Thank you very much!
Im gonna be honest: QubesOS is the OS i have not broken for the longest time. (Maybe because i don’t use dom0 very often…)
The split-ssh part is out there! Take a look this.
I did change a few things like using dispvms for the ssh machines as i think this a much more secure without impacting usability at all. Also i added authenticated onion circuits + a whonix-ws with authentication for onioness and security (i really love Tor). Also some server nicknames for usability. Other than that it is like this guide.
Thank you very much!
I never used salt but i want to automate the setup of this whole thing too when the automatic “adding more servers” thing is working. So maybe i could need some help there in some time. At the moment my setup is done like i do it (fedora for vault, debian for ssh, keepassxc for the ssh keys, auth onions for ssh) but i would love to write a script that does something like an “installer” script and asks the users how exactly he want to do stuff like “I don’t need the onion stuff, but a corporate VPN” or something. Don’t have any idea on how to do this in salt tho.maybe
Maybe, i am some kind of privacy/anonymity activists myself and like helping people with getting back their basic rights.
But anyways: First things first. Before automating the creation of this construction, i need to solve the problem of automatic communication between qubes (without a dialog box from dom0). In the worst case i think i would need to call everything from dom0… But if there is any way around it, i would really prefer it that way.