1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
# Installation
## Setup salt user-dirs
# In dom0
sudo qubesctl state.sls qubes.user-dirs
I sometimes run into the issue described here on a new install: <https://github.com/QubesOS/qubes-issues/issues/8491>. The solution that works consistantly for me is:
# In dom0
ln -s /srv/salt/qubes/user-dirs.top /srv/salt/_tops/base/user-dirs.top
## Clone my repo
Open a terminal in some networked app qube (with git installed!), and clone my repository:
# In dispXXXX
git clone https://git.skylarcloud.xyz/salt-repo.git
## Move it to dom0
First, we'll turn the repo into an archive with tar:
# In dispXXXX
tar -cf /tmp/salt-archive.tar salt-repo
Then, in dom0:
# in dom0
# Pulls the content of the archive from dispXXXX to dom0
sudo qvm-run --pass-io dispXXXX 'cat /tmp/salt-archive.tar' > /tmp/salt-archive.tar
# Unpack the archive
sudo cd /tmp && tar -xf salt-archive.tar
# Delete the default /srv/user_salt directory
# Make sure you haven't put anything important there
sudo rm -fr /srv/user_salt
# Move the repo to /srv/user_salt
sudo mv /tmp/salt-repo /srv/user_salt
## Change your username
There's a variable in */wm/wm-setup.sls* that you should change to match your username. That file needs to write files to your home directory in dom0, and needs the username for those paths.
## Apply the configuration
There are many directories with .sls and .top files inside of them. You can enable a feature and apply it with just a couple commands:
# In dom0
sudo qubesctl top.enable wm.wm-setup # This enables the top file at /srv/user_salt/wm/wm-setup.top
sudo qubesctl state.apply # Applies dom0 states
sudo qubesctl --targets=tmpl-XXXX # Applies dom0 states and states for tmpl-XXXX
# Features
## 3isec
Sets up the 3isec repository and graphical installer. This has lots of handy states I use for various utilities.
## Chromium
Creates *tmpl-chromium* and *web-yt*. I usually avoid Chromium, but YouTube performs better on it than Librewolf, so I use it for that site.
Blueman is installed in *tmpl-chromium* so it’s easy to pass your bluetooth controller to *web-yt* and listen with bluetooth headphones.
## Emacs
Creates *tmpl-emacs* and two app qubes, *emacs-org* and *emacs-salt*, with Doom Emacs’ dependencies. I do all of my personal organization in Emacs org-mode, and *emacs-salt* is for editing my saltstack configuration.
It also places two scripts in dom0, */usr/bin/fetch-salt-from-emacs* and */usr/bin/push-salt-to-emacs*. Run these as root in dom0 to easily move your repo back and forth as you please.
## Email
Creates *tmpl-email* and two app qubes, *email-personal* and *email-work*, with Thunderbird.
## IRC
Creates *tmpl-irc* and *irc* with Hexchat installed, for chatting on IRC over Tor.
## SSH
Creates *tmpl-ssh* and *ssh-vps*, simple qubes I use to ssh into my VPS with.
## Torrenting
Creates *tmpl-torrenting* and *bitz* with qBitTorrent installed, for torrenting. Route this qube's traffic through a VPN if you plan on downloading anything frowned upon in your jurisdicion (copyrighted movies for example).
## Web
This uses the *split-browser* package to securely store bookmarks and logins for use in disposable qubes. It creates *tmpl-web*, *web-dvm*, *tmpl-split-web*, and *split-web*, then sets them up for use with *split-browser*.
Instructions on its use are here: https://github.com/rustybird/qubes-app-split-browser
Other than *split-browser*, Firefox has no modifications. If you want to configure it permanently, for now you'll need to open it in *web-dvm*, make your configurations (themes, extensions, settings), then new disposables will inherit those modifications.
## WM
This does many things to set up a convenient i3 environment.
- Installs a few packages in dom0
- Moves my i3 config into place
- Prioritizes xfce4-terminal and st in */usr/bin/qubes-i3-sensible-terminal*
- Enables tap-to-click and natural scrolling
- Replaces dmenu with rof
- Blur-lock script for a more interesting lock-screen
|