Re: [qubes-users] Setup NextCloud in Qubes
Hello pr0xy, On Sun, 25 Nov 2018 at 23:44, pr0xy wrote: > On 2018-11-25 13:35, 799 wrote: > [...] > > I was also interesting in sharing be specific files between AppVMs > > without the need to use qvm-copy. > > I am currently using a combination of sshfs and encfs or cryfs. This > > allows me to mount specific folders from one AppVM. This data is > > encrypted in the "Storage-"AppVM and can only be decrypted in the > > AppVM which mounts the data. > [...] > That Storage AppVM idea sounds quite interesting. I'll be interested to > take a look at those docs when it's ready. > I have uploaded the script here: https://github.com/one7two99/my-qubes/blob/master/docs/qubes-datastore.md I haven't add lots of documentation here, this is something that need's to be done. What the script does: It will setup a storage-template from which two AppVMs will be created: my-storage-datastore -> will store the data my-storage-access -> used to access the data (you can of course add more AppVMs, even when you need to do so manually and not via the script. but the script contains all commands) The idea is that you can encrypt the data within the storage AppVM with encfs or cryfs and decrypt it in the access AppVM. Therefor you can have multiple access VMs which use different subfolders in the datastore AppVM with different encryption keys. If you have any questions regarding this script do not hesitate to contact me. - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2v6uWevGkLKAZy5V7ugUtwovdB-s_a_0%3D1A%2BNfeNLwE%2BA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
On 2018-11-26 11:46, Achim Patzner wrote: > Am Sonntag, den 25.11.2018, 14:44 -0800 schrieb pr0xy: > >> Looking through past messages here it seems that others have got >> >> OwnCloud and NextCloud working. I wonder if they were able to do >> this >> >> with bind-dirs, or whether they had to use a StandaloneVM. > > Again: What do you want to gain? Having access to the same files on > multiple VMs? Having copies on all of them (plus the copy on the > storage VM) seems like a bit of overkill to me. > >> There are some other aspects of NextCloud aside from the file >> sharing >> >> like Calendar, Contacts, Notes and others that might also me nice to >> >> have internally. > > And to be honest: I do not trust all those plugins that far. They are > complicating things and complicated things cannot be easily verified. > Why not do everything on the same VM (which would be a risk you could > at least try to assess)? And where would be the limit? The Password > application? Giving external users access because you need to share > files? > > I'm not against a centralized "file service and storage VM" but it > would take considerable work to really find a secure way to do it; > access would likely have to use an RPC mechanism like current file > copying. It might be better to find out if it was possible to > implement something like WebDAV on top of a Qubes RPC services with a > fuse front end. > > Achim Patzner Honestly the first idea was to do some testing to see if I could get NextCloud to work in Qubes. The idea of easier sharing of files among VMs was interesting. For example, I have a huge directory of images on a USB drive that I use in a number of different VMs. The gallery of NextCloud lets me easily see and select them. Now I have to manually connect the drive to whatever VM needs them. I thought NextCloud could help my workflow in that regard. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e4ae0866de7acc93a8fb7f484261a99e%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
Am Sonntag, den 25.11.2018, 14:44 -0800 schrieb pr0xy: > Looking through past messages here it seems that others have got > OwnCloud and NextCloud working. I wonder if they were able to do this > with bind-dirs, or whether they had to use a StandaloneVM. Again: What do you want to gain? Having access to the same files on multiple VMs? Having copies on all of them (plus the copy on the storage VM) seems like a bit of overkill to me. > There are some other aspects of NextCloud aside from the file sharing > like Calendar, Contacts, Notes and others that might also me nice to > have internally. And to be honest: I do not trust all those plugins that far. They are complicating things and complicated things cannot be easily verified. Why not do everything on the same VM (which would be a risk you could at least try to assess)? And where would be the limit? The Password application? Giving external users access because you need to share files? I'm not against a centralized "file service and storage VM" but it would take considerable work to really find a secure way to do it; access would likely have to use an RPC mechanism like current file copying. It might be better to find out if it was possible to implement something like WebDAV on top of a Qubes RPC services with a fuse front end. Achim Patzner -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1a8b29e7afb1678b92924c2926258849663d736c.camel%40noses.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
