wiki -> doc migration

2024-10-01 01:25:40 -04:00 · 2015-04-10 20:17:45 +00:00 · 2015-04-10 20:17:45 +00:00 · d072600a58
commit d072600a58
parent 45915eab56
159 changed files with 1226 additions and 1065 deletions
--- a/AntiEvilMaid.md
+++ b/AntiEvilMaid.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: AntiEvilMaid
-permalink: /wiki/AntiEvilMaid/
+permalink: /doc/AntiEvilMaid/
 redirect_from: /wiki/AntiEvilMaid/
 ---
 Installing and Using Anti Evil Maid (AEM) with Qubes OS
@ -17,9 +18,9 @@ Installing
 In Dom0 install anti-evil-maid:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo qubes-dom0-update anti-evil-maid
-```
+{% endhighlight %}
 More information regarding configuration in the [README](http://git.qubes-os.org/?p=joanna/antievilmaid.git;a=blob_plain;f=README;hb=HEAD) file.
--- a/AssigningDevices.md
+++ b/AssigningDevices.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: AssigningDevices
-permalink: /wiki/AssigningDevices/
+permalink: /doc/AssigningDevices/
 redirect_from: /wiki/AssigningDevices/
 ---
 Assigning Devices to VMs
@ -9,21 +10,21 @@ Assigning Devices to VMs
 In order to assign a whole PCI(e) device to a VM, one should use `qvm-pci` tool. E.g.
-``` {.wiki}
+{% highlight trac-wiki %}
 lspci
-```
+{% endhighlight %}
 Find the BDF address of the device you want to assign, and then:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-pci -a <vmname> <bdf>
-```
+{% endhighlight %}
 E.g. assuming 00:1a.0 is a BDF of the device I want to assign to the "personal" domain:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-pci -a personal 00:1a.0
-```
+{% endhighlight %}
 Note that one can only assign full PCI or PCI Express devices. This means one cannot assign single USB devices -- only the whole USB controller with whatever USB devices connected to it. This limit is imposed by PC and VT-d architecture.
@ -39,33 +40,33 @@ Finding the right USB controller
 If you want assign certain USB device to a VM (by attaching a whole USB controller), you need to figure out which PCI device is the right controller. First check to which USB bus the device is connected:
-``` {.wiki}
+{% highlight trac-wiki %}
 lsusb
-```
+{% endhighlight %}
 For example I want assign a broadband modem to the netvm. In lsusb output it can be listed as something like this (in this case device isn't fully identified):
-``` {.wiki}
+{% highlight trac-wiki %}
 Bus 003 Device 003: ID 413c:818d Dell Computer Corp.
-```
+{% endhighlight %}
 The device is connected to the USB bus \#3. Then check which other devices are connected to the same bus - all of them will be assigned to the same VM. Now is the time to find right USB controller:
-``` {.wiki}
+{% highlight trac-wiki %}
 readlink /sys/bus/usb/devices/usb3
-```
+{% endhighlight %}
 This should output something like:
-``` {.wiki}
+{% highlight trac-wiki %}
 ../../../devices/pci-0/pci0000:00/0000:00:1a.0/usb3
-```
+{% endhighlight %}
 Now you see BDF address in the path (right before final usb3). Strip leading "0000:" and pass the rest to qvm-pci tool:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-pci -a netvm 00:1a.0
-```
+{% endhighlight %}
 Possible issues
 ---------------
@ -74,11 +75,11 @@ Possible issues
 VMs with assigned PCI devices in Qubes have allocated a small buffer for DMA operations (called swiotlb). By default it is 2MB, but some devices need a larger buffer. To change this allocation, edit VM's kernel parameters (this is expressed in 512B chunks):
-``` {.wiki}
+{% highlight trac-wiki %}
 # qvm-prefs netvm |grep kernelopts
 kernelopts       : iommu=soft swiotlb=2048 (default)
 # qvm-prefs -s netvm kernelopts "iommu=soft swiotlb=4096"
-```
+{% endhighlight %}
 This is [known to be needed](https://groups.google.com/group/qubes-devel/browse_thread/thread/631c4a3a9d1186e3) for Realtek RTL8111DL Gigabit Ethernet Controller.
@ -86,7 +87,7 @@ This is [known to be needed](https://groups.google.com/group/qubes-devel/brow
 Sometimes PCI arbitrator is too strict. There is a way to enable permissive mode for it. Create `/etc/systemd/system/qubes-pre-netvm.service`:
-``` {.wiki}
+{% highlight trac-wiki %}
 [Unit]
 Description=Netvm fixup
 Before=qubes-netvm.service
@ -98,7 +99,7 @@ RemainAfterExit=yes
 [Install]
 WantedBy=multi-user.target
-```
+{% endhighlight %}
 Then enable it with `systemctl enable qubes-pre-netvm.service`
@ -117,11 +118,11 @@ or
 1.  Go to the sysfs (`/sys/bus/pci`), find the right device, detach it from the pciback driver and attach back to the original driver. Replace `<BDF>` with your device, for example `00:1c.2`:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    echo 0000:<BDF> > /sys/bus/pci/drivers/pciback/unbind
    MODALIAS=`cat /sys/bus/pci/devices/0000:<BDF>/modalias`
    MOD=`modprobe -R $MODALIAS | head -n 1`
    echo <BDF> > /sys/bus/pci/drivers/$MOD/bind 
-    ```
+    {% endhighlight %}
--- a/BackupRestore.md
+++ b/BackupRestore.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: BackupRestore
-permalink: /wiki/BackupRestore/
+permalink: /doc/BackupRestore/
 redirect_from: /wiki/BackupRestore/
 ---
 Qubes Backup, Restoration, and Migration
@ -82,7 +83,7 @@ The Qubes backup system has been designed with emergency disaster recovery in mi
 1.  Untar the main backup file.
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    [user@restore ~]$ tar -i -xvf qubes-backup-2013-12-26-123456
    backup-header
    backup-header.hmac
@ -98,17 +99,17 @@ The Qubes backup system has been designed with emergency disaster recovery in mi
    vm1/whitelisted-appmenus.list.000.hmac
    dom0-home/dom0user.000
    dom0-home/dom0user.000.hmac
-    ```
+    {% endhighlight %}
 1.  Verify the integrity of the `private.img` file which houses your data.
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    [user@restore ~]$ cd vm1/
    [user@restore vm1]$ openssl dgst -sha512 -hmac "your_passphrase" private.img.000
    HMAC-SHA512(private.img.000)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
    [user@restore vm1]$ cat private.img.000.hmac 
    (stdin)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-    ```
+    {% endhighlight %}
 > **Note:** The hash values should match. If they do not match, then the backup file may have been tampered with, or there may have been a storage error.
@ -116,65 +117,65 @@ The Qubes backup system has been designed with emergency disaster recovery in mi
 1.  Decrypt the `private.img` file.
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    [user@restore vm1]$ openssl enc -d -pass pass:your_passphrase -aes-256-cbc -in private.img.000 -out private.img.dec.000
-    ```
+    {% endhighlight %}
 > **Note:** For multi-part files, a loop can be used:
 >
-> ``` {.wiki}
+> {% highlight trac-wiki %}
 > for f in private.img.*; do
 >   openssl enc -d -pass pass:your_passphrase -aes-256-cbc -in $f -out
 > ${f/.img/.img.dec}
 > done
-> ```
+> {% endhighlight %}
 > **Note:** If your backup was encrypted with a cipher algorithm other than `aes-256-cbc`, you must substitute the correct cipher command. A complete list of supported cipher algorithms can be found with `openssl list-cipher-algorithms`.
 1.  Decompress the decrypted `private.img` file.
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    [user@restore vm1]$ zforce private.img.dec.*
    [user@restore vm1]$ gunzip private.img.dec.000.gz
-    ```
+    {% endhighlight %}
 > **Note:** If your backup was compressed with a program other than `gzip`, you must substitute the correct compression program.
 1.  Untar the decrypted and decompressed `private.img` file.
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    [user@restore vm1]$ tar -M -xvf private.img.dec.000
    vm1/private.img
-    ```
+    {% endhighlight %}
    **Note:** For multi-part files, a script is required:
    1.  Create a `new-volume-script`:
-        ``` {.wiki}
+        {% highlight trac-wiki %}
        #!/bin/sh
        name=`expr $TAR_ARCHIVE : '\(.*\)\..*'`
        suffix=`printf %03d $[ $TAR_VOLUME - 1 ]`
        echo $name.$suffix >&$TAR_FD
-        ```
+        {% endhighlight %}
    2.  `chmod +x new-volume-script`.
    3.  `tar --new-volume-script=./new-volume-script -xvf private.img.dec.000`. (The `--new-volume-script` option enables multi-volume untaring.)
 1.  Mount the private.img file and access your data.
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    [user@restore vm1]$ sudo mkdir /mnt/img
    [user@restore vm1]$ sudo mount -o loop vm1/private.img /mnt/img/
    [user@restore vm1]$ cat /mnt/img/home/user/your_data.txt
    This data has been successfully recovered!
-    ```
+    {% endhighlight %}
 > **Note:** You may wish to store a plain text copy of these instructions with your Qubes backups in the event that you fail to recall the above procedure while this web page is inaccessible. You may download a plain text copy of this page by clicking the `Plain Text` link at the bottom of this page (as with every page on this wiki). In addition, the whole wiki is synced hourly with a public Git repo at:
 >
-> ``` {.wiki}
+> {% highlight trac-wiki %}
 > git://gitorious.org/qubes-os/wiki.git
-> ```
+> {% endhighlight %}
 Migrating Between Two Physical Machines
 ---------------------------------------
--- a/BugReportingGuide.md
+++ b/BugReportingGuide.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: BugReportingGuide
-permalink: /wiki/BugReportingGuide/
+permalink: /doc/BugReportingGuide/
 redirect_from: /wiki/BugReportingGuide/
 ---
 Bug Reporting Guide
--- a/BuildingArchlinuxTemplate.md
+++ b/BuildingArchlinuxTemplate.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: BuildingArchlinuxTemplate
-permalink: /wiki/BuildingArchlinuxTemplate/
+permalink: /doc/BuildingArchlinuxTemplate/
 redirect_from: /wiki/BuildingArchlinuxTemplate/
 ---
 Template building
@ -22,17 +23,17 @@ Change the following variables GIT\_SUBDIR=marmarek DISTS\_VM=archlinux
 Get all required sources
 ------------------------
-``` {.wiki}
+{% highlight trac-wiki %}
 make get-sources
-```
+{% endhighlight %}
 Note that make get-sources sometimes fails because it didn't download packages that are not used by archlinux such as xfce or kde packages.
 You can ignore the repositories that are failing by adding the following line to your builder.conf:
-``` {.wiki}
+{% highlight trac-wiki %}
 COMPONENTS:=$(filter-out desktop-linux-kde desktop-linux-xfce,$(COMPONENTS))
-```
+{% endhighlight %}
 Just don't forget that you need to comment this line again if you want to build the whole Qubes-OS install CD.
@ -41,23 +42,23 @@ Make all required qubes components
 The first use of the builder can take several hours depending on your bandwidth as it will install an archlinux chroot:
-``` {.wiki}
+{% highlight trac-wiki %}
 make vmm-xen-vm
 make core-vchan-xen-vm
 make linux-utils-vm
 make core-agent-linux-vm
 make gui-common-vm
 make gui-agent-linux-vm
-```
+{% endhighlight %}
 Now build the template itself
 -----------------------------
 This can take again several hours, especially the first time you built and archlinux template:
-``` {.wiki}
+{% highlight trac-wiki %}
 make linux-template-builder
-```
+{% endhighlight %}
 Retrieve your template
 ----------------------
@ -74,30 +75,30 @@ Can't open file archlinux-2013.02.01-dual.iso
 Archlinux ISO files are sometimes removed from mirrors. Check the last version available on the archlinux mirror (eg: [http://mir.archlinux.fr/iso/](http://mir.archlinux.fr/iso/)), and update qubes-src/linux-template-builder/scripts\_archlinux/00\_prepare.sh accordingly:
-``` {.wiki}
+{% highlight trac-wiki %}
 ISO_VERSION=2013.06.01
-```
+{% endhighlight %}
 You will also need to download the signature matching this ISO version inside qubes-src/linux-template-builder/scripts\_archlinux/:
-``` {.wiki}
+{% highlight trac-wiki %}
 wget http://mir.archlinux.fr/iso/2013.06.01/archlinux-2013.06.01-dual.iso.sig
-```
+{% endhighlight %}
 The nm-applet (network manager icon) fails to start when archlinux is defined as a template-vm:
 -----------------------------------------------------------------------------------------------
 In fact /etc/dbus-1/system.d/org.freedesktop.[NetworkManager?](/wiki/NetworkManager).conf does not allow a standard user to run network manager clients. To allow this, one need to change inside \<policy context="default"\>:
-``` {.wiki}
+{% highlight trac-wiki %}
 <deny send_destination="org.freedesktop.NetworkManager"/>
-```
+{% endhighlight %}
 to
-``` {.wiki}
+{% highlight trac-wiki %}
 <allow send_destination="org.freedesktop.NetworkManager"/>
-```
+{% endhighlight %}
 DispVM, Yum proxy and most Qubes addons (thunderbird ...) have not been tested at all.
 --------------------------------------------------------------------------------------
@ -110,26 +111,26 @@ This is apparently a bug in Archlinux between glibc and pulseaudio package 4.0-6
 Error when building the gui-agent-linux with pulsecore error
 ------------------------------------------------------------
-``` {.wiki}
+{% highlight trac-wiki %}
 module-vchan-sink.c:62:34: fatal error: pulsecore/core-error.h: No such file or directory
 #include <pulsecore/core-error.h>
-```
+{% endhighlight %}
 This error is because Archlinux update package too quickly. Probably, a new version of pulseaudio has been released, but the qubes team has not imported the new development headers yet.
 You can create fake new headers just by copying the old headers:
-``` {.wiki}
+{% highlight trac-wiki %}
 cd qubes-builder/qubes-src/gui-agent-linux/pulse
 ls
 cp -r pulsecore-#lastversion pulsecore-#archlinuxversion
-```
+{% endhighlight %}
 You can check the current archlinux pulseaudio version like this:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo chroot chroot-archlinux/ pacman -Qi pulseaudio
-```
+{% endhighlight %}
 chroot-archlinux/dev/pts has not been unmounted
 -----------------------------------------------
@ -153,15 +154,15 @@ The boot process fails without visible errors in the logs, but spawn a recovery
 The problem is a new conflict between systemd and the old sysvinit style. To fix this, you can change the master xen template in dom0 to remove sysvinit remains: Edit **INSIDE DOM0** /usr/share/qubes/vm-template.conf, and change the variable 'extra' that contains the kernel variables: from:
-``` {.wiki}
+{% highlight trac-wiki %}
 extra="ro nomodeset 3 console=hvc0 rd_NO_PLYMOUTH {kernelopts}"
-```
+{% endhighlight %}
 to:
-``` {.wiki}
+{% highlight trac-wiki %}
 extra="ro nomodeset console=hvc0 rd_NO_PLYMOUTH {kernelopts}"
-```
+{% endhighlight %}
 Qubes-OS is now using different xenstore variable names, which makes to archlinux VM failing to boot
 ----------------------------------------------------------------------------------------------------
@ -170,15 +171,15 @@ Apply the following fix in the template to revert the variable name to the old Q
 You can edit the template the following way:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo mkdir /mnt/vm
 sudo mount /var/lib/qubes/vm-templates/archlinux-x64/root.img /mnt/vm
 sudo chroot /mnt/vm
-```
+{% endhighlight %}
 Then apply the fix:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo sed 's:qubes-keyboard:qubes_keyboard:g' -i /etc/X11/xinit/xinitrc.d/qubes-keymap.sh
 sudo sed 's:qubes-netvm-domid:qubes_netvm_domid:g' -i /etc/NetworkManager/dispatcher.d/30-qubes-external-ip
@ -211,19 +212,19 @@ sudo sed 's:qubes-vm-updateable:qubes_vm_updateable:g' -i /usr/lib/qubes/qubes_t
 sudo sed 's:qubes-vm-type:qubes_vm_type:g' -i /usr/bin/qubes-session
 sudo sed 's:qubes-vm-updateable:qubes_vm_updateable:g' -i /usr/bin/qubes-session
-```
+{% endhighlight %}
 Do not forgot to:
-``` {.wiki}
+{% highlight trac-wiki %}
 umount /mnt/vm
-```
+{% endhighlight %}
 Installing the template in dom0 fails because of a missing dependency (qubes-core-dom0-linux)
 ---------------------------------------------------------------------------------------------
 Again you built a template based on a recent Qubes API which has not been released yet. So skip the dependency for now:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo rpm -U --nodeps yourpackage.rpm
-```
+{% endhighlight %}
--- a/BuildingNonFedoraTemplate.md
+++ b/BuildingNonFedoraTemplate.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: BuildingNonFedoraTemplate
-permalink: /wiki/BuildingNonFedoraTemplate/
+permalink: /doc/BuildingNonFedoraTemplate/
 redirect_from: /wiki/BuildingNonFedoraTemplate/
 ---
 Building a TemplateVM for [ArchLinux?](/wiki/ArchLinux) (or another non fedora OS)
@ -23,11 +24,11 @@ You need to install your OS inside a chroot that will be used to build all the r
 The scripts you will be interested in will be inside the qubes-src/linux-template-builder project:
-``` {.wiki}
+{% highlight trac-wiki %}
 scripts_fedora
 scripts_archlinux
 scripts_yourOSname
-```
+{% endhighlight %}
 ### 00\_prepare.sh
@ -41,19 +42,19 @@ The goal of this script is to install a base environment of your target OS insid
 Edit the builder.conf file to change the variable DISTS\_VM to your OS name (DISTS\_VM=your\_os\_name). The try to make the template to check that at least these to first scripts are working correctly:
-``` {.wiki}
+{% highlight trac-wiki %}
 make linux-template-builder
-```
+{% endhighlight %}
 Qubes builder Makefiles
 -----------------------
 Now you need to create Makefiles specific to your OS. You will find the required scripts directly inside qubes-builder:
-``` {.wiki}
+{% highlight trac-wiki %}
 prepare-chroot-yourOSname
 Makefile.yourOSname
-```
+{% endhighlight %}
 ### prepare-chroot-yourOSname
@ -102,11 +103,11 @@ Additional Installation scripts
 Again you need to work on scripts inside the qubes-src/linux-template-builder project:
-``` {.wiki}
+{% highlight trac-wiki %}
 scripts_fedora
 scripts_archlinux
 scripts_yourOSname
-```
+{% endhighlight %}
 ### 02\_install\_groups.sh
--- a/CodingStyle.md
+++ b/CodingStyle.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: CodingStyle
-permalink: /wiki/CodingStyle/
+permalink: /doc/CodingStyle/
 redirect_from: /wiki/CodingStyle/
 ---
 Coding Guidelines for Qubes Developers
@ -44,14 +45,14 @@ General typographic conventions
 -   Comments should be indent together with the code, e.g. like this:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    for (...) {
        // The following code finds PGP private key matching the given public key in O(1)
        while (key_found) {
            (...)
