Re: [qubes-users] Setting up automated appvm backups using cron?
Hi, On 11/25/18 11:31 PM, Stumpy wrote: I was wanting to back up some of my more important appvms, like vault, on a regular basis. I am lazy so was thinking that cron might be an option? Its been awhile since I used cron but I assume I could make a job with a line like: qvm-backup -d vault -p /tmp/vault-key ? qvm-backup --yes --passphrase-file /some/file /backup/dir vmname then create an executable script with this one-liner and put it in one of the /etc/cron.* dir (eg weekly, daily). Or, create a specific cron entry in /etc/cron.d/ I am not sure about the last part as I would like to put it on an external drive so in 3.2 I could have pointed it to the ext drive on dom0 but now I am not quite sure where to point it? Ideas? I backup VMs in dom0 (qvm-backup ... like above) and then copy the backup file to a mounted dir in an AppVM (could be an external HD, a NFS/smb share, ...). eg.: cat backupfile | qvm-run --pass-io work "cat > /store/dir/qubes/backupfile" You can backup multiple VMs at once with `qvm-backup` so you can't specify a target file. A workaround is to create a dedicated target directory for each qvm-backup "run" and `ls` the file(s) created there (I prefer to run `qvm-backup` for each vm rather than listing all the vms at once - it helps with error detection and simplifies scripting). Here's how you could backup some VMs to /bkpvm in dom0 and then copy the files to a mount in the 'work' AppVM: for vm in vault banking; do bkpdir=/bkpvm/$vm-$(date "+%FT%H%M%S") mkdir $bkpdir qvm-shutdown --wait --timeout 60 $vm qvm-backup --yes --passphrase-file /some/file $bkpdir $vm bkpfile=$(ls $bkpdir) cat $bkpfile | qvm-run --pass-io work "cat > /mnt/qubes/backupfile" done Note- no guarantee that the above works as-is (I've copied/adapted the main commands from my backup script). FWIW backuping large VMs is a waste of resource when there are only a few files changed. For such VMs I mount an encrypted volume in a dedicated backup AppVM and rsync the content of the VM there. That's much, much, much (did I say much ?!) faster and efficient than the qvm-backup resource hog. BTW writing a backup strategy doc is on my todo list for more than one year. Can't get around to writing it :( -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a0ccff1f-9d51-3c8a-f631-4480d3c5b221%40maa.bz. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VM doesn't display graphics, even when booted from an ISO file
Hi, I have a StandaloneVM which won't display graphics no matter what I try. I even tried booting from a grml ISO file, which doesn't make anything show up in the GUI. I tried this with debug mode on and off. Also, in dom0, any invocation of qvm-run when targetting this VM just hangs. Any idea where I can start debugging? I'm kind of at a loss since I can't even boot a recovery environment. I'm on Qubes R4.0. I grepped for the VM name in /var/log/qubes, but didn't see anything out of the ordinary. Thanks, AJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181126023548.l7zjd2veyu2a4iak%40failover.strugee.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN qubes preventing some websites from loading properly
On 11/25/2018 04:47 PM, Christophe Pfeifer wrote: On Sunday, November 25, 2018 7:43 PM, Chris Laprise wrote: On 11/25/2018 10:32 AM, 'Christophe Pfeifer' via qubes-users wrote: Hi, I followed the tutorial "Set up a ProxyVM as a VPN gateway using iptables and CLI scripts" [1], then I subscribed to NordVPN and configured OpenVPN over UDP (since my ISP blocks OpenVPN over TCP). - My final architecture is the following: AppVM > VPN (ProxyVM) > Firewall VM > Network VM - Firewall VM rules: Deny all but: Address | Service | Protocol * | OpenVPN | UDP * | OpenVPN | TCP * | HTTPS | TCP Problem: this is working for mostly all websites I use, except some ones, like Protonmail, Facebook, etc. These latter sites are either showing first some contents just after logging in, or the logging in is impossible, and then loading endlessly. It seems like a "Keep-alive connection issue". --- Investigation: 1. I allowed full access on