> My recommendation is: > > 1. Create a trusted VM to run WireGuard or a key-protected onion > service. > 2. Allow that VM (and only that VM) to connect to sshd in dom0 via > qubes.ConnectTCP. > 3. Forward anything you need over the SSH tunnel. > -- > Sincerely, > Demi Marie Obenour (she/her/hers) > Invisible Things Lab
Well, here's a question: I'd cloned the firewall qube for my wireguard server, but that's clearly not what you said. Apparently there's some distinction between a VM, a template, and a qube, which I haven't found in the docs. Maybe making a VM would allow me to make wireguard settings persistent? How is a VM beneficial over making a qube? A template? Are there drawbacks to a VM? I still don't get how you set up a daemon by basing a qube on a template. Settings can't be persistent in a qube, but a template is in effect a whole OS. On one machine I don't want to install all my server software in template debian, just to spin off qubes from it. Do I have to clone template debian for each individual service? I've tried to understand this but it doesn't address my questions: https://dev.qubes-os.org/projects/core-admin/en/latest/qubes-vm/index.html -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/kh0sYyvmtMZ1fJlTL_G4oe-jcogznyCfi6-xg9ocqhbmzcobxhBH4-pFqEZMi4cp8mxeiECKQLTA4-dDsE0j6NaymQbSSIBNSyyLVQyhvzo%3D%40pm.me.