        }
    }
-    ```
+    {% endhighlight %}
 File naming conventions
 -----------------------
@ -84,29 +85,29 @@ General programming style guidelines
 -   Use comments to explain non-trivial code fragments, or expected behavior of more complex functions, if it is not clear from their name.
 -   Do **not** use comments for code fragments where it is immediately clear what the code does. E.g. avoid constructs like this:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    // Return window id
    int get_window_id (...) {
        (...)
        return id;
    }
-    ```
+    {% endhighlight %}
 -   Do **not** use comments to disable code fragments. In a production code there should really be no commented or disabled code fragments. If you really, really have a good reason to retain some fragment of unused code, use \#if or \#ifdef to disable it, e.g.:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    #if 0
        (...)   // Some unused code here
    #endif
-    ```
+    {% endhighlight %}
    ... and preferably use some descriptive macro instead of just `0`, e.g.:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    #if USE_OLD_WINDOW_TRAVERSING
        (...)   // Some unused code here
    #endif
-    ```
+    {% endhighlight %}
    Not sure how to do similar thing in Python... Anyone?
@ -134,7 +135,7 @@ Security coding guidelines
 -   Any input that comes from untrusted, or less trusted, or just differently-trusted, entity should always be considered as malicious and should always be sanitized and verified. So, if your software runs in Dom0 and processes some input from any of the VMs, this input should be considered to be malicious. Even if your software runs in a VM, and processes input from some other VM, you should also assume that the input is malicious and verify it.
 -   Use `untrusted_` prefix for all variables that hold values read from untrusted party and which have not yet been verified to be decent, e.g.:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
       read_struct(untrusted_conf);
       /* sanitize start */
       if (untrusted_conf.width > MAX_WINDOW_WIDTH)
@ -143,7 +144,7 @@ Security coding guidelines
           untrusted_conf.height = MAX_WINDOW_HEIGHT;
       width = untrusted_conf.width;
       height = untrusted_conf.height;
-    ```
+    {% endhighlight %}
 -   Use another variables, without the `untrusted_` prefix to hold the sanitized values, as seen above.
--- a/ContributingHowto.md
+++ b/ContributingHowto.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: ContributingHowto
-permalink: /wiki/ContributingHowto/
+permalink: /doc/ContributingHowto/
 redirect_from: /wiki/ContributingHowto/
 ---
 How can I contribute to the Qubes Project?
--- a/ContributorsList.md
+++ b/ContributorsList.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: ContributorsList
-permalink: /wiki/ContributorsList/
+permalink: /doc/ContributorsList/
 redirect_from: /wiki/ContributorsList/
 ---
 List of Qubes developers
--- a/CopyPaste.md
+++ b/CopyPaste.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: CopyPaste
-permalink: /wiki/CopyPaste/
+permalink: /doc/CopyPaste/
 redirect_from: /wiki/CopyPaste/
 ---
 Copy and Paste between domains
@ -51,22 +52,22 @@ Clipboard automatic policy enforcement
 The Qubes clipboard policy is configurable in:
-``` {.wiki}
+{% highlight trac-wiki %}
 /etc/qubes-rpc/policy/qubes.ClipboardPaste
-```
+{% endhighlight %}
 You may wish to configure this policy in order to prevent user error. For example, if you are certain that you never wish to paste *into* your "vault" AppVM (and it is highly recommended that you do not), then you should edit the policy as follows:
-``` {.wiki}
+{% highlight trac-wiki %}
 $anyvm  vault   deny
 $anyvm  $anyvm  ask
-```
+{% endhighlight %}
 Shortcut Configuration
 ----------------------
 The copy/paste shortcuts are configurable in:
-``` {.wiki}
+{% highlight trac-wiki %}
 /etc/qubes/guid.conf
-```
+{% endhighlight %}
--- a/CopyToDomZero.md
+++ b/CopyToDomZero.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: CopyToDomZero
-permalink: /wiki/CopyToDomZero/
+permalink: /doc/CopyToDomZero/
 redirect_from: /wiki/CopyToDomZero/
 ---
 Copying files to between VMs and Dom0
@ -11,15 +12,15 @@ First, there should normally be few reasons for the user to want to copy files f
 For this reason we intentionally do not provide a convenient tool for copying files between VMs and Dom0 (while we provide a tool for copying files between VMs). However, if you're determined to copy some files to Dom0 anyway, you can use the following method (run this command from Dom0's console):
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-run --pass-io <src_domain> 'cat /path/to/file_in_src_domain' > /path/to/file_name_in_dom0
-```
+{% endhighlight %}
 BTW, you can use the same method to copy files from Dom0 to VMs:
-``` {.wiki}
+{% highlight trac-wiki %}
 cat /path/to/file_in_dom0 | qvm-run --pass-io <dst_domain> 'cat > /path/to/file_name_in_appvm'
-```
+{% endhighlight %}
 ### Copying logs from dom0
--- a/CopyingFiles.md
+++ b/CopyingFiles.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: CopyingFiles
-permalink: /wiki/CopyingFiles/
+permalink: /doc/CopyingFiles/
 redirect_from: /wiki/CopyingFiles/
 ---
 Copying files between domains
--- a/DVMimpl.md
+++ b/DVMimpl.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: DVMimpl
-permalink: /wiki/DVMimpl/
+permalink: /doc/DVMimpl/
 redirect_from: /wiki/DVMimpl/
 ---
 DisposableVM implementation in Qubes
--- a/DataLeaks.md
+++ b/DataLeaks.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: DataLeaks
-permalink: /wiki/DataLeaks/
+permalink: /doc/DataLeaks/
 redirect_from: /wiki/DataLeaks/
 ---
 Understanding and Preventing Data Leaks
--- a/DevelBooks.md
+++ b/DevelBooks.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: DevelBooks
-permalink: /wiki/DevelBooks/
+permalink: /doc/DevelBooks/
 redirect_from: /wiki/DevelBooks/
 ---
 Below is a list of various books that might be useful in learning some basics needed for Qubes development.
--- a/DevelFaq.md
+++ b/DevelFaq.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: DevelFaq
-permalink: /wiki/DevelFaq/
+permalink: /doc/DevelFaq/
 redirect_from: /wiki/DevelFaq/
 ---
 Qubes Developers FAQ
--- a/DevelopmentWorkflow.md
+++ b/DevelopmentWorkflow.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: DevelopmentWorkflow
-permalink: /wiki/DevelopmentWorkflow/
+permalink: /doc/DevelopmentWorkflow/
 redirect_from: /wiki/DevelopmentWorkflow/
 ---
 Development Workflow
@ -20,10 +21,10 @@ The best way to write and contribute code is to create a git repo somewhere (e.g
 **Example:**
-``` {.wiki}
+{% highlight trac-wiki %}
 $ cd qubes-builder/qubes-src/qubes-manager
 $ git remote add abel git@github.com:abeluck/qubes-manager.git
-```
+{% endhighlight %}
 You can then proceed to easily develop in your own branches, pull in new commits from the dev branches, merge them, and eventually push to your own repo on github.
@ -35,55 +36,55 @@ When you are ready to submit your changes to Qubes to be merged, push your chang
 In qubes-builder/qubes-src/kernel:
-``` {.wiki}
+{% highlight trac-wiki %}
 make prep
-```
+{% endhighlight %}
 The resulting tree will be in kernel-\<VERSION\>/linux-\<VERSION\>:
-``` {.wiki}
+{% highlight trac-wiki %}
 ls -ltrd kernel*/linux*
-```
+{% endhighlight %}
-``` {.wiki}
+{% highlight trac-wiki %}
 drwxr-xr-x 23 user user 4096 Nov  5 09:50 kernel-3.4.18/linux-3.4.18
 drwxr-xr-x  6 user user 4096 Nov 21 20:48 kernel-3.4.18/linux-obj
-```
+{% endhighlight %}
 #### Go to the kernel tree and update the version
 In qubes-builder/qubes-src/kernel:
-``` {.wiki}
+{% highlight trac-wiki %}
 cd kernel-3.4.18/linux-3.4.18
-```
+{% endhighlight %}
 #### Changing the config
 In kernel-3.4.18/linux-3.4.18:
-``` {.wiki}
+{% highlight trac-wiki %}
 cp ../../config-pvops .config
 make oldconfig
-```
+{% endhighlight %}
 Now change the configuration. For example, in kernel-3.4.18/linux-3.4.18:
-``` {.wiki}
+{% highlight trac-wiki %}
 make menuconfig
-```
+{% endhighlight %}
 Copy the modified config back into the kernel tree:
-``` {.wiki}
+{% highlight trac-wiki %}
 cp .config ../../../config-pvops
-```
+{% endhighlight %}
 #### Patching the code
 TODO: describe the workflow for patching the code, below are some random notes, not working well
-``` {.wiki}
+{% highlight trac-wiki %}
 ln -s ../../patches.xen
 export QUILT_PATCHES=patches.xen
 export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index"
@ -99,7 +100,7 @@ quilt add drivers/usb/host/Kconfig drivers/usb/host/Makefile \
 quilt refresh
 cd ../..
 vi series-pvops.conf
-```
+{% endhighlight %}
 #### Building RPMS
@ -111,20 +112,20 @@ You might want to take a moment here to review (git diff, git status), commit yo
 To actually build RPMS, in qubes-src/kernel:
-``` {.wiki}
+{% highlight trac-wiki %}
 make rpms
-```
+{% endhighlight %}
 RPMS will appear in qubes-src/kernel/rpm/x86\_64:
-``` {.wiki}
+{% highlight trac-wiki %}
 -rw-rw-r-- 1 user user 42996126 Nov 17 04:08 kernel-3.4.18-1debug20121116c.pvops.qubes.x86_64.rpm
 -rw-rw-r-- 1 user user 43001450 Nov 17 05:36 kernel-3.4.18-1debug20121117a.pvops.qubes.x86_64.rpm
 -rw-rw-r-- 1 user user  8940138 Nov 17 04:08 kernel-devel-3.4.18-1debug20121116c.pvops.qubes.x86_64.rpm
 -rw-rw-r-- 1 user user  8937818 Nov 17 05:36 kernel-devel-3.4.18-1debug20121117a.pvops.qubes.x86_64.rpm
 -rw-rw-r-- 1 user user 54490741 Nov 17 04:08 kernel-qubes-vm-3.4.18-1debug20121116c.pvops.qubes.x86_64.rpm
 -rw-rw-r-- 1 user user 54502117 Nov 17 05:37 kernel-qubes-vm-3.4.18-1debug20121117a.pvops.qubes.x86_64.rpm
-```
+{% endhighlight %}
 ### Useful [QubesBuilder](/wiki/QubesBuilder) commands
@ -146,7 +147,7 @@ You may also like to run your [test environment on separate machine](/wiki/TestB
 TODO: edit this script to be more generic
-``` {.wiki}
+{% highlight trac-wiki %}
 #!/bin/sh
 set -x
@ -168,24 +169,24 @@ sudo cp misc/vm-template-hvm.conf /usr/share/qubes/
 sudo cp misc/qubes-start.desktop /usr/share/qubes/
 sudo cp misc/block-snapshot /etc/xen/scripts/
 sudo cp aux-tools/qubes-dom0-updates.cron /etc/cron.daily/I hope to 
-```
+{% endhighlight %}
 ### Apply qvm-tools
 TODO: make it more generic
-``` {.wiki}
+{% highlight trac-wiki %}
 #!/bin/sh
 BAK=qvm-tools.bak$$
 mkdir -p $BAK
 cp -a /usr/bin/qvm-* /usr/bin/qubes-* $BAK/
 sudo cp qvm-tools/qvm-* qvm-tools/qubes-* /usr/bin/
-```
+{% endhighlight %}
 ### Copy from dom0 to an appvm
-``` {.wiki}
+{% highlight trac-wiki %}
 #/bin/sh
 #
 # usage ./cp-domain <vm_name> <file_to_copy>
@ -196,4 +197,4 @@ fname=`basename $file`
 qvm-run $domain 'mkdir /home/user/incoming/dom0 -p'
 cat $file| qvm-run --pass-io $domain "cat > /home/user/incoming/dom0/$fname"
-```
+{% endhighlight %}
--- a/DiskTRIM.md
+++ b/DiskTRIM.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: DiskTRIM
-permalink: /wiki/DiskTRIM/
+permalink: /doc/DiskTRIM/
 redirect_from: /wiki/DiskTRIM/
 ---
 VMs have already TRIM enabled by default, but dom0 doesn't. There are some security implications (read for example [this article](http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html)), but IMO not very serious.
@ -10,23 +11,23 @@ To enable TRIM in dom0 you need:
 1.  Get your LUKS device UUID:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    ls /dev/mapper/luks-*
-    ```
+    {% endhighlight %}
 2.  Add entry to `/etc/crypttab` (replace luks-\<UUID\> with the device name and the \<UUID\> with UUID alone):
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    luks-<UUID> UUID=<UUID> none allow-discards
-    ```
+    {% endhighlight %}
 3.  Add `rd.luks.allow-discards=1` to kernel cmdline (`/etc/default/grub`, GRUB\_CMDLINE\_LINUX line)
 4.  Rebuild grub config (`grub2-mkconfig -o /boot/grub2/grub.cfg`)
 5.  Rebuild initrd **in hostonly mode**:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    dracut -H -f
-    ```
+    {% endhighlight %}
 6.  Add "discard" option to `/etc/fstab` for root device
 7.  Reboot the system, verify that allow-discards is really enabled (`dmsetup table`)
--- a/DisposableVms.md
+++ b/DisposableVms.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: DisposableVms
-permalink: /wiki/DisposableVms/
+permalink: /doc/DisposableVms/
 redirect_from: /wiki/DisposableVms/
 ---
 Disposable VMs (DispVMs)
@ -31,9 +32,9 @@ Opening a file in a Disposable VM via command line (from AppVM)
 Use the `qvm-open-in-dvm` command line (from your AppVM), e.g.:
-``` {.wiki}
+{% highlight trac-wiki %}
 [user@work-pub ~]$ qvm-open-in-dvm Downloads/apple-sandbox.pdf
-```
+{% endhighlight %}
 The qvm-open-in-dvm will not exit until you close the application in the Disposable VM.
@ -42,9 +43,9 @@ Starting an arbitrary application in a disposable VM via command line (from Dom0
 **Note:** Normally there should be no need for doing this -- this is just for Qubes hackers ;)
-``` {.wiki}
+{% highlight trac-wiki %}
 [joanna@dom0 ~]$ echo gnome-terminal | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red
-```
+{% endhighlight %}
 In fact the Disposable VM appmenu used for starting Firefox contains a very similar command to the above. Please note, however, that it generally makes little sense to start any other application other than a Web Browser this way...
