Merge remote-tracking branch 'flapflap/de-network_configuration'

[tails-test.git] / wiki / src / doc / first_steps / persistence / configure.mdwn

[[!meta title="Create & configure the persistent volume"]]

[[!inline pages="doc/first_steps/persistence.caution" raw="yes"]]

[[!toc levels=2]]

Start the persistent volume assistant
=====================================

To start the persistent volume assistant, choose
<span class="menuchoice">
  <span class="guimenu">Applications</span>&nbsp;▸
  <span class="guisubmenu">Tails</span>&nbsp;▸
  <span class="guimenuitem">Configure persistent volume</span></span>.

<div class="note">

The error message <span class="emphasis">Error, Persistence partition is not
unlocked.</span> means that the persistent volume was not enabled from
<span class="application">Tails Greeter</span>. So you can not configure it
but you can delete it and create a new one.

</div>

Creating the persistent volume
==============================

When run for the first time, or after [[deleting the persistent
volume|delete]], the assistant proposes to create a new persistent volume on
the device from which Tails is running.

1. The persistent volume is an encrypted partition protected by a passphrase.
Specify a passphrase of your choice in both the
<span class="guilabel">Passphrase</span> and <span class="guilabel">Verify
Passphrase</span> text boxes.

2. Click on the <span class="guilabel">Create</span> button.

3. Wait for the creation to finish.

<div class="bug">

<strong>If the creation is interrupted before it finishes</strong>, you may not
be able to start Tails from this device any more. This can happen if you
close the window of the wizard or unplug the USB stick or SD card during the creation of
the persistent volume. [[Delete|first_steps/reset]] and
[[reinstall|first_steps/installation]] Tails to fix this issue.

</div>

<a id="features"></a>

Persistence features
====================

When run from a Tails device that already has a persistent volume, the assistant
shows a list of the possible persistence features. Each feature corresponds to a
set a files to be saved in the persistent volume.

<div class="note">

<strong>Restart Tails to apply the changes</strong> after selecting or
unselecting one or several features.

</div>

<div class="bug">

If you unselect a feature that used to be activated, it will be
deactivated after restarting Tails but the corresponding files will
remain on the persistent volume.

</div>

<a id="personal_data"></a>

<div class="icon">
[[!img stock_folder.png link=no]]
<div class="text"><h2>Personal Data</h2></div>
</div>

When this feature is activated, you can save your personal files and working
documents in the <span class="filename">Persistent</span> folder.

To open the <span class="filename">Persistent</span> folder, choose
<span class="menuchoice">
  <span class="guimenu">Places</span>&nbsp;▸
  <span class="guimenuitem">Home Folder</span></span>, and open the <span
  class="guilabel">Persistent</span> folder.

<a id="gnupg"></a>

<div class="icon">
[[!img seahorse-key.png link=no]]
<div class="text"><h2>GnuPG</h2></div>
</div>

When this feature is activated, the OpenPGP keys that you create or import are
saved in the persistent volume.

<div class="caution">

If you manually edit or overwrite the
<span class="filename">~/.gnupg/gpg.conf</span> configuration file
you may lessen your anonymity,
weaken the encryption defaults or render GnuPG unusable.

</div>

<a id="ssh_client"></a>

<div class="icon">
[[!img seahorse-key-ssh.png link=no]]
<div class="text"><h2>SSH Client</h2></div>
</div>
    
When this feature is activated, all the files related to the secure-shell client
are saved in the persistent volume:

  - The SSH keys that you create or import
  - The public keys of the hosts you connect to
  - The SSH configuration file in <span class="filename">~/.ssh/config</span> 

<div class="caution">

If you manually edit the <span class="filename">~/.ssh/config</span>
configuration file, make sure not to overwrite the
default configuration from the
<span class="filename">/etc/ssh/ssh_config</span> file. Otherwise, you may weaken the
encryption defaults or render SSH unusable.

</div>

<a id="pidgin"></a>

<div class="icon">
[[!img pidgin.png link=no]]
<div class="text"><h2>Pidgin</h2></div>
</div>

When this feature is activated, all the configuration files of the
<span class="application">Pidgin</span> Internet messenger are saved in the
persistent volume:

  - The configuration of your accounts, buddies and chats.
  - Your OTR encryption keys and keyring.
  - The content of the discussions is not saved unless you configure
    <span class="application">Pidgin</span> to do so.

All the configuration options are available from the graphical interface. There
is no need to manually edit or overwrite the configuration files.

<a id="claws_mail"></a>

<div class="icon">
[[!img claws-mail.png link=no]]
<div class="text"><h2>Claws Mail</h2></div>
</div>

When this feature is activated, the configuration and emails stored locally by
the <span class="application">Claws Mail</span> email client are saved in the
persistent volume.

All the configuration options are available from the graphical interface. There
is no need to manually edit or overwrite the configuration files.

<div class="bug">

<p>The emails of a POP3 account created without using the configuration
assistant are not stored in the persistent volume by default.  For example,
when configuring a second email account.</p>

<p>To make it persistent choose
<span class="menuchoice">
  <span class="guimenu">File</span>&nbsp;▸
  <span class="guimenu">Add Mailbox</span>&nbsp;▸
  <span class="guimenuitem">MH...</span></span> and change the location of the mailbox
from <span class="filename">Mail</span> to <span class="filename">.claws-mail/Mail</span>.</p>

</div>

<a id="gnome_keyring"></a>

<div class="icon">
[[!img seahorse-key-personal.png link=no]]
<div class="text"><h2>GNOME Keyring</h2></div>
</div>

When this feature is activated, the secrets of
<span class="application">GNOME Keyring</span> are saved in the persistent
volume.