the firewall for 5 minutes 2. I launched Wireshark on the VPN VM 3. I tried to log in to Protonmail Results: (excerpt) - 10.137.0.14 -> 82.221.139.122 OpenVPN 110 MessageType: P_DATA_V2 - 192.168.43.1 -> 10.137.0.14 ICMP 592 Destination unreachable (Fragmentation needed) - 185.70.40.151 -> 10.8.8.20 TCP 68 [TCP Dup ACK 711#1] 443 → 42938 [ACK] Seq=69096 Ack=1868 Win=66 Len=0 SLE=3193 SRE=3194 - 10.137.0.9 -> 185.70.40.151 TCP 1381 [TCP Retransmission] 42938 → 443 [ACK] Seq=1868 Ack=69096 Win=3261 Len=1325 [...] - 10.137.0.9 -> 185.70.40.151 TCP 56 [TCP Keep-Alive] 42954 → 443 [ACK] Seq=977 Ack=1262 Win=32640 Len=0 Do you know any solution to prevent this from happening? Maybe a configuration trick of OpenVPN or of the VPN VM ? Did you download the openvpn config from NordVPN or write it yourself? Its preferable to download it. I see that NordVPN's config includes 'ping' and 'ping-restart' which is similar to using the 'keepalive' option. The issue with only certain sites not working could indicate that a third-party service like a CDN has blocked the IP addresses that your VPN provider is using. I've also seen some services block VPN IPs on certain servers but not others. I see this occasionally when connecting through Private Internet Access. The solution rests with the VPN operators to block abusive network patterns and switch to IPs that haven't been blacklisted... its basically a VPN reputation thing. BTW, you might find Qubes-vpn-support project better to use overall for VPNs. You can control it as a system service and it uses connection parameters that keep openvpn operating more smoothly (although for this particular problem I don't think it would have an effect)... https://github.com/tasket/Qubes-vpn-support -- Chris Laprise,tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 I am using NordVPN's config files and now (thanks to your advice) Qubes-vpn-support. I have compared this with NordVPN's autoconfig script [1] and with another ISP. Here are some results (for the very same remote VPN server): -With another ISP OpenVPN over UDP -
[qubes-users] Re: B450 Pro4 + Ryzen 5 2400G installation issue
p.s. update kernel-latest was to much for my sensible system. i couldn`t start the system. i installed qubes from the scratch without latest kernel with all updates - even whonix 14 - and its fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cac3af19-542a-43f3-af05-68f10bb4d668%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Optional: Enable AppArmor
I did everything to activate AppArmor, with the Anon-Whonix Vm I have the output 0 but with Sys-Whonix I have output 3. Is this normal or is 3 wrong and must it be 0? https://ibb.co/XD4rXm5 https://ibb.co/jw1ks5Q https://ibb.co/bB0fcj4 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ab0767c8-e6de-4808-b27f-5b9323d7ad8c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
On 2018-11-25 13:35, 799 wrote: > Hello, > > Am So., 25. Nov. 2018, 12:21 hat pr0xy geschrieben: > >> [...] I wanted to test it out for internal Qubes sharing among >> AppVMs. I think >> an external VPS NextCloud install might be a next step for sharing >> between networks. That seems like it would be a bit easier to setup, >> but it would be a somewhat different use case. [...] > > I was thinking that you might to try something like this ;-) > I was also interesting in sharing be specific files between AppVMs > without the need to use qvm-copy. > I am currently using a combination of sshfs and encfs or cryfs. This > allows me to mount specific folders from one AppVM. This data is > encrypted in the "Storage-"AppVM and can only be decrypted in the > AppVM which mounts the data. > Specific firewall rules between the AppVMs can grant or permit access. > Control over mounting/unmounting including doing the whole setup can > be done from one script which is located in dom0 and runs the specific > commands. > > I'm currently writing a How-to to upload it to the Qubes Docs. > > - O That Storage AppVM idea sounds quite interesting. I'll be interested to take a look at those docs when it's ready. Looking through past messages here it seems that others have got OwnCloud and NextCloud working. I wonder if they were able to do this with bind-dirs, or whether they had to use a StandaloneVM. There are some other aspects of NextCloud aside from the file sharing like Calendar, Contacts, Notes and others that might also me nice to have internally. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2302f345c251ef1681b4aa6543f61e0a%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Whonix GW & WS upgrade failed (Help)
