Triple oh
·
2025-09-08
qubes.nix
1{
2 config,
3 lib,
4 pkgs,
5 ...
6}: {
7 config = {
8 virtualisation.qubes = {
9 dom0.enable = true;
10
11 # Current qubes module implementation is not as secure as QubesOS, this option is mandatory to clarify that.
12 secure = false;
13
14 # Insert your primary username here, qubes is single-user system. Only this user will be able to use qubes utilities.
15 user = "username";
16
17 # All those options are opt-outs, I.e only keep options here that you want to be active
18 # Configuration I provide here is supposed to keep your system running as-is for now,
19 # I.e you will have USB, internet access, and qubes module will not mess with your system configuration too much.
20 optOutRecommendedConfiguration = [
21 "disable-smt" # Do not disable SMT
22 "hostname-dom0" # Use current machine hostname, do not reset it to dom0
23 "dom0-restricted-usb" # Do not block USB devices in dom0
24 "dedicated-sys-usb" # Allow USB devices in dom0
25 "dedicated-sys-net" # Allow networking in dom0
26 ];
27 };
28
29 nixpkgs.config.allowUnfreePredicate = pkg:
30 builtins.elem (lib.getName pkg) [
31 "qubes-vmm-stubdom-linux" # have no idea what this is; also why is it unfree?
32 "qubes-artwork" # don't need the pictures, honestly
33 ];
34 };
35}