datatypevoid · March 11, 2019 19:23 · Sep 22, 2017 · Sep 22, 2017 · Sep 22, 2017 · Sep 22, 2017
diff --git a/Docker-on-qubes.md b/Docker-on-qubes.md
@@ -10,15 +10,15 @@ It takes a little work to get Docker running on qubes because you have to modify
 As of this writing the versions im using are,
 
 * Qubes-OS 3.2
-* Debian 9
+* Debian 9 (Fedora is fine too)
 * Docker 17.06
 
 TemplateVM
 ----------
 
-Debian-9 or Fedora-25 should both be fine. Since the template has to be modified, its less effort to use debian. Make clone of the template vm of your choice. I named mine dockerhost. Dont do this for your templatevm as there are some intrusive changes, and docker has security implications. 
+Make clone of the template vm of your choice. I named mine dockerhost. Dont do this for your templatevm as there are some intrusive changes, and docker has security implications. 
 
-These instructions are at https://docs.docker.com/engine/installation/linux/docker-ce/debian/
+These instructions are adapted from https://docs.docker.com/engine/installation/linux/docker-ce/debian/
 
 ```
 sudo apt-get install \

diff --git a/Docker-on-qubes.md b/Docker-on-qubes.md
@@ -16,7 +16,7 @@ As of this writing the versions im using are,
 TemplateVM
 ----------
 
-Debian-9 or Fedora-25 should both be fine. Since the template has to be modified, its less effort to use debian.
+Debian-9 or Fedora-25 should both be fine. Since the template has to be modified, its less effort to use debian. Make clone of the template vm of your choice. I named mine dockerhost. Dont do this for your templatevm as there are some intrusive changes, and docker has security implications. 
 
 These instructions are at https://docs.docker.com/engine/installation/linux/docker-ce/debian/
 

diff --git a/Docker-on-qubes.md b/Docker-on-qubes.md
@@ -52,6 +52,11 @@ sudo add-apt-repository \
    stable"
 sudo apt-get update
 sudo apt-get -y install docker-ce
+```
+
+the above command ate my copy pasta when i ran it, so for ease of cutting and pasting, heres the next block on its own
+
+```
 sudo groupadd docker
 sudo usermod -aG docker user
 sudo systemctl enable docker

diff --git a/Docker-on-qubes.md b/Docker-on-qubes.md
@@ -2,11 +2,12 @@ Docker on Qubes
 ===============
 
 (Docker)[https://www.docker.com] a software container platform. You may have heard of it.
+
 (Qubes-OS)[https://www.qubes-os.org] "A Reasonably Secure Operating System"
 
-It takes a little work to get Docker running on qubes. Heres a guide.
+It takes a little work to get Docker running on qubes because you have to modify a templatevm. But, once you do it, you have the ease of compartmentalization qubes is famous for. 
 
-As of this writing the versions im useing are,
+As of this writing the versions im using are,
 
 * Qubes-OS 3.2
 * Debian 9
@@ -78,3 +79,10 @@ If it all worked, you should be able to make an appvm based on your dockerhost t
 The first time, it will download the hello-world docker image. If you restart the appvm, and docker run hello-world again, it should just run without having to download the image again.
 
 By default, appvms only get 2G of storage. In the appvm settings from the qubes-manager, the first tab has "Disk Settings" where you can increase private storage size.
+
+Links
+-----
+(Opal Raava on how to expose a docker service to the outside world)[https://groups.google.com/forum/#!topic/qubes-users/wFRFvO4LQ9k]
+
+(More on persistent filesystems in qubes)[https://www.qubes-os.org/doc/bind-dirs/]
+
diff --git a/Docker-on-qubes.md b/Docker-on-qubes.md
@@ -0,0 +1,80 @@
+Docker on Qubes
+===============
+
+(Docker)[https://www.docker.com] a software container platform. You may have heard of it.
+(Qubes-OS)[https://www.qubes-os.org] "A Reasonably Secure Operating System"
+
+It takes a little work to get Docker running on qubes. Heres a guide.
+
+As of this writing the versions im useing are,
+
+* Qubes-OS 3.2
+* Debian 9
+* Docker 17.06
+
+TemplateVM
+----------
+
+Debian-9 or Fedora-25 should both be fine. Since the template has to be modified, its less effort to use debian.
+
+These instructions are at https://docs.docker.com/engine/installation/linux/docker-ce/debian/
+
+```
+sudo apt-get install \
+   apt-transport-https \
+   ca-certificates \
+   curl \
+   gnupg2 \
+   software-properties-common
+```
+
+before doing the next step, in the qubes manager, go to settings on the templatevm. under firewall rules, check on allow full access for 5 min.
+
+    curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg | sudo apt-key add -
+    sudo apt-key fingerprint 0EBFCD88
+
+you should see 
+
+```
+pub   4096R/0EBFCD88 2017-02-22
+      Key fingerprint = 9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88
+uid                  Docker Release (CE deb) <[email protected]>
+sub   4096R/F273FCD8 2017-02-22
+```
+
+make sure the fingerprint matches, then install docker, and set yourself up to use it
+
+```
+sudo add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
+   $(lsb_release -cs) \
+   stable"
+sudo apt-get update
+sudo apt-get -y install docker-ce
+sudo groupadd docker
+sudo usermod -aG docker user
+sudo systemctl enable docker
+```
+
+and, make sure appvms get to keep any customizations you do
+
+```
+sudo mkdir -p /rw/config/qubes-bind-dirs.d
+sudo cat << EOF > /rw/config/qubes-bind-dirs.d/50_user.conf
+binds+=( '/var/lib/docker' )
+binds+=( '/etc/docker' )
+EOF
+```
+
+Thats all for the templatevm. save and poweroff.
+
+AppVM
+-----
+
+If it all worked, you should be able to make an appvm based on your dockerhost template, and run 
+
+    docker run hello-world
+
+The first time, it will download the hello-world docker image. If you restart the appvm, and docker run hello-world again, it should just run without having to download the image again.
+
+By default, appvms only get 2G of storage. In the appvm settings from the qubes-manager, the first tab has "Disk Settings" where you can increase private storage size.