Setup Python Development Environment with Qubes

User Support General
1

I want a development environment that can

  1. Run Jetbrain’s PyCharm IDE
  2. Install python libraries with Anaconda (conda install numpy...)
  3. Push commits to github
  4. Build and read Sphinx documentation

I want to avoid:

  1. Jetbrain’s telemetry
  2. Compromised libraries from Anaconda stealing data from me
  3. Someone impersonates me and interacts with my github repositories.

I am thinking about:

  1. Qube A: PyCharm, firefox, anaconda, no internet, git. Qube A is the development environment. qvm-copy the code to Qube C.
  2. Qube B: anaconda, internet. Qubes B would manage anaconda environments and qvm-copy them to Qube A. The firewall only allows downloading python libraries with anaconda.
  3. Qube C: xterm, git, qubes-gpg-split, internet. Qube C enables git push. The firewall only allows pushing commits to github. Qube C also has the ssh key for pushing to github.
  4. Qube C-gpg. This qube is for split-gpg with subkey

Is there a better way?

2 Likes
2

Bump. I looking for recommendations on this important topic

1 Like
3

Unless you have the exact same requirements as the original poster open a new topic following the template of this one but with your personal use case. And even if you were sharing the same concerns, please provide us your current conclusions because some things changed since 2022, like you have can also split-ssh…

Either way, I won’t be very helpful as I don’t share the original poster’s concerns and my current process is to have:

  1. an AppVM with the IDE configured, serving as a model.
  2. a lot of qubes, one for each git repository (or collections of repos) that I clone from the first model qube. Ideally each qube is linked to a unique account on a git server, containing its ssh key, etc.
1 Like