I’ve installed Qubes recently (about a week ago) and decided that I’ve used it enough to start documenting my experience. I’ve used Qubes a little before, but have never gotten this far. Unlike my previous reviews, this is not live
Installation
Sadly Qubes doesn’t work on Ventoy so I had to flash it to a dedicated flash drive.
Attempt 1
Unlike most of my installs, I chose a dedicated drive for qubes, so the setup was quite quick. After stage 1 I started stage 2 and went away for a few hours. After I came back o discovered that the displays weren’t working, so I had to shut the pc down using the power button. After it rebooted I got a Qubes system that didn’t have sys-usb. I could’ve fixed the problem (I have a ps/2 keyboard), but anticipated that this broken install would have more problems, so I chose to reinstall
Attempt 2
I just installed the system again, but clicked “Finish” of stage 2 instead of powering off. Everything went fine and I was ready to use Qubes
Flatpaks
I had to connect to a meeting using Telegram, so I had to get it on the system. I though it would be a great idea to use Flatpak for it. I created a new Qube for it and remembered that package management can’t be done in AppVMs, so I installed flatpak to the root fedora template. I don’t know of it’s a good idea to modify a system template like that, but template inheritance isn’t a thing on qubes and I didn’t feel like wasting 6GB of my drive on flatpak.
After I rebooted my Telegram qube I tried to use flatpak. I know that the root will get wiped on poweroff, so I used a --user installation. (I know that you can use a bind mount for flatpak, but that sounds like a lot of work). After the installation the app launched fine, but only from the console. The app menu did not recognize the app and even after copying a desktop file from the flatpak directory it still didn’t launch. It turned out that the desktop file tries to launch the system Telegram, which doesn’t exist, so I had to manually modify it to use the --user option. After that change telegram worked fine. Except there was no…
Audio
Apparently qubes doesn’t work with USB audio devices. That’s a shame. Fortunately I can just pass through the USB headphones to the Telegram VM, and they work fine. There is a guide to set up an [Audio Qube | forum.qubes-os.org], but I didn’t (yet) bother. I’m now using aux headphones, but the microphone is still USB.
Split SSH
The [Split SSH guide | forum.qubes-os.org] worked like a charm, no complaints here. My SSH key isn’t that important, so I used regular ssh-agent instead of keepass. I assume that with keepass it will be a lot more finicky
Kanata
Kanata is a tool to “Improve keyboard comfort and usability with advanced customization”. It’s a keyboard remapper, and I need it. It didn’t seem like anybody else was running it on qubes, so I spent a couple hours inventing my own [Slightly cursed solution | forum.qubes-os.org]. I’m so glad I didn’t go with the previous idea of killing input-proxy-sender or the first idea of running kanata in dom0
Android Debug Bridge
I needed to set up Android Studio on my system. The installation itself was not a problem, but when I tried to pass through by phone in ADB mode I discovered that there is [an issue | github.com] open since 2020 that prevents me from doing that. So I did what any reasonable person would do in this situation, and wrote my own [Very cursed solution | forum.qubes-os.org]. Unfortunately of doesn’t actually work with Android Studio, so I’ll have to fix that at some point.
GPU Passthrough
Yes, I really did choose the most painful stuff to do on Qubes
But, actually, it worked almost first try! If you follow the [guide | forum.qubes-os.org] correctly (and don’t put the options into XEN_CMDLINE) it just works! (Obviously you also have to set up the nvidia driver on the other side, but that’s easy when you don’t care about stability)
Windows (with GPU passthrough)
This also just worked. You just
- Create a new StandaloneVM
- Boot it from a windows iso
- Install windows
- Assign the GPU to it
- Install the GPU drivers
- Install an old version of QWT, because it was pulled after the drivers were probably compromised (the windows qube only has access to the NAS with all my files on it. What could possibly go wrong?)
- Read through the ancient [QWT docs | qubes-os.org] until you’ve discovered that the developers, in their infinite wisdom, have decided to put
QubesIncomingintoC:\Windows\System32\config\systemprofile\Documents\ - Use Windows
Oh, yeah, and the GPU attached with no problems
Pseudonyms
The main feature of Qubes is obviously compartmentalisation, which is mostly advertised as separation of activity types (email, personal, social), but I use it mainly for seprataion of activity pseudonyms (H, M, V, G). I already mentioned H, M and V before, but G is new, and I can actually reveal what G is: it’s unknownghost! I can now separate it without much effort. I can also route different pseudonyms through different NetVMs: for example V is routed through Tor, so I can have browser that uses Tor and is persistent (which is the main reason I started using Qubes).
SteamVR
*coming soon*
Overall, I really like Qubes. I found it pretty easy to set up, but I have a lot of experience with Linux, so that might’ve played a role. I will keep using Qubes and will keep updating this page (I still haven’t covered gaming)