My Qubes 4.02-rc1 install notes: (with fixes, customizations)
d/l ISO from qubes website
burned to usb flash drive
boot usb flash drive
tried media test, it crashed after a few seconds and rebooted pc
install qubes
accept most defaults
change time zone
use full hd/ssd (reclaim all space)
assign user name
install finishes, reboot and continue setup
create default system qubes (net, fw, dvm)
do not create default apps, I'll make my own
create whonix gw and ws vm's, should stop doing this, I create my own
do not enable updating whonix over tor
no usb cube, I use usb keyboard and usb mouse
(note to self: try the advanced option some day, to see what it does)
click on finish configuration
wait a minute before login, let background processes finish
login
watch hard disk light, and upper right screen for messages
wait a few minutes, let background stuff run, watching hard disk light
INSTALLATION COMPLETE
Custom configure my Qubes installation:
fix clock, right click->properties, change format
noticed hard disk light still going, wait a few minutes, go get some coffee
(qubes is looking for template updates)
Update Qubes templates:
NOTE: Do NOT reboot before updating Qubes templates, or system may hang during
shutdown
start Qube Manager:
click on right blue Q->open qube manager
note: you will see TWO qubes auto-start: sys-net and sys-firewall (we haven't
configured sys-whonix yet)
update dom0:
right click dom0->update qube, install any updates, wait for it to finish (got
progress screen but no finish screen, it should say no updates are available)
update Debian-10 template:
start Debian-10 template, then update qube, install any updates, wait for finish
note: debian-10 gives repository errors, press ctrl-C to close window (don't
shutdown template)
click on right blue Q, debian-10, run terminal
in terminal: sudo apt-get --allow-releaseinfo-change update (gets error
messages)
run it again: sudo apt-get --allow-releaseinfo-change update (no error
messages)
close terminal
right click debian-10->update qube, install any updates (continue=Y), OK on
grub-pc prompt (right arrow then enter), don't install grub not needed in
template (tab then enter), yes continue without grub, when done enter to
shutdown
update Fedora-30 template:
start Fedora-30 template, update qube, install any updates (Y), wait for
finish, enter to shutdown
update whonix templates:
note: updating whonix templates requires sys-whonix to be running (in current
configuration)
start sys-whonix, popup window select Connect click next, summary screen click
next, wait for bootstrap to finish (hit back arrow if it stalls too long and do
again), click finish
wait a few minutes, will get popup connected to tor, then whonixcheck will run,
wait for finish, should get popup info: whonix APT reposity enabled
note: if whonixcheck failed, wait a minute, run it again: LEFT blue Q->Service:
sys-whonix->WhonixCheck (this must succeed before updating templates)
start whonix-gw-15 template, update qube, install any updates (Y), wait for
finish, enter to shutdown
start whonix-ws-15 template, update qube, install any updates (Y), wait for
finish, enter to shutdown
UPDATES DONE!
We can now safely shutdown or reboot. Do that now.
Far right upper button (your user name) click on name, shutdown
While pc is off, you can safely remove the USB flash drive now, if not already
Boot computer
at login wait a minute to let background stuff run (watch hd light), then login
note: i've noticed if you wait a minute before login, as soon as you login,
qubes will immediately connect to tor (no wait period)
Start Qubes Manager:
note: you will see there are now THREE qubes auto-starting: sys-net,
sys-firewall, sys-whonix (we configured it)
>From this point, the rest is custom configuration. Your preferences will be
>different from mine. I'll list some of my tweaks.
Change colors:
note: I frikken HATE the default red network icon, it looks like it's shouting
ERROR! to me ugh
note: we have to stop sys-net to change the color, but must also stop
sys-firewall and sys-whonix first
stop sys-whonix
stop sys-firewall
stop sys-net
sys-net->Qube settings->change color->BLACK, apply, ok (I like black because
it's now same color as other icons on bar)
sys-firewall->Qube settings->change color->RED, apply, ok (I like red because
any VM connecting directly is going out clearnet)
Get rid of dvm's: (do we really need all these?)
note: I create a new default-dvm, set all vm/template/system to it, then delete
the others
create a new cube:
either click on 'create a new cube' button or Qube->Create new cube
name: default-dvm, color: black, template: Debian-10, networking: NONE! (don't
want this thing accessing anything)
default-dvm->Qube settings->Advanced->turn on 'Allow starting DisposableVMs
from this qube'
System->Global settings->Default DispVM->default-dvm
note: while in this screen, change default template too
System->Global settings->Default
