Debian-minimal template for sys-audio

Well, I think that “./” just means to “execute” here. When using cat, you just need to provide the files’ directory. Maybe I’m wrong.

I experienced the same error, however, it simply doesn’t matter on my side. My speakers are correctly muted and unmuted.

Yes, but maybe you have to provide it with mute.sh’s absolute directory. Or did you chmod +x mute.sh?

On my side, it doesn’t matter if it runs in terminal, however if it’s run through hotkey, it doesn’t works.

I’ve done all of two, still not work…

I found that. The reason is they must put in /home/user directory, if not, they will not works as they are in the directory which is group of root, not group of user.

Now it works.
Sorry, maybe I’ve annoyed you, I should consider learning Linux seriously…

Just use toggle function to mute/unmute:
amixer sset Master toggle

2 Likes

Thanks! You are right. Sorry for my ignorance.

Thanks! We missed that!

This thread has been incredibly helpful. I have successfully created a disposable sys-audio qube that works on my Librem 14.

However, in order for it to work, I need to make it startup, then shutdown, then startup, then shutdown, and then startup a third time. Otherwise, it does not recognize the audio device as being attached. And this only seems to work once per session. If, after doing this triple-startup and having a working sys-audio, I decide to shutdown sys-audio, then I will not be able to get sys-audio to startup again with audio device recognized until I reboot QubesOS itself.

When creating a non-disposable sys-audio qube, there appears to be an unpredictable number of startups and shutdowns needed before it recognizes the audio device as being attached. So the predictability of the disposable makes it the better option for a stable solution here on my Librem 14.

I am very curious why this procedure of startups and shutdowns is necessary at all. Is anyone familiar with this? Is there anyone else with a Librem 14 that has created a sys-audio qube?

Here are all of the steps that I followed for making a disposable sys-audio qube:

  • Clone debian-11-minimal template:

qvm-clone debian-11-minimal deb11-min-audio

  • Make the clone (deb11-min-audio) startup, install necessary packages, create snd.conf file for soundcard, and then shutdown:

qvm-run -u root --pass-io deb11-min-audio 'apt install alsa-firmware-loaders alsa-oss alsa-ucm-conf alsa-utils gnome-keyring qubes-input-proxy-sender qubes-usb-proxy -y && apt install --no-install-recommends blueman pavucontrol pulseaudio pulseaudio-qubes qubes-core-admin-client qubes-gui-daemon-pulseaudio -y && touch /etc/modprobe.d/snd.conf && echo -e "options snd_hda_intel power_save=0" > /etc/modprobe.d/snd.conf' && qvm-shutdown --wait deb11-min-audio

  • Create sys-audio qube:

sudo qubesctl state.sls qvm.sys-audio

  • Set the template to be the clone from earlier:

qvm-prefs sys-audio template deb11-min-audio

  • Disable autostart and memory balancing features:

qvm-prefs sys-audio autostart false && qvm-prefs sys-audio maxmem 0

  • Detach the audio device:

qvm-pci detach sys-audio dom0:00_1f.3

  • Clone the sys-audio qube:

qvm-clone sys-audio sys-audio-template

  • Set the clone to be a template for disposables, set it to be its own default disposable, and set the virt_mode to pvh:

qvm-prefs sys-audio-template template_for_dispvms true && qvm-prefs sys-audio-template default_dispvm sys-audio-template && qvm-prefs sys-audio-template virt_mode pvh

  • Set the color to gray, and set appmenu option to none:

qvm-prefs sys-audio-template label gray && qvm-features sys-audio-template appmenus-dispvm ''

  • Enable the audiovm service

qvm-service sys-audio-template audiovm true

  • Make the clone (sys-audio-template) startup, create an autostart directory in the ~/.config directory, and create two files in this new directory for autostarting necessary processes:

qvm-run --pass-io sys-audio-template "mkdir /home/user/.config/autostart/ && touch /home/user/.config/autostart/pulseaudio.desktop && echo -e '[Desktop Entry]\nName=Pulseaudio\nComment=Starts Pulseaudio\nIcon=qubes\nExec=pulseaudio\nTerminal=False\nType=Application\nNotShowIn=KDE;' > /home/user/.config/autostart/pulseaudio.desktop && touch /home/user/.config/autostart/qvm-start-daemon.desktop && echo -e '[Desktop Entry]\nName=Qubes Guid/Pacat\nComment=Starts GUI/AUDIO daemon for Qubes VMs\nIcon=qubes\nExec=qvm-start-daemon --all --watch\nTerminal=False\nType=Application\nNotShowIn=KDE;' > /home/user/.config/autostart/qvm-start-daemon.desktop"

