Fresh installation (shell) script: minimal templates, app qubes, default settings revisions

Go back to topic: Fresh installation (shell) script: minimal templates, app qubes, default settings

Revision #22

Edited on: 2023-11-05
Edited by user: szz9pza

local ~~brave_dir~~=/etc/skel/.config/BraveSoftware/Brave-Browser/	local cfg_dir=/etc/skel/.config/ local brave_dir=$cfg_dir/BraveSoftware/Brave-Browser/
local brave_prefs_cfg=$brave_dir/Default/Preferences mkdir -p $brave_dir/Default/	local brave_prefs_cfg=$brave_dir/Default/Preferences local brave_entry=brave-browser.desktop mkdir -p $brave_dir/Default/ # remove welcome splash screen on first launch touch "$brave_dir/First Run" echo " [Default Applications] text/html=$brave_entry x-scheme-handler/http=$brave_entry x-scheme-handler/https=$brave_entry x-scheme-handler/about=$brave_entry x-scheme-handler/unknown=$brave_entry" \| cut -c 5- \ >> $cfg_dir/mimeapps.list
	prefs_add_value_to_key '"browser": {' ' "has_seen_welcome_page": true,'
- ~~update~~ Brave ~~settings to 1.60.110 (new Leo AI Assistant)~~	- remove Brave welcome splash screen on first launch

Revision #21

Edited on: 2023-11-05
Edited by user: szz9pza

"ai_chat":{	"ai_chat": {
prefs_add_value_to_key '"~~brave~~": {' ' ~~"ai_chat": {~~	prefs_add_value_to_key '"ai_chat": {' '
"default_model_key": "chat-default" # llama2 13b },'	"default_model_key": "chat-default", # llama2 13b "user_dismissed_premium_prompt": true,'