see lower window on the screenshot, the upper window is what is written in the bottom to check -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f4351f04-224d-46f6-b9d3-fb15030daf08%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Whonix GW & WS upgrade failed (Help)
I wanted to upgrade Whonix-GW and Whonix-WS but it comes, see screnshoot, what should I do to upgrade properly? https://ibb.co/x2SQ95r https://ibb.co/ZXbTwrC -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3cf594ab-bdce-4626-9c28-fa3d993fd7b3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN qubes preventing some websites from loading properly
On Sunday, November 25, 2018 7:43 PM, Chris Laprise wrote: > On 11/25/2018 10:32 AM, 'Christophe Pfeifer' via qubes-users wrote: > > > Hi, > > I followed the tutorial "Set up a ProxyVM as a VPN gateway using > > iptables and CLI scripts" [1], then I subscribed to NordVPN and > > configured OpenVPN over UDP (since my ISP blocks OpenVPN over TCP). > > > > - > > > > My final architecture is the following: > > AppVM > VPN (ProxyVM) > Firewall VM > Network VM > > > > - > > > > Firewall VM rules: Deny all but: > > Address | Service | Protocol > > * | OpenVPN | UDP > > * | OpenVPN | TCP > > * | HTTPS | TCP > > > > > > > > Problem: this is working for mostly all websites I use, except some > > ones, like Protonmail, Facebook, etc. These latter sites are either > > showing first some contents just after logging in, or the logging in is > > impossible, and then loading endlessly. > > It seems like a "Keep-alive connection issue". > > > > --- > > > > Investigation: > > > > 1. I allowed full access on the firewall for 5 minutes > > 2. I launched Wireshark on the VPN VM > > 3. I tried to log in to Protonmail > > Results: (excerpt) > > > > > > - 10.137.0.14 -> 82.221.139.122 OpenVPN 110 MessageType: P_DATA_V2 > > - 192.168.43.1 -> 10.137.0.14 ICMP 592 Destination unreachable > > (Fragmentation needed) > > > > - 185.70.40.151 -> 10.8.8.20 TCP 68 [TCP Dup ACK 711#1] 443 → 42938 > > [ACK] Seq=69096 Ack=1868 Win=66 Len=0 SLE=3193 SRE=3194 > > > > - 10.137.0.9 -> 185.70.40.151 TCP 1381 [TCP Retransmission] 42938 → 443 > > [ACK] Seq=1868 Ack=69096 Win=3261 Len=1325 > > [...] > > > > - 10.137.0.9 -> 185.70.40.151 TCP 56 [TCP Keep-Alive] 42954 → 443 [ACK] > > Seq=977 Ack=1262 Win=32640 Len=0 > > > > > > Do you know any solution to prevent this from happening? Maybe a > > configuration trick of OpenVPN or of the VPN VM ? > > Did you download the openvpn config from NordVPN or write it yourself? > Its preferable to download it. I see that NordVPN's config includes > 'ping' and 'ping-restart' which is similar to using the 'keepalive' option. > > The issue with only certain sites not working could indicate that a > third-party service like a CDN has blocked the IP addresses that your > VPN provider is using. I've also seen some services block VPN IPs on > certain servers but not others. I see this occasionally when connecting > through Private Internet Access. The solution rests with the VPN > operators to block abusive network patterns and switch to IPs that > haven't been blacklisted... its basically a VPN reputation thing. > > BTW, you might find Qubes-vpn-support project better to use overall for > VPNs. You can control it as a system service and it uses connection > parameters that keep openvpn operating more smoothly (although for this > particular problem I don't think it would have an effect)... > > https://github.com/tasket/Qubes-vpn-support > > -- > > Chris Laprise,tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 I am using NordVPN's config files and now (thanks to your advice) Qubes-vpn-support.
