Qubes OS Salt States
:: 128 Words

I wrote Salt states to define my workstation on Qubes OS. You can find the repo on Codeberg

Goals

  • Easy to run and update
  • Offer improved security over out-of-the-box Qubes offering
  • As much as possible, leave nothing to be configured by hand

Features

  • Every VM is based on a minimal template, almost always Fedora
  • Templates offer hardening to try to mitigate intra-VM exploits as well as VM escapes
  • The unprivileged user running in an AppVM is considered untrusted, and should be restricted at the template level
  • Most programs are offered in minimal templates with only that app (and its dependencies) installed
  • The custom-persist Qubes feature is used to further minimize the opportunity for persistence from AppVMs
Table of Contents