Tool: Simple Set-up of New Qubes and Software

Can you share the bash script? I am also looking for some automation

Thanks @weyoun.six
I’m glad you find cacher useful. KDE is,of course, excellent in Qubes.

Rather than go through each individually, I could ship a batch file to
disable the service.
I do this myself,but the topic is still being hashed over here in the
Forum, how best to deal with updates in qubes with the cacher installed.

1 Like

I’ve added some new packages to provide:
a central sys-git to hold repositories - policy file controls access by
qube and repository;
a template with software useful for text to speech use;
split-gpg;
a split monero wallet;
syncthing - this includes a syncthing qube with net access, and a qrexec
service to run syncthing from other qubes,including those with no netvm.

More details are available in the Qubes Task Manager.
Sources is available on github

It would be more useful if this topic were kept for installation
problems of the Task Manager, and suggestions for packages to be
included, or contributions.
Issues with individual packages are best dealt with in a topic under a
clear title in User Support.

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.
3 Likes

That’s fantastic!
I’ve been (unsuccessfully) trying to create a sys-git for quite a while. Have you gotten around to publishing the process in your notes?

Generally you create a simple systemd service like this, to start the
agent,and load the key

[Unit]
Description=SSH agent

[Service]
Type=oneshot
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK
ExecStart=/usr/bin/ssh-add [key]

[Install]
WantedBy=default.target

You’ll need to adapt this to the socket value you use for the agent - you
can see this in (e.g) work.agent.sh - and I haven’t tested it in any
way.
It wont do where you have passwords on the keys.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

1 Like

No. It’s a little niche for the notes, and it’s basically documented here
All the work is done by qubes.Git and git-qrexec, which I’ve
generalised, and slightly adapted to allow for granular policy control.
My contribution is minimal.

1 Like

I had to change this slightly to (note the ExecStart => ExecStartPost):

[Unit]
Description=SSH agent

[Service]
Type=oneshot
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK
ExecStartPost=/usr/bin/ssh-add [key]

[Install]
WantedBy=default.target

Works like a charm. Thanks!

2 Likes

For anyone who was as confused as me, certain of these setups assume that you have already set up the cacher. Once I did that they worked fine, but before that they failed. So try that if you’re having problems with them!

Can you tell me for which you found this?
All of the template repo salting is conditional on there being a
“cacher” qube - otherwise the repo definitions should be left as they are.

If you found this not to be the case, then it’s a bug that needs to be
fixed. (Although I advocate for using a caching proxy, I don’t intend
to enforce it.)

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.

i forget which repo, but yes it happen to me too.

Thanks - it looks as if it is the Pihole and Share packages that are
affected - this is wrong.
I’ll fix it.

1 Like