[qubes-users] Setting up automated appvm backups using cron?
I was wanting to back up some of my more important appvms, like vault, on a regular basis. I am lazy so was thinking that cron might be an option? Its been awhile since I used cron but I assume I could make a job with a line like: qvm-backup -d vault -p /tmp/vault-key ? I am not sure about the last part as I would like to put it on an external drive so in 3.2 I could have pointed it to the ext drive on dom0 but now I am not quite sure where to point it? Ideas? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ea19302d-f5e9-416a-2211-1cf4be5f902a%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - MSI PE70 6QE
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0a38a2d8-4bf5-1d04-e360-1f6589fd6b03%40mail.wlu.edu. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-Micro_Star_International_Co___Ltd_-PE70_6QE-20181125-141941.yml Description: Qubes-HCL-Micro_Star_International_Co___Ltd_-PE70_6QE-20181125-141941.yml
Re: [qubes-users] VPN qubes preventing some websites from loading properly
On 11/25/2018 10:32 AM, 'Christophe Pfeifer' via qubes-users wrote: Hi, I followed the tutorial "Set up a ProxyVM as a VPN gateway using iptables and CLI scripts" [1], then I subscribed to NordVPN and configured OpenVPN over UDP (since my ISP blocks OpenVPN over TCP). --- My final architecture is the following: AppVM > VPN (ProxyVM) > Firewall VM > Network VM --- Firewall VM rules: Deny all but: Address | Service | Protocol * | OpenVPN | UDP * | OpenVPN | TCP * | HTTPS | TCP --- Problem: this is working for mostly all websites I use, except some ones, like Protonmail, Facebook, etc. These latter sites are either showing first some contents just after logging in, or the logging in is impossible, and then loading endlessly. It seems like a "Keep-alive connection issue". --- Investigation: 1) I allowed full access on the firewall for 5 minutes 2) I launched Wireshark on the VPN VM 3) I tried to log in to Protonmail Results: (excerpt) - 10.137.0.14 -> 82.221.139.122 OpenVPN 110 MessageType: P_DATA_V2 - 192.168.43.1 -> 10.137.0.14 ICMP 592 Destination unreachable (Fragmentation needed) - 185.70.40.151 -> 10.8.8.20 TCP 68 [TCP Dup ACK 711#1] 443 → 42938 [ACK] Seq=69096 Ack=1868 Win=66 Len=0 SLE=3193 SRE=3194 - 10.137.0.9 -> 185.70.40.151 TCP 1381 [TCP Retransmission] 42938 → 443 [ACK] Seq=1868 Ack=69096 Win=3261 Len=1325 [...] - 10.137.0.9 -> 185.70.40.151 TCP 56 [TCP Keep-Alive] 42954 → 443 [ACK] Seq=977 Ack=1262 Win=32640 Len=0 --- Do you know any solution to prevent this from happening? Maybe a configuration trick of OpenVPN or of the VPN VM ? Did you download the openvpn config from NordVPN or write it yourself? Its preferable to download it. I see that NordVPN's config includes 'ping' and 'ping-restart' which is similar to using the 'keepalive' option. The issue with only certain sites not working could indicate that a third-party service like a CDN has blocked the IP addresses that your VPN provider is using. I've also seen some services block VPN IPs on certain servers but not others. I see this occasionally when connecting through Private Internet Access. The solution rests with the VPN operators to block abusive network patterns and switch to IPs that haven't been blacklisted... its basically a VPN reputation thing. BTW, you might find Qubes-vpn-support project better to use overall for VPNs. You can control it as a system service and it uses connection parameters that keep openvpn operating more smoothly (although for this particular problem I don't think it would have an effect)... https://github.com/tasket/Qubes-vpn-support -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fdba8410-3ea3-5abd-34bf-4514ebadfe14%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Compatibility Lenovo P52
