I’m not sure if I’m misunderstanding you or you’re misunderstanding me (either is possible, so forgive my poor explanation or lack of understanding). I’m planning to use my base Debian install as my main “domain” and desktop with a user called simply user. Then, I will create separate standard user accounts, say personal and work. Then, I’ll modify the launchers in the application menu of the user account to launch programs from my personal and work accounts via sudo. All of them will open within the desktop of the user account.
In addition, I’ll use KVM and virt-manager to run and manage VMs for various development needs. They won’t be “templates” for anything as far as the system is concerned, so I can just manage them as regular VMs.
Yes, this setup completely obliterates the security of Qubes’ network stack and domain isolation. While I appreciate these features, I care much more about functionality at the end of the day. This configuration will allow me to keep my work and personal files separate while providing me with a standard type 1 VM platform. It will also allow me to use my GPU for whatever I want, Bluetooth headphones, a wireless mouse, and printers without jumping through hoops.
If Qubes could accomplish the things in that last sentence in a turnkey manner, I’d be on board. However, due to the firm security posture of developers (which I fully understand and respect), I doubt any of these things will ever happen.
Boy, if you’ve gotten that stuff to work, good on ya. However, I think it’s frustrating that these things require lots of extra configuration and can’t be easily enabled. Also, I really wish that Qubes was compiled with VirtIO-GPU because per my understanding, that would allow the GPU to be shared between VMs. Yes, I understand the security implications of this, but I wish the option was available and easy enough to enable.
As is, anything outside the norm with Qubes that doesn’t follow strict security standards either requires a lot of extra configuration or is simply not possible. As I said in my other response above, I completely understand and respect this posture. However, I really wish these features were available as turnkey options for those who want them and are willing to forego the security issues.
On a final note, if someone could help me compile Qubes/Xen with VirtIO-GPU enabled so that it can be used by VMs, I might stick around. I tried doing it and posted about it here. I’ve just never compiled a system like this from scratch, so I don’t know where to begin. Furthermore, I don’t know if it would even work. However, it would be nice to be able to take advantage of the powerful card in my fancy laptop.