GNOME Keyring is a collection of components in GNOME that store secrets,
passwords, keys, certificates and make them available to applications.
For more information about <span class="application">GNOME Keyring</span> see
the [official documentation](http://live.gnome.org/GnomeKeyring).

<a id="network_connections"></a>

<div class="icon">
[[!img network-manager.png link=no]]
<div class="text"><h2>Network Connections</h2></div>
</div>

When this feature is activated, the configuration of the network devices
and connections is saved in the persistent volume.

To save passwords, for example the passwords of encrypted wireless connections,
the [[<span class="application">GNOME Keyring</span> persistence
feature|configure#gnome_keyring]] must also be activated.

<a id="apt_packages"></a>

<div class="icon">
[[!img synaptic.png link=no]]
<div class="text"><h2>APT Packages</h2></div>
</div>

When this feature is activated, the packages that you install using the
<span class="application">Synaptic</span> package manager or the
<span class="command">apt-get</span> command are saved in the persistent volume.

If you install additional programs, this feature allows you to download them
once and reinstall them during future working sessions, even offline.
Note that those packages are not automatically installed when restarting Tails.

If you activate this feature, it is recommended to activate the
<span class="guilabel">APT Lists</span> feature as well.

<a id="apt_lists"></a>

<div class="icon">
[[!img synaptic.png link=no]]
<div class="text"><h2>APT Lists</h2></div>
</div>

When this feature is activated, the lists of all the software packages available
for installation are saved in the persistent volume.

Those so called <span class="emphasis">APT lists</span> correspond to the files
downloaded while doing
<span class="guilabel">Reload</span> from the
<span class="application">Synaptic</span> package manager or issuing the
<span class="command">apt-get update</span> command.

The <span class="emphasis">APT lists</span> are needed to install additional
programs or explore the list of available software packages. This feature allows
you to reuse them during future working sessions, even offline.

<a id="browser_bookmarks"></a>

<div class="icon">
[[!img user-bookmarks.png link=no]]
<div class="text"><h2>Browser bookmarks</h2></div>
</div>

When this feature is activated, changes to the bookmarks in
<span class="application">Tor Browser</span> are saved in the persistent
volume. This does not apply to the Unsafe web browser.

<a id="printers"></a>

<div class="icon">
[[!img printer.png link=no]]
<div class="text"><h2>Printers</h2></div>
</div>

When this feature is activated, the configuration of the printers is saved in the
persistent volume.

<a id="dotfiles"></a>

<div class="icon">
[[!img preferences-desktop.png link=no]]
<div class="text"><h2>Dotfiles</h2></div>
</div>

When this feature is activated, all the files in the <span
class="filename">/live/persistence/TailsData_unlocked/dotfiles</span> folder
are linked in the <span class="filename">Home</span> folder. Files in
subfolders of <span class="filename">dotfiles</span> are also linked
in the corresponding subfolder of your <span class="filename">Home
</span> folder.

For example, having the following files in <span
class="filename">/live/persistence/TailsData_unlocked/dotfiles</span>:

    /live/persistence/TailsData_unlocked/dotfiles
    ├── file_a
    ├── folder
    │   ├── file_b
    │   └── subfolder
    │       └── file_c
    └── emptyfolder

Produces the following result in <span class="filename">/home/amnesia</span>:

    /home/amnesia
    ├── file_a → /live/persistence/TailsData_unlocked/dotfiles/file_a
    └── folder
        ├── file_b → /live/persistence/TailsData_unlocked/dotfiles/folder/file_b
        └── subfolder
            └── file_c → /live/persistence/TailsData_unlocked/dotfiles/folder/subfolder/file_c

This option is useful if you want to make some specific files
persistent, but not the folders they are stored in. A fine example are
the so called "dotfiles" (and hence the name of this feature), the
hidden configuration files in the root of your home directory, like
<span class="filename">~/.gitconfig</span> and <span
class="filename">~/.bashrc</span>.

As you can see in the previous example, empty folders are ignored. This feature
only links files, and not folders, from the persistent volume into the <span
class="filename">Home</span> folder.

<a id="additional_software"></a>

Additional software packages
----------------------------

<div class="note">

This is an experimental feature which does not appear in the assistant.

</div>

When this feature is enabled, a list of additional software of your
choice is automatically installed at the beginning of every working
session. The corresponding software packages are stored in the
persistent volume. They are automatically upgraded for security
after a network connection is established.

To use this feature you need to enable both the <span
class="guilabel">APT Lists</span> and <span class="guilabel">APT
Packages</span> features.

<div class="note">

If you are offline and your additional software packages don't install, it
might be caused by outdated APT Lists. The issue will be fixed next time you
connect Tails to Internet with persistence activated.

</div>

To choose the list of additional software, start Tails with an administrator
password and edit (as an administrator) the file called
`/live/persistence/TailsData_unlocked/live-additional-software.conf`.
Each line of this file must contain
the name of a Debian package to be installed as an additional software
package.

For example, to automatically install the `dia` software, a diagram
editor, and the `fontmatrix` software, a font manager, add the following
content to `live-additional-software.conf`:

    dia
    fontmatrix

To learn about the many software packages available in Debian, visit
<http://packages.debian.org/stable/>.

<div class="caution">

<strong>Installing additional software is at your own risk.</strong>
Most additional software requires extra configuration to be able to
connect to the network through Tor, and will not work otherwise. Some other software might, for
example, modify the firewall and break the security built in Tails.
Software not officially included in Tails is not tested for security.

</div>