mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-12-28 08:49:42 -05:00
Update "Minimal Templates"
- Mark as advanced page - Revise introduction - Move list of available templates to new section - Clarify installation commands - Fix language and syntax errors - Wrap text
This commit is contained in:
parent
52ab776226
commit
7e3bc9511f
@ -10,115 +10,174 @@ redirect_from:
|
||||
- /wiki/Templates/FedoraMinimal/
|
||||
- /doc/templates/debian-minimal/
|
||||
ref: 132
|
||||
advanced: true
|
||||
title: Minimal Templates
|
||||
---
|
||||
|
||||
The Minimal [templates](/doc/templates/) are lightweight versions of their standard template counterparts.
|
||||
They have only the most vital packages installed, including a minimal X and xterm installation.
|
||||
The sections below contain instructions for using the template and provide some examples for common use cases.
|
||||
There are currently three Minimal templates corresponding to the standard [Fedora](/doc/templates/fedora/), [Debian](/doc/templates/debian/), [CentOS](/doc/templates/centos/) and [Gentoo](/doc/templates/gentoo/) templates.
|
||||
|
||||
Minimal tempaltes offer several advantages:
|
||||
- reduced attack surface
|
||||
- reduced memory requirements
|
||||
- more fine-grained compartmentalization *(by having qubes dedicated to one task only (e.g my “work-mail” qube consists of a qube with only an email client)*.
|
||||
The minimal [templates](/doc/templates/) are lightweight versions of their
|
||||
standard template counterparts. They have only the most vital packages
|
||||
installed, including a minimal X and xterm installation. When properly
|
||||
configured and used, minimal templates can be less resource-intensive, reduce
|
||||
attack surface, and support more fine-grained compartmentalization. The
|
||||
sections below contain instructions for installing and configuring minimal
|
||||
templates, along with some examples of common use cases.
|
||||
|
||||
## Important
|
||||
|
||||
1. The Minimal templates are intended only for advanced users.
|
||||
If you encounter problems with the Minimal templates, we recommend that you use their standard template counterparts instead.
|
||||
1. **The minimal templates are intended only for advanced users.** If you
|
||||
encounter problems with the minimal templates, we recommend that you use
|
||||
their standard template counterparts instead.
|
||||
|
||||
2. If something works with a standard template but not the minimal version, this is most likely due to user error (e.g., a missing package or misconfiguration) rather than a bug.
|
||||
In such cases, please do *not* file a bug report.
|
||||
Instead, please see [Help, Support, Mailing Lists, and Forum](/support/) for the appropriate place to ask for help.
|
||||
Once you have learned how to solve your problem, please [contribute what you learned to the documentation](/doc/doc-guidelines/).
|
||||
2. If something works with a standard template but not the minimal version,
|
||||
this is most likely due to user error (e.g., a missing package or
|
||||
misconfiguration) rather than a bug. In such cases, please do *not* file a
|
||||
bug report. Instead, please see [Help, Support, Mailing Lists, and
|
||||
Forum](/support/) for the appropriate place to ask for help. Once you have
|
||||
learned how to solve your problem, please [contribute what you learned to
|
||||
the documentation](/doc/doc-guidelines/).
|
||||
|
||||
3. The Minimal templates are intentionally *minimal*.
|
||||
[Do not ask for your favorite package to be added to the minimal template by default.](/faq/#could-you-please-make-my-preference-the-default)
|
||||
3. The minimal templates are intentionally *minimal*. [Do not ask for your
|
||||
favorite package to be added to the minimal template by
|
||||
default.](/faq/#could-you-please-make-my-preference-the-default)
|
||||
|
||||
4. In order to reduce unnecessary risk, unused repositories have been disabled by default.
|
||||
If you wish to install or update any packages from those repositories, you must enable them.
|
||||
4. In order to reduce unnecessary risk, unused repositories have been disabled
|
||||
by default. If you wish to install or update any packages from those
|
||||
repositories, you must enable them.
|
||||
|
||||
## List
|
||||
|
||||
Minimal templates of the following distros are available:
|
||||
|
||||
- Fedora
|
||||
- Debian
|
||||
- CentOS
|
||||
- Gentoo
|
||||
|
||||
## Installation
|
||||
|
||||
The Minimal templates can be installed with the following command (where `X` is your desired distro and version number):
|
||||
The minimal templates can be installed with the following type of command:
|
||||
|
||||
```
|
||||
[user@dom0 ~]$ sudo qubes-dom0-update qubes-template-X-minimal
|
||||
[user@dom0 ~]$ sudo qubes-dom0-update qubes-template-<DISTRO_NAME>-<RELEASE_NUMBER>-minimal
|
||||
```
|
||||
|
||||
If your desired version is not found, it may still be in [testing](/doc/testing/).
