use this template as the basis for a NetVM such as `sys-net` | Install the following packages: `qubes-core-agent-networking`, `qubes-core-agent-network-manager`. -**NetVM (extra firmware)** | If your network devices need extra packages for a network VM | Use the `lspci` command to identify the devices, then find the package that provides necessary firnware and install it. -**Network utilities** | If you need utilities for debugging and analyzing network connections | Install the following packages: `tcpdump` `telnet` `nmap` `nmap-ncat` -**USB** | If you want to use this template as the basis for a [USB](/doc/usb/) qube such as `sys-usb` | Install `qubes-usb-proxy`. To use USB mouse or keyboard install `qubes-input-proxy-sender`. -**VPN** | You can use this template as basis for a [VPN](/doc/vpn/) qube | You may need to install network-manager VPN packages, depending on the VPN technology you'll be using. After creating a machine based on this template, follow the [VPN howto](/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it. -**Desktop environment** | To improve desktop experience using additional packages from the `qubes-core-agent` | `qubes-menus` which defines menu layout, `qubes-desktop-linux-common` which contains icons and scripts to improve desktop experience. `qubes-core-agent-nautilus`/`qubes-core-agent-thunar`: packages providing integration with the Nautilus/Thunar file manager (without it, items like "copy to VM/open in disposable VM" will not be shown in Nautilus/Thunar). -**Additional services** | If you need additional Qubes services | Install `qubes-gpg-split` `qubes-pdf-converter` `qubes-img-converter`("Qubes apps" implementing split GPG, trusted PDF and image converter), `qubes-snapd-helper`(if you want to use snaps), `qubes-mgmt-salt-vm-connector`(if you want to use salt management on the template and qubes). +- Commonly used utilities: `pciutils` `vim-minimal` `less` `psmisc` `gnome-keyring` + - Audio: `pulseaudio-qubes`. + - [FirewallVM](/doc/firewall/), such as the template for `sys-firewall`: at least `qubes-core-agent-networking`, and also `qubes-core-agent-dom0-updates` if you want to use it as the `UpdateVM` (which is normally `sys-firewall`). + - NetVM, such as the template for `sys-net`: `qubes-core-agent-networking` `qubes-core-agent-network-manager` `NetworkManager-wifi` `network-manager-applet` `wireless-tools` `notification-daemon` `gnome-keyring`. If your network devices need extra packages for a network VM, use the `lspci` command to identify the devices, then find the package that provides necessary firnware and install it. If you need utilities for debugging and analyzing network connections, install the following packages: `tcpdump` `telnet` `nmap` `nmap-ncat` + - [USB qube](/doc/usb-qubes/), such as the template for `sys-usb`: `qubes-usb-proxy` to provide USB devices to other Qubes and `qubes-input-proxy-sender` to provide keyboard or mouse input to dom0. + - [VPN qube](/doc/vpn/): You may need to install network-manager VPN packages, depending on the VPN technology you'll be using. After creating a machine based on this template, follow the [VPN howto](/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it. +In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be needed to make the customized minimal template work properly. +These packages are: + +- `qubes-core-agent-nautilus`: This package provides integration with the Nautilus file manager (without it, items like "copy to VM/open in disposable VM" will not be shown in Nautilus). +- `qubes-core-agent-thunar`: This package provides integration with the thunar file manager (without it, items like "copy to VM/open in disposable VM" will not be shown in thunar). +- `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates. Any template on which the qube responsible for 'dom0' updates (e.g. `sys-firewall`) is based must contain this package. +- `qubes-menus`: Defines menu layout. +- `qubes-desktop-linux-common`: Contains icons and scripts to improve desktop experience. + +Also, there are packages to provide additional services: +- `qubes-gpg-split`: For implementing split GPG. +- `qubes-pdf-converter`: For implementing safe conversion of PDFs. +- `qubes-img-converter`: For implementing safe conversion of images. +- `qubes-snapd-helper`: If you want to use snaps in qubes. +- `qubes-mgmt-salt-vm-connector`: If you want to use salt management on the template and qubes. [TemplateVMs]: /doc/templates/ [Fedora]: /doc/templates/fedora/ From 2e2d55921deca8cba373d61f811696861dc38e94 Mon Sep 17 00:00:00 2001 From: Death Grippin <57326449+deathgrippin@users.noreply.github.com> Date: Sat, 22 Feb 2020 12:47:46 -0500 Subject: [PATCH 2/2] Clean up formatting and remove unneeded info --- user/managing-os/minimal-templates.md | 69 ++++++++++++++++----------- 1 file changed, 42 insertions(+), 27 deletions(-) diff --git a/user/managing-os/minimal-templates.md b/user/managing-os/minimal-templates.md index a4ac68fa..f30b53b2 100644 --- a/user/managing-os/minimal-templates.md +++ b/user/managing-os/minimal-templates.md @@ -89,29 +89,36 @@ As usual, the required packages are to be installed in the running template with - Commonly used utilities: `pciutils` `vim-minimal` `less` `psmisc` `gnome-keyring`. - Audio: `pulseaudio-qubes`. - [FirewallVM](/doc/firewall/), such as the template for `sys-firewall`: at least `qubes-core-agent-networking` and `iproute`, and also `qubes-core-agent-dom0-updates` if you want to use it as the `UpdateVM` (which is normally `sys-firewall`). - - NetVM, such as the template for `sys-net`: `qubes-core-agent-networking` `qubes-core-agent-network-manager` `NetworkManager-wifi` `network-manager-applet` `wireless-tools` `notification-daemon` `gnome-keyring` `polkit` `@hardware-support`. - If your network devices need extra packages for the template to work as a network VM, use the `lspci` command to identify the devices, then run `dnf search firmware` (replace `firmware` with the appropriate device identifier) to find the needed packages and then install them. - If you need utilities for debugging and analyzing network connections, install `tcpdump` `telnet` `nmap` `nmap-ncat`. + - NetVM, such as the template for `sys-net`: `qubes-core-agent-networking` `qubes-core-agent-network-manager` `NetworkManager-wifi` `network-manager-applet` `wireless-tools` `notification-daemon` `gnome-keyring` `polkit` `@hardware-support`. If your network devices need extra packages for the template to work as a network VM, use the `lspci` command to identify the devices, then run `dnf search firmware` (replace `firmware` with the appropriate device identifier) to find the needed packages and then install them. If you need utilities for debugging and analyzing network connections, install `tcpdump` `telnet` `nmap` `nmap-ncat`. - [USB qube](/doc/usb-qubes/), such as the template for `sys-usb`: `qubes-usb-proxy` to provide USB devices to other Qubes and `qubes-input-proxy-sender` to provide keyboard or mouse input to dom0. - - [VPN qube](/doc/vpn/): Use the `dnf search "NetworkManager VPN plugin"` command to look up the VPN packages you need, based on the VPN technology you'll be using, and install them. - Some GNOME related packages may be needed as well. - After creation of a machine based on this template, follow the [VPN instructions](/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it. + - [VPN qube](/doc/vpn/): Use the `dnf search "NetworkManager VPN plugin"` command to look up the VPN packages you need, based on the VPN technology you'll be using, and install them. Some GNOME related packages may be needed as well. After creation of a machine based on this template, follow the [VPN instructions](/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it. + +In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be needed to make the customized minimal template work properly. +These packages are: + +- `qubes-core-agent-nautilus`: This package provides integration with the Nautilus file manager (without it, items like "copy to VM/open in disposable VM" will not be shown in Nautilus). +- `qubes-core-agent-thunar`: This package provides integration with the thunar file manager (without it, items like "copy to VM/open in disposable VM" will not be shown in thunar). +- `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates. Any template on which the qube responsible for 'dom0' updates (e.g. `sys-firewall`) is based must contain this package. +- `qubes-menus`: Defines menu layout. +- `qubes-desktop-linux-common`: Contains icons and scripts to improve desktop experience. +- `qubes-core-agent-qrexec`: Qubes qrexec agent. Installed by default. +- `qubes-core-agent-systemd`: Qubes unit files for SystemD init style. Installed by default. +- `qubes-core-agent-passwordless-root`, `polkit`: By default, the Fedora Minimal template doesn't have passwordless root. These two packages enable this