Compare commits
13 Commits
78485bc6c2
...
developmen
| Author | SHA1 | Date | |
|---|---|---|---|
df7e691648
|
|||
|
6c44faa2ff
|
|||
|
158697340e
|
|||
|
8896b96831
|
|||
|
2ee5a1673f
|
|||
|
67c6573f29
|
|||
|
95c2bba24e
|
|||
|
183db7923e
|
|||
|
72ca6ddab3
|
|||
|
fe824b08ca
|
|||
|
442bf90d9b
|
|||
|
f5bb8fefcb
|
|||
|
d351388ee7
|
@@ -37,6 +37,12 @@ Lenovo ePrivacy can be controlled through `/proc/acpi/ibm/lcdshadow`. I use the
|
||||
- F5: `sudo bash -c 'echo 1 > /proc/acpi/ibm/lcdshadow'`
|
||||
- F6: `sudo bash -c 'echo 0 > /proc/acpi/ibm/lcdshadow'`
|
||||
|
||||
### Firefox based browsers
|
||||
|
||||
Currently Firefox based browsers [will break](https://github.com/QubesOS/qubes-issues/issues/8612#issuecomment-1764832181) when you try to open a YouTube video in fullscreen if their window is maximized. To workaround this, set `full-screen-api.ignore-widgets` in `about:config` to true.
|
||||
|
||||
I have no idea if this will make you more fingerprintable or not.
|
||||
|
||||
### Bitwarden & Element Flatpak
|
||||
|
||||
These apps require the keyring to be created first to work properly. Simply open a browser like Microsoft Edge and set an empty password for the keyring before using them.
|
||||
|
||||
@@ -26,6 +26,6 @@ download() {
|
||||
|
||||
curl -s --proxy http://127.0.0.1:8082 -L https://github.com/trustcrypto/OnlyKey-App/releases/download/v5.5.0/OnlyKey_5.5.0_amd64.deb -O
|
||||
|
||||
sudo apt install gnome-disk-utility ./OnlyKey_5.5.0_amd64.deb
|
||||
sudo apt install gnome-disk-utility qubes-video-companion ./OnlyKey_5.5.0_amd64.deb
|
||||
|
||||
sudo systemctl disable --now hide-hardware-info.service
|
||||
|
||||
2
dom0.sh
2
dom0.sh
@@ -20,7 +20,7 @@ set -eu -o pipefail
|
||||
sudo sed -i 's/issue_discards = 0/issue_discards = 1/' /etc/lvm/lvm.conf
|
||||
sudo systemctl enable --now fstrim.timer
|
||||
|
||||
sudo qubes-dom0-update anti-evil-maid qubes-ctap-dom0 qt5-qtstyleplugins
|
||||
sudo qubes-dom0-update anti-evil-maid qubes-ctap-dom0 qubes-video-companion-dom0 qt5-qtstyleplugins
|
||||
|
||||
# Configure PCRs
|
||||
sudo sed -i 's/ --pcr 19//' /etc/anti-evil-maid.conf
|
||||
|
||||
57
fedora-gnome/development.sh
Normal file
57
fedora-gnome/development.sh
Normal file
@@ -0,0 +1,57 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Copyright (C) 2022-2025 Thien Tran
