After having run Qubes OS 4.1 for a couple of weeks, mainly to enable a way to separate my work and private content, I realized that I could actually solve the same thing with two accounts on a normal Linux operating system, while avoiding some of the annoyances and limitations I experienced with Qubes, as detailed in the linked blog post.
Here I jot down some random notes from when doing this.
See especially the end for info about how to set up a nice integration between the work and private accounts, such that one can e.g. occasionally start the mail client or web browser from the private account from the work one etc.
Caveats when installing Debian 11
- Make sure that an EFI partition is created (when I manually modified the partition table I accidentally deleted it, and had to reinstall to get it created properly again).
- Had to turn off safe boot in BIOS
- Had to set SATA settings to AHCI
- Had to manually create a boot option with the path to \EFI\debian\grubx64.efi in BIOS settings
Instructions for configuring Debian to my liking
- Add current user to sudo
- Switch user to root
usermod -aG sudo <username> - Log out and back the user
- Switch user to root
- Uncomment CDROM remotes in /etc/apt/sources.list
- Change default search engine in firefox to duckduckgo
- Replace applications menu with whiskers menu
- Install some packages
sudo apt install vim git tig tmux curl tree rsync gparted ecryptfs-utils redshift bash-completion bluez blueman - Clone rc folder
git clone https://github.com/samuell/rc.git - Link rc files
ln -s rc/.{b,v,t}* . - Create empty .bash_aliases_local
touch ~/.bash_aliases_local - Activate in bashrc
cat 'if [ -f ~/.bashrc_mods ]; then . ~/.bashrc_mods; fi' >> ~/.bashrc && source ~/.bashrc - Install vim-plug
curl -fLo ~/.vim/autoload/plug.vim --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim - Run :PlugInstall in vim
vim -c ":PlugInstall" -c "qa!" - In "Keyboard settings > Application shortcuts" add two shortcuts:
xfce4-popup-whiskermenu # Ctrl+Esc
xfce4-terminal --drop-down # Super+Space - Open the terminal with Win+Space, and configure:
- Set width to 100%
- Uncheck always show tabs
- Uncheck show menubar in new windows
- Configure color to more pastel like colors according to my new method
- In Appearance...
- Set style to Adwaita-dark
- Set fonts to Adwaita
- Set main font to Sans Regular 8
- Let main monospace font be Monospace Regular 10
- In terminal preferences, set font to Monospace Regular 10
- In Window manager, set shortcuts:
- Tile window up/down/left/right : Super up/down/left/right
- Move window Ctrl+Alt+F
- Resize window Ctrl+Alt+R
- Install and configure Brave browser
- Encrypt home folder
Set up separate work and private accounts
- Create the separate accounts
- Encrypt folder of both
In order to run private commands from the work account and vice versa:
- Make sure both users are logged in on the system (so that home folders are unencrypted)
- Run:
xhost local:<other-user>; sudo -i -u <other-user> - Now you have a terminal for the other user, and can start applications such as Thunderbird:
thunderbird &
How to fix broken grub
From time to time, I seem to have my grub broken. It could be due to a harddrive failure perhaps.
The procedure to fix this is quite generally useful though :
- Boot with a live stick (could be even an ubuntu stick)
- sudo su
- Given that /dev/sda2 is your main partition and /dev/sda1 your boot partition:
- mount /dev/sda2 /mnt
- mount /dev/sda1 /mnt/boot/efi
- for i in proc sys dev; do mount --bind $i /mnt/$i; done
- chroot /mnt
- apt install grub-pc-bin grub-efi
- Possibly run: fsck -f /dev/sda1
- grub-install --target=x86_64-efi /dev/sda1
- Reboot
Then, the efi location seem to easily be lost in BIOS, especially if the BIOS battery is bad. If so:
- Get into BIOS (F2 key on boo)
- Settings > General > Boot sequence
- Click "Add Boot Option"
- Add a name, e.g. "Debian"
- On File Name, click the "..." button to locate \EFI\debian\grubx64.efi
- Save and reboot