feature. +- `qubes-core-agent-sysvinit`: Qubes unit files for SysV init style or upstart. + +Also, there are packages to provide additional services: + +- `qubes-gpg-split`: For implementing split GPG. +- `qubes-u2f`: For implementing secure forwarding of U2F messages. +- `qubes-pdf-converter`: For implementing safe conversion of PDFs. +- `qubes-img-converter`: For implementing safe conversion of images. +- `qubes-snapd-helper`: If you want to use snaps in qubes. +- `qubes-thunderbird`: Additional tools for use in thunderbird. +- `qubes-app-shutdown-idle`: If you want qubes to automatically shutdown when idle. +- `qubes-mgmt-salt-vm-connector`: If you want to use salt management on the template and qubes. You may also wish to consider additional packages from the `qubes-core-agent` suite: - - `qubes-core-agent-qrexec`: Qubes qrexec agent. Installed by default. - - `qubes-core-agent-systemd`: Qubes unit files for SystemD init style. Installed by default. - - `qubes-core-agent-passwordless-root`, `polkit`: By default, the Fedora Minimal template doesn't have passwordless root. These two packages enable this feature. - - `qubes-core-agent-nautilus`: This package provides integration with the Nautilus file manager (without it things like "copy to VM/open in disposable VM" will not be shown in Nautilus). - - `qubes-core-agent-sysvinit`: Qubes unit files for SysV init style or upstart. - - `qubes-core-agent-networking`: Networking support. Required for general network access and particularly if the template is to be used for a `sys-net` or `sys-firewall` VM. - - `qubes-core-agent-network-manager`: Integration for NetworkManager. Useful if the template is to be used for a `sys-net` VM. - - `network-manager-applet`: Useful `notification-daemon` to have a system tray icon if the template is to be used for a `sys-net` VM. - - `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates. Any template which the VM responsible for 'dom0' updates (e.g. `sys-firewall`) is based on must contain this package. - - `qubes-usb-proxy`: Required if the template is to be used for a USB qube (`sys-usb`) or for any destination qube to which USB devices are to be attached (e.g `sys-net` if using USB network adapter). - - `qubes-input-proxy-sender`: Provides USB keyboard and mouse input from a USB qube (`sys-usb`) to dom0. - - `pulseaudio-qubes`: Needed to have audio on the template VM. - See [here][customization] for further information on customizing `fedora-minimal`. @@ -134,8 +141,8 @@ As usual, the required packages are to be installed in the running template with - Audio: `pulseaudio-qubes` - [FirewallVM](/doc/firewall/), such as the template for `sys-firewall`: at least `qubes-core-agent-networking`, and also `qubes-core-agent-dom0-updates` if you want to use it as the `UpdateVM` (which is normally `sys-firewall`). - NetVM, such as the template for `sys-net`: `qubes-core-agent-networking` `qubes-core-agent-network-manager`. If your network devices need extra packages for a network VM, use the `lspci` command to identify the devices, then find the package that provides necessary firnware and install it. If you need utilities for debugging and analyzing network connections, install the following packages: `tcpdump` `telnet` `nmap` `nmap-ncat`. - - [USB qube](/doc/usb-qubes/), such as the template for `sys-usb`: `qubes-usb-proxy` to provide USB devices to other Qubes and `qubes-input-proxy-sender` to provide keyboard or mouse input to dom0. - - [VPN qube](/doc/vpn/): You may need to install network-manager VPN packages, depending on the VPN technology you'll be using. After creating a machine based on this template, follow the [VPN howto](/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it. +- [USB qube](/doc/usb-qubes/), such as the template for `sys-usb`: `qubes-usb-proxy` to provide USB devices to other Qubes and `qubes-input-proxy-sender` to provide keyboard or mouse input to dom0. +- [VPN qube](/doc/vpn/): You may need to install network-manager VPN packages, depending on the VPN technology you'll be using. After creating a machine based on this template, follow the [VPN howto](/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it. In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be needed to make the customized minimal template work properly. These packages are: @@ -147,6 +154,7 @@ These packages are: - `qubes-desktop-linux-common`: Contains icons and scripts to improve desktop experience. Also, there are packages to