mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-01-13 16:29:59 -05:00
Add Notes on debian-minimal template
This commit is contained in:
unman
parent
3dab015cae
commit
fec5fe0755
1
doc.md
1
doc.md
@ -78,6 +78,7 @@ redirect_from:
|
||||
* [Templates: Fedora](/doc/templates/fedora/)
|
||||
* [Templates: Fedora Minimal](/doc/templates/fedora-minimal/)
|
||||
* [Templates: Debian](/doc/templates/debian/)
|
||||
* [Templates: Debian Minimal](/doc/templates/debian-minimal/)
|
||||
* [Templates: Archlinux](/doc/templates/archlinux/)
|
||||
* [Templates: Ubuntu](/doc/templates/ubuntu/)
|
||||
* [Templates: Whonix](/doc/whonix/)
|
||||
|
||||
115
managing-os/templates/debian-minimal.md
Normal file
115
managing-os/templates/debian-minimal.md
Normal file
@ -0,0 +1,115 @@
|
||||
---
|
||||
layout: doc
|
||||
title: Debian Minimal Template
|
||||
permalink: /doc/templates/debian-minimal/
|
||||
---
|
||||
|
||||
Debian - minimal
|
||||
================
|
||||
|
||||
The template weighs about 200 MB compressed (0.75 GB on disk) and has only the most vital packages installed, including a minimal X and xterm installation.
|
||||
The minimal template, however, can be easily extended to fit your requirements.
|
||||
The sections below contain instructions on cloning the template and provide some examples for commonly desired use cases.
|
||||
|
||||
Note that use of the minimal template requires some familiarity with the command line and basics of Qubes.
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
||||
The Debian minimal template can be installed with the following command:
|
||||
|
||||
~~~
|
||||
[user@dom0 ~]$ sudo qubes-dom0-update --enable-repo qubes-templates-itl-testing qubes-template-debian-9-minimal
|
||||
~~~
|
||||
|
||||
The download may take a while depending on your connection speed.
|
||||
|
||||
Duplication and first steps
|
||||
---------------------------
|
||||
|
||||
It is highly recommended that you clone the original template, and make any changes in the clone instead of the original template.
|
||||
The following command clones the template.
|
||||
(Replace `your-new-clone` with your desired name.)
|
||||
|
||||
~~~
|
||||
[user@dom0 ~]$ qvm-clone debian-9-minimal your-new-clone
|
||||
~~~
|
||||
|
||||
You must start the template in order to customize it.
|
||||
|
||||
Customization
|
||||
-------------
|
||||
|
||||
Customizing the template for specific use cases normally only requires installing additional packages.
|
||||
The following table provides an overview of which packages are needed for which purpose.
|
||||
|
||||
As you would expect, the required packages can be installed in the running template with any apt-based command.
|
||||
For example : (Replace "packages` with a space-delimited list of packages to be installed.)
|
||||
|
||||
~~~
|
||||
[user@your-new-clone ~]$ sudo apt install packages
|
||||
~~~
|
||||
|
||||
Qubes 4.0
|
||||
---------
|
||||
|
||||
In Qubes R4.0 the minimal template is not configured for passwordless root.
|
||||
To update or install packages to it, from a dom0 terminal window run:
|
||||
|
||||
~~~
|
||||
[user@dom0 ~]$ qvm-run -u root debian-9-minimal xterm
|
||||
~~~
|
||||
to open a root terminal in the template, from which you can use apt tools without sudo.
|
||||
You will have to do this every time you want root access if you choose not to enable passwordless root.
|
||||
|
||||
If you want the usual qubes `sudo ...` commands, open the root terminal using the above command, and in the root xterm window enter
|
||||
|
||||
~~~
|
||||
bash-4.4# apt install qubes-core-agent-passwordless-root polkit
|
||||
~~~
|
||||
|
||||
Optionally check this worked: from the gui open the minimal template's xterm and give the command:
|
||||
|
||||
~~~
|
||||
[user@debian-9-minimal ~]$ sudo -l
|
||||
~~~
|
||||
|
||||
which should give you output that includes the NOPASSWD keyword.
