I currently have sys-net, sys-firewall, two sys-vpn’s and sys-whonix. Does anyone have suggestions as to which other sys-*'s are possible? The only other one I know of, and am currently looking into, is sys-i2p. I’m looking forward to your suggestions!
Those ‘sys-’ prefixed VMs are just reflecting that those are part of the default system.
However those are just names, and they are lost it’s meaning as soon as you:
- customize your templates,
- having more that one ‘sys-net’
(like I used to create separate ‘Ethernet’ and ‘WiFi’ VMs instead of a combined default sys-net) - using multiple ‘sys-firewall’ type of VMs
(like I use private-vpn, customer-vpn, company-vpn, etc)
1 Like
I wouldn’t say the meaning of sys-* will be lost when you customize it or make more sys-net qubes. Those VMs are still technical and not meant for everyday tasks, which is what “sys” means AFAIK. (It would be useful to be able to hide them in the App menu and sort them at the bottom in the Qube Manager by the way).
Well, I’m used to sniff traffic from my netwms, I do manage my VPN connections in my sys-firewall ‘type’ VMs, I do format/reset/check my pendrives inside USB VM…
So ‘not meant for everyday tasks’ is not really stands.
But I agree, that we should be able to hide them from Qubes Manager
Moreover we may need separate visibility settings for the ‘new’ docked ‘Qube list’ applet.
Currently only the internal flag(?) can be hided and only the default-mgmt-dvm flagged as such.
In addition to
sys-net
sys-usb
sys-firewall
sys-vpn
sys-tor
I also have
sys-pi-hole
sys-davmail
As Zrubi said “sys-” is just a prefix, but I think we all get it: it’s a
service VM that provides some kind of service to other qubes.
davmail is a java based proxy service that can talk to an Outlook web
instance (Office 365 or your companies instance) and offers standard
SMTP, POP, IMAP, LDAP, CALDAV etc. I like to isolate it in an dedicated
sys- qube.
pi-hole is basically a local DNS resolver with a very fancy dashboard
and extensive black/whitelisting. It’s nice to see where your qubes want
to connect to and to be able to extensive block telemetry stuff of e.g.
a windows qube. It also makes loading some website faster.
I block around 46% of all DNS queries without any impact on
functionality. It’s quite enlightening to see how extensive this
tracking and telemetry stuff is.
But this is getting slightly off-topic for this forum. Feel free to
message me or start a new thread in “All about Qubes” if you’d like.
2 Likes
Additionally to what was already mentioned, I have a sys-backup-AppVM to which storage media for qvm-backup are attached to.
Before backing up, I start the sys-backup AppVM, which automatically mounts the backup storage for Dom0 to write to. After the backup, the VM is shut down again.
1 Like
@fsflover Since you have mentioned it: Did you already try sys-audio and are able to say anything about how well it already works?
I was already planning to give sys-gui a shot in my about-to-be-bought living room system. But apart from sys-gui a living room PC would probably be the ideal test bench for sys-audio.
I did not try it, but it seems that it should already work: AudioVM outside of dom0 · Issue #1590 · QubesOS/qubes-issues · GitHub.
1 Like
is sys-tor mean sys-whonix ? And what’s your ideal ram and cpu for those sys?
is sys-tor mean sys-whonix?
No.
And what’s your ideal ram and cpu for those sys?
I don’t mess with the vcpu (default = 2), but maybe I should?
maxmem = 0
memory = 307
except the sys-usb one: memory = 614 (webcam stream)
Hey Sven!
I am very interested in how you set up your sys-pi-hope, I’ve been looking for something like that for a pretty long time.
I would appreciate any help you could offer!
1 Like