|
||||
You may wish to try again with the testing repository enabled:
|
||||
If your desired version is not found, it may still be in
|
||||
[testing](/doc/testing/). You may wish to try again with the testing repository
|
||||
enabled:
|
||||
|
||||
```
|
||||
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-X-minimal
|
||||
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-<DISTRO_NAME>-<RELEASE_NUMBER>-minimal
|
||||
```
|
||||
|
||||
If you would like to install a community distribution, try the install command by enabling the community repository:
|
||||
If you would like to install a community distribution, try the install command
|
||||
by enabling the community repository:
|
||||
|
||||
```
|
||||
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-community qubes-template-X-minimal
|
||||
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-community qubes-template-<DISTRO_NAME>-<RELEASE_NUMBER>-minimal
|
||||
```
|
||||
|
||||
The download may take a while depending on your connection speed.
|
||||
|
||||
## Passwordless root
|
||||
|
||||
It is an intentional design choice for [Passwordless Root Access in VMs](/doc/vm-sudo/) to be optional in Minimal templates.
|
||||
Since the Minimal templates are *minimal*, they are not configured for passwordless root by default.
|
||||
To update or install packages, execute the following command in dom0 (where `X` is your distro and version number):
|
||||
It is an intentional design choice for [Passwordless Root Access in
|
||||
VMs](/doc/vm-sudo/) to be optional in minimal templates. Since the minimal
|
||||
templates are *minimal*, they are not configured for passwordless root by
|
||||
default. To update or install packages, execute the following command in dom0:
|
||||
|
||||
```
|
||||
[user@dom0 ~]$ qvm-run -u root X-minimal xterm
|
||||
[user@dom0 ~]$ qvm-run -u root <DISTRO_NAME>-<RELEASE_NUMBER>-minimal xterm
|
||||
```
|
||||
|
||||
This opens a root terminal in the Minimal template, from which you can use execute root commands without `sudo`.
|
||||
You will have to do this every time if you choose not to enable passwordless root.
|
||||
This opens a root terminal in the minimal template, from which you can use
|
||||
execute root commands without `sudo`. You will have to do this every time if
|
||||
you choose not to enable passwordless root.
|
||||
|
||||
If you want to be able to use `sudo` inside a Minimal template (or app qubes based on a Minimal template), open a root terminal as just instructed, then install the `qubes-core-agent-passwordless-root` package.
|
||||
If you want to be able to use `sudo` inside a minimal template (or app qubes
|
||||
based on a minimal template), open a root terminal as just instructed, then
|
||||
install the `qubes-core-agent-passwordless-root` package.
|
||||
|
||||
Optionally, verify that passwordless root now works by opening a normal (non-root) xterm window in the Minimal template, then issue the command `sudo -l`.
|
||||
This should give you output that includes the `NOPASSWD` keyword.
|
||||
Optionally, verify that passwordless root now works by opening a normal
|
||||
(non-root) xterm window in the minimal template, then issue the command `sudo
|
||||
-l`. This should give you output that includes the `NOPASSWD` keyword.
|
||||
|
||||
## Customization
|
||||
|
||||
You may wish to clone the original template and make any changes in the clone instead of the original template.
|
||||
You must start the clone in order to customize it.
|
||||
You may wish to clone the original template and make any changes in the clone
|
||||
instead of the original template. You must start the clone in order to
|
||||
customize it.
|
||||
|
||||
Customizing the template for specific use cases normally only requires installing additional packages.
|
||||
Customizing the template for specific use cases normally only requires
|
||||
installing additional packages.
|
||||
|
||||
## Distro-specific notes
|
||||
|
||||
This following sections provide information that is specific to a particular Minimal template distro.
|
||||
This following sections provide information that is specific to a particular
|
||||
minimal template distro.
|
||||
|
||||
### Fedora
|
||||
|
||||
The following list provides an overview of which packages are needed for which purpose.
