Upgrade strategy/configuration with sys-cacher

I’m using sys-cacher (via qusal) and have found it to be terrific and life-changing

I have a significant number of templates (more than a dozen) so the impact is mega

However, I’m not quite sure how to handle (or, how to properly configure) the whonix templates to use cacher. I understand how and why they aren’t using sys-cacher “out of the box” and that makes sense

I’ve thought about what I want to do, in the context of what is acceptable for my privacy requirements

  1. Using sys-cacher for anon/whonix VMs is acceptable to me. The upstream for sys-cacher is a VPN which I don’t mind inferring that I’m using whonix
  2. Using a special (second) sys-cacher (e.g. sys-cacher-anon) with a sys-whonix upstream would also be fine, though I think it may be a bunch more work, and I don’t know that I personally benefit much from anonymizing my whonix updates

So I’m flexible. But I want cached updates for whonix templates, and I do not want to use whonix/tor for the main sys-cacher used by non-whonix VMs (because tor is slow, and I don’t need the anonymity)

What is the ideal way to configure Qubes to do what I want?

Do I simply enable updates-proxy-set service in the whonix template VMs, and ensure they are permitted via qubes rpc?

I have seen this thread which discusses cacher and whonix a bit, and at least one other, but I had a hard time following the discussion

Point me to a thread that contains roughly what I might need to better understand how/what to do and I will take another pass at it, even if it’s one I’ve already read. I don’t necessarily need a guide. Though a brief one would be appreciated

Some infos are in the file /etc/apt/apt.conf.d/90whonix.
Also deactivate https+tor in all source files.

You also need to examine the policy files in /etc/qubes/policy.d
The default is 50-config-updates.policy

You can comment out the existing whonix lines, and test to see if that
gives you what you want. If you need more help just describe what the
issue is.

As you have sys-cacher connected to a VPN, updates from there will not
run via Tor.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.