Thank you @unman.
That was the helpful boost I needed to test it and get it working.
To clarify, it appears most non-TemplateVMs need:
- The updates-proxy-setup service enabled via the Qube Manager GUI
- A qvm-tag so Dom0’s
/etc/qubes/policy.d/30-user.policycan route update requests to cacher - An entry in Dom0’s
/etc/qubes/policy.d/30-user.policyto route update requests from the specified qvm-tag to cacher
I say most because any Qube running the qubes-updates-proxy service (like cacher and sys-net), seems to need:
- An
/rw/config/rc.localentry to revert the cacher template mods
### Revert cacher mods for update detection
sed -i 's^http://HTTPS///^https://^' /etc/apt/sources.list
sed -i 's^http://HTTPS///^https://^' /etc/apt/sources.list.d/*.list
- A qvm-tag so Dom0’s
/etc/qubes/policy.d/30-user.policycan route update requests to sys-net - An entry in Dom0’s
/etc/qubes/policy.d/30-user.policyto route update requests from the specified qvm-tag to sys-net
Alternatively, I suppose I could revert the cacher repo modifications in all non-TemplateVM’s via /rw/config/rc.local and tag them to bypass cacher in Dom0’s /etc/qubes/policy.d/30-user.policy
Is there a better way or is this just a matter of preference?
Thanks again.