Tool: Simple Set-up of New Qubes and Software

General Discussion
225

I’m finally announcing that tasks are available for 4.2.
You can read details here

These are packages that you can install which will create and configure
templates and qubes for specific purposes. All are based on debian-12
templates, usually the minimal template.

There’s a CLI and the same ugly GUI. I recommend running the GUI because
these tools are supposed to take away the reliance on command line use
in dom0. (It also has the advantage of giving some feedback while the
templates are installed and configured.)

What’s here?

Among the task packages so far:

  • cacher - a caching proxy. If you clone a template this will cache the downloaded packages on updates, to reduce the bandwidth/time pain of having multiple templates trying to grab the same packages.
  • pihole - installs and configures a pihole qube, which helps to block advertisements and internet trackers
  • syncthing - a syncthing qube, and a syncthing service. You can syncthing files between qubes and/or use syncthing with external machines.
  • multimedia - creates a media qube which is intended to store media files, and an associated disposable multimedia qube to play the files. So you can (relatively) safely download stuff and store it in media, while viewing or using in the disposable.
  • Mullvad - thanks to the good folk at Mullvad, creates a sys-mullvad qube where you can configure the VPN for use in attached qubes. Also creates a disposable template so you can use disposables with the Mullvad browser, and/or use a VPN just in that disposable.
  • Proton VPN - a qube to use Proton VPN
  • sys-vpn - a service qube to help configure an OpenVPN connection for use by attached qubes.
  • reader - creates a template with software aimed at terminal users, like conversion to plain text, edbrowse, and orca.
  • mirage-firewall - installs the latest release of the unikernel mirage firewall, warts and all.
  • split-git
  • split-gpg

Source?

The source is on GitHub.
For the most part these packages install and run salt states. The states are deliberately simple to read so almost any one will be able to understand what they do.

Why should I trust this?

Dont. At least, not without some careful thought.
All the packages are signed with my Qubes signing key.
All the code is available, and any one can review it.

If you want to check what a particular package really does.

  1. Download the package without installing it.
  2. rpm2cpio PACKAGE_NAME |cpio -id will extract the directories and files from the package, so you can inspect them.
  3. rpm -qi --scripts PACKAGE_NAME will show you exactly what scripts will be run on installation.

Suggestions, changes, or improvements?

Post in this thread with suggestions for new packages or changes to the existing ones.
Most of these packages have been created to other user specifications.

Bugs?

Please dont post them here.
Open a new thread with details of the problem. It’s easier to see the problem, and other users will be able to find the problem, and (I hope), the answer, more easily.

If the formatting here is off, can someone fix it for me?

unman

8 Likes