From 27f7106374293165781c141e605bf33685fe01ce Mon Sep 17 00:00:00 2001 From: Tommy Date: Mon, 3 Feb 2025 06:06:26 -0700 Subject: [PATCH] Refactor Qubes OS category --- .../index.md} | 2 +- .../mirageos.png | Bin .../index.md} | 4 +--- .../posts/qubes/Using IVPN on Qubes OS}/ivpn.png | Bin .../index.md} | 2 +- .../qubes/Using Lokinet on Qubes OS}/lokinet.png | Bin .../index.md} | 4 +--- .../Using Mullvad VPN on Qubes OS}/mullvad-vpn.png | Bin .../index.md} | 4 ++-- .../keygrip.png | Bin .../split-gpg-ssh.png | Bin 11 files changed, 6 insertions(+), 10 deletions(-) rename content/posts/qubes/{Firewalling with MirageOS on Qubes OS.md => Firewalling with MirageOS on Qubes OS/index.md} (98%) rename {static/images => content/posts/qubes/Firewalling with MirageOS on Qubes OS}/mirageos.png (100%) rename content/posts/qubes/{Using IVPN on Qubes OS.md => Using IVPN on Qubes OS/index.md} (98%) rename {static/images => content/posts/qubes/Using IVPN on Qubes OS}/ivpn.png (100%) rename content/posts/qubes/{Using Lokinet on Qubes OS.md => Using Lokinet on Qubes OS/index.md} (99%) rename {static/images => content/posts/qubes/Using Lokinet on Qubes OS}/lokinet.png (100%) rename content/posts/qubes/{Using Mullvad VPN on Qubes OS.md => Using Mullvad VPN on Qubes OS/index.md} (98%) rename {static/images => content/posts/qubes/Using Mullvad VPN on Qubes OS}/mullvad-vpn.png (100%) rename content/posts/qubes/{Using Split GPG and Split SSH on Qubes OS.md => Using Split GPG and Split SSH on Qubes OS/index.md} (97%) rename {static/images => content/posts/qubes/Using Split GPG and Split SSH on Qubes OS}/keygrip.png (100%) rename {static/images => content/posts/qubes/Using Split GPG and Split SSH on Qubes OS}/split-gpg-ssh.png (100%) diff --git a/content/posts/qubes/Firewalling with MirageOS on Qubes OS.md b/content/posts/qubes/Firewalling with MirageOS on Qubes OS/index.md similarity index 98% rename from content/posts/qubes/Firewalling with MirageOS on Qubes OS.md rename to content/posts/qubes/Firewalling with MirageOS on Qubes OS/index.md index fa0646a..3f226f5 100644 --- a/content/posts/qubes/Firewalling with MirageOS on Qubes OS.md +++ b/content/posts/qubes/Firewalling with MirageOS on Qubes OS/index.md @@ -5,7 +5,7 @@ tags: ['Operating Systems', 'MirageOS', 'Qubes OS', 'Security'] author: Tommy --- -![MirageOS](/images/mirageos.png) +![MirageOS](mirageos.png) [MirageOS](https://mirage.io/) is a library operating system with which you can create a unikernel for the sole purpose of acting as Qubes OS's firewall. In this post, I will walk you through how to set this up. diff --git a/static/images/mirageos.png b/content/posts/qubes/Firewalling with MirageOS on Qubes OS/mirageos.png similarity index 100% rename from static/images/mirageos.png rename to content/posts/qubes/Firewalling with MirageOS on Qubes OS/mirageos.png diff --git a/content/posts/qubes/Using IVPN on Qubes OS.md b/content/posts/qubes/Using IVPN on Qubes OS/index.md similarity index 98% rename from content/posts/qubes/Using IVPN on Qubes OS.md rename to content/posts/qubes/Using IVPN on Qubes OS/index.md index ae344a4..f4ab2b6 100644 --- a/content/posts/qubes/Using IVPN on Qubes OS.md +++ b/content/posts/qubes/Using IVPN on Qubes OS/index.md @@ -5,7 +5,7 @@ tags: ['Applications', 'Qubes OS', 'Privacy'] author: Tommy --- -![IVPN](/images/ivpn.png) +![IVPN](ivpn.png) IVPN is a fairly popular and generally trustworthy VPN provider. In this post, I will walk you through how to use the official IVPN client in a ProxyVM on Qubes OS. We will deviate from the [official guide](https://www.ivpn.net/knowledgebase/linux/ivpn-on-qubes-os/) by using systemd path to handle DNAT. This will provide the same robustness as their approach to modify `/opt/ivpn/etc/firewall.sh`, while avoiding the risk that the modifications will be overwritten by a future app update. We will also be using a TemplateVM for IVPN ProxyVMs instead of using Standalone VMs. @@ -123,5 +123,3 @@ This is not strictly necessary, as I have not observed any leaks with the VPN ki With this current setup, the ProxyVM you have just created will be responsible for handling Firewall rules for the qubes behind it. This is not ideal, as this is still a fairly large VM, and there is a risk that IVPN or some other apps may interfere with its firewall handling. Instead, I highly recommend that you [create a minimal Mirage FirewallVM](/posts/qubes/firewalling-with-mirageos-on-qubes-os/) and use it as a firewall **behind** the IVPN ProxyVM. Other AppVMs then should use the Mirage Firewall as the net qube instead. This way, you can make sure that firewall rules are properly enforced. - -![MirageOS](/images/mirageos.png) diff --git a/static/images/ivpn.png b/content/posts/qubes/Using IVPN on Qubes OS/ivpn.png similarity index 100% rename from static/images/ivpn.png