Dumb question - but some new Qubes I create go under “Service” and some under “Domains”? Sorry for such a basic question but I did not see where this option is specified and if there is some kind of hierarchy there? Are “Service” qubes supposed to “run in the background” or something?
Service Virtual Machine. A VM the primary purpose of which is to provide a service or services to other VMs. NetVMs and ProxyVMs are examples of ServiceVMs.
By the way, sys-usb should also be a service VM, but it shows up as “Domain” for me.
Right - I get the glossary definition but where do you even elect the Qube to be a service? I missed that
1 Like
Just tried to switch on “Provides network” for my sys-usb, and now it is a “Service VM”.
Dumb question - but some new Qubes I create go under “Service” and
some under “Domains”? Sorry for such a basic question but I did not
see where this option is specified and if there is some kind of
hierarchy there?
No worries, that’s what this category is for.
Are “Service” qubes supposed to “run in the background” or
something?
Where do you see this? Can you share a bit more detail how you arrived
at this impression?
In general:
There are
- templates
- AppVMs (can be ProxyVMs or DispVM templates)
- DispVMs
some AppVMs have a special job, like sys-net, sys-usb and sys-firewall.
These are AppVMs that provide services (network or usb proxy). But all
AppVMs can provide services, they are just named sys- to make their
function in the context obvious.
Naming gets confusing and is often discussed. Sometimes domain, qube and
VM get used interchangeably but there are some who see differences
between a domain and a qube/vm. Not sure what that difference is though,
except for a philosophical way of looking at it.
Like I have compartmentalized my setup into different domains “private”
(yellow), “work” (orange), “system” (gray), “disposable” (red), but each
of those categories/domains has many qubes/VMs.
The only context in which I see “service” is within each qube.
Is that what you mean?
In the Applications menu, you can see which qubes are “Domains” and which are “Services”. This is obviously defined automatically somewhere. Where exactly? Can we change it for every qube?
In the Applications menu, you can see which qubes are “Domains” and
which are “Services”. This is obviously defined automatically
somewhere. Where exactly? Can we change it for every qube?
Oh wow. I never saw that before.
During the first 3+ years of Qubes OS usage I was on i3/dmenu. But mid
last year I switched to XFCE, but with Whisker Menu and I just type what
I want (kind of like dmenu).
Yes, this is what I was trying to figure out - I am trying to setup a Trezor USB device and I cant quite get the Qube to “see” the USB so I thought maybe it has something to do with the configuration of the Qubes…
So for example Trezor wiki talks about
You only have to install the Trezor Bridge and Udev rules in the sys-usb service VM, and not in every AppVM where you want to use the device
but first of all my Sys-USB is a “domain” not a service. It does not have networking - so does it even make sense to edit Udev rules in that Qube?
I should have been a little more clear here. I guess I thought if one Qube is going to provide other Qubes some kind of service, you probably want it to be running, at least as long as you typically run the Qube(s) who receives said services. And you may want to have that Qube a little more discreet than the Qubes you typically work in. In a more conventional OS like Windows, if you are trying to provide some kind of service (like an always on antivirus) I think you would therefore run that service provider (in this case just AV software) “in the background” so it doesn’t really clutter up your operations but is still working.
The menu decides whether to show a qube as ‘service’ based on the provides_network property. See also this discussion.
1 Like