Forcing changes to the monitor resolution of your second display to persist (IE not vanish after every reboot)
For whatever reason I found my second monitor wouldn’t stay on my preferred resolution after restarts. I’m not sure if this is by design or because I’m reluctant to let my XFCE sessions save on shutdown. In anycase the solution is straightforward.
Instructions
Open System Tools → Display
Configure your displays to how you want them, apply
Click the advanced tab
Use the little + page button under profiles to make a new profile.
Press the little download(ish) button under profiles to make sure your current settings are applied to your profile
Under connecting displays toggle on “configure new displays when connected” and “automatically enable profiles when new display is connected”.
How to change your machine to a static local IP address
Instructions
Right click the icon for the network manager applet in your notification area at the top right corner of your screen. (Assuming you haven’t moved your panel.)
Click edit connections, then select and edit the connection you want static by using the cog button.
Go to the IPv4 settings tab
Change method to manual
Add a new address with the ip address you want, your routers ip address for gateway and 24 for Netmask. (Other netmask values might be more appropriate, I just know 24 is a good fit for my router.)
Unlike in Linux Mint (which uses the same network manager) this tab needs to have a DNS server specified to work. Just make it the same as your gateway, or Googles DNS if you don’t trust your ISP to be competent.
Save and close the windows.
Toggle enable networking on and off via right clicking the network manager applet.
How to get Tutanota working in a fedora-36-minimal qube
I initially spent a very long time trying to get the Tutanota flatpak working (which is officially supported, albeit reluctantly.) However try as I might I couldn’t get it to play nice with gnome-keyring. Even with seahorse and gnome-keyring-pam installed it couldn’t store both its keys in any keyring. I think this is more of an issue with the current flatpak then my setup, so I’ve been forced to fall back to the publisher-recommended AppImage instead. But the AppImage autoupdates quite nicely, so its no great loss.
Use “Qubes Update” and “Enable update for qubes without known available updates” to update your new minimal template.
Clone/rename the minimal template using “Qube Manager”
launch a root teminal for the template using “Terminal Emulator” qvm-run -u root [TEMPLATE NAME] xterm
In the newly opened xterm terminal install gnome keyring and the qubes networking agent. (And optionally notification daemon): sudo dnf install gnome-keyring sudo dnf install qubes-core-agent-networking sudo dnf install notification-daemon (Only required if you want to see notifications from Tutanota)
Close your terminals and shut down your template qube using “Qube Manager”
Make a new AppVM qube which uses your new template using “Qube Manager”
In whatever qube you use for internet browsing download the Tutanota appimage from their official website.
Open your file browser, right click the downloaded appimage and use “Copy to Other AppVM” to send the appimage to the AppVM you just created.
Run terminal (Xterm) in your new AppVM
Running your applications from inside the “Qubes Incoming” folder strikes me as a bad idea, so move your AppImage into home
Close your current terminal and launch a root teminal from dom0 (Termimal Emulator) for your app vm qvm-run -u root [APPVM-NAME] xterm
Make the appimage executable sudo chmod +x /home/user/tutanota-desktop-linux.AppImage
Close the root terminal you launched (and dom0 which launched it) then open a normal instance of xterminal in your appvm
Run the app image ./tutanota-desktop-linux.AppImage
In the “Choose password for new keyring” window that opens, leave both the password and confirm fields empty and click continue
In the “Store passwords unencrypted” window click continue. (IMO there’s no harm in this, you have to unlock the keychain to use it even if it is unencrypted, at which point your login token would be just as vulnerable to exploits in the tutanota app as it is via the unencrypted approach. By default in qubes your entire-OS should be encrypted and be utilized by a single user, so encrypting that token is fairly pointless in our case. If you do choose to encrypt it you’ll have to unlock the keychain every first app launch in the qube session, which will suck.)
In the desktop integration window tick don’t ask again for this file and click yes
In “Qube Manager” open the settings for you new app qube, refresh its applications. Tutanota Desktop should now be available there.
While you’re in settings consider increasing your private storage max size to accommodate your inbox.
You should now be able to launch a working version of Tutanota.
Use “Qubes Update” and “Enable update for qubes without known available updates” to update your new minimal template.
Clone/rename the minimal template using “Qube Manager”
launch a root teminal for the template using “Terminal Emulator” qvm-run -u root [TEMPLATE NAME] xterm
In the newly opened xterm terminal install gnome keyring,qubes networking agent and pulseaudio. (And optionally notification daemon): sudo dnf install gnome-keyring sudo dnf install qubes-core-agent-networking sudo dnf install pulseaudio-qubes –allowerasing (You need to let it erase the stuff already there blocking the install) sudo dnf install notification-daemon (Only required if you want to see notifications from discord)
Close your terminals and shut down your template qube using “Qube Manager”
Make a new appVM (that uses the template you just made), increase its private storage max size to 3 gb.