rename to content/posts/qubes/Using IVPN on Qubes OS/ivpn.png diff --git a/content/posts/qubes/Using Lokinet on Qubes OS.md b/content/posts/qubes/Using Lokinet on Qubes OS/index.md similarity index 99% rename from content/posts/qubes/Using Lokinet on Qubes OS.md rename to content/posts/qubes/Using Lokinet on Qubes OS/index.md index c3ea569..5e8fa8c 100644 --- a/content/posts/qubes/Using Lokinet on Qubes OS.md +++ b/content/posts/qubes/Using Lokinet on Qubes OS/index.md @@ -5,7 +5,7 @@ tags: ['Applications', 'Qubes OS', 'Anonymity', 'Privacy'] author: Tommy --- -![Lokinet](/images/lokinet.png) +![Lokinet](lokinet.png) [Lokinet](https://lokinet.org) is an Internet overlay network utilizing onion routing to provide anonymity for its users, similar to Tor network. This post will go over how to set it up on Qubes OS. diff --git a/static/images/lokinet.png b/content/posts/qubes/Using Lokinet on Qubes OS/lokinet.png similarity index 100% rename from static/images/lokinet.png rename to content/posts/qubes/Using Lokinet on Qubes OS/lokinet.png diff --git a/content/posts/qubes/Using Mullvad VPN on Qubes OS.md b/content/posts/qubes/Using Mullvad VPN on Qubes OS/index.md similarity index 98% rename from content/posts/qubes/Using Mullvad VPN on Qubes OS.md rename to content/posts/qubes/Using Mullvad VPN on Qubes OS/index.md index 74933d0..3178854 100644 --- a/content/posts/qubes/Using Mullvad VPN on Qubes OS.md +++ b/content/posts/qubes/Using Mullvad VPN on Qubes OS/index.md @@ -5,7 +5,7 @@ tags: ['Applications', 'Qubes OS', 'Privacy'] author: Tommy --- -![Mullvad VPN](/images/mullvad-vpn.png) +![Mullvad VPN](mullvad-vpn.png) Mullvad is a fairly popular and generally trustworthy VPN provider. In this post, I will walk you through how to use the official Mullvad client in a ProxyVM on Qubes OS. This method is a lot more convenient than the [official guide](https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/) from Mullvad (which recommends that you manually load in OpenVPN or Wireguard profiles) and will let you seamlessly switch between different location and network setups just as you would on a normal Linux installation. @@ -104,5 +104,3 @@ This is not strictly necessary, as I have not observed any leaks with the VPN ki With this current setup, the ProxyVM you have just created will be responsible for handling Firewall rules for the qubes behind it. This is not ideal, as this is still a fairly large VM, and there is a risk that Mullvad or some other apps may interfere with its firewall handling. Instead, I highly recommend that you [create a minimal Mirage FirewallVM](/posts/qubes/firewalling-with-mirageos-on-qubes-os/) and use it as a firewall **behind** the Mullvad ProxyVM. Other AppVMs then should use the Mirage Firewall as the net qube instead. This way, you can make sure that firewall rules are properly enforced. - -![MirageOS](/images/mirageos.png) diff --git a/static/images/mullvad-vpn.png b/content/posts/qubes/Using Mullvad VPN on Qubes OS/mullvad-vpn.png similarity index 100% rename from static/images/mullvad-vpn.png rename to content/posts/qubes/Using Mullvad VPN on Qubes OS/mullvad-vpn.png diff --git a/content/posts/qubes/Using Split GPG and Split SSH on Qubes OS.md b/content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/index.md similarity index 97% rename from content/posts/qubes/Using Split GPG and Split SSH on Qubes OS.md rename to content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/index.md index 0150dab..f286114 100644 --- a/content/posts/qubes/Using Split GPG and Split SSH on Qubes OS.md +++ b/content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/index.md @@ -5,7 +5,7 @@ tags: ['Operating Systems', 'Qubes OS', 'Security'] author: Tommy --- -![Split GPG & SSH](/images/split-gpg-ssh.png) +![Split GPG & SSH](split-gpg-ssh.png) This post will go over setting up Split GPG, then setting up Split SSH with the same PGP keys. Effectively, we are emulating what you can do with a PGP smartcard on Qubes OS. @@ -28,7 +28,7 @@ This part is based on the Qubes Community's [guide](https://forum.qubes-os.org/t - Get your keygrip with `gpg --with-keygrip -k` - Add your keygrip to the end of `~/.gnupg/sshcontrol` -![PGP Keygrip](/images/keygrip.png) +![PGP Keygrip](keygrip.png) ### In `vault`'s TemplateVM diff --git a/static/images/keygrip.png b/content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/keygrip.png similarity index 100% rename from static/images/keygrip.png rename to content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/keygrip.png diff --git a/static/images/split-gpg-ssh.png b/content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/split-gpg-ssh.png similarity index 100% rename from static/images/split-gpg-ssh.png rename to content/posts/qubes/Using Split GPG and Split SSH on Qubes OS/split-gpg-ssh.png