Hello!
I am new to qubesos, but have used linux (mainly debian and linux mint) for many years, although I am in no way an advanced user. I am running qubesos on a thinkpad l15 without any problems at all. I have setup the qubes I want and everything is working perfectly. But, as each appvm is limited to 20gb, and some of the appvm’s will have to share files constantly (eg personal apps and personal web) I don’t really quite know how I should go about setting this up.
My ssd is 1tb, and I would like 500gb to be bulk storage to share between some qubes. I have read the qubes manual about blocks, but it was all about using external usb devices. I was thinking that I could make a standalone vm and ssh it into various other qubes as a server, but I am sure there would be a performance and resource penalty in doing that. Another idea was to reinstall qubes on a 500gb partition and leave another 500gb partition and try and use that as a block device somehow, but then the boot wouldn’t be secure. I know making a 500gb img file on dom0 is a VERY bad idea, even though it would probably be quite resource efficient.
So right now I am at a loss of how to approach this.
Any help would be greatly appreciated and I have found using qubesos to be a great experience, not just for security, but also for the ability to multitask in ways that fit my workflow better.
Hi http, welcome to Qubes.
There isnt a restriction on the size of the private storage in each qube -
you can adjust this on the fly from the Settings Windows.
You can find various posts on the subject of shared storage. You can
create a qube as a storage qube, and there’s no reason why you shouldn’t
use ssh to access it from other qubes. There’s little overhead except
for the set-up. You can also use ssh over qrexec to link qubes instead
of using networking. This also provides possibility of using policies to
control interactions between qubes.
You could also set that qube up as a “network” server using some other
protocol. Again pass data using qrexec rather than through Qubes
networking.
Depending on what the data is, and how you expect to use it between
different qubes, you might also consider using rsync or syncthing to
share data between qubes. This means that you would have copies of the
data which may or may not fit with your requirements.Without knowing
more about that it’s difficult to give further advice.
I’d prefer any of these solutions to using a large block device.
One thing I would say is that with Qubes it’s easy to set up some thing
and then change it if it doesn’t fit your needs. In some cases it’s a
matter of changing the template while the private storage data remains
unchanged.
You could look at my notes for
ideas on implementation.
If you want some help on a specific approach, just ask.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
thank you for the reply! that sounds like a great idea and I will try that tomorrow. I have never setup a ssh server before but I do understand the overall idea, and your notes help a lot. I have also just realised that yes, there is no 20gb limit on the appvm. I was getting confused by the system 20gb limit. I mainly want it as a way to share files between web personal appvm, and apps personal appvm, so I can easily send and receive documents and other files via email and download eg receive a document in email on thunderbird in web personal appvm, and easily open it in openoffice in apps personal appvm (by saving it to the ssh server). This definitely seems like the best option and I will let you know how it goes.
Thank again!
unman, I have tried following your notes but have a problem with the cp qubes.ssh /etc/qubes-rpc command. I have no idea where the qubes.ssh file is and I am just getting - cp: cannot stat ‘qubes.ssh’: No such file or directory.
Yes definitely if the attachment is suspect. But I am thinking more of the general stuff where I need to write documents for work and send and receive the documents via email and save them in directories. Or even if I completely separate the personal web appvm, I would still want to freely distribute files between the storage-vm and the personal apps vm. I guess the most secure method would be to setup the ssh storage-vm to link with the personal apps vm, and then just move files with qvm-copy/qvm-move to the web-personal appvm.