Refresh applications using your appVm’s settings in Qube Manager, add discord to your selected apps.
Launch discord
Assign your mic to your appvm in qubes devices toolbar widget
In dom0 “audio mixer” / “Volume control” make sure Port in input device is set correctly and you can see the bottom line moving up and down as you talk. Then in recording tab make sure your app is set to built-in audio analogue stereo (assuming you’re using an audio jack.).
You should now be good to go, you’ll have to repeat steps 16 and 17 most times you launch discord.
If you want to get discord to automatically install flatpak updates pre-launch (rather then relying on you to check and install them manually,) then also do the following:
copy /home/user/.local/share/flatpak/app/com.discordapp.Discord/x86_64/stable/active/export/share/applications/com.discordapp.Discord.desktop to /usr/share/applications
Rename it update-then-discord.desktop
open the .desktop file and change its name line to “Update Then Discord”
edit the exec line so it’s
sh -c "flatpak update -y; /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=discord com.discordapp.Discord"
refresh applications, replace discord with Update Then Discord
Install it the same way you’d install anything on a mimial template.
Edit: /usr/share/polkit-1/actions/org.zulucrypt.zulupolkit.policy (you’ll need root)
Change <allow_active>auth_admin</allow_active> to <allow_active>yes</allow_active>
I’ve also had a issues trying to open veracrypt files with image keyfiles which I resolved by removing their keyfile requirements, just worth noting in the unlikely case that somebody else runs into the same problem.
Edit /user/share/applications/org.gnome.Nautilus.desktop inside your qube which launches Nautilus.
Add your desired “launch folder” to the end of the “Exec=” line.
(E.g. nautilus /home/user/temp)
Change “DBusActivatable=true” to “DBusActivatable=false
Unfortunately this will also result in the Qubes domain Open File Manager option from the toolbar/panel opening two windows, I haven’t figured out how to solve this one yet.
Hello, first of all, great guides, I’m sure a number of users will benefit greatly from clear instructions.
I’d like to make a few comments if you don’t mind:
1 - Wouldn’t it be better to have these split up in separate, more easily searchable, threads? Perhaps @deeplow can help with that. Splitting them could also be beneficial when questions about the various guides start popping up.
2 - To edit files with an editor when sudo privileges are required, it’s actually preferred to use sudoedit. You may have to set the SUDO_EDITOR variable if you want to change your editor to, let’s say nano. This can easily be done by adding the variable to /etc/environment.
Read more about sudoedit here: sudoedit(8) - Linux manual page
3 - In this case it’s preferred to remove the rhgb parameter from /etc/default/grub and then regenerate the grub configuration file:
1- Given how many of these I have I figured posting in different threads would be more like some kind of horrific spam attack. I’ll also probably stand a better chance of maintaining these if there all in one place. But I admit its not ideal. For now I’m going to keep going before I loose my flow, but I’m open to reformatting in the future when I have time.
2 & 3 - Good points, I’ll try and incorporate them in my post at some point, but its gonna take some thought and I gotta finish my list first.
Sidenote: Startpage is, as you might expect given its name, a pretty good startpage. It provides a URL based (no cookies required) way to set your preferences you can manipulate without having to take firefox online (Startpage - Private Search Engine. No Tracking. No Search History.). Its the best solution for a homepage I’ve found so far since firefox gives you no way to disable “pocket” from its homepage without first going online.
How to make a minimal fedora printing qube for an espon printer without downloading drivers from the manufacturer or exposing its TemplateVM to any network
In my case this was for a Epson Workforce WF-2750. There’s a decent chance this approach won’t work for newer espon printers due to their closed source drivers.
(In dom0 terminal) sudo qubes-dom0-update qubes-template-fedora-36-minimal. This will download a fresh minimal template.
run “Qubes Update”, enable updates for qubes without known avalible updates, and update fedora-36-minimal
rename fedora-36-minimal to fedora-36-minimal-printing in Qube Manager
(In dom0 terminal) qvm-run -u root fedora-36-minimal-printing xterm
A new xterm will open, run the following installation commands in it:
1. sudo dnf install qubes-core-agent-networking
2. sudo dnf install qpdfview-qt5 (so you can find and open docs printed as pdf and sent over from other qubes.)
