Hi, all,
Some anxieties can be prevented. The subject of backups and data loss forced me to realize I needed to salt my qubes and backup only the data (as @unman rightly notes). It is faster and most efficient. So I began, timidly and in earnest, to salt my qubes. As a writer and journalist, the data (audio recordings, transcriptions and translations, photos, videos, notes and drafts) are my lifeblood. If one in my position were to lose these, or not secure them, the potential for lawsuits and the harm brought to sources is nearly certain.
Only 5 percent of Qubes users are journalists. I bet we could inch that to 10 percent, and sharing the protections and redundancies afforded by good digital security and online practices through Qubes.
So on the occasion of The Guardian publishing a few salt scripts, Dangerzone coming out of alpha, and on the eve of the Securedrop Workstation general release, I’ve been motivated to follow up on this great discussion with a simple journalist-oriented salt repo and wiki:
It’s a work-in-progress, which I’d like to eventually package for easier installs for journalists and newsroom admins (to include a varient on @unman’s qubes-tasks-gui), but the salt configs have all been tested and are ready, though could certainly use more eyes.
Thanks for reading and sharing. All feedback welcome, desired and appreciated.
Some notes of reference and appreciation:
-
Qubes official salt documentation.
-
Jinja templating docs, all the syntax and semantics of the Jinja templating engine
-
Salt docs on Jinja, they include descriptions of all the built-in filters such as
regex_replace -
A great discussion on incremental backups
-
Qubes configuration management, extensive docs by @gonzalo-bulnes
-
@unman’s notes, a good reference on Salt written by a developer of Qubes OS
-
Salt & Pepper, drkhsh’s configuration for automated template deployments
-
Qubes SaltStack configuration of Videos Playback VM (didatic) by @bruno_schroeder
-
qusal: Salt Formulas for Qubes OS by Ben Grande