Revision #20

Edited on: 2023-11-04
Edited by user: szz9pza

~~state_add_value_to_brave_key~~ ()	add_value_to_key ()
~~sed -i~~ &~~#39~~;/"~~brave~~": {/ r&~~#39~~;<(echo "$1") "$~~brave_state_cfg~~"	if [[ $1 == root ]] then echo "$2" >> "$3" else sed -i "/$1/ r"<(echo "$2") "$3" fi
	state_add_value_to_key () { add_value_to_key "$1" "$2" "$brave_state_cfg" }
~~sed -i~~ "/$1~~/ r~~"&~~lt;(echo &~~quot;$2") $brave_prefs_cfg	add_value_to_key "$1" "$2" $brave_prefs_cfg
~~echo~~ '	state_add_value_to_key 'root' '
},' ~~>> "$brave_state_cfg"~~	},'
~~echo~~ '	prefs_add_value_to_key 'root' '
~~},' >> $brave_prefs_cfg~~	},' ### New Tab Page prefs_add_value_to_key 'root' ' "brave": { "new_tab_page": { "hide_all_widgets": true, # cards "show_background_image": true, "show_branded_background_image": false, "show_clock": false, "show_stats": false, "show_together": false, # news "shows_options": 0 # new tab page: dashboard } }, "ntp": { "shortcust_visible": false # top sites },'
~~echo~~ '	state_add_value_to_key 'root' '
},' >> &~~quot~~;~~$brave_state_cfg~~&~~quot~~; ~~echo~~ '	},' prefs_add_value_to_key 'root' '
	"browser": { "custom_chrome_frame": false # use system title bar (enable) },' ### Toolbar prefs_add_value_to_key '"browser": {' ' "show_home_button": false,' prefs_add_value_to_key 'root' '
}, "brave": { "~~show_side_panel_button~~": ~~false~~,	},' prefs_add_value_to_key '"brave": {' ' "show_bookmarks_button": true,
	"wallet": { "show_wallet_icon_on_toolbar": false }, "show_side_panel_button": true,
	"autocomplete_enabled": true,
"sidebar": { "sidebar_show_option": 3 # never }, "show_side_panel_button": false, "autocomplete_enabled": true,
"~~tabs_search_show~~": true,	"ai_chat":{ "autocomplete_provider_enabled": true },' ### Tabs prefs_add_value_to_key '"brave": {' '
	"tabs_search_show": true,' ### Sidebar prefs_add_value_to_key '"brave": {' ' "sidebar": { "hidden_built_in_items": [ 1, # Brave Talk 2, # Brave Wallet 3, # Bookmarks 4 # Reading List ], "side_panel_width": 500, "sidebar_show_option": 3 # never },' prefs_add_value_to_key 'root' ' "side_panel": { "is_right_aligned": true },' ### Content prefs_add_value_to_key '"brave": {' '
"mru_cycling_enabled": false # cycle most recently tabs }, "browser": { "show_home_button": false, "custom_chrome_frame": false # use system frame (enable) },' >> $brave_prefs_cfg ## New Tab Page #------ prefs_add_value_to_key '"brave": {' ' "new_tab_page": { "hide_all_widgets": true, # cards "show_background_image": true, "show_branded_background_image": false, "show_clock": false, "show_stats": false, "show_together": false, # news "shows_options": 0 # new tab page: dashboard },' echo ' "ntp": { "shortcust_visible": false # top sites },' >> $brave_prefs_cfg	"mru_cycling_enabled": false, # cycle most recently tabs'
~~echo~~ '	prefs_add_value_to_key 'root' '
},' ~~>> $brave_prefs_cfg~~ ### Content Filtering: ~~state_add_value_to_brave_key~~ '	},' ### Content Filtering state_add_value_to_key '"brave": {' '
},' ## ~~Brave Rewards~~ ~~#------~~	},' ### Social media blocking
"rewards": { "inline_tip_buttons_enabled": false, "show_brave_rewards_button_in_location_bar": false },' ## Social media blocking #------ prefs_add_value_to_key '"brave": {' '
~~echo~~ '	prefs_add_value_to_key 'root' '
},' ~~>> $brave_prefs_cfg~~	},'
~~state_add_value_to_brave_key~~ '	state_add_value_to_key '"brave": {' '
~~echo~~ '	state_add_value_to_key 'root' '
},' ~~>> "$brave_state_cfg"~~	},'
"cookies": 4,' # clear cookies/site data, block third-party ~~echo~~ ' "enable_do_not_track": false,' ~~>> $brave_prefs_cfg~~	"cookies": 4, # clear cookies/site data, block third-party' prefs_add_value_to_key 'root' ' "enable_do_not_track": false,'
~~echo~~ '	prefs_add_value_to_key 'root' '
"https_only_mode_enabled": true,' >> ~~$brave_prefs_cfg echo~~ '	"https_only_mode_enabled": true,' state_add_value_to_key 'root' '
},' ~~>> "$brave_state_cfg"~~	},'
~~echo~~ '	prefs_add_value_to_key 'root' '
},' ~~>> $brave_prefs_cfg~~	},'
~~echo~~ '	state_add_value_to_key 'root' '
~~},' >> "$brave_state_cfg"~~	},' ## Brave Rewards #------ prefs_add_value_to_key '"brave": {' ' "rewards": { "inline_tip_buttons_enabled": false, "show_brave_rewards_button_in_location_bar": false },' ## Web3 #------ ### Wallet prefs_add_value_to_key '"wallet": {' ' "default_solana_wallet": 1, # no fallback "default_wallet2": 1, # eth: no fallback "nft_discovery_enabled": false, "auto_pin_enabled": false,' ### IPFS prefs_add_value_to_key '"brave": {' ' "ipfs": { "resolve_method": 3 # disabled },' ### Web3 domains state_add_value_to_key '"brave": {' ' "ens": { "resolve_method": 1 # disabled }, "sns": { "resolve_method": 1 # disabled }, "unstoppable_domains": { "resolve_method": 1 # disabled },' ## Leo #------ prefs_add_value_to_key '"sidebar": {' ' "sidebar_items": [ { "built_in_item_type": 7 # show Leo icon } ],' prefs_add_value_to_key '"brave": {' ' "ai_chat": { "auto_generate_questions": false, # suggested prompts "default_model_key": "chat-default" # llama2 13b },'
~~echo~~ '	prefs_add_value_to_key 'root' '
},' ~~>> $brave_prefs_cfg~~	},'
~~echo~~ '	prefs_add_value_to_key 'root' '
},' >> ~~$brave_prefs_cfg~~ ~~state_add_value_to_brave_key~~ '	},' state_add_value_to_key '"brave": {' '
## ~~Web3~~	## Autofill and passwords
### Wallet prefs_add_value_to_key '"brave": {' ' "wallet": { "default_solana_wallet": 1, # no fallback "default_wallet2": 1, # eth: no fallback "show_wallet_icon_on_toolbar": false, "nft_discovery_enabled": false, "auto_pin_enabled": false },' ### IPFS prefs_add_value_to_key '"brave": {' ' "ipfs": { "resolve_method": 3 # disabled },' ### Web3 domains state_add_value_to_brave_key ' "ens": { "resolve_method": 1 # disabled }, "sns": { "resolve_method": 1 # disabled }, "unstoppable_domains": { "resolve_method": 1 # disabled },' ## Autofill #------ echo '	prefs_add_value_to_key 'root' '
},' ~~>> $brave_prefs_cfg~~	},'
"autofill_private_windows": false,'	"autofill_private_windows": false,'
~~echo~~ '	prefs_add_value_to_key 'root' '
},' ~~>> $brave_prefs_cfg~~	},'
## ~~Download~~	## Downloads
~~echo~~ '	prefs_add_value_to_key 'root' '
}' ~~>> $brave_prefs_cfg~~	}'
~~echo~~ '	state_add_value_to_key 'root' '
},' ~~>> "$brave_state_cfg"~~	},'
~~echo~~ '	state_add_value_to_key 'root' '
}' ~~>> "$brave_state_cfg"~~	}'
~~state_add_value_to_brave_key~~ '	state_add_value_to_key '"brave": {' '
Guide updated to R4.2 (see ~~previous~~ edit ~~if needed~~).	Guide updated to R4.2 (see edit 18↔19 for R4.1 related changes).
- replace rpc policy dom0 with @adminvm - set dom0 SUDO_EDITOR and EDITOR variables to /usr/bin/vim - set dom0 memory to 2048min/3072max - set dom0 dispobable app qube to web-dvm - config gtk4 to use Arc-Dark theme - replace libreoffice-gtk3 with gtk4 - disable libreoffice hardware acceleration - disable libreoffice java - disable libreoffice writing aids (spelling, grammar, ...) - add "forget me when I close this site" brave setting (shields) - add "allow auto-fill in private windows" brave setting (autofill) 4.2 related - use qubes-vm-update for template updates - disable restart all system qubes after update - set max simultaneous updates qubes to 4 - set auto update to 5 days for non-ckecked qubes - replace pulseaudio-qubes with pipewire-qubes - use file name used by global config for usb & update proxy policies - use unified /boot/grub2/grub.cfg for boot config	- update Brave settings to 1.60.110 (new Leo AI Assistant)