provide additional services: + - `qubes-gpg-split`: For implementing split GPG. - `qubes-u2f`: For implementing secure forwarding of U2F messages. - `qubes-pdf-converter`: For implementing safe conversion of PDFs. @@ -165,16 +173,17 @@ You could, of course, use `qubes-vm-recommended` to automatically install many o ### CentOS -As is the case with above-mentioned Minimal Templates, the required packages are to be installed in the running template with the following command (replace `packages` with a space-delimited list of packages to be installed): +The following list provides an overview of which packages are needed for which purpose. +As usual, the required packages are to be installed in the running template with the following command (replace `packages` with a space-delimited list of packages to be installed): [user@your-new-clone ~]$ sudo yum install packages - Commonly used utilities: `pciutils` `vim-minimal` `less` `psmisc` `gnome-keyring` - - Audio: `pulseaudio-qubes`. - - [FirewallVM](/doc/firewall/), such as the template for `sys-firewall`: at least `qubes-core-agent-networking`, and also `qubes-core-agent-dom0-updates` if you want to use it as the `UpdateVM` (which is normally `sys-firewall`). - - NetVM, such as the template for `sys-net`: `qubes-core-agent-networking` `qubes-core-agent-network-manager` `NetworkManager-wifi` `network-manager-applet` `wireless-tools` `notification-daemon` `gnome-keyring`. If your network devices need extra packages for a network VM, use the `lspci` command to identify the devices, then find the package that provides necessary firnware and install it. If you need utilities for debugging and analyzing network connections, install the following packages: `tcpdump` `telnet` `nmap` `nmap-ncat` - - [USB qube](/doc/usb-qubes/), such as the template for `sys-usb`: `qubes-usb-proxy` to provide USB devices to other Qubes and `qubes-input-proxy-sender` to provide keyboard or mouse input to dom0. - - [VPN qube](/doc/vpn/): You may need to install network-manager VPN packages, depending on the VPN technology you'll be using. After creating a machine based on this template, follow the [VPN howto](/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it. +- Audio: `pulseaudio-qubes`. +- [FirewallVM](/doc/firewall/), such as the template for `sys-firewall`: at least `qubes-core-agent-networking`, and also `qubes-core-agent-dom0-updates` if you want to use it as the `UpdateVM` (which is normally `sys-firewall`). +- NetVM, such as the template for `sys-net`: `qubes-core-agent-networking` `qubes-core-agent-network-manager` `NetworkManager-wifi` `network-manager-applet` `wireless-tools` `notification-daemon` `gnome-keyring`. If your network devices need extra packages for a network VM, use the `lspci` command to identify the devices, then find the package that provides necessary firnware and install it. If you need utilities for debugging and analyzing network connections, install the following packages: `tcpdump` `telnet` `nmap` `nmap-ncat` +- [USB qube](/doc/usb-qubes/), such as the template for `sys-usb`: `qubes-usb-proxy` to provide USB devices to other Qubes and `qubes-input-proxy-sender` to provide keyboard or mouse input to dom0. +- [VPN qube](/doc/vpn/): You may need to install network-manager VPN packages, depending on the VPN technology you'll be using. After creating a machine based on this template, follow the [VPN howto](/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it. In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be needed to make the customized minimal template work properly. These packages are: @@ -186,12 +195,18 @@ These packages are: - `qubes-desktop-linux-common`: Contains icons and scripts to improve desktop experience. Also, there are packages to provide additional services: + - `qubes-gpg-split`: For implementing split GPG. - `qubes-pdf-converter`: For implementing safe conversion of PDFs. - `qubes-img-converter`: For implementing safe conversion of images. - `qubes-snapd-helper`: If you want to use snaps in qubes. - `qubes-mgmt-salt-vm-connector`: If you want to use salt management on the template and qubes. +Documentation on all of these can be found in the [docs](/doc) + +You could, of course, use `qubes-vm-recommended` to automatically install many of these, but in that case you are well on the way to a standard Debian template. + + [TemplateVMs]: /doc/templates/ [Fedora]: /doc/templates/fedora/ [Debian]: /doc/templates/debian/