My question is more theoretical, topical, and discussion-based than technical. However, if someone happens to have the technical solution to what I’m proposing, I would LOVE to hear/see it.
So I’m fairly new to Qubes. I’ve been experimenting with it. I love it. So far, I’ve experimented with templates and I’ve even loaded Windows 10 in one of the Qubes which leads me to my question:
So I had to load the template with sys-firewall inside of my Windows 10 Qube, and it worked flawlessly. However, there other elements within the Windows 10 Qube that I’m still working out and configuring; such as usb, sound, video, etc. I know that there are parts of this forum that discuss the set up and show the terminal codes, etc. That’s great, but the whole process got me thinking:
Since there is only ONE template where you can load sys-firewall instead of multiple templates to integrate other Qubes (such as sys-usb, maybe even ones named sys-sound or sys-video, etc.), Is there a way you can make an all-in-one Qube template that has firewall, usb, sound, video, all integrated that would aid the process of loading these elements into a Qube with a different OS?
Welcome to Qubes OS! It is hard to follow and understand your setup.
Can you clarify with more details, please?
sys-firewall is just a name. You can create multiple VMs that function as a firewall. You can have debian-based firewalls, fedora-based firewalls, etc.
Official guidance for VPN setup actually recommends layered firewall VMs to better apply firewall rules.
From a theoretical and discussion-based perspective, it is an interesting idea to have an all-in-one Qube template that includes multiple sys-VMs such as sys-firewall, sys-usb, sys-sound, and sys-video. This could potentially simplify the process of setting up and configuring Qubes OS, especially for users who are new to the system.
However, there are several technical challenges that would need to be overcome to implement such a solution.
One of the key challenges is ensuring that the different sys-VMs in the all-in-one template do not conflict with each other or with the VMs that use them.
Another challenge is ensuring that the all-in-one template remains secure and isolated from other VMs on the system.
For example, if you want to use a different sound card or video card in a specific VM, the all-in-one template would need to be able to accommodate these changes without affecting other VMs.
However, you can certainly configure and customize your templates and Qubes to suit your needs. You can follow the discussions and terminal codes available in the forum or documentation to set up USB, sound, video, and other functionalities within your Qubes. It may require some technical know-how and careful configuration to ensure proper isolation and security.
Hello Mr.X
I’m somewhat confused by your question, and by some of the things you
say. (What does “I had to load the template with sys-firewall inside of
my Windows 10 Qube” mean?; “there is only ONE template where you can
load sys-firewall”??)
You can already make a single template that provides all the features
you want. ( The default main templates, debian-11 and fedora-37) both
have the capability to provide firewall, usb.)
You take the existing template, and install the necessary packages for
the service you want.
Most Qubes services are dependent on them being enabled on the system in
individual qubes, or attaching devices.
So you can use a “maxed out” template for a qube that does not provide
network to other qubes. You can use it for qubes without being worried
about interactions with USB devices. etc. etc.
But you can use the same template for a qube that provides network,
and acts as firewall. You can use the same template for sys-usb.
You can use the same template for your “sys-sound” or “sys-video”.
That’s the way Qubes works.
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
Thank you all for your responses. To quickly clarify, Qubes comes with separate VMs such as sys-usb, sys-firewall, etc. When I was setting up Windows 10 in Qubes, it only allowed ONE template for internet access (sys-firewall). The rest such as usb, etc., I’ll have to configure through the terminal.
That’s what got me thinking of creating an all-in-one Qube template to simply “lock-&-load” into another template (like Windows 10). It would, theoretically, not just bring in internet access but also usb, sound card, video card configurations all at once; killing all of these birds with one stone (template).
It sounds as if that is possible but that it would require a bit of work. That being said, I am having fun with these challenges! Again, thank you all for your input and expertise. Much appreciated.
Part of the confusion is due to misuse of the term template.
sys-firewall is not a template. It’s a service qube and a net qube. By contrast, templates are intended for installing and updating software applications, but not for running them. You can learn more about templates here.
Another part of the confusion might be a misconception that you have to “configure [USB] through the terminal.” This is usually handled through the USB qube, which is usually created automatically. See how to use USB devices.