  • Make the sys-audio qube run the command ‘sudo alsactl init’ on startup by adding it to the /rw/config/rc.local file in the sys-audio-template qube, and then shutdown sys-audio-template:

qvm-run -u root --pass-io sys-audio-template "sudo echo -e 'sudo alsactl init' >> /rw/config/rc.local" && qvm-shutdown --wait sys-audio-template

  • Remove the non-disposable sys-audio qube that was created earlier:

qvm-remove -f sys-audio

  • Create a disposable sys-audio qube based on the sys-audio-template qube, disable autostart and memory balancing, set netvm and audiovm to none, set virt_mode to hvm, and set the color to gray:

qvm-create --class DispVM --template sys-audio-template --prop autostart=false --prop netvm="" --prop virt_mode=hvm --prop maxmem=0 --prop audiovm="" --label gray sys-audio

  • Attach the audio device in persistent mode with option ‘no-strict-reset’ enabled:

qvm-pci attach sys-audio dom0:00_1f.3 --persistent --option no-strict-reset=true

  • Enable the appmenu option and the audiovm service:

qvm-features sys-audio appmenus-dispvm 1 && qvm-service sys-audio audiovm true

  • Set the new disposable sys-audio qube to be the default audiovm for all qubes:

qubes-prefs default_audiovm sys-audio

  • Edit /etc/qubes/policy.d/50-sys-audio.policy in dom0 to have the following:

admin.Events * sys-audio sys-audio allow target=dom0
admin.Events * sys-audio @adminvm allow target=dom0
admin.Events * sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.CurrentState * sys-audio sys-audio allow target=dom0
admin.vm.CurrentState * sys-audio @adminvm allow target=dom0
admin.vm.CurrentState * sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.List * sys-audio sys-audio allow target=dom0
admin.vm.List * sys-audio @adminvm allow target=dom0
admin.vm.List * sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.property.Get +audiovm sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.property.Get +xid sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.property.Get +stubdom_xid sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.feature.CheckWithTemplate +audio sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.feature.CheckWithTemplate +audio-model sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.property.Get +keyboard_layout sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.property.GetAll * sys-audio sys-audio allow target=dom0
admin.vm.property.GetAll * sys-audio @tag:audiovm-sys-audio allow target=dom0
admin.vm.property.GetAll * sys-audio @adminvm allow target=dom0
admin.vm.property.Set +keyboard_layout sys-audio * allow target=dom0

  • Decide which qubes do not need audio and configure them:

qvm-prefs <qube-that-does-not-need-audio> audiovm ''

  • Make a script in dom0 for starting sys-audio with the triple-startup (I also have a command included so that sys-audio volume is set to zero by default):

mkdir ~/scripts && cd ~/scripts && touch sys-audio-start && echo -e 'qvm-start --quiet sys-audio && qvm-shutdown --wait sys-audio && qvm-start --quiet sys-audio && qvm-shutdown --wait sys-audio && qvm-start --quiet sys-audio && qvm-run --pass-io sys-audio "amixer sset Master 0%"' > sys-audio-start && sudo chmod +x sys-audio-start

  • Make a button on Panel to run the sys-audio-start script.
    Add a Launcher to Panel, add any item, edit item name and comment, choose icon, then change command to the following:

/home/<user>/scripts/sys-audio-start

I also set keyboard shortcuts in the dom0 Settings Manager.

  • Set keyboard shortcut F10 to toggle mute/unmute:

qvm-run --pass-io sys-audio "amixer sset Master toggle"

  • Set keyboard shortcut F11 to decrease volume by 2%:

qvm-run --pass-io sys-audio "amixer sset Master 2%-"

  • Set keyboard shortcut F12 to increase volume by 2%:

qvm-run --pass-io sys-audio "amixer sset Master 2%+"

12 Likes

A few notes:
You can create one sys-audio without using the officially provided script.
In the guide, replace

Then, create sys-audio based on deb11-min-audio.

with

create appvm “sys-audio”, set its virtualization mode to “HVM”, disable memory balancing, attach appropriate “Devices” to it (those whose names start with “Audio”, etc), configure them with ‘no-strict-reset’ (at the bottom of the “Devices” page)

If you manually create sys-audio, and found that in sys-audio, pavucontrol cannot see your soundcard, but “sudo alsamixer” can, then you need to “sudo adduser user audio” in its template VM.