@ -53,9 +54,9 @@ Starting an arbitrary program in a Disposable VM from an AppVM
 Sometimes it might be useful to start an arbitrary program, such as e.g. terminal in an Disposable VM from an AppVM. This could be simply done this way:
-``` {.wiki}
+{% highlight trac-wiki %}
 [user@vault ~]$ qvm-run '$dispvm' gnome-terminal
-```
+{% endhighlight %}
 Note the above command is issued in an AppVM, not in Dom0. The created Disposable VM can be normally accessed via other tools, such as e.g. `qvm-copy-to-vm`, using its 'dispX' name, as shown by the Qubes Manager or `qvm-ls` tools. The created Disposable VM will inherit firewall settings of the ancestor VM, which is useful in some cases (e.g. when the original AppVM had networking cut off).
@ -66,21 +67,21 @@ In some situations it might be beneficial to use a non-default template as a bas
 In order to regenerate Disposable VM "snapshot" (called 'savefile' on Qubes) one can conveniently use the following command in Dom0:
-``` {.wiki}
+{% highlight trac-wiki %}
 [joanna@dom0 ~]$ qvm-create-default-dvm <custom-template-name>
-```
+{% endhighlight %}
 This would create a new Disposable VM savefile based on the custom template. Now, whenever one opens a file (from any AppVM) in a Disposable VM, a Disposable VM based on this template will be used.
 One can easily verify if the new Disposable VM template is indeed based on a custom template (in the example below the template called "f17-yellow" was used as a basis for the Disposable VM):
-``` {.wiki}
+{% highlight trac-wiki %}
 [joanna@dom0 ~]$ ll /var/lib/qubes/dvmdata/
 total 0
 lrwxrwxrwx 1 joanna joanna 45 Mar 11 13:59 default_dvm.conf -> /var/lib/qubes/appvms/f17-yellow-dvm/dvm.conf
 lrwxrwxrwx 1 joanna joanna 49 Mar 11 13:59 default_savefile -> /var/lib/qubes/appvms/f17-yellow-dvm/dvm-savefile
 lrwxrwxrwx 1 joanna joanna 47 Mar 11 13:59 savefile_root -> /var/lib/qubes/vm-templates/f17-yellow/root.img
-```
+{% endhighlight %}
 Disposable VMs and Local Forensics
 ----------------------------------
--- a/Dom0SecureUpdates.md
+++ b/Dom0SecureUpdates.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Dom0SecureUpdates
-permalink: /wiki/Dom0SecureUpdates/
+permalink: /doc/Dom0SecureUpdates/
 redirect_from: /wiki/Dom0SecureUpdates/
 ---
 Qubes Dom0 secure update procedure
--- a/Dom0Tools/QubesDom0NetworkViaNetvm.md
+++ b/Dom0Tools/QubesDom0NetworkViaNetvm.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QubesDom0NetworkViaNetvm
-permalink: /wiki/Dom0Tools/QubesDom0NetworkViaNetvm/
+permalink: /doc/Dom0Tools/QubesDom0NetworkViaNetvm/
 redirect_from: /wiki/Dom0Tools/QubesDom0NetworkViaNetvm/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qubes-tools/qubes-dom0-network-via-netvm.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qubes-tools/qubes-dom0-network-via-netvm.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QubesDom0Update.md
+++ b/Dom0Tools/QubesDom0Update.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QubesDom0Update
-permalink: /wiki/Dom0Tools/QubesDom0Update/
+permalink: /doc/Dom0Tools/QubesDom0Update/
 redirect_from: /wiki/Dom0Tools/QubesDom0Update/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin-linux.git;a=blob\_plain;f=doc/tools/qubes-dom0-update.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin-linux.git;a=blob_plain;f=doc/tools/qubes-dom0-update.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QubesPrefs.md
+++ b/Dom0Tools/QubesPrefs.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QubesPrefs
-permalink: /wiki/Dom0Tools/QubesPrefs/
+permalink: /doc/Dom0Tools/QubesPrefs/
 redirect_from: /wiki/Dom0Tools/QubesPrefs/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qubes-tools/qubes-prefs.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qubes-tools/qubes-prefs.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmAddAppvm.md
+++ b/Dom0Tools/QvmAddAppvm.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmAddAppvm
-permalink: /wiki/Dom0Tools/QvmAddAppvm/
+permalink: /doc/Dom0Tools/QvmAddAppvm/
 redirect_from: /wiki/Dom0Tools/QvmAddAppvm/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-add-appvm.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-add-appvm.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmAddTemplate.md
+++ b/Dom0Tools/QvmAddTemplate.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmAddTemplate
-permalink: /wiki/Dom0Tools/QvmAddTemplate/
+permalink: /doc/Dom0Tools/QvmAddTemplate/
 redirect_from: /wiki/Dom0Tools/QvmAddTemplate/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-add-template.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-add-template.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmBackup.md
+++ b/Dom0Tools/QvmBackup.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmBackup
-permalink: /wiki/Dom0Tools/QvmBackup/
+permalink: /doc/Dom0Tools/QvmBackup/
 redirect_from: /wiki/Dom0Tools/QvmBackup/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-backup.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-backup.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmBackupRestore.md
+++ b/Dom0Tools/QvmBackupRestore.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmBackupRestore
-permalink: /wiki/Dom0Tools/QvmBackupRestore/
+permalink: /doc/Dom0Tools/QvmBackupRestore/
 redirect_from: /wiki/Dom0Tools/QvmBackupRestore/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-backup-restore.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-backup-restore.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmBlock.md
+++ b/Dom0Tools/QvmBlock.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmBlock
-permalink: /wiki/Dom0Tools/QvmBlock/
+permalink: /doc/Dom0Tools/QvmBlock/
 redirect_from: /wiki/Dom0Tools/QvmBlock/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-block.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-block.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmClone.md
+++ b/Dom0Tools/QvmClone.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmClone
-permalink: /wiki/Dom0Tools/QvmClone/
+permalink: /doc/Dom0Tools/QvmClone/
 redirect_from: /wiki/Dom0Tools/QvmClone/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-clone.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-clone.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmCreate.md
+++ b/Dom0Tools/QvmCreate.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmCreate
-permalink: /wiki/Dom0Tools/QvmCreate/
+permalink: /doc/Dom0Tools/QvmCreate/
 redirect_from: /wiki/Dom0Tools/QvmCreate/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-create.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-create.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmCreateDefaultDvm.md
+++ b/Dom0Tools/QvmCreateDefaultDvm.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmCreateDefaultDvm
-permalink: /wiki/Dom0Tools/QvmCreateDefaultDvm/
+permalink: /doc/Dom0Tools/QvmCreateDefaultDvm/
 redirect_from: /wiki/Dom0Tools/QvmCreateDefaultDvm/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-create-default-dvm.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-create-default-dvm.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmFirewall.md
+++ b/Dom0Tools/QvmFirewall.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmFirewall
-permalink: /wiki/Dom0Tools/QvmFirewall/
+permalink: /doc/Dom0Tools/QvmFirewall/
 redirect_from: /wiki/Dom0Tools/QvmFirewall/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-firewall.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-firewall.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmGrowPrivate.md
+++ b/Dom0Tools/QvmGrowPrivate.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmGrowPrivate
-permalink: /wiki/Dom0Tools/QvmGrowPrivate/
+permalink: /doc/Dom0Tools/QvmGrowPrivate/
 redirect_from: /wiki/Dom0Tools/QvmGrowPrivate/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-grow-private.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-grow-private.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmKill.md
+++ b/Dom0Tools/QvmKill.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmKill
-permalink: /wiki/Dom0Tools/QvmKill/
+permalink: /doc/Dom0Tools/QvmKill/
 redirect_from: /wiki/Dom0Tools/QvmKill/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-kill.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-kill.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmLs.md
+++ b/Dom0Tools/QvmLs.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmLs
-permalink: /wiki/Dom0Tools/QvmLs/
+permalink: /doc/Dom0Tools/QvmLs/
 redirect_from: /wiki/Dom0Tools/QvmLs/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-ls.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-ls.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmPci.md
+++ b/Dom0Tools/QvmPci.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmPci
-permalink: /wiki/Dom0Tools/QvmPci/
+permalink: /doc/Dom0Tools/QvmPci/
 redirect_from: /wiki/Dom0Tools/QvmPci/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-pci.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-pci.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmPrefs.md
+++ b/Dom0Tools/QvmPrefs.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmPrefs
-permalink: /wiki/Dom0Tools/QvmPrefs/
+permalink: /doc/Dom0Tools/QvmPrefs/
 redirect_from: /wiki/Dom0Tools/QvmPrefs/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-prefs.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-prefs.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmRemove.md
+++ b/Dom0Tools/QvmRemove.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmRemove
-permalink: /wiki/Dom0Tools/QvmRemove/
+permalink: /doc/Dom0Tools/QvmRemove/
 redirect_from: /wiki/Dom0Tools/QvmRemove/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-remove.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-remove.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmRevertTemplateChanges.md
+++ b/Dom0Tools/QvmRevertTemplateChanges.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmRevertTemplateChanges
-permalink: /wiki/Dom0Tools/QvmRevertTemplateChanges/
+permalink: /doc/Dom0Tools/QvmRevertTemplateChanges/
 redirect_from: /wiki/Dom0Tools/QvmRevertTemplateChanges/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-revert-template-changes.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-revert-template-changes.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmRun.md
+++ b/Dom0Tools/QvmRun.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmRun
-permalink: /wiki/Dom0Tools/QvmRun/
+permalink: /doc/Dom0Tools/QvmRun/
 redirect_from: /wiki/Dom0Tools/QvmRun/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-run.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-run.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmService.md
+++ b/Dom0Tools/QvmService.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmService
-permalink: /wiki/Dom0Tools/QvmService/
+permalink: /doc/Dom0Tools/QvmService/
 redirect_from: /wiki/Dom0Tools/QvmService/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-service.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-service.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmShutdown.md
+++ b/Dom0Tools/QvmShutdown.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmShutdown
-permalink: /wiki/Dom0Tools/QvmShutdown/
+permalink: /doc/Dom0Tools/QvmShutdown/
 redirect_from: /wiki/Dom0Tools/QvmShutdown/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-shutdown.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-shutdown.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmStart.md
+++ b/Dom0Tools/QvmStart.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmStart
-permalink: /wiki/Dom0Tools/QvmStart/
+permalink: /doc/Dom0Tools/QvmStart/
 redirect_from: /wiki/Dom0Tools/QvmStart/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-start.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-start.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmSyncAppmenus.md
+++ b/Dom0Tools/QvmSyncAppmenus.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmSyncAppmenus
-permalink: /wiki/Dom0Tools/QvmSyncAppmenus/
+permalink: /doc/Dom0Tools/QvmSyncAppmenus/
 redirect_from: /wiki/Dom0Tools/QvmSyncAppmenus/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin-linux.git;a=blob\_plain;f=doc/tools/qvm-sync-appmenus.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin-linux.git;a=blob_plain;f=doc/tools/qvm-sync-appmenus.rst;hb=master,%20text/x-rst))
--- a/Dom0Tools/QvmTemplateCommit.md
+++ b/Dom0Tools/QvmTemplateCommit.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QvmTemplateCommit
-permalink: /wiki/Dom0Tools/QvmTemplateCommit/
+permalink: /doc/Dom0Tools/QvmTemplateCommit/
 redirect_from: /wiki/Dom0Tools/QvmTemplateCommit/
 ---
 [Include(http://git.qubes-os.org/?p=marmarek/core-admin.git;a=blob\_plain;f=doc/qvm-tools/qvm-template-commit.rst;hb=master, text/x-rst)?](/wiki/Dom0Tools/Include(http%3A/git.qubes-os.org?p=marmarek/core-admin.git;a=blob_plain;f=doc/qvm-tools/qvm-template-commit.rst;hb=master,%20text/x-rst))
--- a/DomZeroTools.md
+++ b/DomZeroTools.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: DomZeroTools
-permalink: /wiki/DomZeroTools/
+permalink: /doc/DomZeroTools/
 redirect_from: /wiki/DomZeroTools/
 ---
 QVM-tools:
--- a/Donations.md
+++ b/Donations.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Donations
-permalink: /wiki/Donations/
+permalink: /doc/Donations/
 redirect_from: /wiki/Donations/
 ---
 Donating to the Qubes Project
@ -9,9 +10,9 @@ Donating to the Qubes Project
 The Qubes project is now accepting donations in Bitcoins. You can use the following address to send Bitcoins to the project (but you might want to read the short FAQ below first):
-``` {.wiki}
+{% highlight trac-wiki %}
 14zockMSKKp5MK6X2cHJ3mQwm9MwYsJ39j
-```
+{% endhighlight %}
 This address can also be found in a message posted to Qubes mailing list, which can be viewed via Google Groups Web interface over SSL [here](https://groups.google.com/d/msg/qubes-devel/u3wAzm1dB5Y/s5CiUGDebL4J), for double verification. For additional verification, you can verify the digital signature on the message, which should come from Joanna Rutkowska.
--- a/ExternalAudio.md
+++ b/ExternalAudio.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: ExternalAudio
-permalink: /wiki/ExternalAudio/
+permalink: /doc/ExternalAudio/
 redirect_from: /wiki/ExternalAudio/
 ---
 Using External Audio Devices
@ -21,16 +22,16 @@ First you need to identify an user VM dedicated to audio and [assign a device
 In a terminal of the template from which you user VM depends, install pavucontrol with:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo yum install pavucontrol
-```
+{% endhighlight %}
 Close the template and start or restart your user VM, insert your external audio device, open a terminal and prepare pulseaudio to use it with:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo chmod a+rw /dev/snd/*
 pactl load-module module-udev-detect
-```
+{% endhighlight %}
 Start the audio application that is going to use the external audio device.
@ -38,8 +39,8 @@ Launch pavucontrol, for example using "run command in VM" of Qubes Manager and s
 If you detach your external audio device, then want to insert it again, or change it with another one, you need to repeat the previous commands in terminal, adding an other line at the beginning:
-``` {.wiki}
+{% highlight trac-wiki %}
 pactl unload-module module-udev-detect
 sudo chmod a+rw /dev/snd/*
 pactl load-module module-udev-detect
-```
+{% endhighlight %}
--- a/ExternalDeviceMountPoint.md
+++ b/ExternalDeviceMountPoint.md
@ -1,13 +1,14 @@
 ---
-layout: wiki
+layout: doc
 title: ExternalDeviceMountPoint
-permalink: /wiki/ExternalDeviceMountPoint/
+permalink: /doc/ExternalDeviceMountPoint/
 redirect_from: /wiki/ExternalDeviceMountPoint/
 ---
 All external storage devices connected to an AppVM using the Fedora template can be found under
-``` {.wiki}
+{% highlight trac-wiki %}
 /run/media/user/
-```
+{% endhighlight %}
 ...of that AppVM's filesystem.
--- a/FedoraTemplateUpgrade.md
+++ b/FedoraTemplateUpgrade.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: FedoraTemplateUpgrade
-permalink: /wiki/FedoraTemplateUpgrade/
+permalink: /doc/FedoraTemplateUpgrade/
 redirect_from: /wiki/FedoraTemplateUpgrade/
 ---
 Upgrade of Fedora template
@ -14,32 +15,32 @@ Upgrading Fedora 18 to Fedora 20
 Commands to run in dom0 console (you can do the same from Qubes Manager):
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-clone fedora-18-x64 fedora-20-x64
 qvm-run -a fedora-20-x64 gnome-terminal
-```
+{% endhighlight %}
 Commands to run in new fedora-20-x64 template:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo yum --releasever=20 distro-sync
 poweroff
-```
+{% endhighlight %}
 If you have installed a lot of software in your template, it may happen that you don't have enough disk space for upgrade. Yum will tell you this just after confirming the operation (before it change anything to your system). In that case you need to provide some "external" place for yum cache (uses about 2GB during upgrade). For example attach virtual disk stored in some file. Prepare the file in dom0:
-``` {.wiki}
+{% highlight trac-wiki %}
 truncate -s 5GB /var/tmp/template-upgrade-cache.img
 qvm-block -A fedora-20-x64 dom0:/var/tmp/template-upgrade-cache.img
-```
+{% endhighlight %}
 Then use it in template:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo mkfs.ext4 /dev/xvdi
 sudo mount /dev/xvdi /mnt/removable
 sudo yum --releasever=20 --setopt=cachedir=/mnt/removable distro-sync
-```
+{% endhighlight %}
 After upgrade is finished, you can remove /var/tmp/template-upgrade-cache.img file.
