migration std. linux -> qubes : how integrate "old" user data

[haa...@web.de]

Hello,

the question is in the title. I want to migrate from a standard linux
distro (debian) to qubes. I have an internal with my old /home/ and I
have the same content on an external hdd. The experimental qubes install
went on an SDD. I guess that within qubes I should separate my old /home
content in the appropriate qubes, otherwise I loose a big part of the
aimed security. So just adding the (encrypted) /home to dom0 or
somewhere else does not seem an intelligent way to procede.

Should I rather

a) shrink the luks system, generate a new one next to it, migrate say
work into the new, delete work on old etc. to generate one luks volume
per cube? OR

b) Since the install is new, re-do it, let qubes reformat the internal
hdd as /home and then fetch my data from the backup?


Thank you! Bernhard

[Blaumeer]

On Thursday, January 5, 2017 at 10:40:38 AM UTC+1, haa...@web.de wrote:
> b) Since the install is new, re-do it, let qubes reformat the internal
> hdd as /home and then fetch my data from the backup?

This is what I did: Fresh install on new SSD, configure suitable AppVM, import data from HD backup, try to work with Qubes for a while.

The last step is the most tricky, I'm discovering hat real-use scenario is different from what I planned, specially devising the different AppVMs and their role.

blau

[Unman]

Hi Bernhard,

Neither of these options seem particularly attractive to me. There is
no need to have separate volumes per qube, and I'm not clear why you
would want the hdd as /home, since that would put your data in dom0,
rather than in a qube.
If the motivation for (b) is space concerns then you should be aware that
most of the space is taken up with /var where the qubes are stored. You
can store some qubes on separate disks and link them to the SSD.

Perhaps you are in the process of migrating, and are going to dual boot
for a while, or perhaps you are ready to take the plunge. I don't know.
Either way you could start with what you have. Whether it will be easy
depends on how much you segment your life at the moment.

If you are going to dual boot, then you could take the opportunity to
segment the data in /home so that it works with Qubes. If you do this
for a while then you will end up with the data separated in to folders
representing the security domains that you want to use in Qubes. It's
quite clunky attaching the HDD to separate qubes: an alternative approach
might be to start copying data in to the qubes and then rsyncing back to
the HDD on those occasions when you want to use the data in your Debian
install.

I can't say I would recommend that method but it is workable and can
ease the transition to full time Qubes use.
If you are already at that stage, then you have probably already thought about
the domains you want to have - I would create a few qubes to fill the needs in
each, and start moving data from the HDD in to those qubes. As the
balance of space usage changes you might want to resize the /home
partition on the HDD and create a new encrypted partition to store some
of the larger qubes.
You may find that you want to keep some data on a partition that you can
attach to a number of different qubes. Or you could create a storage
qube with large allocated /home and use it to share data between qubes
using ssh or samba. Qubes is flexible enough for all this.

I hope this helps somewhat

unman