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy of
|
||||
# the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations under
|
||||
# the License.
|
||||
|
||||
# Base this on the microsoft-edge TemplateVM
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
unpriv(){
|
||||
sudo -u nobody "${@}"
|
||||
}
|
||||
|
||||
download() {
|
||||
unpriv curl -s --proxy http://127.0.0.1:8082 "${1}" | sudo tee "${2}" > /dev/null
|
||||
}
|
||||
|
||||
echo '[code]
|
||||
name=Visual Studio Code
|
||||
baseurl=https://packages.microsoft.com/yumrepos/vscode/
|
||||
enabled=1
|
||||
gpgcheck=1
|
||||
gpgkey=https://packages.microsoft.com/keys/microsoft.asc' | sudo tee /etc/yum.repos.d/vscode.repo
|
||||
|
||||
echo '[shiftkey-packages]
|
||||
name=GitHub Desktop
|
||||
baseurl=https://rpm.packages.shiftkey.dev/rpm/
|
||||
enabled=1
|
||||
gpgcheck=1
|
||||
repo_gpgcheck=1
|
||||
gpgkey=https://rpm.packages.shiftkey.dev/gpg.key' | sudo tee /etc/yum.repos.d/shiftkey-packages.repo
|
||||
|
||||
sudo dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo
|
||||
|
||||
sudo dnf install -y butane code docker-ce docker-buildx-plugin docker-compose-plugin git github-desktop
|
||||
|
||||
sudo systemctl enable --now docker
|
||||
sudo usermod -aG docker user
|
||||
|
||||
# Change the GPG Domain name appropriately
|
||||
echo 'QUBES_GPG_DOMAIN=sys-gpg' | sudo tee -a /etc/environment
|
||||
|
||||
umask 022
|
||||
|
||||
sudo mkdir -p /etc/qubes-bind-dirs.d
|
||||
echo 'binds+=( '\'''/var/lib/docker''\'' )' | sudo tee /etc/qubes-bind-dirs.d/50_user.conf
|
||||
@@ -133,11 +133,10 @@ sudo dnf remove -y abrt* cheese evince file-roller* libreoffice* mediawriter rhy
|
||||
sudo dnf remove -y lvm2 rng-tools thermald '*perl*'
|
||||
|
||||
# Disable openh264 repo
|
||||
sudo dnf config-manager --set-disabled fedora-cisco-openh264
|
||||
sudo dnf config-manager setopt fedora-cisco-openh264.enabled=0
|
||||
|
||||
# Install custom packages
|
||||
# gnome-shell is needed for theming to work
|
||||
sudo dnf -y install qubes-ctap qubes-gpg-split adw-gtk3-theme flatpak ncurses
|
||||
sudo dnf -y install qubes-ctap qubes-gpg-split adw-gtk3-theme flatpak ncurses xdg-desktop-portal-gtk
|
||||
|
||||
# Setup hardened_malloc
|
||||
sudo https_proxy=127.0.0.1:8082 dnf copr enable secureblue/hardened_malloc -y
|
||||
|
||||
@@ -34,7 +34,7 @@ enabled=1
|
||||
gpgcheck=1
|
||||
gpgkey=https://packages.microsoft.com/keys/microsoft.asc' | sudo tee /etc/yum.repos.d/microsoft-edge.repo
|
||||
|
||||
sudo dnf install -y microsoft-edge-stable
|
||||
sudo dnf install -y microsoft-edge-stable qubes-video-companion
|
||||
|
||||
sudo mkdir -p /etc/opt/edge/policies/managed/ /etc/opt/edge/policies/recommended/
|
||||
download https://git.conorz.at/titanz/Microsoft-Edge-Policies/raw/branch/development/Linux/managed.json /etc/opt/edge/policies/managed/managed.json
|
||||
@@ -57,6 +57,10 @@ WantedBy=default.target' | sudo tee /etc/systemd/user/pactl.service
|
||||
|
||||
umask 077
|
||||
|
||||
# Disable hardened_malloc (for now)
|
||||
# It causes Edge to crash at launch most of the time
|
||||
sudo rm /etc/ld.so.preload
|
||||
|
||||
# Run `systemctl --user enable --now pactl.service` in your appVM.
|
||||
# For some uncomprehensible reason, manually enabling pipewire-pulse.service will not work for Edge audio.
|
||||
# Using preset doesn't actually work :/
|
||||
|
||||
@@ -24,7 +24,7 @@ download() {
|
||||
unpriv curl -s --proxy http://127.0.0.1:8082 "${1}" | sudo tee "${2}" > /dev/null
|
||||
}
|
||||
|
||||
sudo https_proxy=127.0.0.1:8082 dnf copr enable secureblue/trivalent -y
|
||||
sudo dnf config-manager addrepo --from-repofile=https://repo.secureblue.dev/secureblue.repo
|
||||
sudo dnf config-manager setopt fedora-cisco-openh264.enabled=1 rpmfusion-free.enabled=1 rpmfusion-free-updates.enabled=1 rpmfusion-nonfree.enabled=1 rpmfusion-nonfree-updates.enabled=1
|
||||
sudo dnf install -y ffmpeg trivalent
|
||||
sudo dnf update @multimedia --setopt="install_weak_deps=False" --exclude=PackageKit-gstreamer-plugin
|
||||
|
||||
@@ -30,4 +30,4 @@ sudo chmod +x /etc/qubes-rpc/qubes.SshAgent
|
||||
# Not using openssh-askpass here, because of this bug:
|
||||
# https://github.com/QubesOS/qubes-issues/issues/9741
|
||||
|
||||
sudo dnf install -y keepassxc
|
||||
sudo dnf install -y keepassxc okular pinentry-gnome3
|
||||
|
||||
Reference in New Issue
Block a user