summaryrefslogtreecommitdiff
path: root/feed.xml
diff options
context:
space:
mode:
authorYour Name <you@example.com>2025-04-02 22:35:42 -0600
committerYour Name <you@example.com>2025-04-02 22:35:42 -0600
commitffe525c0b903e1aff67a7e2f3bc0e984f3b7ce87 (patch)
tree0a08485bcd6ed079996f1fa313ae5d1f004fc031 /feed.xml
parente76a2998c3874987dc93addb16ec82397267f49a (diff)
feed
Diffstat (limited to 'feed.xml')
-rw-r--r--feed.xml648
1 files changed, 387 insertions, 261 deletions
diff --git a/feed.xml b/feed.xml
index 01d0fae..cccc755 100644
--- a/feed.xml
+++ b/feed.xml
@@ -14,8 +14,8 @@
<link></link>
<description><![CDATA[]]></description>
<language>en</language>
- <pubDate>Sat, 01 Mar 2025 10:46:15 -0700</pubDate>
- <lastBuildDate>Sat, 01 Mar 2025 10:46:15 -0700</lastBuildDate>
+ <pubDate>Wed, 02 Apr 2025 22:34:47 -0600</pubDate>
+ <lastBuildDate>Wed, 02 Apr 2025 22:34:47 -0600</lastBuildDate>
<generator>Emacs 29.4 Org-mode 9.7.22</generator>
<webMaster>user@emacs-org (nil)</webMaster>
<image>
@@ -28,157 +28,279 @@
<h2>Table of Contents</h2>
<div id="text-table-of-contents" role="doc-toc">
<ul>
- <li><a href="#orga58744d">Website update</a></li>
- <li><a href="#org2703f1c">Convenient torrenting with qBittorrent</a></li>
- <li><a href="#org6756fb8">QubesOS Saltstack configuration v1</a></li>
- <li><a href="#orgb869675">Create an anonymous Whonix environment with KVM + NixOS</a></li>
+ <li><a href="#orgccc845f">Prepping for v2 of my salt repo</a></li>
+ <li><a href="#org273c2e3">Methods of installing software in salt</a></li>
+ <li><a href="#org8546f71">Website update</a></li>
+ <li><a href="#org6682b69">Convenient torrenting with qBittorrent</a></li>
+ <li><a href="#org4ae133c">QubesOS Saltstack configuration v1</a></li>
+ <li><a href="#org747a82c">Create an anonymous Whonix environment with KVM + NixOS</a></li>
</ul>
</div>
</div>
<item>
- <title>Website update</title>
- <link>./feed.html#orga58744d</link>
+ <title>Prepping for v2 of my salt repo</title>
+ <link>./feed.html#orgccc845f</link>
<author>user@emacs-org (nil)</author>
- <guid isPermaLink="false">./feed.html#orga58744d</guid>
- <pubDate>Sat, 01 Mar 2025 10:14:00 -0700</pubDate>
+ <guid isPermaLink="false">./feed.html#orgccc845f</guid>
+ <pubDate>Wed, 02 Apr 2025 22:34:00 -0600</pubDate>
<description><![CDATA[<p>
- I've changed a few things about the website. The blog posts have been consolidated into a single org document, allowing for easy RSS-feed generation with <code>ox-rss</code>. Anyone should be able to add my feed to any RSS reader and the full articles should show up properly.
+ I've massively restructured my salt repo and added enough features that I'm going to make a new repository and release it again in full, as a 2.0 version. This should be done within the next week or two.