Eric Duncan wrote on Sun, 25 November 2018 14:31 > Just off the bat, the biggest concern is that dGPU: you > can't turn After I ordered my P1, I just found out that > the Dell Precision 5520 (same as the famous XPS 15) had > the option to be ordered with no GPU! This means it would > be perfect for qubes as it's fairly low cost, 32 GB ram > (no ECC though) and hex core. At least in the German Lenovo online shop you can order all three base models without dGPU. Achim -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36b.5bfad5a9%40qubes-os.info. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VPN qubes preventing some websites from loading properly
Hi, I followed the tutorial "Set up a ProxyVM as a VPN gateway using iptables and CLI scripts" [1], then I subscribed to NordVPN and configured OpenVPN over UDP (since my ISP blocks OpenVPN over TCP). --- My final architecture is the following: AppVM > VPN (ProxyVM) > Firewall VM > Network VM --- Firewall VM rules: Deny all but: Address | Service | Protocol * | OpenVPN | UDP * | OpenVPN | TCP * | HTTPS | TCP --- Problem: this is working for mostly all websites I use, except some ones, like Protonmail, Facebook, etc. These latter sites are either showing first some contents just after logging in, or the logging in is impossible, and then loading endlessly. It seems like a "Keep-alive connection issue". --- Investigation: 1) I allowed full access on the firewall for 5 minutes 2) I launched Wireshark on the VPN VM 3) I tried to log in to Protonmail Results: (excerpt) - 10.137.0.14 -> 82.221.139.122 OpenVPN 110 MessageType: P_DATA_V2 - 192.168.43.1 -> 10.137.0.14 ICMP 592 Destination unreachable (Fragmentation needed) - 185.70.40.151 -> 10.8.8.20 TCP 68 [TCP Dup ACK 711#1] 443 → 42938 [ACK] Seq=69096 Ack=1868 Win=66 Len=0 SLE=3193 SRE=3194 - 10.137.0.9 -> 185.70.40.151 TCP 1381 [TCP Retransmission] 42938 → 443 [ACK] Seq=1868 Ack=69096 Win=3261 Len=1325 [...] - 10.137.0.9 -> 185.70.40.151 TCP 56 [TCP Keep-Alive] 42954 → 443 [ACK] Seq=977 Ack=1262 Win=32640 Len=0 --- Do you know any solution to prevent this from happening? Maybe a configuration trick of OpenVPN or of the VPN VM ? [1] https://www.qubes-os.org/doc/vpn/ Thanks, Christophe -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/tnICtqmC5EaPld_xdfXMzM6l5iTGP1CTzkhKtU74CV7LoII76MCDaE_PTftC5fB5warQZegcYqFJzSBljOdwGwf3mnwP1gH-E-b5CXbdRmk%3D%40pm.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Compatibility Lenovo P52
Just off the bat, the biggest concern is that dGPU: you can't turn it off in the bios (as ithet Thinkpad users have reported on /r/thinkpad). I just ordered the Thinkpad P1 myself, which is the same as the X1 Extreme just with ECC and Xeon. I specifically got it for its 32GB ECC ram for stability, quadro for some light modelling and hex core. I've been using Qubes on a dual core for years with 8 GB and it's beyond frustrating when running iur if resources (mem and CPU). Needless to say, it is going to be a challenge. The biggest being dGPU control, hopefully via Bumblebee and Nvidia drivers in dom0 (boo, but it's the only way). After I ordered my P1, I just found out that the Dell Precision 5520 (same as the famous XPS 15) had the option to be ordered with no GPU! This means it would be perfect for qubes as it's fairly low cost, 32 GB ram (no ECC though) and hex core. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/af357547-d717-4aae-96be-75ea865f4f9a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: off topic - invite codes to 'riseup'
hi qubes group, is someone so nice to send me an invitation to riseup cause i would like to sign up and test the service. thx, stefan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/34b1e7fc-7831-488c-ad30-73227add7f0b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
