Once upon a time I too had similar issues (start on boot service qubes hanging/underperforming) if I logged into the GUI desktop “too quickly” which, would require me to powercycle down to the offending qube (usually sys-net
but, sometimes sys-firewall
or also sys-usb
on occasion).
I too launch all of my service qubes with no more than 512MB RAM, in most cases this ought be sufficient.
I think the best place to start would be to migrate to a minimal template for your sys-net
. IMO, the base templates are unnecessarily bloated in general and, especially so for sys-net
.
In my current implementation sys-usb
and sys-net
are isolated so, if this is not the case; please stop here. Should you have separate sys-usb
and sys-net
qubes, this is the process which has worked for me in the past …
Recreating sys-net
can easily and safely be achieved thanks to the default SaltStack formula by doing the following:
- While you have a functioning
sys-net
, update your minimal templates and, may as well
sudo qubes-dom0-update
in dom0 shell also.
-
Use Qubes Manger to select sys-net
, click on the “Settings” button & rename (or do this in dom0 via cli if you prefer) sys-net
to sys-net-old
. Additionally, disable “Start qube automatically on boot”.
-
From the “System” menu drop-down, click/select Qubes Global Settings & change your default template under “qubes defaults” to the minimal template of your choosing (don’t forget to click “OK” button)
-
Open a dom0 shell and enter the following:
sudo qubesctl state.sls qvm.sys-net
(this ought rebuild your sys-net
with the newly selected template)
-
Test out your newly created sys-net
by assigning it as a NetVM for sys-firewall
, starting sys-firewall
, opening a terminal in sys-firewall
& generating some traffic (ie: $ping qubes-os.org
). If all goes well, you can change the NetVM setting for the remaining qubes which are currently configured to use sys-net-old
to use sys-net
.
-
Before you forget, go back into Qubes Global Settings & change your default template under “qubes defaults” back to the template of your choosing
-
Restart to confirm you’re happy with your new minimal sys-net
If anything goes wrong, simply disable “Start qube automatically on boot” for your newly created sys-net
and enable for sys-net-old
while also switching the NetVM for guest qubes as necessary.
There’s no need to immediately remove/delete sys-net-old
aside from HDD space which, ought not be too much as, it can serve as a fallback in case any of the above doesn’t work.