</p>
]]></description>
</item>
<item>
- <title>Convenient torrenting with qBittorrent</title>
- <link>./feed.html#org2703f1c</link>
+ <title>Methods of installing software in salt</title>
+ <link>./feed.html#org273c2e3</link>
<author>user@emacs-org (nil)</author>
- <guid isPermaLink="false">./feed.html#org2703f1c</guid>
- <pubDate>Fri, 28 Feb 2025 14:30:00 -0700</pubDate>
+ <guid isPermaLink="false">./feed.html#org273c2e3</guid>
+ <pubDate>Wed, 02 Apr 2025 22:34:00 -0600</pubDate>
- <description><![CDATA[<div id="outline-container-orgc588fc6" class="outline-3">
- <h3 id="orgc588fc6">Introduction</h3>
- <div class="outline-text-3" id="text-orgc588fc6">
- <p>
- Your access to media should not be limited by money, nor should it be limited by technical ability. I want to demonstrate with this quick guide that torrenting is as accessible and easy as it&rsquo;s ever been, using Free and open-source software.
+ <description><![CDATA[<p>
+ Here are some various methods of installing software, with reference to my personal salt configuration.
</p>
- </div>
- </div>
- <div id="outline-container-org47b35b1" class="outline-3">
- <h3 id="org47b35b1">Install qBittorrent</h3>
- <div class="outline-text-3" id="text-org47b35b1">
+ <div id="outline-container-orgc951cd4" class="outline-3">
+ <h3 id="orgc951cd4">pkg.installed</h3>
+ <div class="outline-text-3" id="text-orgc951cd4">
<p>
- qBittorrent is a Free and open-source BitTorrent client that supports tons of features, but you need to know much at all to get started. To install it, go to their downloads page website at <a href="https://www.qbittorrent.org/download">https://www.qbittorrent.org/download</a> and select the right option for your computer. It supports Windows, MacOS, and can be installed through most common package managers on Linux.
+ Here&rsquo;s <code>/srv/user_salt/pkgs/accounting.sls</code> as an example. It uses the simplest way of installing programs, which is just listing them under <code>pkg.installed</code> which pulls them from your distros main repositories. This is the most preferable way to install software if it&rsquo;s available.
</p>
- <p>
- After it&rsquo;s downloaded, install it like you would with any other program.
- </p>
- </div>
+ <div class="org-src-container">
+ <pre class="src src-salt"><span style="color: #928374;"># </span><span style="color: #928374;">Install accounting tools</span>
+ <span style="color: #d3869b;">accounting--install-apps</span>:
+ <span style="color: #b8bb26;">pkg.installed</span>:
+ - <span style="color: #83a598;">pkgs</span>:
+ - hledger <span style="color: #928374;"># </span><span style="color: #928374;">Command-line plain text accounting</span>
+ - gnucash <span style="color: #928374;"># </span><span style="color: #928374;">Graphical GNU accounting suite</span>
+ </pre>
</div>
- <div id="outline-container-org177af0f" class="outline-3">
- <h3 id="org177af0f">Enable the search engine</h3>
- <div class="outline-text-3" id="text-org177af0f">
- <p>
- To let us search for media, we need to turn on qBittorrent&rsquo;s search engine.