@ -52,17 +53,17 @@ fstrim, nor "discard" mount option do not work on template root fs, so when some
 You can compact root.img in the "old way", you'll need about 15GB (template's max size + really used space there) in dom0 for this operation: Start the template, fill all the free space with zeros, for example with:
-``` {.wiki}
+{% highlight trac-wiki %}
 dd if=/dev/zero of=/var/tmp/zero
 (wait for "No space left on device" error)
 rm -f /var/tmp/zero
-```
+{% endhighlight %}
 Then shutdown template and all VMs based on it. Go into template directory in dom0 (/var/lib/qubes/vm-templates/fedora-20-x64 or so) and issue:
-``` {.wiki}
+{% highlight trac-wiki %}
 cp --sparse=always root.img root.img.new
 mv root.img.new root.img
-```
+{% endhighlight %}
 Done.
--- a/Fetchmail.md
+++ b/Fetchmail.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Fetchmail
-permalink: /wiki/Fetchmail/
+permalink: /doc/Fetchmail/
 redirect_from: /wiki/Fetchmail/
 ---
 Fetchmail
@ -23,7 +24,7 @@ Assuming you have more than one account (safe assumption these days), you need t
 In TemplateVM create `/etc/systemd/system/fetchmail@.service`:
-``` {.wiki}
+{% highlight trac-wiki %}
 [Unit]
 Description=Mail Retrieval Agent
 After=network.target
@ -33,11 +34,11 @@ Requires=postfix.service
 User=user
 ExecStart=/bin/fetchmail -f /usr/local/etc/fetchmail/%I.rc -d 60 -i /usr/local/etc/fetchmail/.%I.fetchids --pidfile /usr/local/etc/fetchmail/.%I.pid
 RestartSec=1
-```
+{% endhighlight %}
 Then shutdown TemplateVM, start AppVM and create directory `/usr/local/etc/fetchmail`. In it, create one `.rc` file for each instance of fetchmail, ie. `personal1.rc` and `personal2.rc`. Sample configuration file:
-``` {.wiki}
+{% highlight trac-wiki %}
 set syslog
 set no bouncemail
 #set daemon 600
@ -56,13 +57,13 @@ user woju pass supersecret
    idle
 # vim: ft=fetchmail
-```
+{% endhighlight %}
 Then `chown -R user:user /usr/local/etc/fetchmail` and `chmod 600 /usr/local/etc/fetchmail/*.rc`. **This is important**, fetchmail will refuse to run with wrong permissions on its rc-file.
 Next, add this to `/rw/config/rc.local`:
-``` {.wiki}
+{% highlight trac-wiki %}
 #!/bin/sh
 for rc in /usr/local/etc/fetchmail/*.rc; do
@ -70,6 +71,6 @@ for rc in /usr/local/etc/fetchmail/*.rc; do
        instance=${instance##*/}
        echo systemctl --no-block start fetchmail@${instance}
 done
-```
+{% endhighlight %}
 Now reboot your AppVM and you are done.
--- a/FullScreenMode.md
+++ b/FullScreenMode.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: FullScreenMode
-permalink: /wiki/FullScreenMode/
+permalink: /doc/FullScreenMode/
 redirect_from: /wiki/FullScreenMode/
 ---
 Enabling Full Screen Mode for select VMs
@ -29,19 +30,19 @@ If you want to enable full screen mode for select VMs, you can do that by creati
 **Note:** There should be only one `VM: {}` block in the file (or you will [get into problems](https://groups.google.com/d/msg/qubes-users/-Yf9yNvTsVI/xXsEm8y2lrYJ))
-``` {.wiki}
+{% highlight trac-wiki %}
 VM: {
  personal: {
    allow_fullscreen = true;
  };
 };
-```
+{% endhighlight %}
 The string 'personal' above is exemplary and should be replaced by the actual name of the VM for which you want to enable this functionality.
 One can also enable this functionality for all the VMs globally in the same file, by modifying the 'global' section:
-``` {.wiki}
+{% highlight trac-wiki %}
 global: {
  # default values
  allow_fullscreen = true;
@ -50,6 +51,6 @@ global: {
  #secure_paste_sequence = "Ctrl-Shift-v";
  #windows_count_limit = 500;
 };
-```
+{% endhighlight %}
 Be sure to restart the VM(s) after modifying this file, for the changes to take effect.
--- a/GUIdocs.md
+++ b/GUIdocs.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: GUIdocs
-permalink: /wiki/GUIdocs/
+permalink: /doc/GUIdocs/
 redirect_from: /wiki/GUIdocs/
 ---
 Qubes GUI protocol
@ -99,7 +100,7 @@ Window manager hints and flags are described at [http://standards.freedesktop
 Each message starts with the following header
-``` {.wiki}
+{% highlight trac-wiki %}
 struct msghdr {   
        uint32_t type;
        uint32_t window;
@ -110,7 +111,7 @@ struct msghdr {
         * whatever it wants! */
        uint32_t untrusted_len;
 };
-```
+{% endhighlight %}
 The header is followed by message-specific data.
@ -182,12 +183,12 @@ Proper handling of the below messages is NOT security-critical.
 Each message starts with the following header
-``` {.wiki}
+{% highlight trac-wiki %}
 struct msghdr {   
        uint32_t type;
        uint32_t window;
 };
-```
+{% endhighlight %}
 The header is followed by message-specific data.
 ` KEYPRESS, BUTTON, MOTION, FOCUS ` messages pass information extracted from dom0 XEvent; see appropriate event documentation.
--- a/GettingStarted.md
+++ b/GettingStarted.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: GettingStarted
-permalink: /wiki/GettingStarted/
+permalink: /doc/GettingStarted/
 redirect_from: /wiki/GettingStarted/
 ---
 Getting Started with Qubes OS
@ -54,15 +55,15 @@ By default, each domain's menu contains only a few shortcuts. If you'd like to a
 To start apps from the console in dom0, type:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-run -a <domain> "<app name> [arguments]"
-```
+{% endhighlight %}
 e.g.:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-run -a red firefox
-```
+{% endhighlight %}
 Adding, Removing, and Listing Domains
 -------------------------------------
@ -95,7 +96,7 @@ To allow domains to enter full screen mode, one should edit the `/etc/qubes/guid
 E.g. to allow all domains to enter full screen mode, set `allow_fullscreen` flag to `true` in the `global` section:
-``` {.wiki}
+{% highlight trac-wiki %}
 global: {
  # default values
  allow_fullscreen = false;
@ -104,18 +105,18 @@ global: {
  #secure_paste_sequence = "Ctrl-Shift-v";
  #windows_count_limit = 500;
 };
-```
+{% endhighlight %}
 To allow only select AppVMs to enter full screen mode, create a per-VM section, and set `allow_fullscreen` flag there to `true`:
-``` {.wiki}
+{% highlight trac-wiki %}
 VM: {
  work: {
   allow_fullscreen = true;
  };
 };
-```
+{% endhighlight %}
 In order for the changes to take effect, restart the AppVM(s).
--- a/Glossary.md
+++ b/Glossary.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Glossary
-permalink: /wiki/Glossary/
+permalink: /doc/Glossary/
 redirect_from: /wiki/Glossary/
 ---
 Glossary of Qubes Terminology
--- a/HCL-R2B2.md
+++ b/HCL-R2B2.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: HCL-R2B2
-permalink: /wiki/HCL-R2B2/
+permalink: /doc/HCL-R2B2/
 redirect_from: /wiki/HCL-R2B2/
 ---
 Hardware Compatibility List (HCL) for R2B2 Qubes OS Release
--- a/HCL.md
+++ b/HCL.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: HCL
-permalink: /wiki/HCL/
+permalink: /doc/HCL/
 redirect_from: /wiki/HCL/
 ---
 Hardware Compatibility List (HCL) for All Qubes OS Releases
--- a/HCLR1.md
+++ b/HCLR1.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: HCLR1
-permalink: /wiki/HCLR1/
+permalink: /doc/HCLR1/
 redirect_from: /wiki/HCLR1/
 ---
 Hardware Compatibility List for Qubes OS R1
--- a/HvmCreate.md
+++ b/HvmCreate.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: HvmCreate
-permalink: /wiki/HvmCreate/
+permalink: /doc/HvmCreate/
 redirect_from: /wiki/HvmCreate/
 ---
 Creating and using HVM (fully virtualized) domains in Qubes 2
@ -19,23 +20,23 @@ Creating an HVM domain
 First, lets create a new HVM domain (use the --hvm switch to qvm-create, or choose HVM type in the Qubes Manager VM creation dialog box):
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-create win7 --hvm --label green
-```
+{% endhighlight %}
 (Of course, the name of the domain ("win7"), as well as it's label ("green"), are just exemplary).
 Now, we need to install an OS inside this VM, this can done by attaching an installation ISO upon starting the VM (this currently can be done only from command line, but in the future we surely will added an option to do this also from the manager):
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-start win7 --cdrom=/usr/local/iso/win7_en.iso
-```
+{% endhighlight %}
 The command above assumes the installation ISO was somehow transferred to Dom0, e.g. copied using `dd` command from an installation CDROM. If one wishes to use the actual physical media without copying it first to a file, then one can just pass `/dev/cdrom` as an argument to `--cdrom`:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-start win7 --cdrom=/dev/cdrom
-```
+{% endhighlight %}
 Now, the VM will start booting from the attached CDROM device, which in the example above just happens to be the Windows 7 installation disk. Depending on the OS that is being installed in the VM, one might be required to start the VM several times (as is the case e.g. with Windows 7 installation), because whenever the installer wants to "reboot the system", it actually shutdowns the VM (and Qubes won't automatically start it), so several invocations of qvm-start command (as shown above) might be needed.
@ -46,16 +47,16 @@ Using Installation ISOs located in other VMs
 Sometimes one wants to download the installation ISO from the Web and use it for HVM creation. However, for security reasons, networking is disabled for Qubes Dom0, which makes it not possible to download an ISO within Dom0. Also Qubes do not provide any (easy to use) mechanisms for copying files between AppVMs and Dom0, and generally tries to discourage such actions. So, it would be inconvenient to require that the installation ISO for an HVM domain be always located in Dom0. And the good news is that this is indeed not required -- one can use the following syntax when specifying the location of /usr/local/iso/win7\_en.iso the installation ISO:
-``` {.wiki}
+{% highlight trac-wiki %}
 --cdrom=[appvm]:[/path/to/iso/within/appvm]
-```
+{% endhighlight %}
 Assuming e.g. the an installation ISO named `ubuntu-12.10-desktop-i386.iso` has been downloaded in `work-web` AppVM, and located within `/home/user/Downloads` directory within this AppVM, one can immediately create a new HVM and use this ISO as an installation media with the following command (issued in Dom0, of course):
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-create --hvm ubuntu --label red
 qvm-start ubuntu --cdrom=work-web:/home/user/Downloads/ubuntu-12.10-desktop-i386.iso
-```
+{% endhighlight %}
 Of course the AppVM where the ISO is kept must also be running for this to work (this VM is now serving the ISO and acting as a disk backend).
@ -92,7 +93,7 @@ Just like normal AppVMs, the HVM domains can also be cloned, either using a comm
 The cloned VM will get identical root and private image, and essentially will be identical to the original VM, except that it will get a different MAC address for the networking interface:
-``` {.wiki}
+{% highlight trac-wiki %}
 [joanna@dom0 ~]$ qvm-prefs win7
 name              : win7
 label             : green
@ -144,21 +145,21 @@ qrexec_installed  : False
 qrexec timeout    : 60
 drive             : None
 timezone          : localtime
-```
+{% endhighlight %}
 Note how the MAC addresses differ between those two, otherwise identical VMs. Of course, the IP addresses, assigned by Qubes, will also be different, to allow networking to function properly:
-``` {.wiki}
+{% highlight trac-wiki %}
 [joanna@dom0 ~]$ qvm-ls -n
 /.../
         win7-copy |    |  Halted |   Yes |       | *firewallvm |  green |  10.137.2.3 |        n/a |  10.137.2.1 |
              win7 |    |  Halted |   Yes |       | *firewallvm |  green |  10.137.2.7 |        n/a |  10.137.2.1 |
 /.../
-```
+{% endhighlight %}
 If, for any reason, one would like to make sure that the two VMs have the same MAC address, one can use qvm-prefs to set a fixed MAC address for the VM:
-``` {.wiki}
+{% highlight trac-wiki %}
 [joanna@dom0 ~]$ qvm-prefs win7-copy -s mac 00:16:3E:5E:6C:05
 [joanna@dom0 ~]$ qvm-prefs win7-copy
 name              : win7-copy
@ -183,7 +184,7 @@ qrexec_installed  : False
 qrexec timeout    : 60
 drive             : None
 timezone          : localtime
-```
+{% endhighlight %}
 Please note that as of now Qubes does not support shared templates for HVM domains. This means that HVM domains cloned this way will have two separate copies of the whole filesystems. This has consequences in taking much more disk space compared to standard AppVMs that share the root fs with the Template VM. Another consequence is that it's probably not legal to clone a proprietary OS, such as Windows this way, unless your license specifically allows for that (even though Windows Activation won't complain when one sets identical MAC address for the cloned VMs, it's doubtful practice at best).
@ -210,22 +211,22 @@ Qubes Windows Support Tools are not open source and are distributed under a comm
 Because the Windows Support Tools are not licensed under a GPL license they are not distributed with Qubes installation ISO. Instead, one can download them when needed using the standard Qubes command for installing software in Dom0:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo qubes-dom0-update qubes-windows-tools
-```
+{% endhighlight %}
 This should install `qubes-windows-tools-*.rpm` in your system, a package that brings an ISO with Windows Support Tools:
-``` {.wiki}
+{% highlight trac-wiki %}
 [joanna@dom0 ~]$ rpm -ql qubes-windows-tools-1-201211301354.noarch
 /usr/lib/qubes/qubes-windows-tools-201211301354.iso
-```
+{% endhighlight %}
 Now, in order to install the tools in a Windows VM one should start the VM with the ISO attached:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-start lab-win7 --cdrom=/usr/lib/qubes/qubes-windows-tools-201211301354.iso
-```
+{% endhighlight %}
 Once the Windows VM boots, a CDROM should appear in the 'My Computer' menu (typically as `D:`) with a setup program in its main directory:
@ -241,25 +242,25 @@ After successful installation, the Windows VM must be shut down.
 Additionally, once should inform Qubes that tools have been installed in this VM by setting the `qrexec_installed` flag in the VM's properties -- this can be done using the `qvm-prefs` command in Dom0, e.g.:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-prefs lab-win7 -s qrexec_installed true
-```
+{% endhighlight %}
 Also, by default Qubes assumes that the default user in the Windows VM is named `user` -- if one has chosen a different user during Windows installation, Qubes should be informed about this by setting the `default_user` property for the VM, e.g.:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-prefs lab-win7 -s default_user joanna
-```
+{% endhighlight %}
 If everything went fine (please remember about the need to reboot the Windows VM after installation of the tools), one can run some simple tests to see if qrexec service runs fine with this VM, e.g.:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-run lab-win7 calc
-```
+{% endhighlight %}
 ... or something more fancy (a "networkless" telnet to Windows ;):
-``` {.wiki}
+{% highlight trac-wiki %}
 [joanna@dom0 ~]$ qvm-run lab-win7 -p cmd.exe
 Microsoft Windows [Version 6.1.7601]
 Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
@ -282,7 +283,7 @@ dir c:\
 C:\Windows\system32>exit
 exit
-```
+{% endhighlight %}
 Another things to check are if clipboard copy/paste and file copy works fine with this VM. If it doesn't, then perhaps one more VM reboot is necessary (seriously, hey this is Windows!).
--- a/InstallNvidiaDriver.md
+++ b/InstallNvidiaDriver.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: InstallNvidiaDriver
-permalink: /wiki/InstallNvidiaDriver/
+permalink: /doc/InstallNvidiaDriver/
 redirect_from: /wiki/InstallNvidiaDriver/
 ---
 Nvidia proprietary driver installation
@ -17,34 +18,34 @@ Download pacakages
 You will need any Fedora 18 system to download and build packages. You can use Qubes AppVM for it, but it isn't necessary. To download packages from rpmfusion - add this repository to your yum configuration (instructions are on their website). After then download packages using yumdownloader:
-``` {.wiki}
+{% highlight trac-wiki %}
 yumdownloader --resolve xorg-x11-drv-nvidia
 yumdownloader --source nvidia-kmod
-```
+{% endhighlight %}
 Build kernel package
 --------------------
 You will need at least kernel-devel (matching your Qubes dom0 kernel), rpmbuild tool and kmodtool, and then you can use it to build package:
-``` {.wiki}
+{% highlight trac-wiki %}
 yum install kernel-devel rpm-build kmodtool
 rpmbuild --nodeps -D "kernels `uname -r`" --rebuild nvidia-kmod-260.19.36-1.fc13.3.src.rpm
-```
+{% endhighlight %}
 In above command replace `uname -r` with kernel version from your Qubes dom0. If everything went right, you have now complete packages with nvidia drivers for Qubes system. Transfer them to dom0 (eg using USB stick) and install (using standard "yum install /path/to/file"). Then you need to disable nouveau (normally it is done by install scripts from nvidia package, but unfortunately it isn't compatible with Qubes...):
 1.  Edit /etc/default/grub:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    GRUB_CMDLINE_LINUX="quiet rhgb nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off"
-    ```
+    {% endhighlight %}
 2.  Regenerate grub configuration:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    grub2-mkconfig -o /boot/grub2/grub.cfg
-    ```
+    {% endhighlight %}
 Then reboot.