Revision #19

Edited on: 2023-10-31
Edited by user: szz9pza

~~sudo qubesctl~~ --~~skip~~-~~dom0~~ -~~-templates state.sls update.qubes-vm~~	qubes-vm-update --templates
~~pulseaudio~~-qubes'	pipewire-qubes'
libreoffice-~~gtk3~~'	libreoffice-gtk4'
## Templates	## Templates
~~sudo qubesctl~~ --~~skip~~-~~dom0~~ -~~-targets=~~$~~base_tpl state.sls update.qubes-vm~~	qubes-vm-update --targets $base_tpl
All folders of a theme must be copied (there are symbolic links between them).
$themes_dir/Arc* \	$themes_dir/Arc-Dark \
mv $qubes_incoming/dom0/Arc* $themes_dir	mv $qubes_incoming/dom0/Arc-Dark $themes_dir
local ~~gtk3_dir~~=/etc/skel/.config/gtk-3.0/ mkdir -p $~~gtk3_dir~~	local cfg_dir=/etc/skel/.config/ local gtk3_dir=$cfg_dir/gtk-3.0/ local gtk4_dir=$cfg_dir/gtk-4.0/ mkdir -p $gtk3_dir $gtk4_dir
gtk-titlebar-right-click=none' \| cut -c 5- > $gtk3_dir/settings.~~ini~~	gtk-titlebar-right-click=none' \| cut -c 5- \ \| tee {$gtk3_dir,$gtk4_dir}/settings.ini > /dev/null
}' \| cut -c 5- > $gtk3_dir/gtk.~~css # GTK4 dark mode # needed for zenity progress dialog used by qvm-copy/move # (dom0 Arc theme doesn~~&~~#39~~;~~t have GTK4 variant)~~ ~~local dconf_local_dir=~~/~~etc~~/~~dconf/db/local.d/~~ ~~mkdir -p $dconf_local_dir echo " [org/gnome/desktop/interface] color-scheme='prefer-dark'" \| cut -c 5- > $dconf_local_dir/gnome-interface~~	}' \| cut -c 5- \| tee {$gtk3_dir,$gtk4_dir}/gtk.css > /dev/null
\| tee -a /etc/skel/~~.Xresources~~ /home/user/.Xresources > /dev/null	\| tee -a {/etc/skel/,/home/user/}/.Xresources > /dev/null
\| tee -a /etc/skel/~~.bashrc~~ /home/user/~~.bashrc~~ /root/.bashrc > /dev/null	\| tee -a {/etc/skel/,/home/user/,/root/}/.bashrc > /dev/null
local lo_cfg=$lo_dir/registrymodifications.xcu mkdir -p $lo_dir	local lo_cfg=$lo_dir/registrymodifications.xcu local lo_java_cfg=$lo_dir/config/javasettings_Linux_X86_64.xml mkdir -p $lo_dir/config/
	local lo_linguistic=/$lo_org.Office.Linguistic add_key_value $lo_linguistic/GrammarChecking IsAutoCheck false add_key_value $lo_linguistic/Hyphenation IsHyphSpecial false add_key_value $lo_linguistic/SpellChecking IsSpellAuto false add_key_value $lo_linguistic/SpellChecking IsSpellSpecial false add_key_value $lo_linguistic/SpellChecking IsSpellUpperCase false # disable hardware acceleration local lo_canvas=/$lo_org.Office.Canvas add_key_value $lo_canvas ForceSafeServiceImpl true
add_key_value $lo_misc ~~FirstRun~~ false	add_key_value $lo_misc FirstRun false
add_key_value $lo_misc ~~SymbolStyle~~ colibre_dark_svg	add_key_value $lo_misc SymbolStyle colibre_dark_svg
add_key_value $lo_product ~~ooSetupLastVersion~~ 42.0 add_key_value $lo_product ~~LastTimeDonateShown~~ 4200000000	add_key_value $lo_product ooSetupLastVersion 42.0 add_key_value $lo_product LastTimeDonateShown 4200000000
~~echo '</oor:items>' >> $lo_cfg~~	echo '</oor:items>' >> $lo_cfg # disable java echo '<?xml version="1.0" encoding="UTF-8"?> <!--This is a generated file. Do not alter this file!--> <java xmlns="http://openoffice.org/2004/java/framework/1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <enabled xsi:nil="false">false</enabled> <javaInfo xsi:nil="false" vendorUpdate="" autoSelect="false"> </javaInfo> </java>' > $lo_java_cfg
/* menu > edit > settings ~~/ /~~ ~~******************** *~~/	/* menu > edit > settings */
/* menu > view ~~/ /~~ ~~********* *~~/	/* menu > view */
/* config editor ~~/ /~~ ~~*********** *~~/	/* config editor */
#------~~---------~~	#------
#------~~-------~~	#------
#------~~------~~	#------
#------~~--------~~	#------
#------~~---~~	#------
	"brave_remember_1p_storage": 2, # forget when close site
#------~~---------~~	#------
#------~~-----------------~~	#------
#------~~----------------~~	#------
#------~~---------~~	#------
#------~~------~~	#------
#------~~----~~	#------
},' >> $brave_prefs_cfg	},' >> $brave_prefs_cfg prefs_add_value_to_key '"brave": {' ' "autofill_private_windows": false,'
#------~~-----~~	#------
#------~~----~~	#------
#------~~-----~~	#------
#--------	#------
