Tailoring Your Qubes OS Environment: A Developer’s Guide to Leveraging SaltStack
10-07, 12:35–13:05 (Europe/Berlin), Social Hub Main Room

Creating and maintaining a Qubes OS configuration is no small feat, especially when striving for consistency across multiple devices or during device migrations. This tutorial delves into a developer's experience using the masterless configuration of SaltStack in Qubes OS to craft and manage a personalized set of AppVMs and TemplateVMs, aligning with a reasonably typical workflow, albeit less paranoid than the one suggested in the Qubes OS guide on organizing your qubes.

In this tutorial, we narrate a developer's journey, illustrating the leverage of SaltStack's masterless configuration in Qubes OS to organize and manage a set of AppVMs and TemplateVMs, fostering a workflow that is hopefully typical for many users.

We will delve into a series of features and configurations, showcasing them on a tuned Dasharo FidelisGuard Z690, including:

  • Debian-12 as Default Template VM: Setting up and utilizing Debian-12 as the default template VM, discussing the benefits and functionalities it brings to the table.
  • Email VM Configuration: Detailed walkthrough of configuring an email VM with Thunderbird, OpenGPG, NFS for email archives, and split-gpg2, ensuring a secure and efficient email management system.
  • Communication VM: Setting up a communication VM loaded with heavy technologies such as Element, Wire, Matterhorn, and other potentially invasive applications. We will cover aspects such as autostarting and configuring Matterhorn file openers.
  • SSH-Agent Configuration: A guide to setting up and configuring ssh-agent, enhancing security and functionality.
  • Vault VM Configuration: Insights into setting up a vault VM, focusing on security features and functionalities it offers.
  • Dev Needs Configuration: Tailoring a VM to cater to development needs, including the setup of zsh, vim, git, Python virtual environment, and tmux, fostering a developer-friendly environment.
  • VPN VM: Establishing a VPN VM, discussing its setup process and the security layers it adds to your Qubes OS environment.
See also: PDF Presentation (2.6 MB)
Piotr Król

I am a passionate advocate for open-source firmware solutions, with a deep-seated belief in the transformative power of transparency, innovation, and trustworthiness. At the heart of my journey is 3mdeb, where we've cultivated a vision emphasizing user liberty, simplicity, and privacy.

Building a healthy community is paramount to me. In an era where toxic incentives can drive some communities, I believe in fostering an environment prioritizing genuine collaboration and shared growth. Through events like Dasharo Users Group, Dasharo Developers vPub, Qubes OS Summit, and FOSDEM's Open Source Firmware devroom, we aim to bring together like-minded individuals who share our vision. Our contributions to platforms like OpenSecurityTraining2 further underscore our commitment to knowledge sharing and community building.

As the founder of 3mdeb, my role is not just about overseeing operations but also about embodying the company's vision and mission. From strategic decision-making to understanding the intricacies of our technology, every day presents a new challenge and an opportunity to drive our vision forward.

Beyond my professional pursuits, I'm a casual chess and bridge player, an avid reader, and a nature enthusiast who finds solace in the forest. My interests span across theology, philosophy, and psychology, reflecting my innate curiosity and desire to understand the world around me. Whether it's exploring new technological frontiers or delving into a philosophical text, I approach life with an open mind and a thirst for knowledge.

This speaker also appears in: