Is there some script for dom0 that adds file automatic transference functionality between qubes?
for example I have a qube connected to the internet and a qube that is air gaped I want to make a two folders in the internet connected qube one of them move the files completely to the other qube and the other folder copy the file to the other qube.
Please clarify any security concerns that may be involved and how to prevent them if possible also I think this process should be one way for security reasons.
If so, I would use syncthing + ConnectTCP rpc call to connect the two qubes to each other.
The risks I can imagine (independently from the implementation):
the chosen method to sync may expose the air gapped qube in some way because it is bi-directional, it has to be exposed at some point (even if it’s just a TCP port for running a service or opening a SSH session to run rsync through a vchan)
there are availability and integrity risks because if the connected qube is compromised and the files are getting deleted/corrupted, these changes will be synced to the other qube
I did not get it completely. Do you mean that this is the only available method and it could only made through network, and it is inherently bi-directional (two way sync is beneficial, by the way one direction would be enough for me)?
I understand you want directory in qube A (connected to the internet) to be synced with the same directory in qube B, so if you make a change in A or B they stay identical, right? If so, it’s a bi-directional sync.
If you just want to qube A to make a copy of the directory to qube B and overwrite all changes if any, it’s a different story, it’s easier.
I think that using the word synchronization was misleading maybe I misunderstood what it means, but I remember that I used syncthing long time ago for my windows and mobile and I remember there was one direction sync option.
I have updated the title so it is more clear and I will clarify below.
What I want an arbitrary folder in a qube whenever I put a file in it, then it is copied or moved to another arbitrary folder in an other qube.
Just dom0 is watching the change in a folder in another qube somehow maybe by doing some iteration to know if a new file is added then use qvm-copy or qvm-move on its own.
I want it to be configurable whether the folder will move the file from the source to destination or copy the file from source to destination and overwrite if the file changed, I want it completely offline and internal to Qubes OS depending on the copy and move functionality.
I mentioned that the first qube is connected to a network and the other is offline as I am aware that it would compromise both qubes if both where online, the offline qube is just a vault where my important/personal files and there and the file transference only happens automatically from the first qube to the vault.
I do not want a globally shared folder I think the above comment clarified exactly what I want. (between two specific qubes i.e.: personal and vault and also one way would be sufficient for my needs)
The linked discussion goes into many details, which are still relevant here. Also “global” is a bit misleading, as they do not discuss something accessible from all qubes.
I use syncthing and rsync between qubes, over qrexec. Both can run
one-way and neither requires networking between the qubes.
There is mention of this in various forum posts.
You can see the implementation salted here in the share
and syncthing directories. If you want a packaged option look here for a
syncthing package which will install a syncthing qube, and also set up
qrexec and the relevant policy.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
I would create a script in dom0 cron that wakes up periodically and uses qvm-block to prepare and attach a small block device to the networked vm, use qvm-run to copy files to it from your networked directory, dismount that volume and then attach it to the offline VM, and copy off of it the files that you want there. This could be a physical device or a loop device that gets cleansed after each iteration.