|
||||
As usual, the required packages are to be installed in the running template with the following command (replace `packages` with a space-delimited list of packages to be installed):
|
||||
The following list provides an overview of which packages are needed for which
|
||||
purpose. As usual, the required packages are to be installed in the running
|
||||
template with the following command (replace `packages` with a space-delimited
|
||||
list of packages to be installed):
|
||||
|
||||
```
|
||||
[user@your-new-clone ~]$ sudo dnf install packages
|
||||
```
|
||||
|
||||
- Commonly used utilities: `pciutils` `vim-minimal` `less` `psmisc` `gnome-keyring`.
|
||||
- Commonly used utilities: `pciutils` `vim-minimal` `less` `psmisc`
|
||||
`gnome-keyring`.
|
||||
- Audio: `pulseaudio-qubes`.
|
||||
- [FirewallVM](/doc/firewall/), such as the template for `sys-firewall`: at least `qubes-core-agent-networking` and `iproute`, and also `qubes-core-agent-dom0-updates` if you want to use it as the `UpdateVM` (which is normally `sys-firewall`).
|
||||
- NetVM, such as the template for `sys-net`: `qubes-core-agent-networking` `qubes-core-agent-network-manager` `NetworkManager-wifi` `network-manager-applet` `wireless-tools` `notification-daemon` `gnome-keyring` `polkit` `@hardware-support`. If your network devices need extra packages for the template to work as a network VM, use the `lspci` command to identify the devices, then run `dnf search firmware` (replace `firmware` with the appropriate device identifier) to find the needed packages and then install them. If you need utilities for debugging and analyzing network connections, install `tcpdump` `telnet` `nmap` `nmap-ncat`.
|
||||
- [USB qube](/doc/usb-qubes/), such as the template for `sys-usb`: `qubes-usb-proxy` to provide USB devices to other Qubes and `qubes-input-proxy-sender` to provide keyboard or mouse input to dom0.
|
||||
- [VPN qube](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md): Use the `dnf search "NetworkManager VPN plugin"` command to look up the VPN packages you need, based on the VPN technology you'll be using, and install them. Some GNOME related packages may be needed as well. After creation of a machine based on this template, follow the [VPN instructions](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it.
|
||||
- `default-mgmt-dvm`: requires `qubes-core-agent-passwordless-root` and `qubes-mgmt-salt-vm-connector`.
|
||||
- [FirewallVM](/doc/firewall/), such as the template for `sys-firewall`: at
|
||||
least `qubes-core-agent-networking` and `iproute`, and also
|
||||
`qubes-core-agent-dom0-updates` if you want to use it as the `UpdateVM`
|
||||
(which is normally `sys-firewall`).
|
||||
- NetVM, such as the template for `sys-net`: `qubes-core-agent-networking`
|
||||
`qubes-core-agent-network-manager` `NetworkManager-wifi`
|
||||
`network-manager-applet` `wireless-tools` `notification-daemon`
|
||||
`gnome-keyring` `polkit` `@hardware-support`. If your network devices need
|
||||
extra packages for the template to work as a network VM, use the `lspci`
|
||||
command to identify the devices, then run `dnf search firmware` (replace
|
||||
`firmware` with the appropriate device identifier) to find the needed
|
||||
packages and then install them. If you need utilities for debugging and
|
||||
analyzing network connections, install `tcpdump` `telnet` `nmap` `nmap-ncat`.
|
||||
- [USB qube](/doc/usb-qubes/), such as the template for `sys-usb`:
|
||||
`qubes-usb-proxy` to provide USB devices to other Qubes and
|
||||
`qubes-input-proxy-sender` to provide keyboard or mouse input to dom0.
|
||||
- [VPN
|
||||
qube](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md):
|
||||
Use the `dnf search "NetworkManager VPN plugin"` command to look up the VPN
|
||||
packages you need, based on the VPN technology you'll be using, and install
|
||||
them. Some GNOME related packages may be needed as well. After creation of a
|
||||
machine based on this template, follow the [VPN
|
||||
instructions](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager)
|
||||
to configure it.
|
||||
- `default-mgmt-dvm`: requires `qubes-core-agent-passwordless-root` and
|
||||
`qubes-mgmt-salt-vm-connector`.
|
||||
|
||||
In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be needed to make the customized minimal template work properly.