- </p>
- <ul class="org-ul">
- <li>Click the &ldquo;View&rdquo; button in the toolbar</li>
- <li>Check the &ldquo;Search Engine&rdquo; box
- There should now be a &ldquo;Search&rdquo; tab next to &ldquo;Transfers&rdquo; under the toolbar</li>
- <li>Click the &ldquo;Search&rdquo; tab</li>
- <li>Click &ldquo;Search Plugins&rdquo; at the bottom right</li>
- <li>Click &ldquo;Check for updates&rdquo;</li>
- <li>Click &ldquo;Ok&rdquo; and &ldquo;Close&rdquo; to exit the search plugins menu</li>
- </ul>
</div>
</div>
- <div id="outline-container-orgb561d3a" class="outline-3">
- <h3 id="orgb561d3a">Search for and download some media</h3>
- <div class="outline-text-3" id="text-orgb561d3a">
- <ul class="org-ul">
- <li>In the &ldquo;Search&rdquo; tab, click on the search bar, enter the name of some movie, and press Return. Very quickly, you should see many results, with slightly different titles, sizes, and numbers of &ldquo;Seeders&rdquo;, among other things.</li>
- </ul>
+ <div id="outline-container-orga21c868" class="outline-3">
+ <h3 id="orga21c868">move a binary file into /usr/bin</h3>
+ <div class="outline-text-3" id="text-orga21c868">
<p>
- &ldquo;Seeders&rdquo; refers to the computers that are hosting the media you want. In general, you want to download files being seeded by lots of computers to get the fastest download speeds possible
- </p>
- <ul class="org-ul">
- <li>Pick a result with a name indicating the media, resolution, and episodes/seasons you want. Double-click it</li>
- <li>A download prompt will appear. It has lots of settings, but you can simply click &ldquo;Ok&rdquo; to download it normally.</li>
- </ul>
- </div>
- </div>
- <div id="outline-container-orgc6ac7ce" class="outline-3">
- <h3 id="orgc6ac7ce">Now just wait</h3>
- <div class="outline-text-3" id="text-orgc6ac7ce">
- <p>
- You can track the progress of torrents being downloaded in the &ldquo;Transfers&rdquo; tab. When it&rsquo;s 100% complete, you can right-click the file, and click &ldquo;Preview file&rdquo; to have it play in your default media player.
+ Here&rsquo;s <code>/srv/user_salt/pkgs/st.sls</code> as an example. It takes a binary file that&rsquo;s part of this salt repository, and moves it into the ~/usr/bin/ directory in a qube.
</p>
- <p>
- If you&rsquo;re feeling charitable, you can leave qBittorrent running in the background to seed the files for other users. It&rsquo;ll help keep the media accessible for everyone, and improve download speeds for others. Using a VPN is recommended if you plan on leaving the client running for long periods of time.
- </p>
+ <div class="org-src-container">
+ <pre class="src src-salt"><span style="color: #928374;"># </span><span style="color: #928374;">Installs my build of st terminal</span>
+ <span style="color: #d3869b;">/usr/bin/st</span>:
+ <span style="color: #b8bb26;">file.managed</span>:
+ - <span style="color: #83a598;">source</span>: <span style="color: #fe8019;">salt://</span>pkgs/bin/st.bin
+ - <span style="color: #83a598;">user</span>: root
+ - <span style="color: #83a598;">group</span>: root
+ - <span style="color: #83a598;">mode</span>: 777
+ </pre>
</div>
</div>
- <div id="outline-container-org219bc68" class="outline-3">
- <h3 id="org219bc68">Extra tips</h3>
- <div class="outline-text-3" id="text-org219bc68">
</div>
- <div id="outline-container-org924fa64" class="outline-4">
- <h4 id="org924fa64">Consider using a VPN</h4>
- <div class="outline-text-4" id="text-org924fa64">
+ <div id="outline-container-orge864f28" class="outline-3">
+ <h3 id="orge864f28">Install from third-party repo with a script</h3>
+ <div class="outline-text-3" id="text-orge864f28">
<p>
- Some copyright holders use bots to detects users downloading their media. If you&rsquo;re not using a VPN, these companies can see your IP and potentially send complaints to your ISP. If you download many things and want to keep your ISP happy, using a VPN will ensure your torrenting can&rsquo;t be traced to your IP address. I personally use and recommend Mullvad ($5/month for 5 devices), but there are other reputable ones like Proton and IVPN.
+ Here&rsquo;s <code>/srv/user_salt/pkgs/signal.sls</code> as an example. It starts by installing some dependencies using the most common <code>pkg.installed</code> method, then moves an install script <code>/srv/user_salt/pkgs/install-scripts/signal-repo.sh</code> into a qube and executes it to install the Signal messenger.