@ -62,9 +63,9 @@ Userspace components
 Install libraries, Xorg driver, configuration utilities. This can by done by nvidia-installer:
-``` {.wiki}
+{% highlight trac-wiki %}
 ./NVIDIA-Linux-x86_64-260.19.44.run --ui=none --no-x-check --keep --no-nouveau-check --no-kernel-module
-```
+{% endhighlight %}
 Kernel module
 -------------
@ -83,19 +84,19 @@ This installation must be done manually, because nvidia-installer refused to ins
 If it is not true - correct it manually. To build kernel module, enter *NVIDIA-Linux-x86\_64-260.19.44/kernel* directory and execute:
-``` {.wiki}
+{% highlight trac-wiki %}
 make
 IGNORE_XEN_PRESENCE=1 CC="gcc -DNV_VMAP_4_PRESENT -DNV_SIGNAL_STRUCT_RLIM" make -f Makefile.kbuild
 mv /lib/modules/2.6.34.1-12.xenlinux.qubes.x86_64/kernel/drivers/video/nvidia.ko /lib/modules/2.6.34.1-12.xenlinux.qubes.x86_64/extra/
-```
+{% endhighlight %}
 Ignore error while inserting nvidia.ko (at the end of make phase). Now you should disable nouveau:
-``` {.wiki}
+{% highlight trac-wiki %}
 cat /etc/modprobe.d/nouveau-disable.conf
 # blacklist isn't enough...
 install nouveau /bin/true
-```
+{% endhighlight %}
 Add *rdblacklist=nouveau* option to /boot/grub/menu.lst (at the end of line containing *vmlinuz*).
@ -104,10 +105,10 @@ Configure Xorg
 After all, you should configure Xorg to use nvidia driver. You can use *nvidia-xconfig* or do it manually:
-``` {.wiki}
+{% highlight trac-wiki %}
 X -configure
 mv /root/xorg.conf.new /etc/X11/xorg.conf
 # replace Driver in Device section by "nvidia"
-```
+{% endhighlight %}
 Now you should reboot the system.
--- a/InstallationGuide.md
+++ b/InstallationGuide.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: InstallationGuide
-permalink: /wiki/InstallationGuide/
+permalink: /doc/InstallationGuide/
 redirect_from: /wiki/InstallationGuide/
 ---
 Installation Guide (for Qubes Release 1)
@ -28,9 +29,9 @@ Download installer ISO
 See [this page](/wiki/QubesDownloads) for ISO downloads. Remember, we have absolutely no control over those servers, and so you should be assuming that they might be compromised, or just be serving a compromised ISOs because their operators decided so for whatever reason. Always verify the digital signature on the downloaded ISO. See this [page](/wiki/VerifyingSignatures) for more info about how to download and verify our GPG keys, and then verify the downloaded ISO:
-``` {.wiki}
+{% highlight trac-wiki %}
 gpg -v <iso>.asc
-```
+{% endhighlight %}
 Burning the ISO onto a DVD or USB stick
 ---------------------------------------
@ -39,9 +40,9 @@ Once you verify this is an authentic ISO, you should burn it on a DVD.
 If you prefer to use USB as a source for installation, then you just need to copy the ISO onto the USB device, e.g. using dd:
-``` {.wiki}
+{% highlight trac-wiki %}
 dd if=Qubes-R1-x86_64-DVD.iso of=/dev/sdX
-```
+{% endhighlight %}
 **Be sure to use a correct device as the target in the dd command above (instead of sdX)'''**
@ -61,9 +62,9 @@ Migrating from Qubes Beta 3
 If you have Qubes Beta 3 currently installed on your system, you must reinstall from scratch, as we offer no direct upgrade option in the installer (sorry). However, we do offer tools for smooth migration of your AppVMs. In order to do that, please backup your AppVMs using the `qvm-backup` tool [as usual](/wiki/BackupRestore). Then, after you install Qubes 1.0 rc1, you can restore them using `qvm-backup-restore` tool. However, because we have changed the default template in RC1, you should tell qvm-back-restore about that by passing `--replace-template` option:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-backup-restore <backup_dir> --replace-template=fedora-15-x64:fedora-17-x64 
-```
+{% endhighlight %}
 Installing Updates
 ------------------
@ -84,10 +85,10 @@ Known Issues
 -   On systems with more than 8GB of RAM there is problem with Disposable VM. To fix it, limit maximum memory allocation for DispVM to 3GB
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    qvm-prefs -s fedora-17-x64-dvm maxmem 3072
    qvm-create-default-dvm --default-template --default-script
-    ```
+    {% endhighlight %}
 -   On some systems the KDE Window Manager might freeze upon resuming from S3 sleep when compositing is enabled (and the only method to log in to the system if this happens is to switch to a text console, enter your user's password, kill the kwin process, go back to the Xorg console, log in, and start a new instance of kwin using Konsole application :) If you experience such problems, make sure to disable compositing before putting the system into sleep by pressing Alt-Ctrl-F12 (and then enabling it back once you log in after resume) -- this way you should never see this problem again.
--- a/InstallationGuideR2.md
+++ b/InstallationGuideR2.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: InstallationGuideR2
-permalink: /wiki/InstallationGuideR2/
+permalink: /doc/InstallationGuideR2/
 redirect_from: /wiki/InstallationGuideR2/
 ---
 Installation Guide for Qubes Release 2
@ -27,9 +28,9 @@ Download installer ISO
 See [this page](/wiki/QubesDownloads) for ISO downloads. Remember, we have absolutely no control over those servers, and so you should be assuming that they might be compromised, or just be serving a compromised ISOs because their operators decided so, for whatever reason. Always verify the digital signature on the downloaded ISO. See this [page](/wiki/VerifyingSignatures) for more info about how to download and verify our GPG keys, and then verify the downloaded ISO:
-``` {.wiki}
+{% highlight trac-wiki %}
 gpg -v Qubes-R2-x86_64-DVD.iso.asc
-```
+{% endhighlight %}
 Burning the ISO onto a DVD or USB stick
 ---------------------------------------
@ -38,15 +39,15 @@ Once you verify this is an authentic ISO, you should burn it on a DVD.
 If you prefer to use USB as a source for installation, then you just need to copy the ISO onto the USB device, e.g. using dd:
-``` {.wiki}
+{% highlight trac-wiki %}
 dd if=Qubes-R2-x86_64-DVD.iso of=/dev/sdX
-```
+{% endhighlight %}
 On windows you can use [this](http://www.chrysocome.net/dd) tool. Example command would be (as Administrator):
-``` {.wiki}
+{% highlight trac-wiki %}
 dd if=Qubes-R2-x86_64-DVD.iso of=\\?\Device\Harddisk1\Partition0 bs=1M --size --progress
-```
+{% endhighlight %}
 **Be sure to use a correct device as the target in the dd command above (instead of sdX or Harddisk1)**
--- a/InstallationGuideR2B1.md
+++ b/InstallationGuideR2B1.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: InstallationGuideR2B1
-permalink: /wiki/InstallationGuideR2B1/
+permalink: /doc/InstallationGuideR2B1/
 redirect_from: /wiki/InstallationGuideR2B1/
 ---
 Installation Guide (for Qubes Release 2 Beta 1)
@ -27,9 +28,9 @@ Download installer ISO
 See [this page](/wiki/QubesDownloads) for ISO downloads. Remember, we have absolutely no control over those servers, and so you should be assuming that they might be compromised, or just be serving a compromised ISOs because their operators decided so, for whatever reason. Always verify the digital signature on the downloaded ISO. See this [page](/wiki/VerifyingSignatures) for more info about how to download and verify our GPG keys, and then verify the downloaded ISO:
-``` {.wiki}
+{% highlight trac-wiki %}
 gpg -v <iso>.asc
-```
+{% endhighlight %}
 Burning the ISO onto a DVD or USB stick
 ---------------------------------------
@ -38,9 +39,9 @@ Once you verify this is an authentic ISO, you should burn it on a DVD.
 If you prefer to use USB as a source for installation, then you just need to copy the ISO onto the USB device, e.g. using dd:
-``` {.wiki}
+{% highlight trac-wiki %}
 dd if=Qubes-R2-Beta-1-x86_64-DVD.iso of=/dev/sdX
-```
+{% endhighlight %}
 **Be sure to use a correct device as the target in the dd command above (instead of sdX)'''**
@ -74,10 +75,10 @@ Known Issues
 -   On systems with more than 8GB of RAM there is problem with Disposable VM. To fix it, limit maximum memory allocation for DispVM to 3GB
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    qvm-prefs -s fedora-17-x64-dvm maxmem 3072
    qvm-create-default-dvm --default-template --default-script
-    ```
+    {% endhighlight %}
 -   Qubes installer/system won't boot from a USB3-attached disks due to missing modules in initramfs (\#691). Please use USB2 port/device instead for now.
--- a/InstallationGuideR2B2.md
+++ b/InstallationGuideR2B2.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: InstallationGuideR2B2
-permalink: /wiki/InstallationGuideR2B2/
+permalink: /doc/InstallationGuideR2B2/
 redirect_from: /wiki/InstallationGuideR2B2/
 ---
 Installation Guide for Qubes Release 2 Beta 2
@ -27,9 +28,9 @@ Download installer ISO
 See [this page](/wiki/QubesDownloads) for ISO downloads. Remember, we have absolutely no control over those servers, and so you should be assuming that they might be compromised, or just be serving a compromised ISOs because their operators decided so, for whatever reason. Always verify the digital signature on the downloaded ISO. See this [page](/wiki/VerifyingSignatures) for more info about how to download and verify our GPG keys, and then verify the downloaded ISO:
-``` {.wiki}
+{% highlight trac-wiki %}
 gpg -v <iso>.asc
-```
+{% endhighlight %}
 Burning the ISO onto a DVD or USB stick
 ---------------------------------------
@ -38,9 +39,9 @@ Once you verify this is an authentic ISO, you should burn it on a DVD.
 If you prefer to use USB as a source for installation, then you just need to copy the ISO onto the USB device, e.g. using dd:
-``` {.wiki}
+{% highlight trac-wiki %}
 dd if=Qubes-R2-Beta2-x86_64-DVD.iso of=/dev/sdX
-```
+{% endhighlight %}
 **Be sure to use a correct device as the target in the dd command above (instead of sdX)**
--- a/InstallationGuideR2B3.md
+++ b/InstallationGuideR2B3.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: InstallationGuideR2B3
-permalink: /wiki/InstallationGuideR2B3/
+permalink: /doc/InstallationGuideR2B3/
 redirect_from: /wiki/InstallationGuideR2B3/
 ---
 Installation Guide for Qubes Release 2 Beta 3
@ -28,9 +29,9 @@ Download installer ISO
 See [this page](/wiki/QubesDownloads) for ISO downloads. Remember, we have absolutely no control over those servers, and so you should be assuming that they might be compromised, or just be serving a compromised ISOs because their operators decided so, for whatever reason. Always verify the digital signature on the downloaded ISO. See this [page](/wiki/VerifyingSignatures) for more info about how to download and verify our GPG keys, and then verify the downloaded ISO:
-``` {.wiki}
+{% highlight trac-wiki %}
 gpg -v <iso>.asc
-```
+{% endhighlight %}
 Burning the ISO onto a DVD or USB stick
 ---------------------------------------
@ -39,15 +40,15 @@ Once you verify this is an authentic ISO, you should burn it on a DVD.
 If you prefer to use USB as a source for installation, then you just need to copy the ISO onto the USB device, e.g. using dd:
-``` {.wiki}
+{% highlight trac-wiki %}
 dd if=Qubes-R2-Beta3-x86_64-DVD.iso of=/dev/sdX
-```
+{% endhighlight %}
 On windows you can use [this](http://www.chrysocome.net/dd) tool. Example command would be (as Administrator):
-``` {.wiki}
+{% highlight trac-wiki %}
 dd if=Qubes-R2-Beta3-x86_64-DVD.iso of=\\?\Device\Harddisk1\Partition0 bs=1M --size --progress
-```
+{% endhighlight %}
 **Be sure to use a correct device as the target in the dd command above (instead of sdX or Harddisk1)**
--- a/InstallationGuideR2rc1.md
+++ b/InstallationGuideR2rc1.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: InstallationGuideR2rc1
-permalink: /wiki/InstallationGuideR2rc1/
+permalink: /doc/InstallationGuideR2rc1/
 redirect_from: /wiki/InstallationGuideR2rc1/
 ---
 Installation Guide for Qubes Release 2 rc1
@ -27,9 +28,9 @@ Download installer ISO
 See [this page](/wiki/QubesDownloads) for ISO downloads. Remember, we have absolutely no control over those servers, and so you should be assuming that they might be compromised, or just be serving a compromised ISOs because their operators decided so, for whatever reason. Always verify the digital signature on the downloaded ISO. See this [page](/wiki/VerifyingSignatures) for more info about how to download and verify our GPG keys, and then verify the downloaded ISO:
-``` {.wiki}
+{% highlight trac-wiki %}
 gpg -v <iso>.asc
-```
+{% endhighlight %}
 Burning the ISO onto a DVD or USB stick
 ---------------------------------------
@ -38,15 +39,15 @@ Once you verify this is an authentic ISO, you should burn it on a DVD.
 If you prefer to use USB as a source for installation, then you just need to copy the ISO onto the USB device, e.g. using dd:
-``` {.wiki}
+{% highlight trac-wiki %}
 dd if=Qubes-R2-rc1-x86_64-DVD.iso of=/dev/sdX
-```
+{% endhighlight %}
 On windows you can use [this](http://www.chrysocome.net/dd) tool. Example command would be (as Administrator):
-``` {.wiki}
+{% highlight trac-wiki %}
 dd if=Qubes-R2-rc1-x86_64-DVD.iso of=\\?\Device\Harddisk1\Partition0 bs=1M --size --progress
-```
+{% endhighlight %}
 **Be sure to use a correct device as the target in the dd command above (instead of sdX or Harddisk1)**
--- a/InstallationGuideR2rc2.md
+++ b/InstallationGuideR2rc2.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: InstallationGuideR2rc2
-permalink: /wiki/InstallationGuideR2rc2/
+permalink: /doc/InstallationGuideR2rc2/
 redirect_from: /wiki/InstallationGuideR2rc2/
 ---
 Installation Guide for Qubes Release 2 rc2
@ -27,9 +28,9 @@ Download installer ISO
 See [this page](/wiki/QubesDownloads) for ISO downloads. Remember, we have absolutely no control over those servers, and so you should be assuming that they might be compromised, or just be serving a compromised ISOs because their operators decided so, for whatever reason. Always verify the digital signature on the downloaded ISO. See this [page](/wiki/VerifyingSignatures) for more info about how to download and verify our GPG keys, and then verify the downloaded ISO:
-``` {.wiki}
+{% highlight trac-wiki %}
 gpg -v Qubes-R2-rc2-x86_64-DVD.iso.asc
-```
+{% endhighlight %}
 Burning the ISO onto a DVD or USB stick
 ---------------------------------------
@ -38,15 +39,15 @@ Once you verify this is an authentic ISO, you should burn it on a DVD.
 If you prefer to use USB as a source for installation, then you just need to copy the ISO onto the USB device, e.g. using dd:
-``` {.wiki}
+{% highlight trac-wiki %}
 dd if=Qubes-R2-rc2-x86_64-DVD.iso of=/dev/sdX
-```
+{% endhighlight %}
 On windows you can use [this](http://www.chrysocome.net/dd) tool. Example command would be (as Administrator):
-``` {.wiki}
+{% highlight trac-wiki %}
 dd if=Qubes-R2-rc2-x86_64-DVD.iso of=\\?\Device\Harddisk1\Partition0 bs=1M --size --progress
-```
+{% endhighlight %}
 **Be sure to use a correct device as the target in the dd command above (instead of sdX or Harddisk1)**
--- a/InstallationIsoBuilding.md
+++ b/InstallationIsoBuilding.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: InstallationIsoBuilding
-permalink: /wiki/InstallationIsoBuilding/
+permalink: /doc/InstallationIsoBuilding/
 redirect_from: /wiki/InstallationIsoBuilding/
 ---
 How to build Qubes installation ISO
@ -16,10 +17,10 @@ Build installer packages
 Get [Qubes Installer repository](http://git.qubes-os.org/?p=smoku/installer) and build its packages:
-``` {.wiki}
+{% highlight trac-wiki %}
 cd installer
 make rpms
-```
+{% endhighlight %}
 Packages will be in `rpm/noarch` and `rpm/x86_64`.