echo "qubes.UpdatesProxy * @type:TemplateVM @default allow target=$net_dvm" \ \| sudo tee -a /etc/qubes/policy.d/30-~~user~~.policy > /dev/null	echo "qubes.UpdatesProxy * @type:TemplateVM @default allow target=$net_dvm" \ \| sudo tee -a /etc/qubes/policy.d/50-config-updates.policy > /dev/null
qubes.InputMouse * $usb_dvm dom0 allow qubes.InputMouse * @~~anyvm @anyvm deny~~" \ \| sudo tee -a /etc/qubes/policy.d/30-~~user~~.policy > /dev/null	qubes.InputMouse * $usb_dvm @adminvm allow" \ \| sudo tee -a /etc/qubes/policy.d/50-config-input.policy > /dev/null
[details="e.g. only 1 usb controller, only usb keyboard, ~~EFI boot,~~ LUKS."]	[details="e.g. only 1 usb controller, only usb keyboard, FDE (LUKS)."]
qubes.InputKeyboard * $usb_dvm dom0 allow qubes.InputKeyboard * @~~anyvm @anyvm deny~~" \ \| sudo tee -a /etc/qubes/policy.d/30-~~user~~.policy > /dev/null	qubes.InputKeyboard * $usb_dvm @adminvm allow" \ \| sudo tee -a /etc/qubes/policy.d/50-config-input.policy > /dev/null
# sudo grub2-mkconfig -o /boot/grub2/grub.~~cfg (legacy boot) sudo grub2-mkconfig -o /boot/efi/EFI/qubes/grub.~~cfg	sudo grub2-mkconfig -o /boot/grub2/grub.cfg
	[Disposable sys-net: Automatically connect wifi (config file or RPC service)](https://forum.qubes-os.org/t/disposable-sys-net-automatically-connect-wifi-config-file-or-rpc-service/21112)
The "Qube Settings" entry is included in all qubes menus by default.
> All these settings, except ~~Qube Manager~~, are not Qubes OS specific.	> All these settings, except Qubes tools, are not Qubes OS specific.
[details="~~dom0 max~~ memory & swap"]	[details="memory & swap"]
~~sudo sed -i -E~~ '~~s/(~~dom0_mem=max:~~)[0-9]+M/\12048M/~~' /etc/default/~~grub~~ sudo grub2-mkconfig -o /boot/~~efi~~/~~EFI/qubes/~~grub.cfg	echo ' GRUB_CMDLINE_XEN_DEFAULT="$GRUB_CMDLINE_XEN_DEFAULT dom0_mem=min:2048M dom0_mem=max:3072M"' \ \| sudo tee -a /etc/default/grub > /dev/null sudo grub2-mkconfig -o /boot/grub2/grub.cfg
sudo sed -i -Ee "s/^#(autologin-user=)/\1$USER/" \ -Ee 's/^#(autologin-user-timeout=0)/\1/' \	sudo sed -i -E -e "s/^#(autologin-user=)/\1$USER/" \ -e 's/^#(autologin-user-timeout=0)/\1/' \
	[details="disposable app qube"] ```bash qvm-prefs dom0 default_dispvm $web_dvm ``` [/details] [details="qubes update"] ```bash qvm-features dom0 qubes-vm-update-max-concurrency 4 qvm-features dom0 qubes-vm-update-restart-system '' qvm-features dom0 qubes-vm-update-update-if-stale 5 ``` [/details]
	export EDITOR=/usr/bin/vim export SUDO_EDITOR=$EDITOR
$panel_cfg ~~# remove workspace switcher sed -i '/value="pager"/ d' $panel_cfg~~	$panel_cfg
<property name="workspace_count" type="int" value="1"/>	<property name="workspace_count" type="int" value="2"/>
Good luck.	Good luck. Guide updated to R4.2 (see previous edit if needed).
- ~~reduce~~ dom0 ~~max memory to 2048M~~ - ~~reduce~~ dom0 ~~swap~~ to 2G - ~~use tmpfs for web browser cache -~~ set ~~sys-firewall~~ memory to ~~768~~/~~1280M~~ - set ~~templates memory~~ to ~~512/4096M~~ - ~~set disposable template vcpus~~ to 1 - ~~add "set~~ -eu -~~o pipefail"~~ ~~to the script~~ - ~~add arguments to create_dvm_template() to set maxmemory & memory~~ - ~~group desktop files entries~~ (~~txt_img_pdf and office_suite~~) - ~~use set_printer()~~ ~~and custom_settings instead of run_cmd~~() - ~~move brave~~ "~~search suggest_enabled~~" setting to ~~search section~~	- replace rpc policy dom0 with @adminvm - set dom0 SUDO_EDITOR and EDITOR variables to /usr/bin/vim - set dom0 memory to 2048min/3072max - set dom0 dispobable app qube to web-dvm - config gtk4 to use Arc-Dark theme - replace libreoffice-gtk3 with gtk4 - disable libreoffice hardware acceleration - disable libreoffice java - disable libreoffice writing aids (spelling, grammar, ...) - add "forget me when I close this site" brave setting (shields) - add "allow auto-fill in private windows" brave setting (autofill) 4.2 related - use qubes-vm-update for template updates - disable restart all system qubes after update - set max simultaneous updates qubes to 4 - set auto update to 5 days for non-ckecked qubes - replace pulseaudio-qubes with pipewire-qubes - use file name used by global config for usb & update proxy policies - use unified /boot/grub2/grub.cfg for boot config

