Are there "on exit" and "on boot" hooks for AppVM qubes?

gs-542 · April 2, 2023, 7:00pm

Is it possible to write a script that copies things from /foo/ into /home/user/foo/ before a an AppVM shuts down or reboots?

Same question for launch, copies things from /home/user/foo back into /foo.

renehoj · April 2, 2023, 7:23pm

Can’t you symlink /foo in rc.local when the system boots?

kommuni · April 3, 2023, 12:32am

It might be easier to use bind-dirs feature.

gs-542 · April 3, 2023, 6:16am

This is what I really want to do:

I have a TemplateVM that has online access. It maintains a massive /nix/store/. There are lots of items in there.
I shut it down when the /nix/store/ is up-to-date as I want it.
I launch an AppVM based on this TemplateVM with no network (offline). It now has access to the /nix/store/ obviously (that’s how Qubes works by default).
So far so good.
But now during my daily offline work, I might add new things into /nix/store/.
I hope you’re starting to get the picture now. I don’t want to lose those new items.
Mainly: No item inside of /nix/store/ should ever get deleted, regardless of whether it was added from the TemplateVM or the AppVM.
BTW, I don’t mind the inconvenience of shutting down the VMs from time to time to make the “syncing” work properly, if that’s what it takes to maintain proper Qubes security. (Point being, I’m not asking for a convenient on-the-fly syncing feature if this is impossible.)

This is where my original idea of copying new things added to /nix/store/ in the AppVM at shutdown and copy them back again during launch comes from. But is this really the best way to do it?

unman · April 3, 2023, 1:46pm

The problem is that if you copy back to /nix/store in the template
based qube, any changes wont appear in the template. This is because
of the way that Qubes implements templates and template based qubes.
I suspect that the best you could do is to set up rsync between qubes
and the template, and sync from the qube to the template on shut down.

Any changes using bind-dirs will result in a “massive” private disk and
will only apply in that qube. Not what you want.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

unman · April 4, 2023, 10:53am

It occurs to me that no one has as yet answered your title question.
Yes, there are hooks implemented for “on exit” and “on boot”.
You’ll find them here
You could leverage these for dom0 actions.

A script called in /rw/config/rc.local will run at start.
You can define a systemd service to run at startup.
You can define a systemd service to run at shutdown, using
Before=shutdown.target in the Unit stanza.
There are other approaches in systemd - all easily searchable online.

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.

gs-542 · April 5, 2023, 5:58am

Ah, what an elegant and simple solution to all of my problems! It was right there, in plain sight. Thanks