This repo captures all of my customizations to a vanilla Qubes OS 4.0.4 install as a set of Salt states. Since Qubes OS includes SaltStack, this makes for a convenient way to reproducibly configure it.
From an AppVM (e.g., 'personal'):
$REPO_URLis the URL of this repository (for example, 'https://github.com/scjudd/qubes-workstation.git')
git clone $REPO_URL
vim qubes-workstation/config.yaml # make sure user settings are correct
vim qubes-workstation/scripts/dom0-sync # make sure variables are correctFrom dom0:
$SOURCE_QUBEis the Qube where you've cloned the repo (for example, 'personal')$REPO_PATHis the path to the cloned repo within$SOURCE_QUBE(for example, '/home/user/qubes-workstation')
qvm-run --pass-io $SOURCE_QUBE "cat $REPO_PATH/scripts/dom0-sync" > qubes-workstation-dom0-sync
chmod +x qubes-workstation-dom0-sync
sudo ./qubes-workstation-dom0-sync
sudo qubesctl --all state.highstateThe output from Salt for a given Qube can be found under /var/log/qubes/mgmt-<qube name>.log in dom0.
If you have deleted a standard template, or would like to reset it to its default state, you can do so with the qubes-dom0-update command. For example, to reset the fedora-34 template to its default state:
sudo qubes-dom0-update --action=reinstall qubes-template-fedora-34A state may be applied to a given Qube, regardless of whether or not it is listed in the top.sls file. For example, to apply the user-config state to the personal-dev Qube:
qubesctl --skip-dom0 --show-output --target personal-dev user-config saltenv=userEach file ending in .top must be individually enabled for the associated salt states to be considered. For fedora-34, this can be done via qubesctl top.enable fedora-34.
To get the Librem 14 to consistently charge correctly, I had to flash a newer EC firmware and install the librem-ec-acpi kernel module with DKMS.
PureOS includes a Librem 14 EC ACPI DKMS module which solves a number of suspend/resume and charging issues. To do the same on Qubes, we must build the DKMS module ourselves. This, along with any other Librem 14-specific configuration, can be enabled like so:
sudo qubectl top.enable librem-14WARNING: This process is not currently recommended by Purism, as it could brick your machine if performed incorrectly. Proceed with caution.
Download the purism_ectool binary and EC ROM file (e.g., ec-2021-06-04_ef9fd3c.rom.gz):
After extracting both and copying to dom0, run the following command:
sudo ./purism_ectool flash_backup ec-2021-06-04_ef9fd3c.romAfter this completes, your machine will shut down. On the next boot you should be able to verify that you are using the updated firmware like so:
sudo ./purism_ectool infoI usually have my laptop plugged into AC power, so I've configured the charge controller to start charging when the battery is below 40% charged and to stop once it hits 80%. This should increase the lifespan of the battery.
From dom0, as root:
echo 40 > /sys/class/power_supply/BAT0/charge_control_start_threshold
echo 80 > /sys/class/power_supply/BAT0/charge_control_end_threshold