The Birds eye view:
What is the problem? How to configure your system, both templates and qubes.
Salt enables you to automate the process of creating templates and
qubes, and configure them as you will.
If you record your configuration in salt you can simply recreate part
or all of that system on another Qubes install.
Salt can be complicated, but it can also be extremely simple.
You could do this, (and some people do), by using batch files, which run
qvm commands in dom0. One way in which salt simplifies the process is
because it makes it easy to take different actions depending on the OS
used in the template.
Other: Coreboot/HEADS/Nitrokey, ME neutered and disabled
No, for several reasons:
I distrust and no longer use or support the Whonix project. Update (10/11/21): I would like to take this back, apologize for lazy thinking, and to the Whonix/Kicksecure team for further spreading this guilt-by-association non-sense.
Using the TOR network has become increasingly difficult (captcha’s, tor exit nodes blocked) and using it made me feel icky: I support the TOR project and see the need for it clearly, but I don’t care for the criminals (ab)using it.
The thread scenario I used TOR for can be easily mitigated using a commercial VPN hosted in the EU (hide traffic from US ISP, Employer, Hotel or other Guest WiFi; avoid profiling and targeting of my specific end point with e.g. poisened updates).
VPN, Split GPG, integrated backup, security key
Yes, daily and extensively
Other: I am still using bash scripts for this purpose, because they do all I need at the moment and hence I feel little pressure to migrate.
However, more broadly I wish to learn Salt and use it to provide qube configurations for others (e.g. debian-minimal based ungoogled-chromium, thunderbird/split-GPG, signal, teams, VisualCode qubes etc.)
I generally included only more official and/or officially-documented features in this poll.
I don’t believe it needs to be pinned. It’s not an official survey or anything. I generally believe pins should be used sparingly and that threads should be allowed to live or die on their own merits.
Feel free to make another thread, if you like. That sounds like it would be a considerably more complicated poll, whereas this one is designed to be very simple and straightforward.
I think disposables are close enough to the “core” to be like support for multiple templates, which I also didn’t ask about, because I assume almost all Qubes users use them and that the poll results wouldn’t be very interesting. Regarding unofficial things like “Split-Browser,” see above.
There’s value in a poll being relatively simple and focused. Making a poll too long and trying to include everything can be counterproductive. Besides, it’s mostly just for interest’s sake.
I’d like to see a qubes replacement for xdg-open that would let you open links in the qube of your choice, just like how qvm-copy works.
I run the Zoom app in a dedicated qube and any time I get a link to a meeting I have to manually copy it from the qube running the app where I received it and paste it in a browser running in the zoom qube to join. It’s quite inconvenient.
You do not need a replacement for that. You can use the original xdg-open with a “custom browser”, which just calls qvm-open-in-vm. Something like this: How do I change my default browser? - Ask Ubuntu. This is what I do to open all email links in a disposable VM.
But will this work upon a simple mouse click on the link? This is just a terminal command, which I mentioned too. I combined it with the “custom browser” allowing to avoid constant use of the terminal.
You’d have to make a simple (one-line) script that uses a command like this, then set your email client to use that script for hyperlinks. It’s very similar to the option you suggested, but you don’t have to use xdg-open or set it as the default browser for the entire qube.