I didn’t mean advanced in terms of “they require some knowledge and are tricky to set up” but more in the “they are something for people who want to tweak their Qubes even further” way.
I wanted to write that I do indeed like the idea of having them as a configuration option, just like you can currently decide if you want to have a vault VM or a USB VM. But the longer I think about this, the more I doubt it’s easily feasible.
- Which VM should be the default GPG client domain? The mail VM?
- What if a user wants to use GPG somewhere else, e.g., in a work VM to encrypt some files?
- What if a user has more than one mail VM, one for work and one for private use?
- Same holds for SSH. Should only one appVM be the pre-defined SSH client? What if a user wants to use split-SSH in multiple domains?
- What if a user creates several VMs after the first installation, should they be auto-configured?
- Which should be the VM where SSH and PGP keys are stored? All in one single vault VM, as I decided for my personal use case? Or should Qubes, as an OS with reasonable security in mind, propose to create three different vault VMs? They would all need to be running, possibly at the same time and increase the performance required to have an optimal Qubes experience.
There’s soo many options which the Qubes installer can’t simply decide for the user. Neither can it all ask them, because people would drop out of using Qubes before they even get started if they see so many questions they don’t even understand.
All in all, I think the situation with split-GPG is the best we can do.
I just skimmed the official documentation on it. Official packages for both the template VM and dom0 take over most of the manual steps currently required for split-SSH. Everything else that still needs a manual choice of the user (“which VM should be your GPG/SSH backend”?) is clearly documented.
If we could get split-SSH at the same level, I think most user interested in using it could get it started.
The installation guide in the official documentation could maybe get a section “Advanced configurations” at the end (there already is a “Next steps” section anyway).
Regarding installation guides I always liked the Arch Linux wiki and their installation guide. Here’s you to a basic working operating system and has lots of cross-links to other interesting topics for further configuration.