On 09/14/2018 05:31 PM, Daniel Allcock wrote:
Dear all,
I am wondering how you all deal with (for example) having an elaborate vim
or emacs environment built up over several decades, and being able
to use it in all of your regular everyday qubes (personal, work, untrusted, etc,
probably leave vault out). Of course, you expect it to keep evolving as you
figure out how some package solves a problem for you, or you write some
vimscript or elisp to stop an annoyance.
What is the qubes way to do this? I've considered several solutions from
the simple to the baroque:
(simple) do the common config in the template vm (but not in /home
or /rw or /usr/local) and replace the relevant config files/dirs in the
actual-work
vm's with symlinks to them.
(also simple) have a "config" qube where you keep the configs you want to sync,
but do no actual work there and have no net access. Set up a script to copy
the relevant files/dirs to your working qubes. When you find an annoyance, fix
it there, and then run the script.
(rather complicated) set up a git server (say in its own dvm)
and have your qubes push commits to it when
you make changes to one of the files-to-sync. That way you can make your
tweaks wherever you happen to be working at the time, and later accept
those changes on the server. Then you can download the updated version
on your working qubes (perhaps by a script).
All of these have different convenience levels and data-flow implications.
But I feel like maybe they are all wrong and I am overlooking something
obvious. Any thoughts appreciated!
Daniel
It gets more complicated if you want to keep settings in /home/user
updated. Otherwise, updating configs only in templates isn't hard.
The server idea would be OK if it were coordinated by a dom0 program and
used qvm-copy or sending via qvm-run+tar. An actual networked server
seems both more complicated and a security risk.
Another way you could keep /home/user settings updated is to stash the
settings somewhere in '/' and have a VM startup script copy the files
into home. You can already do this with the service in
Qubes-VM-hardening since it can deploy files from template to anywhere
in /rw at the moment the appVM mounts it...
https://github.com/tasket/Qubes-VM-hardening
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/2399b718-e727-4baa-eb2c-42aac658b354%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
