Pretty much what i thought! It is quite powerful, but does not offer enough granularity for the thing i am working on, without some workarounds.
If you want to play with AdminVMs and the API, best start here. I wasted so much time…
Yup, QubesAir. The last big step towards that came with the gui-vm in 4.1.
If you don’t need gui stuff you can do that now, but some parts are still missing like the operator API for some more advanced and granular policing.
I meant my ~/.config and any other user space modification i use, so i can sync my many VMs to be the same.