This thread was really helpful for me to set up an audio qube. I followed some of its steps since I reinstalled QubesOS when R4.1 was realeased and lost the setup described here.

The difference is that I wanted to use Bluetooth and had sys-usb handling it. So in my case I decided to make sys-usb my audiovm – there may be some vulnerabilities associated with that but I was too lazy for searching how I could attach the Bluetooth device with sys-audio, as it was not appearing in the USB drop-down menu. So in the above steps, instead of creating a new VM, all I had done was to perform the steps in the sys-usb VM. Bluetooth headset is working properly and also the keyboard shortcuts described above.

One more hint, I was missing a systray icon from which I could control volume. As I don’t know how to place the xfce4-pulseaudio-plugin for the sys-audio (sys-usb in my case) in the main xfce panel (which runs in dom0), my partial solution was to add a launcher widget to the panel and set its command to qvm-run --pass-io sys-usb "pavucontrol". So now I don’t need to open a terminal in sys-audio and type pavucontrol to open the mixer. There might be a better solution to this, but that’s what I have for now.

PS: I actually took some additional steps to install the required packages to run audio and usb services in a fedora-36-minimal fresh template. From this template I made a disposable template in which the modprobe file was added. The autostart scripts were placed in sys-usb.

1 Like

My bluetooth device is in the devices widget drop-down menu. It has no name, only a XXXX-XXXX serial number.

@whoareyou, I’ve been trying to create a sys-audio by following this thread, specially @dom0 post. I have gotten most of the “milestones”, i.e. appVMs showing on Playback and Built-in Audio Analog Stereo showing on Output Devices.

Problem is, much like it was for you, my videos hang at 0:00. I tried the sudo alsactl init command on sys-audio and got the exact same error as you did. Would you mind explaining where I should create the snd.conf file and what should the contents be?

The snd.conf file should be created in the TemplateVM (deb11-min-audio) and placed in the /etc/modprobe.d/ directory. The contents should be this:

options snd_hda_intel power_save=0

This is the command that I used to create the file in deb11-min-audio TemplateVM:

touch /etc/modprobe.d/snd.conf && echo -e "options snd_hda_intel power_save=0" > /etc/modprobe.d/snd.conf

I have recently noticed that I cannot attach my built-in microphone using my debian-minimal-based sys-audio setup. I experience the same error message described in this post whenever I try to attach the microphone to any AppVM:

Error Attaching device Microphone to AppVM failed. Error: QubesVMError - Failed to attach audio input from dom0 to AppVM: pulseaudio agent is not running.

I think that I forgot to test the microphone after setting up this disposable sys-audio, since I do not use the microphone often, and so I think that there must be some extra step.

Is there anyone that can be of assistance here? Anyone with a Librem 14 setting up a similar sys-audio?

It’s better to open separate topic for the issue. With a better visibility it would better help future readers.

@dom0, it seems I had followed your tutorial quite closely and I already had that file.

I’ve spent some time googling the issue and ended up finding this thread which gave me the answer I needed. Which was to add an extra command to the sys-audio-start script you have in your tutorial. The extra command was qvm-run --pass-io sys-audio “amixer -c0 set ‘Auto-Mute Mode’,0 Disable”.

Regarding the microphone, I tried testing it and had the same issue as you did. Would be good if someone more knowledgeable could shed some light on what could be the cause.

But it seems that, since I have a Librem 14, which has the bluetooth provided by the wireless network card, I will have to redo all of this in my Fedora sys-net, as the reason I went through the trouble of creating a sys-audio was because I want to be able to use a bluetooth headset without compromising dom0.

Would there be any difference in the packages I need to install given that the template will change form Debian to Fedora? My understanding is that sometimes packages have slightly different names in different Linux distributions.

1 Like

I made a new post here and received a response with the solution:

Someone can correct me if I am wrong on any of this, but here is my thinking of Bluetooth and the Librem 14:

If you want to use the built-in Wifi-Bluetooth module for Bluetooth audio in a sys-audio qube, then you will have to have the device attached to the sys-audio qube. There are a few options here:

  • attach built-in Wifi-Bluetooth to sys-net and use as sys-audio too (one sys-* qube used for both sys-net and sys-audio functions)

  • attach built-in Wifi-Bluetooth to sys-net and use USB Bluetooth device for sys-audio

  • attach built-in Wifi-Bluetooth to sys-audio and use USB Wifi device for sys-net

One thing to consider is that the built-in Wifi-Bluetooth module does not need any drivers installed in order to use the Wifi, but you would need to install a non-free driver in order to use the Bluetooth.

