This document describes how to set up an AppVM based on a Debian TemplateVM running on Qubes OS that contains all the tools necessary for developers and DevOps at Tocco.

Step 1: Get and Extract IDEA

Download the latest version and extract it:

cd ~/Download
tar xf ideaIC-XXXX.X.X.tar.gz
ln -s ideaIC-XXXX.X.X idea
mkdir -p ~/bin
ln -s ../install/idea/bin/ ~/bin/idea

If an update is released that forces you to download a new *.tar.gz file, extract it and replace the link with ln -sfn ideaIC-XXXX.X.X idea.

Step 2: Install Java

Install default JDK:

apt install default-jdk

… or install a particular version:

# install Java 8
apt install openjdk-8-jdk

… or, if you need a newer version, get it from the backports repository:

cat >>/etc/apt/source.list.d/backports <EOF
deb $(lsb_release -cs)-backports main
sudo apt update

# install Java 9
apt install openjdk-9-jdk

Step 3: Install Maven

apt install maven

By default, the memory limit is based on available memory but that might not always be enough. (In Qubes the VM gets memory assigned only when needed. Hence, this is needed.)

echo 'export MAVEN_OPTS="-Xmx1024m"' >>~/.profile


Close and reopen your terminal for the changes to take effect.

Step 4: Configure Maven

mkdir -p ~/.m2
cat >~/.m2/settings.xml <<EOF

Step 5: Setup SSH

Create a key

ssh-keygen -t rsa -b 4096
cat ~/.ssh/ # copy key and paste in the next step

Distribute Key

Add key on (Your name (top right corner) → SettingsSSH Public KeysAdd Key …)

You also want to give the content of ~/.ssh/ to someone of operations if you want SSH access to any of the servers (e.g. ask in the operations channel to have your key added).

Configure SSH

cd ~/src
git clone
cat >>~/.ssh/config <<EOF
# overwrite settings here, before the "Include"

Host *
    Include ~/src/tocco-dotfiles/ssh/config

Step 6: Setup Git

sudo apt install git
git config --global "${USERNAME}"  # replace ${USERNAME} with pgerber, …
git config --global "${YOUR_NAME}"  # replace ${YOUR_NAME} with "Peter Gerber", …

Ignore some files in all repository by default:

cat >>~/.config/git/ignore <<EOF

Step 7: Get a copy of Nice2

mkdir ~/src
cd ~/src
git clone ssh://${USERNAME}  # replace ${USERNAME} with pgerber, …
cd nice2
scp -p -P 29418 ${USERNAME} hooks/  # replace ${USERNAME} with pgerber, …

Test if Maven build works:

mvn -am install -T1.5C -DskipTests  # add "-Dmac" on Mac

Step 8: IDEA: Create Desktop Entry


This doesn’t actually work in Qubes OS but may be useful in other setups.

open idea and find ToolsCreate Desktop Entry…

Step 9: Configure IDEA

Increase memory available to IDEA

  1. HelpEdit Custom VM Options…

  2. Say Yes to create a config file

  3. Set max. memory (-Xmx) to something sensible (e.g. -Xmx3096m)

Increase Memory IDEA Uses for Maven Import

In Idea main window: FileSettingsBuild, Execution, DeploymentBuild ToolsMavenImportingVM options for Importer → “-Xmx1024m” (Increase this even further if maven imports fails due to out-of-memory.)

Increase Watch Limit

cat >>/rw/config/rc.local <<EOF
sysctl fs.inotify.max_user_watches=524288

Step 10: Setup OpenShift Client

Install Client

Download the client tools from the OpenShift download page, extract it and move the oc binary into $PATH:

cd ~/Download
tar xf
mkdir -p ~/bin
cp openshift-origin-client-tools-vX.X.X-XXXXXXX-linux-64bit/oc ~/bin/oc

Enable Autocompletion

cat >>~/.bashrc <<EOF
eval $(oc completion bash)

Step 11: Setup Docker

See Docker