|
||||
These packages are:
|
||||
In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be
|
||||
needed to make the customized minimal template work properly. These packages
|
||||
are:
|
||||
|
||||
- `qubes-core-agent-nautilus`: This package provides integration with the Nautilus file manager (without it, items like "copy to VM/open in disposable" will not be shown in Nautilus).
|
||||
- `qubes-core-agent-thunar`: This package provides integration with the thunar file manager (without it, items like "copy to VM/open in disposable" will not be shown in thunar).
|
||||
- `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates. Any template on which the qube responsible for 'dom0' updates (e.g. `sys-firewall`) is based must contain this package.
|
||||
- `qubes-core-agent-nautilus`: This package provides integration with the
|
||||
Nautilus file manager (without it, items like "copy to VM/open in disposable"
|
||||
will not be shown in Nautilus).
|
||||
- `qubes-core-agent-thunar`: This package provides integration with the thunar
|
||||
file manager (without it, items like "copy to VM/open in disposable" will not
|
||||
be shown in thunar).
|
||||
- `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates.
|
||||
Any template on which the qube responsible for 'dom0' updates (e.g.
|
||||
`sys-firewall`) is based must contain this package.
|
||||
- `qubes-menus`: Defines menu layout.
|
||||
- `qubes-desktop-linux-common`: Contains icons and scripts to improve desktop experience.
|
||||
- `qubes-desktop-linux-common`: Contains icons and scripts to improve desktop
|
||||
experience.
|
||||
- `qubes-core-agent-qrexec`: Qubes qrexec agent. Installed by default.
|
||||
- `qubes-core-agent-systemd`: Qubes unit files for SystemD init style. Installed by default.
|
||||
- `qubes-core-agent-passwordless-root`, `polkit`: By default, the Fedora Minimal template doesn't have passwordless root. These two packages enable this feature.
|
||||
- `qubes-core-agent-systemd`: Qubes unit files for SystemD init style.
|
||||
Installed by default.
|
||||
- `qubes-core-agent-passwordless-root`, `polkit`: By default, the Fedora
|
||||
minimal template doesn't have passwordless root. These two packages enable
|
||||
this feature.
|
||||
- `qubes-core-agent-sysvinit`: Qubes unit files for SysV init style or upstart.
|
||||
|
||||
Also, there are packages to provide additional services:
|
||||
@ -129,45 +188,78 @@ Also, there are packages to provide additional services:
|
||||
- `qubes-img-converter`: For implementing safe conversion of images.
|
||||
- `qubes-snapd-helper`: If you want to use snaps in qubes.
|
||||
- `thunderbird-qubes`: Additional tools for use in thunderbird.
|
||||
- `qubes-app-shutdown-idle`: If you want qubes to automatically shutdown when idle.
|
||||
- `qubes-mgmt-salt-vm-connector`: If you want to use salt management on the template and qubes.
|
||||
- `qubes-app-shutdown-idle`: If you want qubes to automatically shutdown when
|
||||
idle.
|
||||
- `qubes-mgmt-salt-vm-connector`: If you want to use salt management on the
|
||||
template and qubes.
|
||||
|
||||
You may also wish to consider additional packages from the `qubes-core-agent` suite:
|
||||
You may also wish to consider additional packages from the `qubes-core-agent`
|
||||
suite.
|
||||
|
||||
See [here](https://github.com/Qubes-Community/Contents/blob/master/docs/customization/fedora-minimal-template-customization.md) for further information on customizing `fedora-minimal`.
|
||||
See
|
||||
[here](https://github.com/Qubes-Community/Contents/blob/master/docs/customization/fedora-minimal-template-customization.md)
|
||||
for further information on customizing `fedora-minimal`.
|
||||
|
||||
#### Logging
|
||||
|
||||
The `rsyslog` logging service is not installed by default, as all logging is instead being handled by the `systemd` journal.
|
||||
Users requiring the `rsyslog` service should install it manually.
|
||||
The `rsyslog` logging service is not installed by default, as all logging is
|
||||
instead being handled by the `systemd` journal. Users requiring the `rsyslog`
|
||||
service should install it manually.
|
||||
|
||||
To access the `journald` log, use the `journalctl` command.
|
||||
|
||||
### Debian
|
||||
|
||||
The following list provides an overview of which packages are needed for which purpose.
