Any Advantage to using OpenHAB on qubes?
44 views
Skip to first unread message
Stumpy
Sep 30, 2020, 9:31:13 AM9/30/20
to Qubes users
Sometimes I have trouble "wrapping my head around" compartmentalization
offline use etc so I was hoping someone is doing, or has considered
something similar.
I would like to setup home automation and security, and OpenHAB seems
like the best way to go. The caveat, for me at least, is I really dont
want the setup to be online, or dont want it to be accessible from the
internet - which is where qubes comes in i think?
I want OpenHAB to stay up to date but do not want it to be accessible
via the internet so i was thinking if I have a template with OpenHAB
installed that would install OpenHAB and hopefully plugins?
The thing is I am hoping to have wifi cameras, or at least PoE cameras
connected so it was less clear to me if i would be able to have an
OpenHAB appvm that was not connected to the internet, or blocked from
the network, but able to communicate with these various wireless devices?
Ideally i would be able to do this on my workstation as i pretty much
live in front of my monitors :/
But I have 2 older laptops, one runs qubes like a champ, the other i am
guessing less so (AMD Neo chip w/ 2 or 4gb mem [I forget]), though
either way if i went the laptop route they woudl be dedicated devices so
to speak.
Any thoughts, ideas, feedback would really really be appreciated!
offline use etc so I was hoping someone is doing, or has considered
something similar.
I would like to setup home automation and security, and OpenHAB seems
like the best way to go. The caveat, for me at least, is I really dont
want the setup to be online, or dont want it to be accessible from the
internet - which is where qubes comes in i think?
I want OpenHAB to stay up to date but do not want it to be accessible
via the internet so i was thinking if I have a template with OpenHAB
installed that would install OpenHAB and hopefully plugins?
The thing is I am hoping to have wifi cameras, or at least PoE cameras
connected so it was less clear to me if i would be able to have an
OpenHAB appvm that was not connected to the internet, or blocked from
the network, but able to communicate with these various wireless devices?
Ideally i would be able to do this on my workstation as i pretty much
live in front of my monitors :/
But I have 2 older laptops, one runs qubes like a champ, the other i am
guessing less so (AMD Neo chip w/ 2 or 4gb mem [I forget]), though
either way if i went the laptop route they woudl be dedicated devices so
to speak.
Any thoughts, ideas, feedback would really really be appreciated!
Stumpy
Sep 30, 2020, 9:33:10 AM9/30/20
to qubes...@googlegroups.com
... then again that would mean i'd need network access? Ugh, sorry I am
really bad at visualizing these things.
Adrian Lynch
Sep 30, 2020, 12:49:26 PM9/30/20
to qubes-users
Yes and No, you can set it up so that the RPI can't communicate with the outside world, but it can only talk on the local network.
Frank
Oct 1, 2020, 12:49:42 AM10/1/20
to qubes...@googlegroups.com
> On 30. Sep 2020, at 15:33, Stumpy stumpy-at-posteo.net |qubes-mailing-list/Example Allow| <v0r93v5...@sneakemail.com> wrote:
Why not use one of the laptops - or the Raspi - without Qubes and your favorite Linux distribution instead? I don’t think Qubes would add anything here anyway.
Just use iptables firewall on that machine to block everything from the outside world and only allow connections from within your local LAN/WLAN.
You could setup SSH with X-forwarding on either machine equally easily. The laptop would have the advantage of offering direct access with its own monitor on top of ssh. And that would even work for the older one, that has definitely not enough memory to run Qubes on it in any comfortable way anyway.
Regards, Frank
Just use iptables firewall on that machine to block everything from the outside world and only allow connections from within your local LAN/WLAN.
You could setup SSH with X-forwarding on either machine equally easily. The laptop would have the advantage of offering direct access with its own monitor on top of ssh. And that would even work for the older one, that has definitely not enough memory to run Qubes on it in any comfortable way anyway.
Regards, Frank
Manuel Amador (Rudd-O)
Oct 6, 2020, 12:31:48 AM10/6/20
to qubes...@googlegroups.com
On 30/09/2020 15.35, Stumpy wrote:
I want OpenHAB to stay up to date but do not want it to be accessible via the internet so i was thinking if I have a template with OpenHAB installed that would install OpenHAB and hopefully plugins?
The thing is I am hoping to have wifi cameras, or at least PoE cameras connected so it was less clear to me if i would be able to have an OpenHAB appvm that was not connected to the internet, or blocked from the network, but able to communicate with these various wireless devices?
Qubes can support restrictions on outbound traffic of your OpenHAB instance by using the firewall rules built into the qube settings screen.
If you want to support inbound traffic you can use https://github.com/rudd-o/qubes-network-server but you will then have to manage your firewall rules on your own directly in the OpenHAB qube.Reply all
Reply to author
Forward
0 new messages