@ -28,10 +29,10 @@ Install Revisor
 Next install the freshly built revisor and anaconda:
-``` {.wiki}
+{% highlight trac-wiki %}
 yum install rpm/noarch/revisor*.rpm
 yum install rpm/x86_64/anaconda*.rpm
-```
+{% endhighlight %}
 Review configuration files
 --------------------------
@ -67,18 +68,18 @@ The ```build/yum/dom0-updates``` is to be used for select rpms that should also
 Update your local repos:
-``` {.wiki}
+{% highlight trac-wiki %}
 make update-repo
-```
+{% endhighlight %}
 Build ISO
 ---------
 Now you're finally ready to build the ISO image:
-``` {.wiki}
+{% highlight trac-wiki %}
 make iso
-```
+{% endhighlight %}
 and wait...
--- a/KdeDom0.md
+++ b/KdeDom0.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: KdeDom0
-permalink: /wiki/KdeDom0/
+permalink: /doc/KdeDom0/
 redirect_from: /wiki/KdeDom0/
 ---
 Qubes-customized KDE packages for Dom0
@ -12,9 +13,9 @@ The Qubes kde-dom0 project (see [Source Code](/wiki/SourceCode)) contains the so
 Getting the sources
 -------------------
-``` {.wiki}
+{% highlight trac-wiki %}
 git clone git://qubes-os.org/mainstream/kde-dom0.git kde-dom0
-```
+{% endhighlight %}
 Building the packages
 ---------------------
@ -23,27 +24,27 @@ It's best to use Fedora 12 or 13 as a development system.
 First, you should download and verify the original KDE sources (not part of the kde-dom0 repository):
-``` {.wiki}
+{% highlight trac-wiki %}
 make get-sources verify-sources
-```
+{% endhighlight %}
 Now, check if you have all the required build dependencies:
-``` {.wiki}
+{% highlight trac-wiki %}
 make prep
-```
+{% endhighlight %}
 Install any required packages that `make` might have complained about. Then you're ready to build the rpms (you might want to adjust the release of each rpm package by editing the `rel` variable at the beginning of each `.spec` file):
-``` {.wiki}
+{% highlight trac-wiki %}
 make rpms
-```
+{% endhighlight %}
 **Note:** The `kdebase-*` packages build process requires corresponding `kdelibs-devel` package to be installed first. If your build system is based on Fedora 12/13, and if the `kdelibs-devel` package exist in Fedora repo that is based the same KDE software version (e.g. 4.4.3) as the KDE packages you're building (see the `version` file), than you should be able to use the Fedora package:
-``` {.wiki}
+{% highlight trac-wiki %}
 yum install kdelibs-devel-{version}
-```
+{% endhighlight %}
 If not, then you should build your `kdelibs-devel` first (`cd kdelibs-devel && make rpms`), then install it on your build system, and then you can build all the rest (`make rpms`).
--- a/LanguageLocalization.md
+++ b/LanguageLocalization.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: LanguageLocalization
-permalink: /wiki/LanguageLocalization/
+permalink: /doc/LanguageLocalization/
 redirect_from: /wiki/LanguageLocalization/
 ---
 For digiting with special alphabets, please see this [thread](https://groups.google.com/forum/#!searchin/qubes-users/languge/qubes-users/VcNPlhdgVQM/iF9PqSzayacJ)
--- a/LinuxHVMTips.md
+++ b/LinuxHVMTips.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: LinuxHVMTips
-permalink: /wiki/LinuxHVMTips/
+permalink: /doc/LinuxHVMTips/
 redirect_from: /wiki/LinuxHVMTips/
 ---
 Tips for Linux in HVM domain
@ -19,24 +20,24 @@ To achieve it (all commands run as root):
 1.  Generate XOrg configuratio (if you don't have it):
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    X -configure :1 && mv ~/xorg.conf.new /etc/X11/xorg.conf
-    ```
+    {% endhighlight %}
 2.  Add [HorizSync?](/wiki/HorizSync) line to Monitor section, it should look something like:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    Section "Monitor"
            Identifier   "Monitor0"
            VendorName   "Monitor Vendor"
            ModelName    "Monitor Model"
            HorizSync    30.0 - 60.0
    EndSection
-    ```
+    {% endhighlight %}
 3.  Change driver to "vesa" in Device section:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    Section "Device"
            # (...)
            Identifier  "Card0"
@ -45,7 +46,7 @@ To achieve it (all commands run as root):
            BoardName   "Unknown Board"
            BusID       "PCI:0:2:0"
    EndSection
-    ```
+    {% endhighlight %}
 Now you should get at least 1280x1024 and be able to choose other modes.
--- a/ManagingAppVmShortcuts.md
+++ b/ManagingAppVmShortcuts.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: ManagingAppVmShortcuts
-permalink: /wiki/ManagingAppVmShortcuts/
+permalink: /doc/ManagingAppVmShortcuts/
 redirect_from: /wiki/ManagingAppVmShortcuts/
 ---
 Managing shortcuts to applications in AppVMs
--- a/Mutt.md
+++ b/Mutt.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Mutt
-permalink: /wiki/Mutt/
+permalink: /doc/Mutt/
 redirect_from: /wiki/Mutt/
 ---
 Mutt
@ -25,7 +26,7 @@ Mutt generally works out of the box. This configuration guide discusses only Qub
 First, paste this to `/etc/Muttrc.local` in TemplateVM:
-``` {.wiki}
+{% highlight trac-wiki %}
 # specify your key or override in ~/.mutt/muttrc in AppVM
 set pgp_sign_as="0xDEADBEEF"
@ -93,11 +94,11 @@ send-hook "~A" set pgp_autoinline=no crypt_autoencrypt=no
 send-hook "~t @invisiblethingslab\.com" set crypt_autoencrypt=yes
 # vim:ft=muttrc
-```
+{% endhighlight %}
 Then shutdown your TemplateVM. Next open your AppVM, create file `/home/user/.mutt/muttrc` and adjust for your needs:
-``` {.wiki}
+{% highlight trac-wiki %}
 #
 # accounts
 #
@ -122,11 +123,11 @@ subscribe (qubes-(users|devel)|othergroup)@googlegroups\.com
 fcc-save-hook qubes-users@googlegroups\.com =list/qubes-users/
 fcc-save-hook qubes-devel@googlegroups\.com =list/qubes-devel/
 fcc-save-hook othergroup@googlegroups\.com =list/othergroup/
-```
+{% endhighlight %}
 You may also create `/home/user/.signature`:
-``` {.wiki}
+{% highlight trac-wiki %}
 regards,
 Wojciech Porczyk
-```
+{% endhighlight %}
--- a/NetworkBridgeSupport.md
+++ b/NetworkBridgeSupport.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: NetworkBridgeSupport
-permalink: /wiki/NetworkBridgeSupport/
+permalink: /doc/NetworkBridgeSupport/
 redirect_from: /wiki/NetworkBridgeSupport/
 ---
 Network Bridge Support (EXPERIMENTAL and UNSUPPORTED)
@ -21,20 +22,20 @@ Qubes manager patch (Qubes R2B2)
 The following patches can be applied to the Qubes Manager GUI in order to add an option to easily bridge a VM. Use it at your own risk. If the patch breaks the Qubes Manager, you can try to restore the qubes packages:
-``` {.wiki}
+{% highlight trac-wiki %}
 # qubes-dom-update qubes-core-dom0 qubes-manager
 # yum reinstall qubes-core-dom0
 # yum reinstall qubes-manager
-```
+{% endhighlight %}
 First, retrieve the attachment of this Wifi article in dom0. Then apply the three patches the following way after installing the patch tool :
-``` {.wiki}
+{% highlight trac-wiki %}
 # qubes-dom0-update patch
 # patch /usr/lib64/python2.7/site-package/qubes/qubes.py < qubes.py-bridge.diff
 # patch /usr/lib64/python2.7/site-package/qubesmanager/settings.py < settings.py-bridge.diff
 # patch /usr/lib64/python2.7/site-package/qubesmanager/ui_settingsdlg.py < ui_settingsdlg.py-bridge.diff
-```
+{% endhighlight %}
 Finally restart the qubes manager GUI.
@ -49,7 +50,7 @@ Modify manually the Template you use for your NetVM (not the NetVM itself). This
 -   Starting from the line -A POSTROUTING -j MASQUERADE that you need to comment :
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    # Bridge support
    # Comment the following line
    #-A POSTROUTING -j MASQUERADE
@ -58,26 +59,26 @@ Modify manually the Template you use for your NetVM (not the NetVM itself). This
    # Allow redirection of bridge packets (optional as POSTROUTING default is ACCEPT)
    #-A POSTROUTING -o bridge+ -j ACCEPT
    # End Bridge support
-    ```
+    {% endhighlight %}
 -   Starting from the line -A FORWARD -i vif+ -j ACCEPT:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    -A FORWARD -i vif+ -o vif+ -j DROP
    -A FORWARD -i vif+ -j ACCEPT
    # Bridge Support
    -A FORWARD -i bridge+ -j ACCEPT
    # End Bridge Support
    -A FORWARD -j DROP
-    ```
+    {% endhighlight %}
 Ensure that the IP addresses used by default in qubes are in the form 10.137.1.\* or 10.137.2.\* by running ifconfig. Of course, this setup won't work with IPv6.
 Now you need to restart the NetVM and FirewallVM or only iptables in both VMs if you prefer:
-``` {.wiki}
+{% highlight trac-wiki %}
 # systemctl restart iptables
-```
+{% endhighlight %}
 Create a Bridge inside the NetVM
 --------------------------------
@ -95,7 +96,7 @@ The bridge edition GUI is somehow buggy as it does not remember all the paramete
 -   Bridge-DHCP
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    [connection]
    id=Bridge-DHCP
    uuid=fd68198b-313a-47cb-9155-52e95cdc67f3
@ -112,13 +113,13 @@ The bridge edition GUI is somehow buggy as it does not remember all the paramete
    [bridge]
    interface-name=bridge0
    stp=false
-    ```
+    {% endhighlight %}
 Note: Do not forget to put stp=false if you bridge only eth0 because sending BPDUs could make your admins angry :)
 -   bridge0-eth0
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    [802-3-ethernet]
    duplex=full
    mac-address=88:AE:1D:AE:30:31
@ -131,12 +132,12 @@ Note: Do not forget to put stp=false if you bridge only eth0 because sending BPD
    timestamp=1363601650
    master=fd68198b-313a-47cb-9155-52e95cdc67f3
    slave-type=bridge
-    ```
+    {% endhighlight %}
 If you do not manager to start your bridge, you can start it manually from a NetVM terminal:
-``` {.wiki}
+{% highlight trac-wiki %}
 $ nmcli con up id bridge0-eth0
-```
+{% endhighlight %}
 Now that the bridge is ready, the bridged AppVM can be started...
--- a/NetworkPrinter.md
+++ b/NetworkPrinter.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: NetworkPrinter
-permalink: /wiki/NetworkPrinter/
+permalink: /doc/NetworkPrinter/
 redirect_from: /wiki/NetworkPrinter/
 ---
 Configuring a network printer for Qubes AppVMs
--- a/NvidiaTroubleshooting.md
+++ b/NvidiaTroubleshooting.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: NvidiaTroubleshooting
-permalink: /wiki/NvidiaTroubleshooting/
+permalink: /doc/NvidiaTroubleshooting/
 redirect_from: /wiki/NvidiaTroubleshooting/
 ---
 NVidia Troubleshooting Guide
@ -21,15 +22,15 @@ Assuming your X Window System works fine now when you booted from the "failsafe"
 1.  Switch to runlevel 3 (this should kill your X server):
-``` {.wiki}
+{% highlight trac-wiki %}
 init 3
-```
+{% endhighlight %}
 1.  Run X-autoconfiguration:
-``` {.wiki}
+{% highlight trac-wiki %}
 Xorg -configure
-```
+{% endhighlight %}
 This should generate a file `xorg.conf.new` in the `/root` directory.
@ -39,29 +40,29 @@ In most cases you can ignore any warning or error messages displayed by the X se
 -   Uncomment the ShadowFB option, so that you should now have something like this:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    Option     "ShadowFB"                   # [<bool>]
-    ```
+    {% endhighlight %}
 -   Change the driver name to `nouveau` (you will probably have `nv` written there):
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    Driver      "nouveau"
-    ```
+    {% endhighlight %}
 Save the modification, exit the editor.
 1.  Move the file to `/etc/X11` and rename it as `xorg.conf`:
-``` {.wiki}
+{% highlight trac-wiki %}
 mv /root/xorg.conf.new /etc/X11/xorg.conf
-```
+{% endhighlight %}
 1.  Verify that X will work with those new settings:
-``` {.wiki}
+{% highlight trac-wiki %}
 xinit
-```
+{% endhighlight %}
 If you see a terminal window in the top left corner, it means you most likely succeeded, even if your keyboard or mouse do not work now (don't worry about them).
--- a/OutOfmemory.md
+++ b/OutOfmemory.md
@ -1,25 +1,26 @@
 ---
-layout: wiki
+layout: doc
 title: OutOfmemory
-permalink: /wiki/OutOfmemory/
+permalink: /doc/OutOfmemory/
 redirect_from: /wiki/OutOfmemory/
 ---
 VMs specially templates use disk space. Also default private storage max size is 2 GB, but it is very easy to increase it as required. In case you use all disk space you get the Out of disk space error that may crash your system because also Dom0 does not have enough disk space to work.
 So it is a good practice to regularly check disk space usage with command
-``` {.wiki}
+{% highlight trac-wiki %}
 df
-```
+{% endhighlight %}
 in dom0 terminal.
 A system in out of space condition should be able to boot, but may be unable to load a desktop manager. In this case it is possible to login to dom0 terminal with Alt + Ctrl + F2. To recover disk space it may be possible to delete files in a userVM connecting to the userVM terminal:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-start <VMname>
 sudo xl console <VMname>
-```
+{% endhighlight %}
 If this does not work, check the size of /var/lib/qubes/qubes.xml. If it is zero, you'll need to use one of the file backup (stored in /var/lib/qubes/backup), hopefully you have the current data there. Find the most recent one and place in /var/lib/qubes/qubes.xml instead of the empty file.
@ -27,25 +28,25 @@ In any case you'll need some disk space to start the VM. Check "df" output if yo
 1.  Clean yum cache:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo yum clean all
-```
+{% endhighlight %}
 1.  Delete .img files of a less important VM, that can be found in
 /var/lib/qubes/appvms/. Then, when the system is working again, cleanup the rest with:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-remove <VMname>
-```
+{% endhighlight %}
 With this method you lose one VM data, but it'll more securely work.
 1.  Decrease filesystem safety margin (5% by default):
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo tune2fs -m 4 /dev/mapper/vg_dom0-lv_root
-```
+{% endhighlight %}
 1.  Remove some unneeded files in dom0 home (if you have one, most likely no).
--- a/Postfix.md
+++ b/Postfix.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Postfix
-permalink: /wiki/Postfix/
+permalink: /doc/Postfix/
 redirect_from: /wiki/Postfix/
 ---
 Postfix
@ -21,9 +22,9 @@ Configuration
 In TemplateVM open `/etc/aliases` and add line:
-``` {.wiki}
+{% highlight trac-wiki %}
 root: user
-```
+{% endhighlight %}
 and run `newaliases`.
@ -35,7 +36,7 @@ Now shutdown TemplateVM, start AppVM. Create directory `/usr/local/etc/postfix`
 Postfix keeps its lookup tables in bdb hash databases. They need to be compiled from source files. Postfix admins like to keep track of them by means of `/usr/local/etc/postfix/Makefile`:
-``` {.wiki}
+{% highlight trac-wiki %}
 all: $(addsuffix .db,$(shell sed -n -e '/^[^#].*hash:\/etc\/postfix/s:.*/::p' main.cf))
    newaliases
 clean:
@ -44,13 +45,13 @@ clean:
 %.db: %
    /usr/sbin/postmap hash:$<
-```
+{% endhighlight %}
 ### Postfix main configuration
 `/usr/local/etc/postfix/main.cf` (`/etc/postfix` is intentional, don't correct it):
-``` {.wiki}
+{% highlight trac-wiki %}
 mydestination = $myhostname, $myhostname.$mydomain, $myhostname.localdomain, localhost, localhost.$mydomain, localhost.localdomain, $mydomain, localdomain
 mynetworks_style = host
@ -83,36 +84,36 @@ sendmail_path = /usr/sbin/sendmail
 newaliases_path = /usr/bin/newaliases
 mailq_path = /usr/bin/mailq
 alias_maps = hash:/etc/aliases
-```
+{% endhighlight %}
 ### Lookup tables
 `/usr/local/etc/postfix/generic` (put there your primary address):
-``` {.wiki}
+{% highlight trac-wiki %}
@localhost your.mail@example.com
-```
+{% endhighlight %}
 `/usr/local/etc/postfix/sender_relay`. This is important file. Put there all your SMTP servers. Pay attention to port (smtp/submission). Square brackets have their special meaning, they are almost certainly needed. For more info consult Postfix manual.
