1
0
mirror of https://github.com/tommytran732/QubesOS-Scripts synced 2024-12-21 22:51:33 -05:00
My Scripts for template VMs
Go to file
2024-12-19 08:26:36 -07:00
.github Ignore SC3040 2024-09-11 18:29:38 -07:00
debian-gnome Typo Fixes 2024-11-12 07:57:33 -07:00
etc Fix IVPN DNS at boot 2024-11-13 22:32:19 -07:00
fedora-gnome Remove extra space 2024-11-16 05:24:06 -07:00
fedora-minimal Simplify SELinux instructions 2024-11-12 06:15:10 -07:00
whonix Rename Whonix scripts 2024-11-12 05:10:10 -07:00
.gitignore Create .gitignore 2023-01-16 00:39:37 -05:00
dom0.sh Comment out situational commands 2024-12-19 06:17:36 -07:00
LICENSE Initial commit 2022-02-03 02:57:15 -05:00
README.md Split P53 specific info 2024-12-19 05:20:09 -07:00
Thinkpad P53.md xen-pciback.hide 2024-12-19 08:26:36 -07:00

QubesOS-Scripts

ShellCheck

My scripts for setting up QubesOS.

For each OS, run the script associated with them to trim down the templates provided by Qubes first. For example, for Fedora, run the fedora-gnome.sh script. After the base templates have been trimmed down, run other scripts in templates based on them to create their respective TemplateVMs.

If you want to install Flatpak packages, install them inside of an AppVM as a user Flatpak and enable the update-user-flatpaks.service as a user systemd service for automatic updates.

It is recommended that you follow the docs here to make a prompt for root access on non-minimal VMs. dom0.sh already takes care of dom0 so you only need to worry about the guests. Skip whonix-gateway as it will create an annoying prompt every time a VM attached to it boots.

Laptop Recommendations

Qubes AEM currently still requires legacy boot. While the last generation of Intel CPUs with VBIOS to support legacy boot is Coffee Lake officially, I have found that certain Comet Lake Thinkpads still have legacy support. Unfortunately, all of them seems to only support U series CPU. You can check Lenovo's BIOS simulator for models with legacy boot support.

Alternatively, you should consider Coffee Lake mobile workstation Thinkpads. These have the longest support life cycle outside of the Comet Lake Thinkpads, and they support much more powerful H series CPUs. Perrsonally, I am using a P53 with an i9-9880H.

Lenovo ePrivacy

Lenovo ePrivacy can be controlled through /proc/acpi/ibm/lcdshadow. I use the following shortcuts:

  • F5: sudo bash -c 'echo 1 > /proc/acpi/ibm/lcdshadow'
  • F6: sudo bash -c 'echo 0 > /proc/acpi/ibm/lcdshadow'