</p>
+
+ <div class="org-src-container">
+ <pre class="src src-salt"><span style="color: #928374;">...</span>
+
+ <span style="color: #d3869b;">signal--repo-script</span>:
+ <span style="color: #b8bb26;">file.managed</span>: <span style="color: #928374;"># </span><span style="color: #928374;">file.managed lets you place files from your salt repo into qubes</span>
+ - <span style="color: #fe8019;">name</span>: /usr/bin/install-repo <span style="color: #928374;"># </span><span style="color: #928374;">this is where the installation script is placed</span>
+ - <span style="color: #83a598;">source</span>: <span style="color: #fe8019;">salt://</span>pkgs/install-scripts/signal-repo.sh <span style="color: #928374;"># </span><span style="color: #928374;">This is where the installation script was sourced</span>
+ - <span style="color: #83a598;">user</span>: root <span style="color: #928374;"># </span><span style="color: #928374;">sets the owner of the file, you can usually default to root</span>
+ - <span style="color: #83a598;">group</span>: root <span style="color: #928374;"># </span><span style="color: #928374;">sets the group of the file, you can usually default to root</span>
+ - <span style="color: #83a598;">mode</span>: 777 <span style="color: #928374;"># </span><span style="color: #928374;">sets the permissions of the file, you can usually default to 777 (any user on the qube has permissions)</span>
+
+ <span style="color: #928374;"># </span><span style="color: #928374;">This simply executes the install-repo script in a qube</span>
+ <span style="color: #b8bb26;">'install-repo'</span>:
+ <span style="color: #b8bb26;">cmd.run</span>
+ </pre>
</div>
- </div>
- <div id="outline-container-org84616cd" class="outline-4">
- <h4 id="org84616cd">Stream Media</h4>
- <div class="outline-text-4" id="text-org84616cd">
- <p>
- When you go to download a torrent and the download prompt pops up, you can optionally select &ldquo;Download first and last pieces first&rdquo; and &ldquo;Download in sequential order&rdquo;.
- </p>
<p>
- This will likely make the total download take longer, but by downloading it in order, you can stream it in real time. Wait until about 5% of the download is complete, then you can watch it while the rest downloads live in the background.
+ Here&rsquo;s the installation script that&rsquo;s ran:
</p>
</div>
+ <div id="outline-container-org43e55e5" class="outline-4">
+ <h4 id="org43e55e5"><code>/srv/user_salt/pkgs/install-scripts/signal-repo.sh</code></h4>
+ <div class="outline-text-4" id="text-org43e55e5">
+ <div class="org-src-container">
+ <pre class="src src-bash"><span style="color: #928374;"># </span><span style="color: #928374;">Retrieves Signal's key for verifying the package</span>
+ <span style="color: #928374;"># </span><span style="color: #928374;">The request is proxied through 127.0.0.1:8082 to allow the template qube to access the internet</span>
+ <span style="color: #fabd2f;">sudo</span> <span style="color: #fabd2f;">curl</span> --proxy 127.0.0.1:8082 -s https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor | <span style="color: #fabd2f;">sudo</span> tee -a /usr/share/keyrings/signal-desktop-keyring.gpg &gt; /dev/null
+
+ <span style="color: #928374;"># </span><span style="color: #928374;">Defines Signal's repo in /etc/apt/sources.list.d/</span>
+ <span style="color: #fabd2f;">echo</span> <span style="color: #b8bb26;">'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main'</span> | tee /etc/apt/sources.list.d/signal-xenial.list
+
+ <span style="color: #928374;"># </span><span style="color: #928374;">Updates packages and installs signal-desktop through the newly configured repository</span>
+ <span style="color: #fabd2f;">sudo</span> apt update
+ <span style="color: #fabd2f;">sudo</span> apt install signal-desktop -y
+ </pre>
</div>
- <div id="outline-container-orgc475f22" class="outline-4">
- <h4 id="orgc475f22">Hosting a media server with Jellyfin</h4>
- <div class="outline-text-4" id="text-orgc475f22">
- <p>
- Jellyfin is a Free and open-source media-hosting server you can run on your computer. It&rsquo;ll let you sign in to your library on a smart TV, other devices on your local network, or in a browser.