Revision #18

Edited on: 2023-10-31
Edited by user: szz9pza

Revision #17

Edited on: 2023-09-12
Edited by user: deeplow

Revision #16

Edited on: 2023-09-07
Edited by user: deeplow

Revision #15

Edited on: 2023-08-29
Edited by user: szz9pza

	set -eu -o pipefail
	qvm-prefs $base_tpl memory 512 qvm-prefs $base_tpl maxmem 4096
"search": { "suggest_enabled": false # improve search },
	}, "search": { "suggest_enabled": false # improve search
	[details="web browser cache (tmpfs)"] ```bash set_web_browser_cache_tmpfs () { local mount_opt=rw,nosuid,nodev,noexec,nodiratime,size=128M echo "tmpfs /home/user/.cache/BraveSoftware tmpfs $mount_opt 0 0" \ >> /etc/fstab } ``` [/details]
-e "s/* $.*$/(\1)/"	-Ee "s/* (.*)/(\1)/"
custom_settings $base_tpl \	custom_settings "$base_tpl $system_tpl" \
custom_settings $system_tpl \ $set_common
~~set_web_browser~~	set_web_browser \ set_web_browser_cache_tmpfs
--property maxmem=~~4096~~ \ --property memory=~~512~~ \	--property maxmem=$4 \ --property memory=$5 \
--property template_for_dispvms=~~true~~ qvm-features $1 appmenus-dispvm $4 $FUNCNAME "${@:5}"	--property template_for_dispvms=true \ --property vcpus=1 qvm-features $1 appmenus-dispvm $6 $FUNCNAME "${@:7}"
$mgmt_dvm $system_tpl black '' \ $sys_dvm $system_tpl red '' \ $apps_dvm $apps_tpl red 1 \ $print_dvm $print_tpl red '' \ $web_dvm $web_tpl red 1	$mgmt_dvm $system_tpl black 4096 512 '' \ $sys_dvm $system_tpl red 4096 512 '' \ $apps_dvm $apps_tpl red 2048 512 1 \ $print_dvm $print_tpl red 4096 512 '' \ $web_dvm $web_tpl red 2048 512 1
$fw_dvm $sys_dvm green 'true' 0 768 $net_dvm 'true' '' \	$fw_dvm $sys_dvm green 'true' 1280 768 $net_dvm 'true' '' \
banking-dvm $web_dvm gray 'false' 2048 512 $fw_dvm 'false' '' \ mail-web-dvm $web_dvm purple 'false' 2048 512 $fw_dvm 'false' '' \	banking-dvm $web_dvm gray 'false' 2048 512 $fw_dvm 'false' '' \ mail-web-dvm $web_dvm purple 'false' 2048 512 $fw_dvm 'false' '' \
~~office_suite_entry0~~='	office_suite_startcenter_entry='
~~office_suite_entry1~~=' libreoffice-calc.desktop libreoffice-draw.desktop	office_suite_calc_entry=' libreoffice-calc.desktop' office_suite_draw_entry=' libreoffice-draw.desktop' office_suite_writer_entry='
	[/details] [details="printer (not Qubes OS specific)"] [www.cups.org/doc/admin.html](https://www.cups.org/doc/admin.html) ```bash set_printer () { local driver_model=$(lpinfo -m \ \| grep 'MY_PRINTER_NAME' \ \| grep simple \ \| cut -d ' ' -f 1) lpadmin -p 'MY_CUSTOM_PRINTER_NAME' -E \ -v lpd://192.168.1.42/PASSTHRU \ -m $driver_model \ -o printer-error-policy=retry-current-job \ -o printer-is-shared=false \ -o Resolution=301x300dpi \ -o ColorModel=Gray \ -o print-quality-default=3 } ```
	[details="text_img_pdf_entries"]
	text_img_pdf_entries=" $text_editor_entry $image_viewer_entry $pdf_viewer_entry" ``` [/details] [details="office_suite_entries"] ```bash office_suite_entries=" $office_suite_startcenter_entry $office_suite_calc_entry $office_suite_draw_entry $office_suite_writer_entry" ``` [/details] ```bash
$~~text_editor_entry~~ \ $~~image_viewer_entry~~ \ ~~$pdf_viewer_entry \ $office_suite_entry0 \ $office_suite_entry1 \~~	$text_img_pdf_entries \ $office_suite_entries \
$~~text_editor_entry~~ \ $~~image_viewer_entry~~ \ ~~$pdf_viewer_entry \ $office_suite_entry0 \ $office_suite_entry1 \~~	$text_img_pdf_entries \ $office_suite_entries \
/etc/cups/ ``` [details="Add your printer (not Qubes OS specific)."] [www.cups.org/doc/admin.html](https://www.cups.org/doc/admin.html) ```bash run_cmd root $print_dvm ' driver_model=$(lpinfo -m \ \| grep "MY_PRINTER_NAME" \ \| grep simple \ \| cut -d " " -f 1) lpadmin -p "MY_CUSTOM_PRINTER_NAME" -E \ -v lpd://192.168.1.42/PASSTHRU \ -m $driver_model \ -o printer-error-policy=retry-current-job \ -o printer-is-shared=false \ -o Resolution=301x300dpi \ -o ColorModel=Gray \ -o print-quality-default=3' qvm-shutdown --wait $print_dvm ``` [/details]	/etc/cups/ custom_settings $print_dvm \ set_printer ```
	[details="dom0 max memory & swap"] ```bash sudo sed -i -E 's/(dom0_mem=max:)[0-9]+M/\12048M/' /etc/default/grub sudo grub2-mkconfig -o /boot/efi/EFI/qubes/grub.cfg dom0_swap=/dev/qubes_dom0/swap sudo swapoff $dom0_swap sudo lvresize --yes --size 2G $dom0_swap sudo mkswap $dom0_swap sudo swapon $dom0_swap sudo udevadm trigger --action=change ``` [/details]
- ~~add an argument~~ to ~~explicitly~~ set ~~hvm mode in create_named_dvm()~~ - ~~adjust~~ memory ~~of system qubes~~ (~~usb,~~ ~~net~~ & ~~firewall)~~ - ~~use $FUNCNAME for recursive functions~~ - ~~update some header titles~~ (~~use sentence case~~ and ~~remove numbered list~~) - move ~~configuration before update -~~ ~~add config variable $fresh_install (toggle for fresh install or new tpl release)~~	- reduce dom0 max memory to 2048M - reduce dom0 swap to 2G - use tmpfs for web browser cache - set sys-firewall memory to 768/1280M - set templates memory to 512/4096M - set disposable template vcpus to 1 - add "set -eu -o pipefail" to the script - add arguments to create_dvm_template() to set maxmemory & memory - group desktop files entries (txt_img_pdf and office_suite) - use set_printer() and custom_settings instead of run_cmd() - move brave "search suggest_enabled" setting to search section

