I’m sorry, only re-reading your post did I realize what it is you are asking for.
qvm-run --pass-io -u root
That’s just what you need to run a command inside a qube and passing the console output to your dom0 terminal. The -u root makes sure the command runs as root, so no sudo needed.
When you install the apt-cacher-ng package manually, you will be presented with a screen asking you to choose some options. The above series of parameters makes it so there is no interactive dialog (noninteractive) and the package gets installed with the default options (confdef) and already existing configurations are not overwritten (force-confold).
If you are uncomfortable with the above, simply do this:
In dom0: qvm-run my_template xterm … replace my_template with the name of your template. This will give you a terminal window of your template.
Inside the template terminal window sudo apt install --no-install-recommends qubes-core-agent-networking qubes-core-agent-dom0-updates apt-cacher-ng and then answer the prompts.
In any case, before someone else points it out again: if the above is gibberish to you and you feel the need to ask for clarification / unable to clarify the meaning yourself using a search engine of your choice … minimal templates and/or apt-cacher-ng maybe outside your current skill level and might lead to some frustration. Then again, that’s how you grow your skill level… so, you’ve been warned!
Just recently found out about this thread and I think it may just be the right place for a question I posted separately:
Long story short: I customized a debian-11-minimal AppVM which works fairly well with all usb block devices, except with Yubikeys. I’m convinced it must be a missing package because the classic debian-11 template handles it with no issues at all, but I can’t figure out which since I’ve already tried with qubes-u2f , qubes-usb-proxy , qubes-input-proxy-sender , qubes-input-proxy-receiver.
(Mind that all other necessary packages to normally handle a Yubikey have been installed)
I do have a separate sys-usb but I excluded that’s the issue for the reason mentioned above.
I hope this doesn’t constitute thread hijacking!
Thank you all
On second thought: thank you @fiftyfourthparallel for originally pointing it out and thank you @enmus for making me finally see it after I was too dense to see it the first time:
It is obviously a bad idea to mount an encrypted partition inside an untrusted qube. It’s bad practice and bad advice.
I will edit both in the forum and on my website to correct this mistake in the next days.
At the time, your post stuck in my mind, and I posted it yesterday because I read the docs again (and constantly over and over again) and stumbled upon this, and I had no doubt how you’d react, but I needed it to create that way for users hopefully an example of a good practice of a constant re-reading, re-thinking and revising, eventually to realizing what many of us already did: that Qubes is life-changer, milestone.