Setup Python Development Environment with Qubes

I want a development environment that can

  1. Run Jetbrain’s PyCharm IDE
  2. Install python libraries with Anaconda (conda install numpy...)
  3. Push commits to github
  4. Build and read Sphinx documentation

I want to avoid:

  1. Jetbrain’s telemetry
  2. Compromised libraries from Anaconda stealing data from me
  3. Someone impersonates me and interacts with my github repositories.

I am thinking about:

  1. Qube A: PyCharm, firefox, anaconda, no internet, git. Qube A is the development environment. qvm-copy the code to Qube C.
  2. Qube B: anaconda, internet. Qubes B would manage anaconda environments and qvm-copy them to Qube A. The firewall only allows downloading python libraries with anaconda.
  3. Qube C: xterm, git, qubes-gpg-split, internet. Qube C enables git push. The firewall only allows pushing commits to github. Qube C also has the ssh key for pushing to github.
  4. Qube C-gpg. This qube is for split-gpg with subkey

Is there a better way?

1 Like