|
||||
|
||||
### Package table for Qubes 4.0
|
||||
|
||||
Use case | Description | Required steps
|
||||
--- | --- | ---
|
||||
**Standard utilities** | If you need the commonly used utilities | Install the following packages: `pciutils` `vim-minimal` `less` `psmisc` `gnome-keyring`
|
||||
**Networking** | If you want networking | Install qubes-core-agent-networking
|
||||
**Audio** | If you want sound from your VM... | Install `pulseaudio-qubes`
|
||||
**FirewallVM** | You can use the minimal template as a template for a [FirewallVM](/doc/firewall/), like `sys-firewall` | Install `qubes-core-agent-networking`, and `nftables`. Also install `qubes-core-agent-dom0-updates` if you want to use a qube based on the template as an updateVM (normally sys-firewall).
|
||||
**NetVM** | You can use this template as the basis for a NetVM such as `sys-net` | Install the following packages: `qubes-core-agent-networking`, `qubes-core-agent-network-manager`, and `nftables`.
|
||||
**NetVM (extra firmware)** | If your network devices need extra packages for a network VM | Use the `lspci` command to identify the devices, then find the package that provides necessary firnware and install it.
|
||||
**Network utilities** | If you need utilities for debugging and analyzing network connections | Install the following packages: `tcpdump` `telnet` `nmap` `nmap-ncat`
|
||||
**USB** | If you want to use this template as the basis for a [USB](/doc/usb/) qube such as `sys-usb` | Install `qubes-usb-proxy`. To use USB mouse or keyboard install `qubes-input-proxy-sender`.
|
||||
**VPN** | You can use this template as basis for a [VPN](/doc/vpn/) qube | You may need to install network-manager VPN packages, depending on the VPN technology you'll be using. After creating a machine based on this template, follow the [VPN howto](/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-networkmanager) to configure it.
|
||||
|
||||
|
||||
In Qubes 4.0, additional packages from the `qubes-core-agent` suite may be needed to make the customized minimal template work properly.
|
||||
These packages are:
|
||||
|
||||
- `qubes-core-agent-nautilus`: This package provides integration with the Nautilus file manager (without it, items like "copy to VM/open in disposable VM" will not be shown in Nautilus).
|
||||
- `qubes-core-agent-thunar`: This package provides integration with the thunar file manager (without it, items like "copy to VM/open in disposable VM" will not be shown in thunar).
|
||||
- `qubes-core-agent-dom0-updates`: Script required to handle `dom0` updates. Any template on which the qube responsible for 'dom0' updates (e.g. `sys-firewall`) is based must contain this package.
|
||||
- `qubes-menus`: Defines menu layout.
|
||||
- `qubes-desktop-linux-common`: Contains icons and scripts to improve desktop experience.
|
||||
|
||||
Also, there are packages to provide additional services:
|
||||
- `qubes-gpg-split`: For implementing split GPG.
|
||||
- `qubes-u2f`: For implementing secure forwarding of U2F messages.
|
||||
- `qubes-pdf-converter`: For implementing safe conversion of PDFs.
|
||||
- `qubes-image-converter`: For implementing safe conversion of images.
|
||||
- `qubes-snapd-helper`: If you want to use snaps in qubes.
|
||||
- `qubes-thunderbird`: Additional tools for use in thunderbird.
|
||||
- `qubes-app-shutdown-idle`: If you want qubes to automatically shutdown when idle.
|
||||
- `qubes-mgmt-\*`: If you want to use salt management on the template and qubes.
|
||||
|
||||
Documentation on all of these can be found in the [docs](/doc)
|
||||
|
||||
You could, of course, use qubes-vm-recommended to automatically install many of these, but in that case you are well on the way to a standard Debian template.
|
||||
Loading…
Reference in New Issue
Block a user