|
||||
As usual, the required packages are to be installed in the running template with the following command (replace `packages` with a space-delimited list of packages to be installed):
|
||||
The following list provides an overview of which packages are needed for which
|
||||
purpose. As usual, the required packages are to be installed in the running
|
||||
template with the following command (replace `packages` with a space-delimited
|
||||
list of packages to be installed):
|
||||
|
||||
```
|
||||
[user@your-new-clone ~]$ sudo apt install packages
|
||||
```
|
||||
|
||||
- Commonly used utilities: `pciutils` `vim-minimal` `less` `psmisc` `gnome-keyring`
|
||||
- Commonly used utilities: `pciutils` `vim-minimal` `less` `psmisc`
|
||||
`gnome-keyring`
|
||||
- Audio: `pulseaudio-qubes`
|
||||
- [FirewallVM](/doc/firewall/), such as the template for `sys-firewall`: at least `qubes-core-agent-networking`, and also `qubes-core-agent-dom0-updates` if you want to use it as the `UpdateVM` (which is normally `sys-firewall`).
|
||||
- NetVM, such as the template for `sys-net`: `qubes-core-agent-networking` `qubes-core-agent-network-manager`. If your network devices need extra packages for a network VM, use the `lspci` command to identify the devices, then find the package that provides necessary firmware and install it. If you need utilities for debugging and analyzing network connections, install the following packages: `tcpdump` `telnet` `nmap` `nmap-ncat`.
|
||||
- [USB qube](/doc/usb-qubes/), such as the template for `sys-usb`: `qubes-usb-proxy` to provide USB devices to other Qubes and `qubes-input-proxy-sender` to provide keyboard or mouse input to dom0.
|
||||
- [VPN qube](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md): You may need to install network-manager VPN packages, depending on the VPN technology you'll be using. After creating a machine based on this template, follow the [VPN howto](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it.
|
||||
- `default-mgmt-dvm`: requires `qubes-core-agent-passwordless-root` and `qubes-mgmt-salt-vm-connector`.
|
||||
- [FirewallVM](/doc/firewall/), such as the template for `sys-firewall`: at
|
||||
least `qubes-core-agent-networking`, and also `qubes-core-agent-dom0-updates`
|
||||
if you want to use it as the `UpdateVM` (which is normally `sys-firewall`).
|
||||
- NetVM, such as the template for `sys-net`: `qubes-core-agent-networking`
|
||||
`qubes-core-agent-network-manager`. If your network devices need extra
|
||||
packages for a network VM, use the `lspci` command to identify the devices,
|
||||
then find the package that provides necessary firmware and install it. If you
|
||||
need utilities for debugging and analyzing network connections, install the
|
||||
following packages: `tcpdump` `telnet` `nmap` `nmap-ncat`.
|
||||
- [USB qube](/doc/usb-qubes/), such as the template for `sys-usb`:
|
||||
`qubes-usb-proxy` to provide USB devices to other Qubes and
|
||||
`qubes-input-proxy-sender` to provide keyboard or mouse input to dom0.
|
||||
- [VPN
|
||||
qube](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md):
|
||||
You may need to install network-manager VPN packages, depending on the VPN
|
||||
technology you'll be using. After creating a machine based on this template,
|
||||
follow the [VPN
|
||||
howto](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager)
|
||||
to configure it.
|
||||
- `default-mgmt-dvm`: requires `qubes-core-agent-passwordless-root` and
|
||||
`qubes-mgmt-salt-vm-connector`.
|
||||
|
||||
In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be needed to make the customized minimal template work properly.
|
||||
These packages are:
|
||||
In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be
|
||||
needed to make the customized minimal template work properly. These packages
|
||||
are:
|
||||
|
||||
- `qubes-core-agent-nautilus`: This package provides integration with the Nautilus file manager (without it, items like "copy to VM/open in disposable" will not be shown in Nautilus).
|
||||
- `qubes-core-agent-thunar`: This package provides integration with the thunar file manager (without it, items like "copy to VM/open in disposable" will not be shown in thunar).
|
||||
- `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates. Any template on which the qube responsible for 'dom0' updates (e.g. `sys-firewall`) is based must contain this package.
|
||||
- `qubes-core-agent-nautilus`: This package provides integration with the
|
||||
Nautilus file manager (without it, items like "copy to VM/open in disposable"
|
||||
will not be shown in Nautilus).
|
||||
- `qubes-core-agent-thunar`: This package provides integration with the thunar
|
||||
file manager (without it, items like "copy to VM/open in disposable" will not
|
||||
be shown in thunar).
