I’m using Qubes OS with i3 and polybar.
I have a module/script that check emails and notify if there are unread emails or not.
The problem is that from dom0 I can’t run it as there is no access to internet …
Is it there a way to allow ONLY access to my email in order to be able to receive if any unread emails?
It is possible to enable networking and internet access to dom0 but it is not intended to be used like that.
Is there a limitation to you running the module / script in an AppVM as intended?
dom0 should never connect directly to the internet, you can use qvm-run from dom0 to retrieve your email in another VM and then copy that to dom0.
Dom0 should only be used for managing VMs, otherwise you are risking to compromise the whole system. Why can’t you do that in a VM? VMs can show notifications just fine.
Not sure how to do that in a vm as I need polybar to start right after I logged in so the config should be in dom0.
Regarding having this task on another vm, how can I exucute the code from dom0 (or should i create a cron om that vm)?
You can autostart any VM when your system boots (there is a tick in the VM’s preferences) and autostart any script inside that VM (see instructions for the corresponding OS).
You should not touch dom0 at all if this is possible.
You can use qvm-run
from dom0 to run apps in a VM. qvm-start will start a VM.
Probably stupid question: polybar, i3, conky, rofi should still be installed on dom0, right?
But all scripts that require internet should be on another vm. Am I right?
In general, you should avoid installing anything in dom0 as much as possible: https://www.qubes-os.org/doc/how-to-install-software-in-dom0/.
However, you listed things connected to displaying, so yes, they have to be installed in dom0 to work. In the future version Qubes 4.1 there will be a separate VM for displaying things, sys-gui.
Nice. First time I’m using Qubes and like it. Sounds like the future of it it will be even better/safer.
Thanks
You can achieve your goal by exploiting the Qrexec communication mechanism provided by Qubes and the qvm-run
command line utility.
Some assumptions, feel free to replace:
-
my-qube
is the name of the qube monitoring the email account -
my.Service
is the name of the qrexec service doing the monitoring - inside
my-qube
you have set up a monitoring script/executable in the path/my/monitoring/script
- the monitoring script runs forever and outputs a polybar-formatted line in tail mode
Start with creating the file /rw/usrlocal/etc/qubes-rpc/my.Service
with a content resembling the following (you can also symlink your monitoring script, just be sure it’s an executable):
#!/bin/sh
exec /my/monitoring/script
Then configure your custom/script with the following command in tail mode:
qvm-run --pass-io my-qube --service my.Service </dev/null
For more informations:
Qrexec: secure communication across domains | Qubes OS (qubes-os.org)
Qubes OS Forum (qubes-os.org)