On 2018-11-25 13:35, 799 wrote: > Hello, > > Am So., 25. Nov. 2018, 12:21 hat pr0xy geschrieben: > >> [...] I wanted to test it out for internal Qubes sharing among >> AppVMs. I think >> an external VPS NextCloud install might be a next step for sharing >> between networks. That seems like it would be a bit easier to setup, >> but it would be a somewhat different use case. [...] > > I was thinking that you might to try something like this ;-) > I was also interesting in sharing be specific files between AppVMs > without the need to use qvm-copy. > I am currently using a combination of sshfs and encfs or cryfs. This > allows me to mount specific folders from one AppVM. This data is > encrypted in the "Storage-"AppVM and can only be decrypted in the > AppVM which mounts the data. > Specific firewall rules between the AppVMs can grant or permit access. > Control over mounting/unmounting including doing the whole setup can > be done from one script which is located in dom0 and runs the specific > commands. > > I'm currently writing a How-to to upload it to the Qubes Docs. > > - O That Storage AppVM idea sounds quite interesting. I'll be interested to take a look at those docs when it's ready. Looking through past messages here it seems that others have got OwnCloud and NextCloud working. I wonder if they were able to do this with bind-dirs, or whether they had to use a StandaloneVM. There are some other aspects of NextCloud aside from the file sharing like Calendar, Contacts, Notes and others that might also me nice to have internally. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2302f345c251ef1681b4aa6543f61e0a%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
Hello, Am So., 25. Nov. 2018, 12:21 hat pr0xy geschrieben: > > [...] I wanted to test it out for internal Qubes sharing among AppVMs. I > think > an external VPS NextCloud install might be a next step for sharing > between networks. That seems like it would be a bit easier to setup, but > it would be a somewhat different use case. [...] > I was thinking that you might to try something like this ;-) I was also interesting in sharing be specific files between AppVMs without the need to use qvm-copy. I am currently using a combination of sshfs and encfs or cryfs. This allows me to mount specific folders from one AppVM. This data is encrypted in the "Storage-"AppVM and can only be decrypted in the AppVM which mounts the data. Specific firewall rules between the AppVMs can grant or permit access. Control over mounting/unmounting including doing the whole setup can be done from one script which is located in dom0 and runs the specific commands. I'm currently writing a How-to to upload it to the Qubes Docs. - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vBmFScMwO8kCyDWuL11o5yKa8jU4%3DPt-30bcRa3aiX2g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
On 2018-11-25 09:45, 799 wrote: > Hello pr0xy, > > Am So., 25. Nov. 2018, 01:26 hat pr0xy geschrieben: > >> [...] I was trying to install NextCloud into a Qubes R3.2 machine >> [...] > > I'm interested for which use case you want to run NextCloud in Qubes, > as depending on what your use case is, there might be other solutions > that fit better. > No argument against NextCloud, as we are using it ourselves to host > and share files ;-) > > Or are you using NextCloud within Qubes to provide services to other > AppVMs? > > - O I wanted to test it out for internal Qubes sharing among AppVMs. I think an external VPS NextCloud install might be a next step for sharing between networks. That seems like it would be a bit easier to setup, but it would be a somewhat different use case. I have a lot of AppVMs for different purposes. It's a bit of a pain to connect and disconnect various HDDs in Qubes when they need certain files. I wanted to see if this might be an option. The thinking was to see if I could use the External Storage capability of NextCloud, attach some HDDs to the NextCloud AppVM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d62c8246e783f701b3f581e99b43187%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
Hello pr0xy, Am So., 25. Nov. 2018, 01:26 hat pr0xy geschrieben: > [...] I was trying to install NextCloud into a Qubes R3.2 machine [...] > I'm interested for which use case you want to run NextCloud in Qubes, as depending on what your use case is, there might be other solutions that fit better. No argument against NextCloud, as we are using it ourselves to host and share files ;-) Or are you using NextCloud within Qubes to provide services to other AppVMs? - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2sPwPS-9_kHK4%2BGeG19iCKdtsxoKd5Xq0HC%3DQsxbkKV0w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
On 2018-11-25 07:33, Ivan Mitev wrote: > On 11/25/18 2:26 AM, pr0xy wrote: >> I was trying to install NextCloud into a Qubes R3.2 machine. Although I >> have it working it isn't persistent across reboots of the AppVM. Every >> time I restart the AppVM it asks me to setup my NextCloud again. >> >> How can I get NextCloud working in an AppVM? >> >> I put NextCloud into a Fedora template. I tried the full manual install >> and the Snap method. When I base the AppVM on that template I can >> startup NextCloud, create a MariaDB database, create an admin account >> and work with various settings, but a restart of the AppVM will lose all >> of those settings. How can I make my changes persistent so that I can >> use NextCloud normally? > > Why not use a StandaloneVM ? > > Or do you want to get a "clean/blank" nextcloud install each time you > restart an AppVM based on the template where you installed nextcloud ? > If so, you'll have to create the db/admin account/... in the > templateVM, not in the AppVM, otherwise any changes you do to the root > filesystem will be lost at the next restart. Note that it's usually > not a good idea to install and run third party stuff in templates (or, > don't base sensitive AppVMs on such templates). > > FYI the folders/files related to nextcloud are usually: > > - The folder where you extracted nextcloud (eg. /var/www/nextcloud) > - The data dir you configured; could be a subdir of the folder above > or another path. > - Mysql db (/var/lib/mysql) and maybe /etc/my.cnf* > - relevant httpd config (/etc/httpd/...) + php stuff, eg. /etc/php.ini > if you modified it. > > You'll also have to enable the web server and mysql in the template > (systemctl enable ...); or start it in the AppVM. >Why not use a StandaloneVM ? Had not actually considered a StandaloneVM. Usually use those for Windows, Ubuntu or other OSs. However that might be an option. I wasn't necessarily looking for a clean NextCloud on every restart, but wanted to avoid any other extraneous OS changes that might slip in. I was used to the AppVM model of installing and running various untrusted packages and I have a lot of TemplateVMs where I base those installs. None of those used MySQL or a LAMP setup though. I tried setting up the Admin user and database in the TemplateVM. That works, but then of course when changes are made in the AppVM none of them persist a restart. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eaab5287af0536b88f7d640bd49d2efe%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