-``` {.wiki}
+{% highlight trac-wiki %}
 your.mail@exmaple.com         [mail.example.com]:submission
 your.other@mail.com         [smtp.mail.com]:smtp
-```
+{% endhighlight %}
 `/usr/local/etc/postfix/saslpass`. Here you put passwords to abovementioned servers. It depends on provider if you need to put whole email as username or just the part before `@`.
-``` {.wiki}
+{% highlight trac-wiki %}
 [mail.example.com]:submission     your.mail:y0urP4ssw0rd
 [smtp.mail.com]:smtp            your.other@mail.com:supers3cret
-```
+{% endhighlight %}
 `/usr/local/etc/postfix/sender_access`. I use it to nullroute known spam domains. If you do not need it, comment respective line in `main.cf`.
-``` {.wiki}
+{% highlight trac-wiki %}
 spamdomain1.com       DISCARD
 spamdomain2.com     DISCARD
-```
+{% endhighlight %}
 Now run `make` in `/usr/local/etc/postfix`. It will hopefully compile four abovementioned lookup tables (`generic.db`, `sender_relay.db`, `saslpass.db` and `sender_access`).
@ -120,7 +121,7 @@ Now run `make` in `/usr/local/etc/postfix`. It will hopefully compile four above
 Don't start postfix or fetchmail yet, first create `/home/user/.procmailrc`:
-``` {.wiki}
+{% highlight trac-wiki %}
 MAILDIR = "${HOME}/.maildir"
 ORGMAIL = "${MAILDIR}/"
 DEFAULT = "${MAILDIR}/"
@ -132,18 +133,18 @@ list/qubes-users/
 :0
 * ^List-Id:.*qubes-devel\.googlegroups\.com
 list/qubes-devel/
-```
+{% endhighlight %}
 Run
 ---
 Open `/rw/config/rc.local` and add those two lines (before fetchmail lines, if you have them):
-``` {.wiki}
+{% highlight trac-wiki %}
 #!/bin/sh
 mount --bind /usr/local/etc/postfix /etc/postfix
 systemctl --no-block start postfix
-```
+{% endhighlight %}
 Reboot your AppVM and you are done.
--- a/Profiling.md
+++ b/Profiling.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Profiling
-permalink: /wiki/Profiling/
+permalink: /doc/Profiling/
 redirect_from: /wiki/Profiling/
 ---
 Profiling
@ -14,17 +15,17 @@ For the purpose of this document, `qubes-dev` is name of the domain used for pos
 Requirements
 ------------
-``` {.wiki}
+{% highlight trac-wiki %}
 yum install gprof2dot graphviz
 git clone http://git.woju.eu/qubes/profiling.git
-```
+{% endhighlight %}
 If you profile something on dom0, move `Upload.sh` from repository to dom0:
-``` {.wiki}
+{% highlight trac-wiki %}
 mkdir -p ~/profiling
 qvm-run -p qubes-dev 'cat ~/profiling/Upload.sh' > ~/profiling/Upload.sh
-```
+{% endhighlight %}
 -   WARNING: this will obviously be running third party code which is not signed by ITL nor Fedora. You have been warned.
@ -61,28 +62,28 @@ Remember to revert your changes to application afterwards.
 If you are in dom0:
-``` {.wiki}
+{% highlight trac-wiki %}
 cd ~/profiling
 ./Upload.sh
-```
+{% endhighlight %}
 ### Analyse
-``` {.wiki}
+{% highlight trac-wiki %}
 make
-```
+{% endhighlight %}
 For every `${basename}.pstats` this will produce `${basename}.txt` and `${basename}.svg`. SVG contains call graph. Text file contains list of all functions sorted by cumulative execution time. You may also try `make all-png`.
-``` {.wiki}
+{% highlight trac-wiki %}
 make index.html
-```
+{% endhighlight %}
 This creates `index.html` with all SVG graphics linked to TXT files. Ready for upload.
-``` {.wiki}
+{% highlight trac-wiki %}
 make REMOTE=example.com:public_html/qubes/profiling/ upload
-```
+{% endhighlight %}
 Example
 -------
--- a/Propaganda.md
+++ b/Propaganda.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Propaganda
-permalink: /wiki/Propaganda/
+permalink: /doc/Propaganda/
 redirect_from: /wiki/Propaganda/
 ---
 Qubes Propaganda Page
--- a/Qfilecopy.md
+++ b/Qfilecopy.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Qfilecopy
-permalink: /wiki/Qfilecopy/
+permalink: /doc/Qfilecopy/
 redirect_from: /wiki/Qfilecopy/
 ---
 InterVM file copy design
--- a/Qfileexchgd.md
+++ b/Qfileexchgd.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Qfileexchgd
-permalink: /wiki/Qfileexchgd/
+permalink: /doc/Qfileexchgd/
 redirect_from: /wiki/Qfileexchgd/
 ---
 **This mechanism is obsolete as of Qubes Beta 1!**
--- a/Qmemman.md
+++ b/Qmemman.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Qmemman
-permalink: /wiki/Qmemman/
+permalink: /doc/Qmemman/
 redirect_from: /wiki/Qmemman/
 ---
 qmemman, Qubes memory manager
--- a/Qrexec.md
+++ b/Qrexec.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Qrexec
-permalink: /wiki/Qrexec/
+permalink: /doc/Qrexec/
 redirect_from: /wiki/Qrexec/
 ---
 Command execution in VM (and Qubes RPC)
@ -18,9 +19,9 @@ Typically, the first thing that a `qrexec-client` instance does is to send a req
 E.g. to start a primitive shell in a VM type the following in Dom0 console:
-``` {.wiki}
+{% highlight trac-wiki %}
 [user@dom0 ~]$ /usr/lib/qubes/qrexec-client -d <vm name> user:bash
-```
+{% endhighlight %}
 The string before first semicolon specifies what user to run the command as.
@ -64,9 +65,9 @@ In dom0, there is a bunch of files in `/etc/qubes-rpc/policy/` directory, whose
 These files contain lines with the following format:
-``` {.wiki}
+{% highlight trac-wiki %}
 srcvm destvm (allow|deny|ask)[,user=user_to_run_as][,target=VM_to_redirect_to]
-```
+{% endhighlight %}
 You can specify `srcvm` and `destvm` by name, or by one of `$anyvm`, `$dispvm`, `dom0` reserved keywords (note string `dom0` does not match the `$anyvm` pattern; all other names do). Only `$anyvm` keyword makes sense in the `srcvm` field (service calls from dom0 are currently always allowed, `$dispvm` means "new VM created for this particular request" - so it is never a source of request). Currently there is no way to specify source VM by type, but this is planned for Qubes R3.
@ -79,9 +80,9 @@ Requesting VM-VM (and VM-Dom0) services execution
 On src VM, one should invoke the qrexec client via the follwing command:
-``` {.wiki}
+{% highlight trac-wiki %}
 /usr/lib/qubes/qrexec-client-vm <target vm name> <service name> <local program path> [local program arguments]`
-```
+{% endhighlight %}
 Note that only stdin/stdout is passed between RPC server and client - notably, no cmdline argument are passed.
@ -102,9 +103,9 @@ Qubes RPC policy supports the "ask" action. This will prompt the user whether a
 In order to remove such authorization, issue this command from a Dom0 terminal (example below for qubes.Filecopy service):
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo nano /etc/qubes-rpc/policy/qubes.Filecopy
-```
+{% endhighlight %}
 and then remove the first line/s (before the first \#\# comment) which are the "Yes to All" results.
@ -114,37 +115,37 @@ We will show the necessary files to create a simple RPC call that adds two integ
 -   Client code on source VM (`/usr/bin/our_test_add_client`)
-``` {.wiki}
+{% highlight trac-wiki %}
 #!/bin/sh
 echo $1 $2    # pass data to rpc server
 exec cat >&$SAVED_FD_1 # print result to the original stdout, not to the other rpc endpoint
-```
+{% endhighlight %}
 -   Server code on target VM (`/usr/bin/our_test_add_server`)
-``` {.wiki}
+{% highlight trac-wiki %}
 #!/bin/sh
 read arg1 arg2 # read from stdin, which is received from the rpc client
 echo $(($arg1+$arg2)) # print to stdout - so, pass to the rpc client
-```
+{% endhighlight %}
 -   Policy file in dom0 (`/etc/qubes-rpc/policy/test.Add`)
-``` {.wiki}
+{% highlight trac-wiki %}
 $anyvm $anyvm ask
-```
+{% endhighlight %}
 -   Server path definition on target VM (`/etc/qubes-rpc/test.Add`)
-``` {.wiki}
+{% highlight trac-wiki %}
 /usr/bin/our_test_add_server
-```
+{% endhighlight %}
 -   To test this service, run the following in the source VM:
-``` {.wiki}
+{% highlight trac-wiki %}
 /usr/lib/qubes/qrexec-client-vm <target VM> test.Add /usr/bin/our_test_add_client 1 2
-```
+{% endhighlight %}
 and we should get "3" as answer, provided dom0 policy allows the call to pass through, which would happen after we click "Yes" in the popup that should appear after the invocation of this command. If we changed the policy from "ask" to "allow", then no popup should be presented, and the call will always be allowed.
--- a/Qrexec2Implementation.md
+++ b/Qrexec2Implementation.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Qrexec2Implementation
-permalink: /wiki/Qrexec2Implementation/
+permalink: /doc/Qrexec2Implementation/
 redirect_from: /wiki/Qrexec2Implementation/
 ---
 Implementation of qrexec in Qubes R2
--- a/Qrexec3.md
+++ b/Qrexec3.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Qrexec3
-permalink: /wiki/Qrexec3/
+permalink: /doc/Qrexec3/
 redirect_from: /wiki/Qrexec3/
 ---
 Command execution in VM (and Qubes RPC)
@ -86,37 +87,37 @@ We will show the necessary files to create rpc call that adds two integers on th
 -   rpc client code (*/usr/bin/our\_test\_add\_client*)
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    #!/bin/sh
    echo $1 $2    # pass data to rpc server
    exec cat >&$SAVED_FD_1 # print result to the original stdout, not to the other rpc endpoint
-    ```
+    {% endhighlight %}
 -   rpc server code (*/usr/bin/our\_test\_add\_server*)
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    #!/bin/sh
    read arg1 arg2 # read from stdin, which is received from the rpc client
    echo $(($arg1+$arg2)) # print to stdout - so, pass to the rpc client
-    ```
+    {% endhighlight %}
 -   policy file in dom0 (*/etc/qubes-rpc/policy/test.Add* )
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    $anyvm $anyvm ask
-    ```
+    {% endhighlight %}
 -   server path definition ( */etc/qubes-rpc/test.Add*)
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    /usr/bin/our_test_add_server
-    ```
+    {% endhighlight %}
 -   invoke rpc via
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    /usr/lib/qubes/qrexec-client-vm target_vm test.Add /usr/bin/our_test_add_client 1 2
-    ```
+    {% endhighlight %}
 and we should get "3" as answer, after dom0 allows it.
--- a/Qrexec3Implementation.md
+++ b/Qrexec3Implementation.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: Qrexec3Implementation
-permalink: /wiki/Qrexec3Implementation/
+permalink: /doc/Qrexec3Implementation/
 redirect_from: /wiki/Qrexec3Implementation/
 ---
 Implementation of qrexec in Qubes R3
@ -65,21 +66,21 @@ Qrexec protocol details
 Qrexec protocol is message-based. All messages share a common header followed by an optional data packet.
-``` {.wiki}
+{% highlight trac-wiki %}
 /* uniform for all peers, data type depends on message type */
 struct msg_header {
   uint32_t type;           /* message type */
   uint32_t len;            /* data length */
 };
-```
+{% endhighlight %}
 When two peers establish connection, the server sends `MSG_HELLO` followed by `peer_info` struct:
-``` {.wiki}
+{% highlight trac-wiki %}
 struct peer_info {
   uint32_t version; /* qrexec protocol version */
 };
-```
+{% endhighlight %}
 The client then should reply with its own `MSG_HELLO` and `peer_info`. If protocol versions don't match, the connection is closed. TODO: fallback for backwards compatibility, don't do handshake in the same domain?.
@ -100,14 +101,14 @@ Details of all possible use cases and the messages involved are described below.
 -   **dom0**: `qrexec-client` replies with `MSG_HELLO` header followed by `peer_info` to `qrexec-daemon`.
 -   **dom0**: `qrexec-client` sends `MSG_EXEC_CMDLINE` header followed by `exec_params` to `qrexec-daemon`
-    ``` {.wiki}
+    {% highlight trac-wiki %}
     /* variable size */
     struct exec_params {
        uint32_t connect_domain; /* target domain id */
        uint32_t connect_port;   /* target vchan port for i/o exchange */
        char cmdline[0];         /* command line to execute, size = msg_header.len - sizeof(struct exec_params) */
     };
-    ```
+    {% endhighlight %}
    In this case, `connect_domain` and `connect_port` are set to 0.
@ -132,7 +133,7 @@ Details of all possible use cases and the messages involved are described below.
 -   **domY**: `qrexec-client-vm` connects to `qrexec-agent` (via local socket/named pipe).
 -   **domY**: `qrexec-client-vm` sends `trigger_service_params` data to `qrexec-agent` (without filling the `request_id` field):
-    ``` {.wiki}
+    {% highlight trac-wiki %}
     struct trigger_service_params {
        char service_name[64];
        char target_domain[32];
@ -142,7 +143,7 @@ Details of all possible use cases and the messages involved are described below.
     struct service_params {
        char ident[32];
    };
-    ```
+    {% endhighlight %}
 -   **domY**: `qrexec-agent` allocates a locally-unique (for this domain) `request_id` (let's say `13`) and fills it in the `trigger_service_params` struct received from `qrexec-client-vm`.
 -   **domY**: `qrexec-agent` sends `MSG_TRIGGER_SERVICE` header followed by `trigger_service_params` to `qrexec-daemon` in **dom0** via vchan.
@ -158,14 +159,14 @@ Details of all possible use cases and the messages involved are described below.
 -   **dom0**: `qrexec-client` replies with `MSG_HELLO` header followed by `peer_info` to **domX**'s`qrexec-daemon`.
 -   **dom0**: `qrexec-client` sends `MSG_EXEC_CMDLINE` header followed by `exec_params` to **domX**'s`qrexec-daemon`
-    ``` {.wiki}
+    {% highlight trac-wiki %}
     /* variable size */
     struct exec_params {
        uint32_t connect_domain; /* target domain id */
        uint32_t connect_port;   /* target vchan port for i/o exchange */
        char cmdline[0];         /* command line to execute, size = msg_header.len - sizeof(struct exec_params) */
     };
-    ```
+    {% endhighlight %}
    In this case, `connect_domain` is set to id of **domY** (from the `-c` parameter) and `connect_port` is set to 0. `cmdline` field contains the RPC to execute, in this case `user:QUBESRPC qubes.SomeRpc domY`.
--- a/QubesArchitecture.md
+++ b/QubesArchitecture.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QubesArchitecture
-permalink: /wiki/QubesArchitecture/
+permalink: /doc/QubesArchitecture/
 redirect_from: /wiki/QubesArchitecture/
 ---
 Qubes Architecture Overview
--- a/QubesBuilder.md
+++ b/QubesBuilder.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QubesBuilder
-permalink: /wiki/QubesBuilder/
+permalink: /doc/QubesBuilder/
 redirect_from: /wiki/QubesBuilder/
 ---
 Building Qubes from scratch
@ -21,15 +22,15 @@ In order to use it one should use an rpm-based distro, like Fedora :) and should
 Unusually one can install those packages by just issuing:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo yum install git createrepo rpm-build make wget rpmdevtools pandoc
-```
+{% endhighlight %}
 The build system creates build environments in chroots and so no other packages are needed on the host. All files created by the build system are contained within the qubes-builder directory. The full build requires some 25GB of free space, so keep that in mind when deciding where to place this directory.
 The build system is configured via builder.conf file -- one should copy the attached builder.conf.default, and modify it as needed, e.g.:
-``` {.wiki}
+{% highlight trac-wiki %}
 cp builder.conf.default builder.conf 
 # edit the builder.conf file and set the following variables: 
 # (make sure to leave no spaces around '=' sign!) 
@ -39,23 +40,23 @@ NO_SIGN=1
 # and VMs is fc18 so if you want to build Qubes 2
 DIST_DOM0=fc18
 DISTS_VM=fc18
-```
+{% endhighlight %}
 One additional useful requirement is that 'sudo root' work without any prompt, which is default on most distros (e.g. 'sudo bash' brings you the root shell without asking for any password). This is important as the builder needs to switch to root and then back to user several times during the build process.