I made a few attempts to get the built-in Bluetooth to work, but I decided to wait and see if anyone else ends up making a good write-up. Bluetooth is not very important to me, but I would be interested in understanding how to use it if the need ever does arise.

Also, I have split my Wifi and Ethernet networking devices into two separate service qubes: sys-net and sys-wifi. You may want to consider whether you want/need your Wifi and Ethernet in the same service qube.

I almost forgot to mention that I use debian-minimal templates for all my service qubes, and you could as well. There is no need for Fedora if you do not want to use it. That is one of the best things about QubesOS: Choice.

1 Like

@dom0, thank you for the info on the mic. I managed to get it working on my comms qube.

The second option you wrote about peaked my interest. I believe in that case I would have to install the Bluetooth binary blob on sys-net, as it is the qube with the “hardware” attached to, and once the USB Bluetooth becames available on Qubes Device manager attach it to sys-audio. Unfortunately, it will be a couple of weeks before I’ll have time to tinker around with that, but I have it on my ToDo list now.

I understand that using non-free binary blob is not a good idea but I’ve become quite attached to my headset. I use it pretty much all the time, as the noise canceling is surprisingly good, making the sound crystal clear. (as you can see I’ve really grown attached to it :smiley: )

I have thought about splitting my WiFi and Ethernet devices, but I plan on adding a sys-vpn qube and in that case I would have to either make 2 of them and connect one to each networking qube or keep switching the networking qube on sys-vpn. Neither option really appeal to me, but I have been thinking about it as I need at least one qube connected in the open (netflix…).

If you don’t mind me asking, why do you pick debian-minimal for your service qubes instead of fedora-minimal? My choice, if it can be called that, was essentially laziness as I left it on the default one.

1 Like

There are a few reasons why I prefer Debian-minimal templates:

  • Debian has fewer updates than Fedora, and so I do not need to change my templates as often.

  • AppVMs based on minimal templates startup and shutdown faster.

  • Debian-minimal templates seem to take up slightly less space than Fedora-minimal templates.

  • I am more familiar with Debian commands.

As for the splitting of Wifi and Ethernet, I made some launcher scripts in my Panel to set any or all firewall and VPN qubes to use either Wifi or Ethernet. This allows me to switch things up on-the-fly, and I can have Whonix through Ethernet and Clearnet or VPN through Wifi, or vice versa. I just wanted to share some ideas, in case you had not considered it yet. There are lots of options available to you.

If you get Bluetooth working, it would be nice if you could share your experience here or in a new post.

1 Like

OK, I know this thread is from August. but everywhere else points me to it as being the “best” sys-audio minimal template setup thread.

I am completely unable to get sys-audio to see my soundcard. Other qubes are sending it sound; I can see the playback trying to happen, but my output is “Dummy Output.” So I think there’s only one missing piece of the puzzle, and that’s the sound card.

sudo alsactl init simply returns alsactl: init:1759: No soundcards found...

The audiovm service is there, the soundcard is properly added as a device to sys-audio.

sudo qvm-start-daemon --all --watch simply says:

sys-audio: GUI connected to dom0. Skipping
sys-audio: AUDIO connected to None. Skipping

Unless I make sys-audio the audiovm of sys-audio, then it reports:

sys-audio: GUI connected to dom0. Skipping.
sys-audio: Starting AUDIO
Loopback vchan connection not supported
libvchan_client_init: No such file or directory

My attempts to “autostart” pulseaudio and the daemon with those desktop files, by the way, failed; pulseaudio has to be manually started, and the daemon may or may not have started. (This time, it didn’t). EDIT–This is fixed

with the exception of alsactl init, all of the alsa commands pointed to in this thread result in command not found, even though they are installed according to apt-get. That is true whether or not I run them as sudo.

I imagine you’ll want more info; please let me know what’s still missing. Thank you in advance.

Also: sudo alsactl restore returns:

alcactl: load_state:1683: Cannot open /var/lib/alsa/asound.state for reading: No such file or directory

I’m beginning to suspect that somehow my alsa stuff isn’t properly installed.

1 Like