On 11/25/18 2:26 AM, pr0xy wrote: I was trying to install NextCloud into a Qubes R3.2 machine. Although I have it working it isn't persistent across reboots of the AppVM. Every time I restart the AppVM it asks me to setup my NextCloud again. How can I get NextCloud working in an AppVM? I put NextCloud into a Fedora template. I tried the full manual install and the Snap method. When I base the AppVM on that template I can startup NextCloud, create a MariaDB database, create an admin account and work with various settings, but a restart of the AppVM will lose all of those settings. How can I make my changes persistent so that I can use NextCloud normally? Why not use a StandaloneVM ? Or do you want to get a "clean/blank" nextcloud install each time you restart an AppVM based on the template where you installed nextcloud ? If so, you'll have to create the db/admin account/... in the templateVM, not in the AppVM, otherwise any changes you do to the root filesystem will be lost at the next restart. Note that it's usually not a good idea to install and run third party stuff in templates (or, don't base sensitive AppVMs on such templates). FYI the folders/files related to nextcloud are usually: - The folder where you extracted nextcloud (eg. /var/www/nextcloud) - The data dir you configured; could be a subdir of the folder above or another path. - Mysql db (/var/lib/mysql) and maybe /etc/my.cnf* - relevant httpd config (/etc/httpd/...) + php stuff, eg. /etc/php.ini if you modified it. You'll also have to enable the web server and mysql in the template (systemctl enable ...); or start it in the AppVM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5f1f3df3-f65a-48de-535c-e76ec8abd7d1%40maa.bz. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
On 2018-11-25 02:17, unman wrote: > On Sat, Nov 24, 2018 at 04:26:18PM -0800, pr0xy wrote: >> I was trying to install NextCloud into a Qubes R3.2 machine. Although I >> have it working it isn't persistent across reboots of the AppVM. Every >> time I restart the AppVM it asks me to setup my NextCloud again. >> >> How can I get NextCloud working in an AppVM? >> >> I put NextCloud into a Fedora template. I tried the full manual install >> and the Snap method. When I base the AppVM on that template I can >> startup NextCloud, create a MariaDB database, create an admin account >> and work with various settings, but a restart of the AppVM will lose all >> of those settings. How can I make my changes persistent so that I can >> use NextCloud normally? > > Have you looked at using bind-dirs? > https://www.qubes-os.org/doc/bind-dirs/ Thanks. That looks like it should work, but I guess I'm uncertain which directories I need to add to /rw/config/qubes-bind-dirs.d/50_user.conf I tried: binds+=( '/var/lib/mysql' ) binds+=( '/var/www' ) as those would appear to cover the MariaDB MySQL database and the web server for NextCloud. However, even with those settings any database or user created in MySQL of the AppVM doesn't persist after a restart. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/338ee10886347013c1edb677d4f52cf2%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup NextCloud in Qubes
On Sat, Nov 24, 2018 at 04:26:18PM -0800, pr0xy wrote: > I was trying to install NextCloud into a Qubes R3.2 machine. Although I > have it working it isn't persistent across reboots of the AppVM. Every > time I restart the AppVM it asks me to setup my NextCloud again. > > How can I get NextCloud working in an AppVM? > > I put NextCloud into a Fedora template. I tried the full manual install > and the Snap method. When I base the AppVM on that template I can > startup NextCloud, create a MariaDB database, create an admin account > and work with various settings, but a restart of the AppVM will lose all > of those settings. How can I make my changes persistent so that I can > use NextCloud normally? Have you looked at using bind-dirs? https://www.qubes-os.org/doc/bind-dirs/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181125021733.4iz27t24lptru4fc%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Setup NextCloud in Qubes
I was trying to install NextCloud into a Qubes R3.2 machine. Although I have it working it isn't persistent across reboots of the AppVM. Every time I restart the AppVM it asks me to setup my NextCloud again. How can I get NextCloud working in an AppVM? I put NextCloud into a Fedora template. I tried the full manual install and the Snap method. When I base the AppVM on that template I can startup NextCloud, create a MariaDB database, create an admin account and work with various settings, but a restart of the AppVM will lose all of those settings. How can I make my changes persistent so that I can use NextCloud normally? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/68902a6b167fad231b8f1b56bc4b074b%40riseup.net. For more options, visit https://groups.google.com/d/optout.