Revision #14

Edited on: 2023-08-29
Edited by user: szz9pza

Revision #13

Edited on: 2023-08-12
Edited by user: szz9pza

# Qubes OS - Fresh ~~Install~~ - Minimal templates	# Qubes OS - Fresh install - Minimal templates
### ~~description~~	### Description
### ~~initial~~ setup	### Initial setup
### ~~usage~~	### Usage
``` bash	```bash
## ~~Update~~	## Configuration
	```bash #!/usr/bin/bash fresh_install=true os_name=fedora os_release=$(qvm-template list --available \ \| grep -Eo "$os_name.*minimal" \ \| tail -n 1 \ \| grep -Eo '[0-9]+') install_cmd='dnf -y --setopt=install_weak_deps=false install' ``` ## Updates ---
~~#!/usr/bin/bash~~ if ~~true~~; then ## ~~update~~	if [[ $fresh_install == true ]]; then ## updates
fi ## end: ~~update~~	fi ## end: updates
## Configuration --- ```bash os_name=fedora os_release=$(qvm-template list --available \ \| grep -Eo "$os_name.*minimal" \ \| tail -n 1 \ \| grep -Eo '[0-9]+') install_cmd='dnf -y --setopt=install_weak_deps=false install' ```
### ~~1. base~~	### Base
	echo "updating $base_tpl ..."
### ~~2. creation~~	### Creation
### ~~1. settings~~	### Settings
~~set_default_window_size~~ ${@:4}	$FUNCNAME ${@:4}
### ~~2. customization~~	### Customizations
if ~~false~~; then ## new tpl release	if [[ $fresh_install != true ]]; then ## new tpl release
### ~~1. switch~~ templates	### Switch templates
If you only have a USB keyboard/mouse, you may want to switch ~~the~~ `sys-dvm`	If you only have a USB keyboard/mouse, you may want to switch `sys-dvm`
~~change_template~~ ${@:3}	$FUNCNAME ${@:3}
~~remove_old_template~~ ${@:2}	$FUNCNAME ${@:2}
### ~~2. update~~ settings Update the settings where needed.	### Update settings Update the settings if / where needed.
if ~~true~~; then ## fresh install	if [[ $fresh_install == true ]]; then ## fresh install
~~create_dvm_template~~ "${@:5}"	$FUNCNAME "${@:5}"
local vmode=pvh if [[ $5 -eq 0 ]]; then vmode=hvm; fi
--property vcpus=~~1 \~~ ~~--property virt_mode=$vmode~~	--property vcpus=1
~~create_named_dvm~~ "${@:9}"	[[ $9 == hvm ]] && qvm-prefs $1 virt_mode hvm $FUNCNAME "${@:10}"
$net_dvm $sys_dvm red 'true' 0 ~~448~~ '' 'true' \ $fw_dvm $sys_dvm green 'true' ~~2048 512~~ $net_dvm 'true' \ $usb_dvm $sys_dvm red 'true' 0 ~~320~~ '' 'false' \ banking-dvm $web_dvm gray 'false' 2048 512 $fw_dvm 'false' \ mail-web-dvm $web_dvm purple 'false' 2048 512 $fw_dvm 'false' \ $printer_dvm $print_dvm red 'false' 2048 512 $fw_dvm 'false'	$net_dvm $sys_dvm red 'true' 0 768 '' 'true' hvm \ $fw_dvm $sys_dvm green 'true' 0 768 $net_dvm 'true' '' \ $usb_dvm $sys_dvm red 'true' 0 512 '' 'false' hvm \ banking-dvm $web_dvm gray 'false' 2048 512 $fw_dvm 'false' '' \ mail-web-dvm $web_dvm purple 'false' 2048 512 $fw_dvm 'false' '' \ $printer_dvm $print_dvm red 'false' 2048 512 $fw_dvm 'false' ''
~~create_regular_appvm~~ "${@:9}"	$FUNCNAME "${@:9}"
### ~~1. settings~~	### Settings
### ~~2. customization~~	### Customizations
~~add_panel_launcher~~ ${@:3}	$FUNCNAME ${@:3}
- ~~fix typo~~ in ~~switch templates~~ (~~excepted~~ -> ~~expected~~) - ~~change libreoffice icon theme to colibre_dark_svg~~ - ~~set gnome interface color~~-~~scheme to prefer~~-~~dark~~	- add an argument to explicitly set hvm mode in create_named_dvm() - adjust memory of system qubes (usb, net & firewall) - use $FUNCNAME for recursive functions - update some header titles (use sentence case and remove numbered list) - move configuration before update - add config variable $fresh_install (toggle for fresh install or new tpl release)

Revision #12

Edited on: 2023-08-12
Edited by user: szz9pza

Revision #11

Edited on: 2023-07-08
Edited by user: szz9pza

}' \| cut -c 5- > $gtk3_dir/gtk.css	}' \| cut -c 5- > $gtk3_dir/gtk.css # GTK4 dark mode # needed for zenity progress dialog used by qvm-copy/move # (dom0 Arc theme doesn't have GTK4 variant) local dconf_local_dir=/etc/dconf/db/local.d/ mkdir -p $dconf_local_dir echo " [org/gnome/desktop/interface] color-scheme='prefer-dark'" \| cut -c 5- > $dconf_local_dir/gnome-interface dconf update
add_key_value $lo_misc ShowTipOfTheDay false	add_key_value $lo_misc ShowTipOfTheDay false add_key_value $lo_misc SymbolStyle colibre_dark_svg
after confirming that the new `sys-usb-dvm` works as ~~excepted~~.	after confirming that the new `sys-usb-dvm` works as expected.
- fix ~~$PS1 bash prompt~~ (~~history overlap~~)	- fix typo in switch templates (excepted -> expected) - change libreoffice icon theme to colibre_dark_svg - set gnome interface color-scheme to prefer-dark

Revision #10

Edited on: 2023-06-22
Edited by user: szz9pza

export PS1="\e[1;31m$PS1\e[m"	export PS1="\[\e[1;31m\]$PS1\[\e[m\]"
export PS1="\e[1;31m$PS1\e[m"	export PS1="\[\e[1;31m\]$PS1\[\e[m\]"
- fix filechooser size - update brave repo url - update brave settings - add update settings in template management - improve printer automation - add dom0 auto-login - add dom0 intel screen tearing - disable mimetype in media and personal qubes - disable libreoffice notif (~~donate and get involed~~) ~~- apply common settings to base_tpl - add note when switching new template (if only usb keyboard/mouse)~~	- fix $PS1 bash prompt (history overlap)

Revision #9

Edited on: 2023-06-20
Edited by user: szz9pza

run_cmd root $print_dvm &~~quot~~;	run_cmd root $print_dvm '
\| grep &~~#39~~;MY_PRINTER_NAME&~~#39~~; \	\| grep "MY_PRINTER_NAME" \
\| cut -d &~~#39~~; &~~#39~~; -f 1) lpadmin -p &~~#39~~;MY_CUSTOM_PRINTER_NAME&~~#39~~; -E \	\| cut -d " " -f 1) lpadmin -p "MY_CUSTOM_PRINTER_NAME" -E \
-o print-quality-default=3&~~quot~~;	-o print-quality-default=3'