|
||||
- `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates.
|
||||
Any template on which the qube responsible for 'dom0' updates (e.g.
|
||||
`sys-firewall`) is based must contain this package.
|
||||
- `qubes-menus`: Defines menu layout.
|
||||
- `qubes-desktop-linux-common`: Contains icons and scripts to improve desktop experience.
|
||||
- `qubes-desktop-linux-common`: Contains icons and scripts to improve desktop
|
||||
experience.
|
||||
|
||||
Also, there are packages to provide additional services:
|
||||
|
||||
@ -177,40 +269,75 @@ Also, there are packages to provide additional services:
|
||||
- `qubes-img-converter`: For implementing safe conversion of images.
|
||||
- `qubes-snapd-helper`: If you want to use snaps in qubes.
|
||||
- `qubes-thunderbird`: Additional tools for use in thunderbird.
|
||||
- `qubes-app-shutdown-idle`: If you want qubes to automatically shutdown when idle.
|
||||
- `qubes-mgmt-salt-vm-connector`: If you want to use salt management on the template and qubes.
|
||||
- `qubes-app-shutdown-idle`: If you want qubes to automatically shutdown when
|
||||
idle.
|
||||
- `qubes-mgmt-salt-vm-connector`: If you want to use salt management on the
|
||||
template and qubes.
|
||||
|
||||
Documentation on all of these can be found in the [docs](/doc)
|
||||
Documentation on all of these can be found in the [docs](/doc/).
|
||||
|
||||
If you want to use interactive dialogs, (e.g file selection), you will need to add the `zenity` package. ([Here's an example](https://github.com/QubesOS/qubes-issues/issues/5202))
|
||||
If you want to use interactive dialogs, (e.g file selection), you will need to
|
||||
add the `zenity` package
|
||||
([example](https://github.com/QubesOS/qubes-issues/issues/5202)).
|
||||
|
||||
You could, of course, use `qubes-vm-recommended` to automatically install many of these, but in that case you are well on the way to a standard Debian template.
|
||||
You could, of course, use `qubes-vm-recommended` to automatically install many
|
||||
of these, but in that case you are well on the way to a standard Debian
|
||||
template.
|
||||
|
||||
### CentOS
|
||||
|
||||
The following list provides an overview of which packages are needed for which purpose.
|
||||
As usual, the required packages are to be installed in the running template with the following command (replace `packages` with a space-delimited list of packages to be installed):
|
||||
The following list provides an overview of which packages are needed for which
|
||||
purpose. As usual, the required packages are to be installed in the running
|
||||
template with the following command (replace `packages` with a space-delimited
|
||||
list of packages to be installed):
|
||||
|
||||
```
|
||||
[user@your-new-clone ~]$ sudo yum install packages
|
||||
```
|
||||
|
||||
- Commonly used utilities: `pciutils` `vim-minimal` `less` `psmisc` `gnome-keyring`
|
||||
- Commonly used utilities: `pciutils` `vim-minimal` `less` `psmisc`
|
||||
`gnome-keyring`
|
||||
- Audio: `pulseaudio-qubes`.
|
||||
- [FirewallVM](/doc/firewall/), such as the template for `sys-firewall`: at least `qubes-core-agent-networking`, and also `qubes-core-agent-dom0-updates` if you want to use it as the `UpdateVM` (which is normally `sys-firewall`).
|
||||
- NetVM, such as the template for `sys-net`: `qubes-core-agent-networking` `qubes-core-agent-network-manager` `NetworkManager-wifi` `network-manager-applet` `wireless-tools` `notification-daemon` `gnome-keyring`. If your network devices need extra packages for a network VM, use the `lspci` command to identify the devices, then find the package that provides necessary firnware and install it. If you need utilities for debugging and analyzing network connections, install the following packages: `tcpdump` `telnet` `nmap` `nmap-ncat`
|
||||
- [USB qube](/doc/usb-qubes/), such as the template for `sys-usb`: `qubes-usb-proxy` to provide USB devices to other Qubes and `qubes-input-proxy-sender` to provide keyboard or mouse input to dom0.
|
||||
- [VPN qube](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md): You may need to install network-manager VPN packages, depending on the VPN technology you'll be using. After creating a machine based on this template, follow the [VPN howto](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it.
