What is Qubes OS

Qubes OS is an operating system based on Linux with security in mind.

Its main goal is to prevent compromising everything by one security vulnerability.
This is done by using compartmentalization through Xen while at the same time providing an easy to use desktop experience which is not far from a regular one.

It uses SaltStack for managing the Dom0 and in the upcoming release 3.2 also for the VMs. There are VM templates for Fedora and Debian.

Possible starting points

• Try the new release 3.2 RC1 and fix/report issues
• Create a VM which uses the local NIS server
• Look into the new SaltStack
• Try to build VM images with openSUSE Leap as base
• Create a user directory based gem setup to provide an easy to use Ruby development vm
• Try to build Qubes OS locally

Results

• The new release works out of the box on my developer machine. There were no issues besides one X glitch once which I could not reproduce again and an already reported issue.
• Since Qubes OS uses local users, network vms are separated and there is no login screen direct NIS usage was not possible but a shell server could be used instead to access the user data and NFS mounts for the rest.
• The new SaltStack for the VMs makes handling of template updates and similar much easier. It should also be possible to setup all new templates by SaltStack, if they were not saved in a backup.
• The template creation is quite complicated with many scripts. We might be able to use Kiwi but first all the Qubes VM packages need to be packaged for openSUSE which I did not finish in time.
• I have used rvm to setup a local Ruby environment which needed any additional steps after installation, it just worked.
• Building Qubes OS is actually much easier than expected. The Qubes builder is easy to setup and automated. I did not build everything but just the templates like described here but building the rest should have only been a mater of time.