Hello, Am So., 25. Nov. 2018, 12:21 hat pr0xy geschrieben: > > [...] I wanted to test it out for internal Qubes sharing among AppVMs. I > think > an external VPS NextCloud install might be a next step for sharing > between networks. That seems like it would be a bit easier to setup, but > it would be a somewhat different use case. [...] > I was thinking that you might to try something like this ;-) I was also interesting in sharing be specific files between AppVMs without the need to use qvm-copy. I am currently using a combination of sshfs and encfs or cryfs. This allows me to mount specific folders from one AppVM. This data is encrypted in the "Storage-"AppVM and can only be decrypted in the AppVM which mounts the data. Specific firewall rules between the AppVMs can grant or permit access. Control over mounting/unmounting including doing the whole setup can be done from one script which is located in dom0 and runs the specific commands. I'm currently writing a How-to to upload it to the Qubes Docs. - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vBmFScMwO8kCyDWuL11o5yKa8jU4%3DPt-30bcRa3aiX2g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] QJackctl starting on Qubes 4.0
maxheadonl...@gmail.com wrote on 11/24/18 7:45 PM: Hi all. I've put enough time into this one where I'm finally willing to reach out for some help. I wanted to see if I could create an AppVm dedicated to music creation, using QJackCtl and other open source software. However, I'm having a terrible time at even getting Jack Audio off of the floor. System: Base Qubes 4.0 installation, Fedora 28 template, Thinkpad T480 w/32Gb RAM. Expected results: Pressing "Start" on the QJackCtl GUI starts the server, per the online manuals and Fedora's Musician documentation. Actual results: Receive the "Could not connect to JACK server as client. - Overall operation failed. - Unable to connect to server." error. Tried so far: Following online documentation (treating the AppVM as a standard Fedora installation), assigning the Audio PCI of the computer to that VM via the Qubes Manager. I'm totally willing to have this be something simple and embarrassing as I learn the OS. Any help that you can provide would be much appreciated! If I understand Qubes' audio right, Pulseaudio inside AppVMs gets redirected to dom0's Pulseaudio which normally controls the sound hardware. So if you want to override that, maybe try setting up an HVM with the audio device assigned and without Qubes Pulseaudio redirection. Think there's a Qubes package that does it so don't install that one in the HVM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2eff4faf-fc25-6dfd-5db1-a4b95aa6fbf5%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: B450 Pro4 + Ryzen 5 2400G installation issue
On Saturday, November 24, 2018 at 9:34:39 PM UTC+1, stefanne...@gmail.com wrote: > > afterwards, if you install kernel-latest in dom0, the APU should work as > > well. > > i installed stable release Qubes-R4.0-x86_64.iso and updated dom0 with VM > Manger. Is this sufficient? no, gotta run 'sudo qubes-dom0-update kernel-latest' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8b37d87c-791b-46a0-a122-bd4558d3348d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
On 2018-11-25 09:45, 799 wrote: > Hello pr0xy, > > Am So., 25. Nov. 2018, 01:26 hat pr0xy geschrieben: > >> [...] I was trying to install NextCloud into a Qubes R3.2 machine >> [...] > > I'm interested for which use case you want to run NextCloud in Qubes, > as depending on what your use case is, there might be other solutions > that fit better. > No argument against NextCloud, as we are using it ourselves to host > and share files ;-) > > Or are you using NextCloud within Qubes to provide services to other > AppVMs? > > - O I wanted to test it out for internal Qubes sharing among AppVMs. I think an external VPS NextCloud install might be a next step for sharing between networks. That seems like it would be a bit easier to setup, but it would be a somewhat different use case. I have a lot of AppVMs for different purposes. It's a bit of a pain to connect and disconnect various HDDs in Qubes when they need certain files. I wanted to see if this might be an option. The thinking was to see if I could use the External Storage capability of NextCloud, attach some HDDs to the NextCloud AppVM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d62c8246e783f701b3f581e99b43187%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