Revision #8

Edited on: 2023-06-20
Edited by user: szz9pza

`menu > edit > preferences > general > unlimited scrollback`	`menu > edit > preferences > general > unlimited scrollback`
> :bulb: Keeping the full template can be useful in many situations.	> :bulb: Keeping the full template can be useful in many situations.
#!/bin/bash	#!/usr/bin/bash
--add-repo $brave_rpm_www/~~x86_64/~~ \	--add-repo $brave_rpm_www/brave-browser.repo \
metadata_expire=1h'	metadata_expire=1h'
> All these settings, despite belonging to a fresh install script, are not Qubes OS ~~related~~. > There are already many ~~ressources~~ about all of them across the web.	> All these settings, despite belonging to a fresh install script, are not Qubes OS specific. > There are already many resources about all of them across the web.
\| tee -a /etc/skel/.bashrc /home/user/.bashrc > /dev/null	\| tee -a /etc/skel/.bashrc /home/user/.bashrc /root/.bashrc > /dev/null
	window-position=(0, 0)
add_key_value $lo_product ooSetupLastVersion 42.0	add_key_value $lo_product ooSetupLastVersion 42.0 add_key_value $lo_product LastTimeDonateShown 4200000000 add_key_value $lo_product LastTimeGetInvolvedShown 4200000000
"enable-force-dark@1",	"enable-force-dark@1", # web content night mode
"dark_mode": 1	"dark_mode": 1 # enable
"system_theme": 1	"system_theme": 1 # GTK
	"show_side_panel_button": false, "today": { "should_show_toolbar_button": false # brave news button }, "location_bar_is_wide": false, "omnibox": { "prevent_url_elisions": false, # show full URL "bookmark_suggestions_enabled": true, "history_suggestions_enabled": true },
~~"show_side_panel_button": false~~	"show_side_panel_button": false, "autocomplete_enabled": true, "top_site_suggestions_enabled": true, "tabs_search_show": true, "tabs": { "mute_indicator_not_clickable": false, "vertical_tabs_enabled": false, "hover_mode": 1 # card }, "speedreader": { "enabled": false }, "mru_cycling_enabled": false # cycle most recently tabs }, "browser": { "show_home_button": false, "custom_chrome_frame": false # use system frame (enable)
	"show_background_image": true,
"show_together": ~~false~~ # news	"show_together": false, # news "shows_options": 0 # new tab page: dashboard
	"debounce": { "enabled": true # auto redirect tracking urls },
"https_everywhere_default": true,
"content_settings": {	"content_settings": { # agressive / strict
"setting": ~~2 # agressive~~	"setting": 2
"cosmeticFiltering": {	"cosmeticFiltering": { # tackers & ads
"shieldsAds": {	"shieldsAds": { # tackers & ads
"trackers": {	"trackers": { # tackers & ads
"cookie_controls_mode": 1 # block ~~third~~-~~party~~	"cookie_controls_mode": 1, # block cross-site "default_content_setting_values": { "httpsUpgrades": 2 # strict }
"~~show_brave_rewards_button~~": false,'	"rewards": { "inline_tip_buttons_enabled": false, "show_brave_rewards_button_in_location_bar": false },'
"search":{ "suggest_enabled": ~~false~~	"search": { "suggest_enabled": false # improve search
~~echo~~ ' "browser": {	prefs_add_value_to_key '"browser": {' '
} },' ~~>> $brave_prefs_cfg~~	},'
prefs_add_value_to_key '"~~profile~~": {' ' ~~"default_content_setting_values":~~ { "cookies": ~~4 # clear cookies and site data on close }~~,'	prefs_add_value_to_key '"default_content_setting_values": {' ' "cookies": 4,' # clear cookies/site data, block third-party
"enabled": ~~true~~	"enabled": false
	"brave_google_sign_in": 2,
"always_open_pdf_externally": ~~false~~	"always_open_pdf_externally": true # download pdf
"encrypted_media_enabled": ~~true~~ # protected content	"encrypted_media_enabled": false # protected content
"default_solana_wallet": 1, # ~~none~~ "default_wallet2": 1, # eth: ~~none~~ "show_wallet_icon_on_toolbar": false	"default_solana_wallet": 1, # no fallback "default_wallet2": 1, # eth: no fallback "show_wallet_icon_on_toolbar": false, "nft_discovery_enabled": false, "auto_pin_enabled": false
	"sns": { "resolve_method": 1 # disabled },
prefs_add_value_to_key '"brave": {' ' "translate_migrated_from_extension": true,'
"translate": { "enabled": false },' >> $brave_prefs_cfg	"translate": { "enabled": false },' >> $brave_prefs_cfg
	}, "download_bubble": { "partial_view_enabled": true # show when done
}' >> "$brave_state_cfg"	},' >> "$brave_state_cfg"
"enable_closing_last_tab": true,'	"enable_closing_last_tab": true,' echo ' "performance_tuning": { "high_efficiency_mode": { "enabled": false # memory saver } }' >> "$brave_state_cfg"
"advanced_view_enabled": true,'	"advanced_view_enabled": true,'
	[details="custom_settings_user ()"] ```bash custom_settings_user () { handle_custom_settings user "$@" } ``` [/details]
	custom_settings $base_tpl \ $set_common
~~set_file_chooser~~ \	$set_file_management \
> :information_source: Note:	> :information_source: Note:
echo 'switching old templates with new ones ...'	echo 'switching old templates with new ones ...' ``` ### 1. switch templates ```bash
	If you only have a USB keyboard/mouse, you may want to switch the `sys-dvm` after confirming that the new `sys-usb-dvm` works as excepted.
sys-firewall-dvm	sys-firewall-dvm ``` ### 2. update settings Update the settings where needed. [details="set_new_web_browser_settings"] ```bash set_new_web_browser_settings () { local brave_dir=.config/BraveSoftware/Brave-Browser/ local brave_state_cfg="$brave_dir/Local State" local brave_prefs_cfg=$brave_dir/Default/Preferences cp /etc/skel/$brave_state_cfg /home/user/$brave_state_cfg cp /etc/skel/$brave_prefs_cfg /home/user/$brave_prefs_cfg } ``` [/details] ```bash custom_settings_user web-dvm \ set_new_web_browser_settings
Automatically accept USB mice (~~Not recommanded~~).	Automatically accept USB mice (not recommended).
[details="custom_settings_user ()"]
custom_settings_user () { handle_custom_settings user "$@" } ``` [/details] ```bash
	custom_settings_user media \ set_disable_mimetype \ $text_editor_entry \ $image_viewer_entry \ $pdf_viewer_entry \ $office_suite_entry0 \ $office_suite_entry1 \ $email_client_entry custom_settings_user personal \ set_disable_mimetype \ $email_client_entry
[details="Add your printer (not Qubes OS ~~related~~)."]	[details="Add your printer (not Qubes OS specific)."]
run_cmd root $print_dvm ' lpadmin -p ~~MY_PRINTER_NAME~~ -E -v lpd://192.168.1.42 \ -m ~~gutenprint.X.X://MY_DRIVER_NAME/simple~~ \	run_cmd root $print_dvm " driver_model=$(lpinfo -m \ \| grep 'MY_PRINTER_NAME' \ \| grep simple \ \| cut -d ' ' -f 1) lpadmin -p 'MY_CUSTOM_PRINTER_NAME' -E \ -v lpd://192.168.1.42/PASSTHRU \ -m $driver_model \
-o printer-is-shared=~~false~~&~~#39~~;	-o printer-is-shared=false \ -o Resolution=301x300dpi \ -o ColorModel=Gray \ -o print-quality-default=3"
[/details]	[/details]
> All these settings, except Qube Manager, are not Qubes OS ~~related~~.	> All these settings, except Qube Manager, are not Qubes OS specific.
	[details="auto-login (not recommended)"] ```bash sudo sed -i -Ee "s/^#(autologin-user=)/\1$USER/" \ -Ee 's/^#(autologin-user-timeout=0)/\1/' \ /etc/lightdm/lightdm.conf ``` [/details] [details="intel screen tearing (if needed)"] ```bash echo ' Section "Device" Identifier "Intel Graphics" Driver "Intel" EndSection' \| sudo tee /etc/X11/xorg.conf.d/20-intel.conf ``` [/details] <br>
	gsettings set org.gtk.Settings.FileChooser window-position '(0, 0)'
echo 'mode: off' > $HOME/.xscreensaver	echo 'mode: off' > $HOME/.xscreensaver echo ' [Desktop Entry] Hidden=true' > $HOME/.config/autostart/xscreensaver.desktop
Please, use your search engine for Qubes OS ~~unrelated~~ questions.	Please, use your search engine for Qubes OS unspecific questions.
Good luck.	Good luck. [details="latest edit"] - fix filechooser size - update brave repo url - update brave settings - add update settings in template management - improve printer automation - add dom0 auto-login - add dom0 intel screen tearing - disable mimetype in media and personal qubes - disable libreoffice notif (donate and get involed) - apply common settings to base_tpl - add note when switching new template (if only usb keyboard/mouse) [/details]

