i tried to read it and didn’t understand it which means i am probably the sort of user this is intended for
yes, exactly did you read the forum post or the website / documentation? what wasn’t clear enough? I’m eager to make it everything end user friendly.
is there video not on YouTube? i don’t trust their javascripts and even with whonix they try to do so many strange tracking things, i don’t trust them
Thats the spirit. I’m about to create a new one the next days, I’ll add a download link here.
if this is a tool to use pre-made scripts to do things (like do what is in community guide) that is very good
In the end I want you (the enduser) to be able to:
- read the website / documentation / watch a video for like 15 minutes
- then be able to create your own kuhb where you setup a simple config.sh file and then just copy paste the install instructions of your favorite tool into a script and then say
kuhbs create myapp
- install pre-prepared kuhb’s (notice the >'<, one kuhb, two kuhb’s), for example to run firefox, or thunderbird, or split-whatever, or to “spawn” a chain of network VMs with wireguard, apt-cacher-ng, what not
kuhbs has additional features things like backups, upgrades, what not.
one thing i don’t like about in firefox is it’s in all the templates and if click the wrong thing it tries to open firefox which by default has ad partners and telemetry and may be logging things about me
I’d recommend librewolf. If I find people to help me test / work on kuhbs, that would be a kuhbs install librewolf
i wish there were a script to always remove firefox from every template and replace it with librewolf or just refuse to open http links.
If you can do that modification on the command line / in bash, you can build a kuhb for it and publish it
there was also discussion about all the programs in templates and how it would be nice if there was way to automate just saving a list of that. if this program can do that, it’s good.
for beta testing, do you move directory into dom0 and just run /default.sh?
defaults.sh is the main config file: kuhbs Arguments and Commands
The documentation starts with “what is kuhbs” before the installation instructions. I’d recommend to try and read it - if its not clear pls let me know, I’ll see to optimize it. The ideal way to “start” would be just to go to kuhbs.com and “follow the flow” - and ofc report if its not clear.
there’s no hash to check before moving it into dom0, reading all the code and confirming it’s not modified is hard
I think a git clone from github is secure enough for now. I say “read the code” because reading the code is somewhat of a feature of kuhbs. I tried to fill the code with a fair amount of comments so its more easy to read even if you are not into coding.
i don’t like matrix, they don’t protect users enough in some ways
The forum is a very welcome place too. If you pm me I can offer signal as well.
i tried to install sys-audio myself and it didn’t work. it would be nice if there had been .sh script for that
Thats a good usecase for a kuhb.
i would like if qubes had more screen savers.
Thats a good usecase for a tutorial
Sometimes I am creating a public key or private key in a VM. I wish I could store those all in a different way so I’d be less likely to lose them. They aren’t things that are good to lose. There’s a split something in Qubes but I don’t know if it’s for this or how to use it.
i am not sure if this is what this does.
Well kuhbs is not only a “install tool” script, but more of a “setup my qubes from scratch” tool. If a kuhb has backups present, they are automatically restored during kuhbs create mykuhb
.
Split ssh is a VM that stores the (you mean ssh? wireguard? gpg?) private key and if a VM wants access to it, you have to confirm that in dom0 (like when you copy a file to another VM). That has nothing to do with backups or “loosing” the key.
Does this pull scripts from github? Are they imported every time?
You download only the code in the kuhbs repo itself. The code runs in dom0, which has no internet access, and hence it does not download anything.
I want to implement a feature to install kuhb’s other people created, something like: kuhbs install github.com/foobar/my-fancy-kuhb.git
But thats not usable yet.
Does always run in the background like a service?
No, it does not create any systemd services in dom0, its just a BASH script.
Are there any risks in using it and would it increase surface for attack?
So far I am the only one who has read the code. Somebody else should read it, thats why the git repo says in large letters NOT FOR PRODUCTION at the moment.
I would say using kuhbs decreases the risk for the user. It is a better approach for experienced qubes users to define how an application is run on Qubes than it is to try to teach endusers how to do that. Everything kuhbs does can be done in Saltstack, but configuring that is much more complex. Kuhbs aims to be easy to understand.