Hello pr0xy, Am So., 25. Nov. 2018, 01:26 hat pr0xy geschrieben: > [...] I was trying to install NextCloud into a Qubes R3.2 machine [...] > I'm interested for which use case you want to run NextCloud in Qubes, as depending on what your use case is, there might be other solutions that fit better. No argument against NextCloud, as we are using it ourselves to host and share files ;-) Or are you using NextCloud within Qubes to provide services to other AppVMs? - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2sPwPS-9_kHK4%2BGeG19iCKdtsxoKd5Xq0HC%3DQsxbkKV0w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
On 2018-11-25 07:33, Ivan Mitev wrote: > On 11/25/18 2:26 AM, pr0xy wrote: >> I was trying to install NextCloud into a Qubes R3.2 machine. Although I >> have it working it isn't persistent across reboots of the AppVM. Every >> time I restart the AppVM it asks me to setup my NextCloud again. >> >> How can I get NextCloud working in an AppVM? >> >> I put NextCloud into a Fedora template. I tried the full manual install >> and the Snap method. When I base the AppVM on that template I can >> startup NextCloud, create a MariaDB database, create an admin account >> and work with various settings, but a restart of the AppVM will lose all >> of those settings. How can I make my changes persistent so that I can >> use NextCloud normally? > > Why not use a StandaloneVM ? > > Or do you want to get a "clean/blank" nextcloud install each time you > restart an AppVM based on the template where you installed nextcloud ? > If so, you'll have to create the db/admin account/... in the > templateVM, not in the AppVM, otherwise any changes you do to the root > filesystem will be lost at the next restart. Note that it's usually > not a good idea to install and run third party stuff in templates (or, > don't base sensitive AppVMs on such templates). > > FYI the folders/files related to nextcloud are usually: > > - The folder where you extracted nextcloud (eg. /var/www/nextcloud) > - The data dir you configured; could be a subdir of the folder above > or another path. > - Mysql db (/var/lib/mysql) and maybe /etc/my.cnf* > - relevant httpd config (/etc/httpd/...) + php stuff, eg. /etc/php.ini > if you modified it. > > You'll also have to enable the web server and mysql in the template > (systemctl enable ...); or start it in the AppVM. >Why not use a StandaloneVM ? Had not actually considered a StandaloneVM. Usually use those for Windows, Ubuntu or other OSs. However that might be an option. I wasn't necessarily looking for a clean NextCloud on every restart, but wanted to avoid any other extraneous OS changes that might slip in. I was used to the AppVM model of installing and running various untrusted packages and I have a lot of TemplateVMs where I base those installs. None of those used MySQL or a LAMP setup though. I tried setting up the Admin user and database in the TemplateVM. That works, but then of course when changes are made in the AppVM none of them persist a restart. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eaab5287af0536b88f7d640bd49d2efe%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: gtk fonts in kde
Update: I found one application which does respect the GTK font setting: PulseAudio Volume Manager. There are probably more, but other GTK applications like Firefox and Gedit ignore it. It looks as though Qubes Manager - which I particularly struggle with because the whole interface is tiny, not just the menus - actually uses QT. But it ignores the KDE font settings. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1543136700.2287.6.camel%40gmail.com. For more options, visit https://groups.google.com/d/optout.