Revision #7

Edited on: 2023-06-20
Edited by user: szz9pza

Revision #6

Edited on: 2023-06-20
Edited by user: gonzalo-bulnes

Revision #5

Edited on: 2023-03-07
Edited by user: szz9pza

echo '}' \| tee -a "$brave_state_cfg" $~~brave_prefs_cfg~~	echo '}' \| tee -a "$brave_state_cfg" $brave_prefs_cfg > /dev/null
sed -i 's/bash/zsh/g' /etc/passwd	sed -i 's/bash/zsh/' /etc/passwd
if [[ $# -ne 0 ]]	if [[ $# -ne 0 ]]
if [[ $# -ne 0 ]]	if [[ $# -ne 0 ]]
	--property netvm='' \
The Qubes way is to use ~~salt formula~~. [qubes-os.org/doc/salt/](https://qubes-os.org/doc/salt/)	The Qubes way is to use Salt. [qubes-os.org/doc/salt/](https://qubes-os.org/doc/salt/)

Revision #4

Edited on: 2023-03-06
Edited by user: szz9pza

$(qvm-ls --field class,name,template \	change_template () { if [[ $# -ne 0 ]] then qvm-prefs $1 template $2 change_template ${@:3} fi } change_template $(qvm-ls --field class,name,template \
-e 's/^AppVM/~~qvm-prefs~~/' \ -Ee "s/$os_name-[0-9]+/~~template~~ $os_name-$os_release/")	-e 's/^AppVM//' \ -Ee "s/$os_name-[0-9]+/$os_name-$os_release/")
$(qvm-ls --field class,name \	remove_old_template () { if [[ $# -ne 0 ]] then qvm-remove --force $1 remove_old_template ${@:2} fi } remove_old_template $(qvm-ls --field class,name \
-e 's/^TemplateVM/~~qvm-remove --force~~/')	-e 's/^TemplateVM//')
[details="e.g. only 1 usb controller, only usb keyboard, EFI boot."]	[details="e.g. only 1 usb controller, only usb keyboard, EFI boot, LUKS."]

Revision #3

Edited on: 2023-02-24
Edited by user: szz9pza

"$~~audio"~~ \	$audio \
"$~~audio"~~ \	$audio \

Revision #2

Edited on: 2023-02-24
Edited by user: szz9pza

> :warning: Caution: > The code you run in dom0 MUST be understood.	> :warning: Caution: > The code you run in dom0 MUST be understood.
name=~~gitlab~~.~~com_paulcarroty_vscodium_repo~~ baseurl=~~https://paulcarroty~~.~~gitlab~~.~~io/vscodium-deb-rpm-repo/rpms/~~	name=... baseurl=...
gpgkey=~~https://gitlab~~.~~com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub~~.~~gpg~~	gpgkey=...
~~Update~~ the "qubes.UpdatesProxy" policy to use `$net_dvm`.	Set the "qubes.UpdatesProxy" policy to use `$net_dvm`. [qubes-os.org/doc/rpc-policy/](https://qubes-os.org/doc/rpc-policy/)
~~sudo sed -i~~ "~~1 s/^/~~$~~usb_dvm dom0~~ allow~~\n/~~" \ /etc/qubes~~-rpc~~/policy/~~qubes~~.~~InputMouse~~ ```	echo " qubes.InputMouse * $usb_dvm dom0 allow qubes.InputMouse * @anyvm @anyvm deny" \ \| sudo tee -a /etc/qubes/policy.d/30-user.policy > /dev/null ```
~~sudo sed -i~~ "~~1 s/^/~~$~~usb_dvm dom0~~ allow~~\n/~~" \ /etc/qubes~~-rpc~~/policy/~~qubes~~.~~InputKeyboard~~ ```	echo " qubes.InputKeyboard * $usb_dvm dom0 allow qubes.InputKeyboard * @anyvm @anyvm deny" \ \| sudo tee -a /etc/qubes/policy.d/30-user.policy > /dev/null ```
psk=MY_PASSWORD' \| cut -c5- > $wifi_cfg	psk=MY_PASSWORD' \| cut -c 5- > $wifi_cfg
	The Qubes way is to use salt formula. [qubes-os.org/doc/salt/](https://qubes-os.org/doc/salt/)