Bash scripting for Qubes Operations?

Emily · November 27, 2021, 7:48am

To make Qubes a viable workstation, I’m going to have to streamline a good many operations. Too much friction as is out of the box.

Anyone who’s streamlined their system, save me some hassles. Do you know how each or any of these are done using a bash script?

Attach a USB device to a VM.
Check that VM is running. If not start VM.
Stop a VM.
Stop all running VMs.
Launch an app in a VM.
Run a specific script in a VM.
Run a script on startup in Dom0, that calls scripts in VMs.
Attach a script in Dom0 to a hotkey.
Pass root privileges to a script in Dom0, and attach script to a hotkey.

Any help would be appreciated.

flopsy · November 27, 2021, 11:54am

Not sure if your question is more about writing a script or how to execute those commands.

To shut down all VMs, the dom0 command is:

qvm-shutdown --all

Starting a VM:

qvm-start <VMname>

(if the VM is already started it just returns "domain is already running)

To stop a VM:

qvm-shutdown <VMname>

etc.

Attaching a USB to a VM or launching a specific application are also just single line commands, but I’m not sure how to link a custom script to a hotkey.

Linking a script to a menu item:

https://groups.google.com/g/qubes-devel/c/H1q-1IevpB4/m/MtHl5DpHDgAJ

Another approach to executing commands with hotkeys:

https://awesomeopensource.com/project/3hhh/qubes-terminal-hotkeys

Emily · November 27, 2021, 3:34pm

Big thanks. Still trying to get scripts to work…

Here’s a skeleton of the startup script I’m trying to get working. I’m not sure exactly how to assign attached drives to a variable. Nor get the scripts the startup script is calling to run with root privileges. Still kinda lost with bash. Anyone who has some pointers, I’d appreciate it.

#!/bin/bash
# startup sequence.  Execute on login or hotkey trigger.

# Guard clause
# Execute script only if USB "startup" is plugged in.
# http://dev.qubes-os.org/projects/core-admin-client/en/latest/manpages/qvm-device.html
# http://dev.qubes-os.org/projects/core-admin-client/en/latest/manpages/qvm-volume.html

# https://www.howtogeek.com/442332/how-to-work-with-variables-in-bash/
# https://ryanstutorials.net/bash-scripting-tutorial/bash-if-statements.php
# https://stackoverflow.com/questions/229551/how-to-check-if-a-string-contains-a-substring-in-bash

  # if USB startup not attached, kill 
  # Assign all block devices to var.
  # If USB_startup not in var, kill.

attached_drives=qvm-volume --quiet

if [[ $attached_drives =~ "USB_startup" ]]; then
   exit

# start core VMs (preferable on seperate threads, to spead startup time)
# https://www.cloudsavvyit.com/12277/how-to-use-multi-threaded-processing-in-bash-scripts/

  # start the vault VM, and attached USB_startup
  qvm-start vault --skip-if-running --quiet --drive=USB_startup
  # attached data disk to work vm 
  qvm-start work --skip-if-running --quiet --hddisk=SSD1
  qvm-start web --skip-if-running --quiet

# Initialize security layer (preferable on seperate thread)
  # Unlock and mount lucks encrypted drive in VM vault
  qvm-run --quiet vault udisksctl unlock -b /path/to/disk/partition
  qvm-run --quiet vault udisksctl mount -b /path/to/unlocked/device
  
  # Run startup script with root privileges
  qvm-run vault --quiet sudo ./s_startup.sh &

# Initialize work layer (on seperate thread)
  qvm-run work --quiet sudo ./s_work.sh &

# Initialize web layer
  qvm-run web --quiet sudo ./s_web.sh
  
exit

Gavaudan · November 28, 2021, 6:05am

I think if root owns the startup script then everything it runs would also be root’s. Not sure what throwing sudo in there otherwise would do.