I've never used Qubes. Rather I heavily segment with manually configured VMs. The ones that run proprietary software (eg webbrowsing, MSWin, etc) generally run on a different machine than my main desktop. It's quite convenient as I can go from my office to the couch, and I just open up the same VMs there and continue doing what I was doing.
I define the network access for each VM in a spreasheet (local services and Internet horizon), which then gets translated into firewall rules. I can simultaneously display multiple web browsers, each with a different network nym (casual browsing, commercial VPN'd, TOR, etc).
The downsides include needing an ethernet cable on my laptop (latency), and that this setup isn't great at going mobile. Eventually I'll get around to setting up a medium-trust laptop that runs a web browser and whatnot directly (while not having access to any keys to the kingdom), one of these days real soon now.
Which brings me to the real downside is the work required to administer it - you already have to be in the self-hosting game. This is where an out-of-the-box solution could excel. Having recently become a NixOS convert, SpectrumOS looks very interesting!
Thinking of my kids' future has also made me much more energy-conscious. Meaning I've stopped running my VM host 24/7 like I was, because neither ESX nor Proxmox is really set up for saving energy easily (automated suspending and waking, etc). Which is a shame, since I'm actually finding that with gigabit fiber at home, even on mobile connections I can work pretty decently on homelab VMs.
Running something like it on a laptop directly makes sense, but I worry about bringing some workloads back to my laptop that I really prefer to keep off it. In terms of raw performance my laptop isn't even close, especially with heavy graphic workloads. And then there's heat, etc.
I feel like this is the all too common pattern of individuals taking environmental responsibility to absurd levels, while corporations dgaf. How much electricity is burned in datacenters, especially doing zero-sum surveillance tasks?
My Ryzen 5700G ("router") idles around 20-25W, which seems like a small price to pay to not be at the mercy of the cloud. That's around 60 miles of driving per month (gas or electric), which seems quite easy to waste other ways.
My Libreboot KGPE ("desktop/server") burns about 160W. This is much higher than a contemporary computer should be, but that's the price of freedom. I could replace it with a Talos II (~65W from quick research), but the payback for electricity saved would take several decades.
To cut back on the environmental impact, I do plan to install solar panels with battery storage, which will also replace the need for UPSes. I've got another KGPE board for which it's interesting to think about setting up as a parallel build host, only running during sunny days rather than contributing to electricity storage requirements.
I totally agree, but I do what I can. And while setup takes me some extra effort, I can now run my 24/7 workloads on a small box and run the big box only when needed.
I used to leverage VMs more (and still do in certain cases) but I've moved to disposable/containerized by leveraging Kasm [0]. There's other ways to stream environments, but it's another option. Definitely check it out if you're looking for other options.
I define the network access for each VM in a spreasheet (local services and Internet horizon), which then gets translated into firewall rules. I can simultaneously display multiple web browsers, each with a different network nym (casual browsing, commercial VPN'd, TOR, etc).
The downsides include needing an ethernet cable on my laptop (latency), and that this setup isn't great at going mobile. Eventually I'll get around to setting up a medium-trust laptop that runs a web browser and whatnot directly (while not having access to any keys to the kingdom), one of these days real soon now.
Which brings me to the real downside is the work required to administer it - you already have to be in the self-hosting game. This is where an out-of-the-box solution could excel. Having recently become a NixOS convert, SpectrumOS looks very interesting!