Thank you for your work.
Let me find out why you prefer to use intel based computers, as I know intel has a lot of holes, wouldn’t it be better to choose an amd based computer? For example G505s
2 posts were split to a new topic: How to configure qubes.OpenURL to ask which qube to open the URL in?
@deeplow / @plexus … let’s please split this out into a new topic “Do you prefer Intel to AMD?”
@rakibiy676 the answer is: I don’t have a preference. I just happen to run Intel on my Qubes machine. Once there is a fully open / user controlled alternative I will be one of the first to jump.
The Intel vs AMD is off topic from Qubes Community user support IMHO. I could split this out to “all around Qubes” but the posting user will not see the thread any more, which defeats the object.
It would be great
Wouldn’t you also need qubes-core-agent-passwordless-root to mount encrypted drives though nautilus? If I don’t have it, it would prompt, “Unable to access location. Not authorized to perform operation”.
edit: delete. I saw your subsequent comments on passwordless-root.
1 Like
There were some small changes to Signal. I was able to get a new Debian 11 Minimal template working with this:
- template for Signal messenger
- network
- nautilus to deal with downloads
- dunst is needed for signal notifications, if no notification service is provided signal will hang
- curl is needed to download the key for signal
qvm-clone tpl-deb-11-min tpl-deb-11-signal
qvm-run --pass-io -u root tpl-deb-11-signal “apt install --no-install-recommends curl qubes-app-shutdown-idle qubes-core-agent-networking qubes-usb-proxy qubes-core-agent-nautilus nautilus zenity gnome-keyring policykit-1 libblockdev-crypto2 dunst xfce4-notifyd -y”
get the signing key and add it (replace the http://HTTPS/// with a simple https:// in case you are not using apt-cacher-ng)
qvm-run --pass-io -u root tpl-deb-11-signal "curl --proxy http://127.0.0.1:8082/ -s http://HTTPS///updates.signal.org/desktop/apt/keys.asc | gpg --dearmor | sudo tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null 2>&1"
add the signal repository (replace the http://HTTPS/// with a simple https:// in case you are not using apt-cacher-ng)
qvm-run --pass-io -u root tpl-deb-11-signal ‘echo “deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] http://HTTPS///updates.signal.org/desktop/apt xenial main” | tee -a /etc/apt/sources.list.d/signal-xenial.list’
update & install
qvm-run --pass-io -u root tpl-deb-11-signal “apt update && apt full-upgrade -y && apt install --no-install-recommends signal-desktop -y && poweroff”
Hi. I have a small problem with my Debian 11 minimal configuration… I can not open a USB device when I assign it via sys-usb (also Debian 11, Qubes 4.1.0-rc4 based) to one of my Debian 11 minimal AppVMs (qubes-usb-proxy is installed). I get the message: Unable to access “xxx”.
Not authorized to perform operation (polkit authority not available and caller is not uid 0)
Does anyone have an idea?
Minimal templates do not have the passwordless sudo package installed.
You need to be root (or have root access) to mount the device.
You have a number of options:
- Install the passwordless sudo package in the template.
- Open a root terminal in the qube -
qvm-run -u root xtermand mount
the drive. - Mount from dom0 -
qvm-run -u root mount /dev/XXX /mnt
When I comment in the Forum or in the mailing lists I speak for myself.
2 Likes
Hi. Do all the instructions here apply to debian-11-minimal?
I do note that one of the reasons I opt for minimal templates is to avoid having passwordless root access. However, I found out via this thread and via my own testing that things won’t work normally without passwordless root access - acknowledging that I have read the Qubes team posts about the uselessness of not having passwordless root access.
I will answer myself 
Yes, I just tested it and the instructions do apply to debian-11-minimal. Thank you @Sven for your valuable instructions.
These are the packages needed for a debian-11-minimal VPN gateway using iptables and CLI scripts
Packages:
qubes-core-agent-networking openvpn nautilus qubes-core-agent-nautilus libnotify-bin notification-daemon dunst
1 Like
I would add this package: gvfs-backends which is needed to mount Android phones.
1 Like
@oijawyuh I agree. Thank you!
Since so much time has gone by I don’t see the point in pulishing a guide for R4.0 / debian 10.
My current plan is to finally build that second T430 and work with @Plexus to publish that guide (including Heads etc).
Then I’ll install R4.1 on that machine and review/correct/test my scripts to create debian-11 based templates from scratch. Once that all works, I’ll publish an updated/extended version.
5 Likes
Sounds good. My tests have been on 4.0.4 with debian-11-minimal. Once I upgrade to 4.1, I can contribute to a guide if you’d like me to. Thank you.
Always
Hi, Why do we here want to create new sys-usb,sys-net,sys-firewall qube here?
will the default sys-usb,sys-net work with debian-11-minimal ??
I would like to install debian-11-minimal, enable passwordless root,use same sys-usb,sys-firewall templates, vault,and other qubes will this work?
Thank you
1 Like
This will work.
This page in the docs tells you what packages to install to use
the minimal template, but you do not need to do so.
To enable passwordless root you will have to get a root terminal in the
minimal template to install the packages - you can do this from dom0 with
qvm-run -u root debian-11-minimal uxterm
1 Like
Great thread!
If I may… this needs repeated loudly and often:
Agreed!
I would take that one step further: Not just for people with little knowledge of linux or qubes. I have been using linux for decades, and Qubes for years, but I must admit, having been away from both Qubes and linux for the past year, I find myself starting over, and asking the most basic “noob” questions again. It’s all coming back fast, sure, but I find myself relearning the basics, again.
A great point! I couldn’t agree more.
However, I always hated the old RTFM mantra “read the doc’s” when we all know there are gazillions of doc’s from gazillion’s of sources, and you can spend a lifetime reading doc’s and still not read them all. Every question asked can be resolved with a well placed search, but if somebody isn’t sure what they are asking, then the searches will only point to other noobs equally confused, and sadly the responses to their questions are all too often “read the doc’s you noob”. The Ubuntu forums are painfully full of RTFM responses. God I love to hate on Ubuntu LOL. Not so here though.
Thankfully, the people here are noob friendly (THANK YOU!), because Qubes is definitely a more advanced platform, not for beginners. Even seasoned linux admins will be challenged while coming up to speed on Qubes. A steep learning curve for sure, but as everyone here knows, it is well worth it.
Sorry for the rant. When I read the above @unman post I wanted to repeat it.
1 Like
Like everything this is not a black/white issue. The way I see it, it is about appreciating the time and energy others put into reading a question and posting an answer.
There are some (especially in places like forums) that show up, leave the most minimal description of their issue accompanied by an essay about their personal frustrations and expectations. Then they “ping” the thread once or twice a day and get increasingly irritated that their questions have not yet been addressed to their fullest satisfaction, while ignoring any and all attempts to even clarify what exactly their issue is. Finally a “I am finished with this forum!” post asking to delete their account.
I can do just fine without those people.
On the other hand if a person describes their issue, asks for help, answers follow-up questions and is otherwise a pleasant person to communicate with I am pretty sure they will be well taken care of. I know I was and am frequently. It’s all about attitude, basic human decency and actually recognizing that no one here owes anyone an answer for anything.
Sorry @oldschool for hijacking your post for a PSA, but it felt like it was time for it. 
2 Likes
Amen.
Amen again.