memex/system/access-options.org

#+TITLE: Access Options - ~/mind for Owner
#+author: Amero Garcia
#+created: [2026-03-16 Mon 14:28]
#+DATE: 2026-03-06
#+FILETAGS: :access:emacs:qubes:ssh

* Owner Access to ~/mind

** Context
- Owner works on: Emacs on Debian in Qubes OS
- Already has SSH access to host
- Goal: Read and contribute to ~/mind
- Preference: Emacs-native workflow

---

* Option 1: SSH + Terminal Emacs (Simplest)

*Setup:*
```bash
ssh amr@host
emacs ~/mind/  # Terminal emacs on remote
```

*Pros:*
- ✅ Already works with existing SSH
- ✅ No additional setup
- ✅ Full remote access
- ✅ Simple and reliable

*Cons:*
- ❌ Terminal Emacs (not graphical)
- ❌ Latency for editing
- ❌ No local Qubes integration
- ❌ Must be online

*Best for:* Quick edits, occasional access

---

* Option 2: Emacs Tramp Mode (Recommended)

*Setup:*
Add to your Emacs config in Qubes:
```elisp
(setq tramp-default-method "scp")
(setq tramp-ssh-controlmaster-options
      "-o ControlPath=/tmp/ssh-ControlMaster-%%r@%%h:%%p -o ControlMaster=auto -o ControlPersist=yes")

;; Access via C-x C-f /scp:amr@host:/home/amr/mind/
```

*Usage:*
- `C-x C-f /scp:amr@host:/home/amr/mind/`
- Edit remote files as if local
- Emacs handles SSH transparently

*Pros:*
- ✅ Native Emacs experience
- ✅ All your Qubes Emacs config works
- ✅ No terminal needed
- ✅ Good performance with ControlMaster
- ✅ org-roam works over Tramp

*Cons:*
- ⚠️ Needs Tramp configuration
- ⚠️ Variable performance over network
- ⚠️ Requires SSH key setup

*Best for:* Daily use, Emacs power users

---

* Option 3: Syncthing (Continuous Sync)

*Setup:*
1. Install Syncthing on both machines:
   ```bash
   # On your Qubes Debian
   sudo apt install syncthing

   # On my host
   # Syncthing already in Docker or native
   ```

2. Share ~/mind folder
3. Set up bidirectional sync

*Pros:*
- ✅ Works offline (syncs when online)
- ✅ Native file access in Qubes
- ✅ Multiple device support
- ✅ Versioning/conflict resolution
- ✅ Low latency (local files)

*Cons:*
- ⚠️ Sync conflicts possible
- ⚠️ Delayed updates
- ⚠️ More complex setup
- ⚠️ Security considerations (file sync)

*Best for:* Offline work, multiple devices

---

* Option 4: Git-Based Workflow (Version Control)

*Setup:*
```bash
# On my host - already git repo
cd ~/mind
git remote add qubes ssh://you@your-qubes/mind
git push qubes main

# On your Qubes
git clone ssh://amr@host/home/amr/mind.git ~/mind
```

*Workflow:*
1. Pull changes before editing
2. Work on files locally
3. Commit and push changes
4. I pull changes on my end

*Pros:*
- ✅ Version history
- ✅ Offline capable
- ✅ Git merge handles conflicts
- ✅ Clean workflow
- ✅ Review before merge

*Cons:*
- ⚠️ Commit/push/pull overhead
- ⚠️ Delayed sync
- ⚠️ Merge conflicts possible
- ⚠️ Not real-time collaboration

*Best for:* Structured contributions, review workflow

---

* Option 5: Emacs Server + Emacs Client (Advanced)

*Setup on my host:*
```bash
emacs --daemon  # Start Emacs server
cp ~/.emacs.d/server/server ~/.emacs.d/server/server-qubes
chmod 600 ~/.emacs.d/server/server-qubes
```

*Access from Qubes:*
```bash
ssh -L 9999:localhost:9999 amr@host
# Then use emacsclient -c -f /path/to/forwarded/server
```

*Or via TRAMP:*
```elisp
(setq server-use-tcp t)
(setq server-host "my-host")
(setq server-port 9999)
```

*Pros:*
- ✅ Persistent Emacs session
- ✅ Shared buffers/state
- ✅ Fast after initial load
- ✅ Real-time collaboration

*Cons:*
- ❌ Complex setup
- ❌ SSH tunnel required
- ❌ Emacs version compatibility
- ❌ Security risk (Emacs server exposed)

*Best for:* Power users, real-time collab

*⚠️ NOT RECOMMENDED* - Security risks exceed benefits

---

* Option 6: NFS Export + Qubes Mount (Network Share)

*Setup:*
```bash
# On my host - export ~/mind via NFS
sudo apt install nfs-kernel-server
echo "/home/amr/mind *(rw,sync,no_subtree_check,anonuid=1000,anongid=1000)" >> /etc/exports
sudo exportfs -ra

# In Qubes
sudo apt install nfs-common
sudo mount my-host:/home/amr/mind ~/mind
```

*Pros:*
- ✅ Native filesystem access
- ✅ Transparent to Emacs
- ✅ Fast local performance

*Cons:*
- ❌ Security risk (NFS over network)
- ❌ Complex Qubes networking
- ❌ Potential data corruption
- ❌ Requires firewall rules

*⚠️ NOT RECOMMENDED* - Security risk

---

* Option 7: rclone + Cloud Storage Bridge

*Setup:*
```bash
# Mount ~/mind to S3/Dropbox/etc via rclone
rclone mount remote:mind ~/mind \
  --vfs-cache-mode writes \
  --vfs-cache-max-size 100M
```

*Pros:*
- ✅ Works through Qubes networking
- ✅ Cloud redundancy
- ✅ Multiple access methods

*Cons:*
- ❌ Cloud dependency
- ❌ Cost considerations
- ❌ Sync latency
- ❌ Privacy concerns

*⚠️ NOT RECOMMENDED* - Adds unnecessary complexity

---

* Recommendation Summary

| Option | Setup | Security | Performance | Collaboration |
|--------|-------|----------|-------------|---------------|
| 1. SSH+Terminal | ⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐ | ⭐⭐ |
| 2. Tramp | ⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐ |
| 3. Syncthing | ⭐⭐ | ⭐⭐ | ⭐⭐⭐ | ⭐⭐ |
| 4. Git | ⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐ |
| 5. Emacs Server | ⭐ | ⭐ | ⭐⭐⭐ | ⭐⭐⭐ |
| 6. NFS | ⭐⭐ | ⭐ | ⭐⭐⭐ | ⭐⭐⭐ |
| 7. rclone | ⭐⭐ | ⭐⭐ | ⭐⭐ | ⭐⭐ |

*Top Recommendations:*

*🥇 Primary: Option 2 (Tramp)*
- Best Emacs integration
- Good security
- Excellent performance with SSH ControlMaster
- Recommended for daily use

*🥈 Alternative: Option 4 (Git)*
- Version control
- Offline capable
- Clean workflow
- Good for structured contributions

*🥉 Fallback: Option 1 (SSH Terminal)*
- Zero setup
- Always works
- Good for quick edits

---

* Implementation Decisions Needed

*For Noon Meeting:*

1. Preferred access method (Tramp/Git/Both)
2. SSH key exchange (if not already done)
3. Permissions level (full write vs. review my commits first)
4. Real-time vs. async collaboration preference
5. Backup/redundancy requirements

*Questions:*
- Do you already have SSH keys set up?
- Want full write access or pull request workflow?
- Need offline access (Syncthing)?
- Emacs version in Qubes?