Introduction

This guide explains how to make sys-net a non disposable qube, this can be helpful if you want sys-net to remember about network settings in a simple manner.

The plan is to delete sys-net qube to recreate it as a non disposable qube. As sys-net can not be stopped if sys-firewall is running, and sys-firewall can not be stopped as long as a qube using it as a netvm is up (every qubes doing network by default), so the process requires some work.

Setup

• stop all qubes using networking
• stop sys-firewall
• stop sys-net
• open Qubes Manager
• set sys-firewall network to none
• open sys-net settings, check the “devices” tabs and write down the numbers of each lines in the right colums, this is the internal address of network devices attached to sys-net, it should look like hexadecimal numbers with 5 digits (i.e. 00:14.3 or 2e:00.4)
• rename sys-net (in case you need to restore it)
• create a new qube named sys-net
  • name: sys-net
  • type: AppVM
  • template: whatever you want to use
  • networking: none
  • check “launch settings after creation”
  • click on “OK”
• in Advanced tab
  • on “mode” choose HVM
  • check “Provides network”
• in “Devices”, add the network devices
• in “Services” tab, add “clocksync” service
• Apply changes and exit the settings window
• Start sys-net
• Edit sys-firewall and set sys-net as its netvm
• Enjoy

Sys-net usually includes ‘qubes-network’ and ‘network-manager’ services by default. Aren’t they necessary? If not, why are they added by default?

I find absolutley no reason to follow this guide and not run Salt command qubesctl state.apply qvm.sys-net mentioned by @unman here

If it works, this guide is indeed useless.

Doesn’t it? This is actually what Qubes OS itself uses on initial installation, how can it not work?

Could you try to recreate your sys-net with that command?

I did. It works. You only need to delete current sys-net first. Cloning it first (if it was not DispVM) is recommended.

Does it create sys-net disposable or not disposable? Which template is it using?

The first four steps can be simplified into two:

1. Open Qubes Manager.
2. Shut down sys-net.

All qubes that need to be stopped will shut down automatically.

There is a pillar to configure this: qvm:sys-net:disposable, if not defined it’s false.

Refer to /srv/formulas/base/virtual-machines-formula/qvm/sys-net.sls.

This is what I just did

This is why I posted a reply on How to Create New Sys-net? that @FranklyFlawless for some reason moved it to Convert Sys-net to DisposableVM?

The reply is asking for a certainly trivial knowledge: How to pass “disposable:true” to the command? I’m sure many people know how. I searched but could not find how.

It’s not useless, but it is complicated for most users to follow, and
allows for significant error and confusion.
Whereas salting is a one liner - two if you want to change from
disposable to non-disposable, or vice versa.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

I totally agree. I will update the guide to explain how to reset sys-net to being disposable or not, explaining the process using the dom0 qube invoking salt.

Do you know if you need to stop sys-net and all the qubes with network when running this command?

Also, you really don’t need to stop qubes.

Go into the settings for sys-firewall and change its net vm to none. You can do this without stopping any qubes. Of course every qube connected to the internet will now find its connection interrupted but it will be restored soon.

Then switch it back once the new sys-net is running.

what about the old one?
We need to rename the old one before executing this command right?

Or delete it.

I actually clone sys-net to sys-net-temp, then sys-firewall’s net qube to none, then shut down sys-net, then start sys-net-temp, then set sys-firewall’s net qube to sys-net-temp. I can then delete sys-net and build a new one, and reverse this process. (Actually I have to clone the whole “stack”: template, appvm, and named disposable [if I have one], and delete all of them.)

That’s a complicated process but has to be done that way if I want almost uninterruped connectivity, since only one qube can access the networking hardware at a time (at least on my system). Alternatively if I’m willing to have a long outage (which could happen if sys-net fails to build for some reason), I could do: set sys-firewall’s net qube to none, delete sys-net, rebuild sys-net, set sys-firewall’s net qube back to sys-net.

I think a safer and simpler approach is to just rename it. This keeps outage time minimal, and if the creation process fails, you can easily revert by renaming the original ‘sys-net’ back, no harm done.