3. sudo dnf install system-config-printer
4. sudo dnf install cups
5. sudo dnf install epson-inkjet-printer-escpr
6. sudo dnf install epson-inkjet-printer-escpr2 (Optional, may make some newer epson printers work if the previous package didn’t)
7. close the terminal and shut down the qube (its needs restarting to get the cups services running)
qvm-run -u root fedora-36-minimal-printing xterm again to start the template back up, type sudo system-config-printer
(needs to run as root or you’ll get admin prompts you can’t pass)
In print settings app:
1. click the add button
2. open network printer
3. click LPD/LPR Host or Printer
4. type your printers ip address into Host (You can get this from your router’s browser interface)
5. click forward
6. click Epson
7. Select your printer make and click forward
8. Assuming you’re happy with the names, click apply
9. Click cancel (IE don’t print a test page)
10. (optional) adjust your printer’s properties - > printer options so “Media size” is set to whatever your printers normal paper size is. Set any other default settings you desire while you’re there.
Create a new qube called “printing” in qubes manager. (AppVM, fedora-36-minimal-printing, sys-firewall)
(more secure, but optional) Change your new qubes settings so its marked as a disposable template and has a firewall rule limiting outgoing connections to your printer’s ip address. Add print settings and qpdfview to its applications.
(optional) Change the default disposible template in which ever qube you do your printing from to your printing qube so you can quickly send your “printed” pdfs to it via right click “view in disposibleVM”
How to get Intellij Ultimate (Snap store) to work in Qubes OS
Instructions
Follow the official Qubes OS instructions here for downloading applications off the snap store: How to install software | Qubes OS
Except for step 2 you need to use: sudo snap install intellij-idea-ultimate --classic
Afterwards intelliji will be installed and visible, but running it will not launch anything.
Copy
/var/lib/snapd/desktop/applications/intellij-idea-ultimate_intellij-idea-ultimate.desktop
to
/home/user/.local/share/applications/
Rename the file . Eg “tweaked-intellij-idea-ultimate.desktop”
Edit .desktop, change the “Name” field to something else, eg “Tweaked Intellij Idea Ultimate”
change the exec field to Exec=snap run intellij-idea-ultimate
in qube manager refresh this qubes applications and add “Tweaked IntelliJ Idea Ultimate” or whatever you called it.
Change System Tools > Mouse and Touchpad > Theme >Cursor Size. (So your mouse cursor is adjusted like everything else.)
If desired play with your Xfce panel settings to tweak spacing (using separators), sizes and icon sizes/layout within items.
Sidenote: I was aiming for x2 UI resolution and ended up setting my dpi to 192 everywhere and setting mouse cursor size to 48. This isn’t perfect x2 because the spaces between UI elements aren’t always increased, but its entirely usable and quite pretty.
If you also want Intellij Ultimate working at x2 on 4k:
Within Intellij go to Settings > Appearance and Behaviour > Appearance > Use custom font
Be careful, launching firefox in your DispVM-Template is not recommended, since it’ll create a permanent profile that will be subject to profile fingerprinting.
The recommended approach is to create a policies.json file in your TemplateVM that will be used to customize new firefox profiles.
If your Dom0 taskbar/panel seems inexplicably immune to the changes impacting the rest of your Dom0 UI its probably because you didn’t have “save session for future logins” ticked as you logout/restart/shutdown. (So if you’ve previously disabled this via “session and startup” that’s why it isn’t working.) You only need to tick “save session for future logins” once after your change, you can untick it afterwards if you don’t like letting your session save.
Fedora 36 minimal
Changes in Fedora 36 seemingly broke most of the tricks in Anon81475885’s guide so we have to go rogue at this point.
Open a terminal in your AppVM and type: gsettings set org.gnome.desktop.interface color-scheme "prefer-dark"
(That’ll sort out libreoffice, nautilus/files and standard gnome apps like calculator.)
Then create ~/.config/gtk-3.0/settings.ini and make sure it includes:
[Settings]
gtk-application-prefer-dark-theme=1
(That’ll sort out GTK3 apps like xed )
Open a root terminal in your TemplateVM and type: sudo dnf install adwaita-qt5
Then edit your template’s /etc/environment file to include: QT_STYLE_OVERRIDE=adwaita-dark
(That’ll sort out QT5 apps like qpdfview, but they’ll frequently be missing icons – sorry I don’t have a solution for this yet.)
Eeek, good catch! I’ve put a big warning on my post for now, i’ll revisit it or delete it in the future. I’ve been tidying up weeks of notes most the day and I need a break from my own scribblings.
I’m going to appeal for help with something completely unrelated elseware on the forum and call it a day. Thanks for the feedback, please keep it coming if you spot any more issues!
Thanks for sharing notes with us.The others might consider customizing default Firefox this way, not messing with opening it in any template.
Setting non-existing search engine as the default in Firefox can be found in the last post is in the topic from my quote and it’s basically the same you pointed to.
)