These are alternate instructions. I’m going to try to give more specific instructions in this version. Please rip this apart and argue anything that you see wrong with this! Lets make this process better. (and hopefully easier too).
- Make a copy of the debian template (currently called “debian-10”) either by opening settings and selecting “clone” or by doing this in a dom0 terminal:
qvm-copy debian-10 debian-10-print-server
(note: we use debian in order to not install unnecessary binary print drivers) - Launch a terminal for the new debian-10-print-server template and remove “contrib” and “nonfree” from /etc/apt/sources.list (if they are there)
- In a terminal for the new debian-10-print-server run: sudo apt-get update; sudo apt-get install task-print-server
- In the same terminal, run: system-config-printer and set up your printer. (note, do NOT attempt a test page in the template VM, as the template should not have access to the network)
- Note: If you cannot find a driver that will work with your printer, then you may need to find and install a binary driver for your specific printer.
- Shut down the template VM with “sudo poweroff”
- In dom0 type:
- qvm-create --template debian-10-print-server sys-printer --label red
- qvm-prefs sys-printer template_for_dispvms True
- qvm-features sys-printer appmenus-dispvm 1
- Open the settings for sys-printer VM and scope the firewall to your local network (or even just the printers ip). If you do not your local network, adding unroutable addresses 10.0.0.0/8 and 192.168.0.0/16 will probably work
- From the disposable menu, start a disposable sys-printer
- Run torbrowser.
- open a terminal for the torbrowser system and type:
inotifywait -m /home/user/Downloads | while read a b file; do [[ $b == *CREATE* ]] && qvm-move /home/user/Downloads/mozilla.pdf; done - From inside torbrowser, print to “pdf”.
- When the menu pops up, confirm that it is comming from the correct VM, then select your running sys-printer disposable vm
- open a terminal in the running sys-printer disposable vm, and type: lpr QubesIncomming/*/mozilla.pdf
- Now either erase the qube with: sudo poweroff, or if your willing to reuse it, type rm QubesIncomming/*/mozilla.pdf to allow the next printjob.
Possible enhancements:
- we could put a small script in cron that would wait for a mozilla.pdf file to show up, run the lpr command after it does, and then either erase the mozilla.pdf file, or power down the disposable VM. (this would streamline workflow allowing users to not have to open the terminal in the sys-printer disposable VM)
- the inotifywait command could be put in the whonix workstation template with some kind of auto-start?