|
||||
- `default-mgmt-dvm`: requires `qubes-core-agent-passwordless-root` and `qubes-mgmt-salt-vm-connector`.
|
||||
- [FirewallVM](/doc/firewall/), such as the template for `sys-firewall`: at
|
||||
least `qubes-core-agent-networking`, and also `qubes-core-agent-dom0-updates`
|
||||
if you want to use it as the `UpdateVM` (which is normally `sys-firewall`).
|
||||
- NetVM, such as the template for `sys-net`: `qubes-core-agent-networking`
|
||||
`qubes-core-agent-network-manager` `NetworkManager-wifi`
|
||||
`network-manager-applet` `wireless-tools` `notification-daemon`
|
||||
`gnome-keyring`. If your network devices need extra packages for a network
|
||||
VM, use the `lspci` command to identify the devices, then find the package
|
||||
that provides necessary firnware and install it. If you need utilities for
|
||||
debugging and analyzing network connections, install the following packages:
|
||||
`tcpdump` `telnet` `nmap` `nmap-ncat`
|
||||
- [USB qube](/doc/usb-qubes/), such as the template for `sys-usb`:
|
||||
`qubes-usb-proxy` to provide USB devices to other Qubes and
|
||||
`qubes-input-proxy-sender` to provide keyboard or mouse input to dom0.
|
||||
- [VPN
|
||||
qube](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md):
|
||||
You may need to install network-manager VPN packages, depending on the VPN
|
||||
technology you'll be using. After creating a machine based on this template,
|
||||
follow the [VPN
|
||||
howto](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager)
|
||||
to configure it.
|
||||
- `default-mgmt-dvm`: requires `qubes-core-agent-passwordless-root` and
|
||||
`qubes-mgmt-salt-vm-connector`.
|
||||
|
||||
In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be needed to make the customized minimal template work properly.
|
||||
These packages are:
|
||||
In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be
|
||||
needed to make the customized minimal template work properly. These packages
|
||||
are:
|
||||
|
||||
- `qubes-core-agent-nautilus`: This package provides integration with the Nautilus file manager (without it, items like "copy to VM/open in disposable" will not be shown in Nautilus).
|
||||
- `qubes-core-agent-thunar`: This package provides integration with the thunar file manager (without it, items like "copy to VM/open in disposable" will not be shown in thunar).
|
||||
- `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates. Any template on which the qube responsible for 'dom0' updates (e.g. `sys-firewall`) is based must contain this package.
|
||||
- `qubes-core-agent-nautilus`: This package provides integration with the
|
||||
Nautilus file manager (without it, items like "copy to VM/open in disposable"
|
||||
will not be shown in Nautilus).
|
||||
- `qubes-core-agent-thunar`: This package provides integration with the thunar
|
||||
file manager (without it, items like "copy to VM/open in disposable" will not
|
||||
be shown in thunar).
|
||||
- `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates.
|
||||
Any template on which the qube responsible for 'dom0' updates (e.g.
|
||||
`sys-firewall`) is based must contain this package.
|
||||
- `qubes-menus`: Defines menu layout.
|
||||
- `qubes-desktop-linux-common`: Contains icons and scripts to improve desktop experience.
|
||||
- `qubes-desktop-linux-common`: Contains icons and scripts to improve desktop
|
||||
experience.
|
||||
|
||||
Also, there are packages to provide additional services:
|
||||
|
||||
@ -218,9 +345,12 @@ Also, there are packages to provide additional services:
|
||||
- `qubes-pdf-converter`: For implementing safe conversion of PDFs.
|
||||
- `qubes-img-converter`: For implementing safe conversion of images.
|
||||
- `qubes-snapd-helper`: If you want to use snaps in qubes.
|
||||
- `qubes-mgmt-salt-vm-connector`: If you want to use salt management on the template and qubes.
|
||||
- `qubes-mgmt-salt-vm-connector`: If you want to use salt management on the
|
||||
template and qubes.
|
||||
|
||||
Documentation on all of these can be found in the [docs](/doc)
|
||||
Documentation on all of these can be found in the [docs](/doc/).
|
||||
|
||||
You could, of course, use `qubes-vm-recommended` to automatically install many of these, but in that case you are well on the way to a standard Debian template.
|
||||
You could, of course, use `qubes-vm-recommended` to automatically install many
|
||||
of these, but in that case you are well on the way to a standard Debian
|
||||
template.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user