If it’s not in /etc/skel in the template it wont appear in /home/user in
newly created qubes.
I’m still not clear why this did not work for you, when it has worked
for other users.
Can you confirm what template is used by default-mgmt-dvm qube?
Could you also run this command in dom0: sudo qubesctl --skip-dom0 --show-output --targets=template-mullvad state.apply mullvad.browser
This is the salt that should be run to copy the browser tarfile in to the
template, and extract the files. Running with --show-output will help
identify what is going wrong in your case.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
indeed, my mistake, thanks for your patience. out of 7 states run, only the first 2 failed:
ID: /etc/skel/Downloads/mullvad_browser-linux-x86_64-13.0.10.tar.xz
Function: file.managed
Result: False
Comment: Unable to manage file: none of the specified sources were found
ID: mullvad-browser-linux-x86_64-13.0.10.tar.xz
Function: archive.extracted
Name: /etc/skel
Result: False
Comment: Source file '/etc/skel/Downloads/mullvad_browser-linux-x86_64-13.0.10.tar.xz' does not exist
Note that the tar archive was downloaded into /srv/salt/mullvad/, not into /etc/skel/
Definitely a general connectivity issue, then - data not passing between qubes? IP doesn’t resolve in browser either. Can’t ping your IP or sitename (by design?) but can ping 8.8.8.8 and google.com. I had problems with other ways of connecting to Mullvad too - maybe that MTU thing. Have to investigate.
Secondly, a script that ran to logout automatically as part of qube shutdown procedures would be nice. Not sure if possible.
I’m not sure what the logic is there. With my use case, I want as minimal interaction with the qube as possible - I want it to launch and sit there doing its thing (connectivity) just like sys-firewall does, without input.
What I want is the disposable sys-mullvad remember my account settings. It would either remember device identity (for Mullvad’s count) or, more sanitarily, that auto-logout feature ^ would ensure it closes cleanly and doesn’t clog up Mullvad’s system.
Multiple accounts or location settings could be managed by cloning the qube and altering them individulally (e.g. personal-vm automatically launches a disposable Sweden-sys-mullvad, work-vm launches a disposable London-sys-mullvad and so-on).
I can’t play around with this until I solve that basic connectivity issue and my skills are limited anyway. At the moment I have some high work demands, but I remain interested.
Here’s a Qubes question: how can I tell if a running qube is a named disposable or a regular ‘remembered’ qube? (e.g. I can’t tell by looking at Qubes Domains that sys-firewall is disposable, but it is because that’s how I installed it).
I have had to close a qube without logging out of Mullvad - so I will have to delete an extra device later - because I couldn’t figure out which icon it was.
To be clear:
launch 2+ disp-mullvad or sys-mullvad qubes with Mullvad app run in each of them
minimize app windows to icon in system tray.
attempt to close one disp-mullvad instance
try to figure out which green padlock is which in system tray and fail
There is the problem.
There should be a file: /srv/salt/mullvad/mullvad-browser-linux-x86_64-13.0.10.tar.xz
It is included in the rpm file, and is extracted to /srv/salt/mullvad/
It seems that your download of the rpm file failed. I suggest that you
remove the package and reinstall.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
I havent had reports of this - I could set the MTU by default, but it’s
better at high values. It’s only necessary to change it for some mobile
networks, and it is called out in the Mullvad docs.
5 it is.
I’ll look at the possibility of a logout script.
Different use cases. I understand yours. But the spec was for the VPN to not start automatically, but require user login. (Many users have
sys-net not starting automatically, and require manual login.)
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
Another neat feature I would like is to have the Mullvad browser always set to turn off DNS over HTTPS because of speed issues - of course this would work in my use case because the Mullvad tunnel would automatically be established.
I’ve thought about this a bit. I guess the use case I am really articulating is:
a disposable Mullvad browser + disposable connection that operates pretty similarly to whonix-workstation-dvm: click and go. Modify connection if you need via widget, but it has your account number and auto-logs you off at close of qube (no clogging the account with disp devices).
an installation of Mullvad browser available to all qubes (i.e installed on the usual fedora template), so connection is arbitrary via choice of netvm. Likely using:
a disp-sys-mullvad gateway, which may already be applied here (but I need to sort my networking problems first, my bad), but remembers network settings.
Maybe other existing solutions are more suitable (e.g. Micah Leah’s instructions, @solene’s instructions), but they aren’t disposables. Could they be? Perhaps I just need to experiment more.
Is this set of instructions going to work on Debian (perhaps Debian minimal)? Is it just a matter of substituting dnf with apt? I’m particularly unsure of the scripts you have there. (My aim is to have as few updates as possible if it is a standalone).
If this can be set up as a disposable sys-mullvad, how will the Mullvad service treat it as a device? A new one every time, or as the original template device? There are a limit of 5.
Following, any ideas on a script to log out with Mullvad automatically as part of the qube shutdown process?
I can remove 3isec-qubes-mullvad-vpn and reinstall. To be clear though, the file /srv/salt/mullvad/mullvad-browser-linux-x86_64-13.0.10.tar.xz does exist in /srv/salt/mullvad/.
So your ‘remove’ function looks like it takes out all devices. I want to keep a couple of other (physical) devices, like cell phone. Can I get it to skip them? They would have a stable name.
I’d like to dig in to your configuration a bit, to understand why the
salting has not worked for you. If you would be happy to do this can you
PM me, so we keep the noise out of the forum, and we can report back to
Forum or GitHub with any issues we find. (Completely understand if you
do not want to do this.)
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.