Hmm... I thought you `enterprise` folk had more advanced tech behind the curtain than the rest of us mortals. Guess not, huh?
Qubes just has a steep learning curve, even if you come from a strong Linux background. It's annoying because at times it looks and feels like plain ol' Linux, but then it reminds you that it's not, and suddenly it makes even the toughest Linux sysop feel like a helpless little babby. I didn't follow the whole thread but it seems you're trying to set up a secure WireGuard qube. I haven't used WG but I did toil for a good while before I got my OpenVPN qubes working properly. IMO learn Qubes on a separate system before trying to daily drive it for work. On Mon, Jul 29, 2024 at 9:58 PM colony.three via qubes-users < qubes-users@googlegroups.com> wrote: > > > > > > On Monday, July 29th, 2024 at 08:28, colony.three via qubes-users < > qubes-users@googlegroups.com> wrote: > > > > > > > > My recommendation is: > > > > > 1. Create a trusted VM to run WireGuard or a key-protected onion > > > service. > > > 2. Allow that VM (and only that VM) to connect to sshd in dom0 via > > > qubes.ConnectTCP. > > > 3. Forward anything you need over the SSH tunnel. > > > -- > > > Sincerely, > > > Demi Marie Obenour (she/her/hers) > > > Invisible Things Lab > > > > > > Well, here's a question: I'd cloned the firewall qube for my wireguard > server, but that's clearly not what you said. > > > > Apparently there's some distinction between a VM, a template, and a > qube, which I haven't found in the docs. Maybe making a VM would allow me > to make wireguard settings persistent? How is a VM beneficial over making a > qube? A template? Are there drawbacks to a VM? > > > > I still don't get how you set up a daemon by basing a qube on a > template. Settings can't be persistent in a qube, but a template is in > effect a whole OS. On one machine I don't want to install all my server > software in template debian, just to spin off qubes from it. Do I have to > clone template debian for each individual service? > > > So it is clear now, from asking in IRC, the forum, and mailing list, that > no one knows what I am talking about. > > Qubes users just lack the technical scope to understand, much less respond > to, my questions. Unless... this is all reserved for a very small > Priesthood, in which case I am ever more not interested. > > I have actual work that must be done which is not getting done, and > recordings and backups to be made which are not getting made, and there is > a limit to one's willingness to try something that appears shiny and new, > but is just a bucket of wet, tepid bollocks. > > Qubes does not apply to enterprise infosec. Nobody knows. Enough now. > > I am confident that you will not miss me, but Bye. > > UNSUBSCRIBE > > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/7Zq-tjsnTmYfXYMy4-SdjhUThmEz_g-pWQRzAhWzRl358XYc1x9s_b1-u2oX_rW5vFsH3UJvgITp8frWQmcjLfvwHQDzTP4Wfd1TRzXoHiM%3D%40pm.me > . > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAALhvVbS%3DAD4EUgxDvS6f0LXff6y2f85G%3DKdJRQyHP209taTxA%40mail.gmail.com.
