Tomster/QubesOS-Scripts
1
0
Fork 0
mirror of https://github.com/tommytran732/QubesOS-Scripts synced 2025-01-08 15:11:59 -05:00
Code
695058e879
QubesOS-Scripts/Quality of Life.md
Tommy 695058e879
Add note for secure Matrix setup 
Signed-off-by: Tommy <contact@tommytran.io>
2024-12-27 23:23:01 -07:00

2.3 KiB
Raw Blame History

Quality of Life

LUKS Discard

By default, Qubes does not use discard with a LUKS volume. To enable discard, run:

sudo cryptsetup --allow-discards --persistent refresh LUKS-UUID-HERE

S0ix sleep

On certain hardware like the Thinkpad T14 Gen 1, you need to enable S0ix sleep support for suspension to work correctly. Use the following command:

sudo qvm-features dom0 suspend-s0ix 1

Default appmenu

The default apps to show on AppVMs' menu when created can be configured with qvm-features.

Example:

sudo qvm-features fedora-41 default-menu-items 'org.gnome.Nautilus.desktop org.gnome.Ptyxis.desktop'
sudo qvm-features fedora-41 netvm-menu-items 'org.gnome.Ptyxis.desktop'

sudo qvm-features debian-12 default-menu-items 'org.gnome.Console.desktop org.gnome.Nautilus.desktop'
sudo qvm-features debian-12 netvm-menu-items 'org.gnome.Console.desktop'

Lenovo ePrivacy

Lenovo ePrivacy can be controlled through /proc/acpi/ibm/lcdshadow. I use the following shortcuts:

  • F5: sudo bash -c 'echo 1 > /proc/acpi/ibm/lcdshadow'
  • F6: sudo bash -c 'echo 0 > /proc/acpi/ibm/lcdshadow'

Bitwarden Flatpak

Bitwarden Flatpak sometimes get stuck at launch.

Copy ~/.local/share/flatpak/exports/share/applications/com.bitwarden.desktop.desktop to ~/.local/share/applications/com.bitwarden.desktop.desktop and add --disable-gpu at the end of the Exec line to fix it.

Matrix

For the best security with Matrix:

  • Setup a TemplateVM with Debian and the official Element repo (there is no official rpm repo at the time of this writing)
  • Add the IP address and hostname of the Matrix homeserver in /etc/hosts
  • Make an AppVM based on the template
  • Use the UI and limit the connection of the AppVM to just the Matrix homeserver
  • In dom0, use qvm-firewall <appvm name> del --rule-no <rule number> to delete rules allowing ICMP and DNS to prevent exfiltration attacks.

Video player

In my experience, VLC works best. Changing video output to X11 video output (XCB) reduces CPU usage by 10% on my Thinkpad P53. See this link.

If you want to use MPV, make sure that --vo=x11 --profile=sw-fast is passed as arguments. See this link.