 Additionally, if building with signing enabled (so NO\_SIGN is not set), one must adjust \~/.rpmmacro file so that it point to the GPG key used for package signing, e.g.:
-``` {.wiki}
+{% highlight trac-wiki %}
 %_signature gpg
 %_gpg_path /home/user/.gnupg
 %_gpg_name AC1BF9B3  # <-- Key ID used for signing
-```
+{% endhighlight %}
 It is also recommended to use an empty passphrase for the private key used for signing. Contrary to a popular belief, this doesn't affect your key or sources security -- if somebody compromised your system, then the game is over, whether you use additional passphrase for the key or not.
 So, to build Qubes one would do:
-``` {.wiki}
+{% highlight trac-wiki %}
 # Import the Qubes master key 
 gpg --recv-keys 0x36879494 
@ -85,15 +86,15 @@ make qubes
 # ... and then to build the ISO 
 make iso 
-```
+{% endhighlight %}
 And this should produce a shiny new ISO.
 You can also build selected component separately. Eg. to compile only gui virtualization agent/daemon:
-``` {.wiki}
+{% highlight trac-wiki %}
 make gui-daemon
-```
+{% endhighlight %}
 Full list you can get from make help. For advanced use and preparing sources for use with [QubesBuilder](/wiki/QubesBuilder) take a look at [QubesBuilderDetails](/wiki/QubesBuilderDetails) page.
@ -108,39 +109,39 @@ If you want to somehow modify sources, you can also do it, here are some basic s
 2.  Edit builder.conf (still the same as above), some useful additions:
    -   As time of writing this, the default is fc15, but latest supported is fc17, so switch to newer one
-        ``` {.wiki}
+        {% highlight trac-wiki %}
        DISTS_VM="fc17"
-        ```
+        {% endhighlight %}
    -   You can also set GIT\_SUBDIR="marmarek" to use my repo instead of "mainstream" - it contains newer (but less tested) versions
 1.  Download unmodified sources
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    make get-sources
-    ```
+    {% endhighlight %}
 1.  **Make your modifications here**
 1.  Build the Qubes
     `make qubes` actually is just meta target which build all required components in correct order
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    grep ^qubes: Makefile
    qubes: get-sources xen core kernel gui addons docs template kde-dom0 installer qubes-manager dom0-updates sign-all
-    ```
+    {% endhighlight %}
 > `get-sources` is already done, so continue with the next one. You can skip `sign-all` if you've disabled signing
 >
-> ``` {.wiki}
+> {% highlight trac-wiki %}
 > make xen core kernel gui addons docs template kde-dom0 installer qubes-manager dom0-updates
-> ```
+> {% endhighlight %}
 1.  build iso installation image
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    make iso
-    ```
+    {% endhighlight %}
 ### Non-default git branches
@ -148,24 +149,24 @@ If you want to somehow modify sources, you can also do it, here are some basic s
 You can use above tool to build Qubes with some components modified. Besides manual source modification, it is possible to use non-default git repositories, or just another branches. For example to try (**unofficial, not supported**) configuration with newer kernel and xorg server, you can add to builder.conf:
-``` {.wiki}
+{% highlight trac-wiki %}
 GIT_SUBDIR="marmarek"
 BRANCH_kernel=devel-3.4
 BRANCH_dom0_updates=devel/xserver-1.12
 # NO_SIGN=1 can also be useful
-```
+{% endhighlight %}
 before doing "make qubes". If you built anything before this modification, you should remove qubes-src directory first to fetch the sources again (this will also remove packages compiled before). Above devel/xserver-1.12 branch require some modification of Makefile in qubes-builder. Find dom0-updates target and replace it with:
-``` {.wiki}
+{% highlight trac-wiki %}
 dom0-updates:
        MAKE_TARGET="stage0" ./build.sh $(DIST_DOM0) dom0-updates
        MAKE_TARGET="stage1" ./build.sh $(DIST_DOM0) dom0-updates
        MAKE_TARGET="stage2" ./build.sh $(DIST_DOM0) dom0-updates
        MAKE_TARGET="stage3" ./build.sh $(DIST_DOM0) dom0-updates
        MAKE_TARGET="stage4" ./build.sh $(DIST_DOM0) dom0-updates
-```
+{% endhighlight %}
 Then you can build qubes as usual.
@ -185,11 +186,11 @@ Code verification keys management
 [QubesBuilder](/wiki/QubesBuilder) by default verifies signed tags on every downloaded code. Public keys used for that are stored in `keyrings/git`. By default Qubes developers' keys are imported automatically, but if you need some additional keys (for example your own), you can add them using:
-``` {.wiki}
+{% highlight trac-wiki %}
 GNUPGHOME=$PWD/keyrings/git gpg --import /path/to/key.asc
 GNUPGHOME=$PWD/keyrings/git gpg --edit-key ID_OF_JUST_IMPORTED_KEY
 # here use "trust" command to set key fully or ultimately trusted - only those keys are accepted by QubesBuilder
-```
+{% endhighlight %}
 All Qubes developers' keys are signed by the Qubes Master Signing Key (which is set as ultimately trusted key), so are trusted automatically.
--- a/QubesBuilderDetails.md
+++ b/QubesBuilderDetails.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QubesBuilderDetails
-permalink: /wiki/QubesBuilderDetails/
+permalink: /doc/QubesBuilderDetails/
 redirect_from: /wiki/QubesBuilderDetails/
 ---
 [QubesBuilder](/wiki/QubesBuilder) "API"
--- a/QubesContacts.md
+++ b/QubesContacts.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
-title: Contacts
+title: QubesContacts
-permalink: /wiki/QubesContacts/
+permalink: /doc/QubesContacts/
 redirect_from: /wiki/QubesContacts/
 ---
 Contacting the Qubes OS Team
--- a/QubesDevelopers.md
+++ b/QubesDevelopers.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
-title: Developers
+title: QubesDevelopers
-permalink: /wiki/QubesDevelopers/
+permalink: /doc/QubesDevelopers/
 redirect_from: /wiki/QubesDevelopers/
 ---
 Qubes Developers
--- a/QubesDocs.md
+++ b/QubesDocs.md
@ -1,7 +1,10 @@
 ---
-layout: wiki
+layout: doc
-title: Documentation
+title: QubesDocs
-permalink: /wiki/QubesDocs/
+permalink: /doc/
 redirect_from: \
  /doc/QubesDocs/
  /wiki/QubesDocs/
 ---
 Qubes Documentation
--- a/QubesDownloads.md
+++ b/QubesDownloads.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
-title: Downloads
+title: QubesDownloads
-permalink: /wiki/QubesDownloads/
+permalink: /doc/QubesDownloads/
 redirect_from: /wiki/QubesDownloads/
 ---
 Qubes Downloads
--- a/QubesFirewall.md
+++ b/QubesFirewall.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QubesFirewall
-permalink: /wiki/QubesFirewall/
+permalink: /doc/QubesFirewall/
 redirect_from: /wiki/QubesFirewall/
 ---
 Understanding Qubes networking and firewall
@ -33,15 +34,15 @@ Reconnecting AppVMs after a NetVM reboot
 Normally Qubes doesn't let the user to stop a NetVM if there are other AppVMs running which use it as their own NetVM. But in case the NetVM stops for whatever reason (e.g. it crashes, or the user forces its shutdown via qvm-kill via terminal in the netvm), then there is an easy way to restore the connection to the netvm by issuing:
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-prefs <appvm> -s netvm <netvm>
-```
+{% endhighlight %}
 Normally AppVMs do not connect directly to the actual NetVM which has networking devices, but rather to the default FirewallVM first, and in most cases it would be the NetVM that would crash, e.g. in response to S3 sleep/restore or other issues with [WiFi?](/wiki/WiFi) drivers. In that case it is necessary to just issue the above command once, for the FirewallVM (this assumes default VM-nameing used by the default Qubes installation):
-``` {.wiki}
+{% highlight trac-wiki %}
 qvm-prefs firewallvm -s netvm netvm
-```
+{% endhighlight %}
 Enabling networking between two AppVMs
 --------------------------------------
@ -55,18 +56,18 @@ In order to allow networking between AppVM A and B follow those steps:
 -   Start both AppVMs, and also open a terminal in the firewall VM
 -   In the firewall VM's terminal enter the following iptables rule:
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    sudo iptables -I FORWARD 2 -s <IP address of A> -d <IP address of B> -j ACCEPT
-    ```
+    {% endhighlight %}
 -   Now you should be able to reach the AppVM B from A -- test it using e.g. ping issues from AppVM A. Note however, that this doesn't allow you to reach A from B -- for this you would need another rule, with A and B addresses swapped.
 -   If everything works as expected, then the above iptables rule(s) should be written into firewall VM's `qubes_firewall_user_script` script which is run on every firewall update. This is necessary, because Qubes orders every firewall VM to update all the rules whenever new VM is started in the system. If we didn't enter our rules into this "hook" script, then shortly our custom rules would disappear and inter-VM networking would stop working. Here's an example how to update the script (note that, by default, there is no script file present, so we likely will be creating it, unless we had some other custom rules defines earlier in this firewallvm):
-    ``` {.wiki}
+    {% highlight trac-wiki %}
    [user@firewallvm ~]$ sudo bash
    [root@firewallvm user]# echo "iptables -I FORWARD 2 -s 10.137.2.25 -d 10.137.2.6 -j ACCEPT" >> /rw/config/qubes_firewall_user_script
    [root@firewallvm user]# chmod +x /rw/config/qubes_firewall_user_script
-    ```
+    {% endhighlight %}
 Port forwarding to an AppVM from the outside world
 --------------------------------------------------
@ -89,15 +90,15 @@ In NetVM terminal, take note of the interface name and IPAddress on which you wa
 Still in NetVM terminal, code the appropriate natting firewall rule to intercept traffic on the inbound interface for the service and nat the destination IP address to the one of the firewallVM for the traffic to be routed there:
-``` {.wiki}
+{% highlight trac-wiki %}
 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -d 192.168.0.10 -j DNAT --to-destination 10.137.1.x
-```
+{% endhighlight %}
 Code the appropriate new filtering firewall rule to allow new connections for the service:
-``` {.wiki}
+{% highlight trac-wiki %}
 iptables -I FORWARD 2 -i eth0 -d 10.137.1.x -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
-```
+{% endhighlight %}
 Note: If you want to expose the service on multiple interfaces, repeat the steps described in part 1 for each interface.
@ -113,23 +114,23 @@ In order to ensure your set-up survive a reboot we need in the NetVM to:
 Store these commands in ` /rw/config/rc.local `:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo nano /rw/config/rc.local
-```
+{% endhighlight %}
-``` {.wiki}
+{% highlight trac-wiki %}
 #!/bin/sh
 /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -d 192.168.0.10 -j DNAT --to-destination 10.137.1.x
 /sbin/iptables -I FORWARD 2 -s 192.168.0.0/24 -d 10.137.1.x -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
-```
+{% endhighlight %}
 Make this file executable:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo chmod +x /rw/config/rc.local 
-```
+{% endhighlight %}
 **2. Allow packets to be routed from the firewallVM to the appVM**
@ -139,15 +140,15 @@ In FirewallVM Terminal, take note of the IPAddress for interface eth0 using the
 Still in FirewallVM terminal, code the appropriate natting firewall rule to intercept traffic on the inbound interface for the service and nat the destination IP address to the one of the AppVM for the traffic to be routed there:
-``` {.wiki}
+{% highlight trac-wiki %}
 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -d 10.137.1.x -j DNAT --to-destination 10.137.2.y
-```
+{% endhighlight %}
 Code the appropriate new filtering firewall rule to allow new connections for the service:
-``` {.wiki}
+{% highlight trac-wiki %}
 iptables -I FORWARD 2 -i eth0 -s 192.168.0.0/24 -d 10.137.2.y -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
-```
+{% endhighlight %}
 > Note: If you do not wish to limit the IP addresses connecting to the service, remove the ` -s 192.168.0.1/24 `
@ -157,28 +158,28 @@ This time in order to ensure your set-up survive a reboot we need in the firewal
 Store these commands in ` /rw/config/qubes_firewall_user_script `:
-``` {.wiki}
+{% highlight trac-wiki %}
 #!/bin/sh
 /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -d 10.137.1.x -j DNAT --to-destination 10.137.2.y
 /sbin/iptables -I FORWARD 4 -i eth0 -s 192.168.0.0/24 -d 10.137.2.y -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
-```
+{% endhighlight %}
 And again make this file executable:
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo chmod +x /rw/config/qubes_firewall_user_script
-```
+{% endhighlight %}
 **3. Allow packets into the AppVM to reach the service**
 Here no routing is required, only filtering. Proceed in the same way as above but store the filtering rule in the `/rw/config/rc.local` script.
-``` {.wiki}
+{% highlight trac-wiki %}
 #!/bin/sh
 /sbin/iptables -I INPUT 5 -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
-```
+{% endhighlight %}
 This time testing should allow connectivity to the service.
--- a/QubesLicensing.md
+++ b/QubesLicensing.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
-title: Licensing
+title: QubesLicensing
-permalink: /wiki/QubesLicensing/
+permalink: /doc/QubesLicensing/
 redirect_from: /wiki/QubesLicensing/
 ---
 Qubes OS License
--- a/QubesLists.md
+++ b/QubesLists.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
-title: Mailing Lists
+title: QubesLists
-permalink: /wiki/QubesLists/
+permalink: /doc/QubesLists/
 redirect_from: /wiki/QubesLists/
 ---
 Qubes Mailing Lists
--- a/QubesNet.md
+++ b/QubesNet.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QubesNet
-permalink: /wiki/QubesNet/
+permalink: /doc/QubesNet/
 redirect_from: /wiki/QubesNet/
 ---
 VM network in Qubes
--- a/QubesR3Building.md
+++ b/QubesR3Building.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QubesR3Building
-permalink: /wiki/QubesR3Building/
+permalink: /doc/QubesR3Building/
 redirect_from: /wiki/QubesR3Building/
 ---
 Building Qubes OS 3.0 ISO
@ -9,47 +10,47 @@ Building Qubes OS 3.0 ISO
 Ensure your system is rpm-based and that you have necessary dependencies installed (see [QubesBuilder](/wiki/QubesBuilder) for more info):
-``` {.wiki}
+{% highlight trac-wiki %}
 sudo yum install git createrepo rpm-build make wget rpmdevtools pandoc
-```
+{% endhighlight %}
 Get the necessary keys to verify the sources:
-``` {.wiki}
+{% highlight trac-wiki %}
 $ wget https://keys.qubes-os.org/keys/qubes-master-signing-key.asc
 $ gpg --import qubes-master-signing-key.asc 
 $ gpg --edit-key 36879494
 # Verify fingerprint!, set trust to *ultimate*
 $ wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc
 $ gpg --import qubes-developers-keys.asc
-```
+{% endhighlight %}
 Note we do *not* relay above on the security of our server (keys.qubes-os.org) nor the connection (ssl, cert) -- we only rely on you getting the Qubes Master Signing Key fingerprint *somehow* and ensure they match!
 Now lets bootstrap the builder. Unfortunately the builder cannot verify itself (the classic Chicken and Egg problem), so we need to verify the signature manually:
-``` {.wiki}
+{% highlight trac-wiki %}
 $ git clone git://git.qubes-os.org/qubes-r3/qubes-builder.git
 $ cd qubes-builder
 $ git describe --exact-match HEAD
 <some tag>
 $ git tag -v <some tag>
-```
+{% endhighlight %}
 Assuming the verification went fine, we're good to go with all the rest without ever thinking more about verifying digital signatures on all the rest of the components, as the builder will do that for us, for each component, every time we, even for all aux files (e.g. Xen or Linux kernel sources).
 Let's configure the builder first (we can use one of the example configs, either for R2 or "master", which currently means pre-released R3):
-``` {.wiki}
+{% highlight trac-wiki %}
 cp example-configs/qubes-os-master.conf builder.conf
-```
+{% endhighlight %}
 You can take a loot at the `builder.conf.default` for a description of all available options. Nevertheless, the default config should be enough for start:
-``` {.wiki}
+{% highlight trac-wiki %}
 $ make get-sources qubes
 $ make sign-all # this requires setting SIGN_KEY in the builder.conf, can be skipped for test builds.
 $ make iso
-```
+{% endhighlight %}
 Enjoy your new ISO!
--- a/QubesResearch.md
+++ b/QubesResearch.md
@ -1,7 +1,8 @@
 ---
-layout: wiki
+layout: doc
 title: QubesResearch
-permalink: /wiki/QubesResearch/
+permalink: /doc/QubesResearch/
 redirect_from: /wiki/QubesResearch/
 ---
 Here are some links to various papers/research projects that somehow relate to Qubes.
--- a/Show More
+++ b/Show More