- </p>
-
- <p>
- Setting it up is outside the scope of this post, but I highly recommend it. It basically just consists of downloading the server, configuring your libraries, installing the clients on your other devices, and logging in to your server.
- </p>
-
- <p>
- <a href="https://jellyfin.org/">https://jellyfin.org/</a>
- </p>
</div>
</div>
</div>
]]></description>
</item>
<item>
+ <title>Website update</title>
+ <link>./feed.html#org8546f71</link>
+ <author>user@emacs-org (nil)</author>
+ <guid isPermaLink="false">./feed.html#org8546f71</guid>
+ <pubDate>Sat, 01 Mar 2025 10:14:00 -0700</pubDate>
+
+ <description><![CDATA[<p>
+ I've changed a few things about the website:
+ </p>
+
+ <p>
+ The blog posts have been consolidated into a single org document. I like the feeling of having one large waterfall of writing, with a level-one table of contents to navigate the posts.
+ </p>
+
+ <p>
+ I've figured out how to create an RSS feed using <code>ox-rss</code>, which makes it easy to generate an xml feed from the newly-consolidated feed.org document. You can now follow my feed from any RSS reader!
+ </p>
+
+ <p>
+ <a href="https://git.skylarcloud.xyz">https://git.skylarcloud.xyz</a> now has a repo with the org and html files used for this site.
+ </p>
+ ]]></description>
+</item>
+<item>
+ <title>Convenient torrenting with qBittorrent</title>
+ <link>./feed.html#org6682b69</link>
+ <author>user@emacs-org (nil)</author>
+ <guid isPermaLink="false">./feed.html#org6682b69</guid>
+ <pubDate>Fri, 28 Feb 2025 14:30:00 -0700</pubDate>
+
+ <description><![CDATA[<div id="outline-container-org50c06ba" class="outline-3">
+ <h3 id="org50c06ba">Introduction</h3>
+ <div class="outline-text-3" id="text-org50c06ba">
+ <p>
+ Your access to media should not be limited by money, nor should it be limited by technical ability. I want to demonstrate with this quick guide that torrenting is as accessible and easy as it&rsquo;s ever been, using Free and open-source software.
+ </p>
+ </div>
+ </div>
+ <div id="outline-container-org38abf34" class="outline-3">
+ <h3 id="org38abf34">Install qBittorrent</h3>
+ <div class="outline-text-3" id="text-org38abf34">
+ <p>
+ qBittorrent is a Free and open-source BitTorrent client that supports tons of features, but you need to know much at all to get started. To install it, go to their downloads page website at <a href="https://www.qbittorrent.org/download">https://www.qbittorrent.org/download</a> and select the right option for your computer. It supports Windows, MacOS, and can be installed through most common package managers on Linux.
+ </p>
+
+ <p>
+ After it&rsquo;s downloaded, install it like you would with any other program.
+ </p>
+ </div>
+ </div>
+ <div id="outline-container-org38bc3ba" class="outline-3">
+ <h3 id="org38bc3ba">Enable the search engine</h3>
+ <div class="outline-text-3" id="text-org38bc3ba">
+ <p>
+ To let us search for media, we need to turn on qBittorrent&rsquo;s search engine.
+ </p>
+ <ul class="org-ul">
+ <li>Click the &ldquo;View&rdquo; button in the toolbar</li>
+ <li>Check the &ldquo;Search Engine&rdquo; box
+ There should now be a &ldquo;Search&rdquo; tab next to &ldquo;Transfers&rdquo; under the toolbar</li>
+ <li>Click the &ldquo;Search&rdquo; tab</li>
+ <li>Click &ldquo;Search Plugins&rdquo; at the bottom right</li>
+ <li>Click &ldquo;Check for updates&rdquo;</li>
+ <li>Click &ldquo;Ok&rdquo; and &ldquo;Close&rdquo; to exit the search plugins menu</li>
+ </ul>
+ </div>
+ </div>
+ <div id="outline-container-orgef3da95" class="outline-3">
+ <h3 id="orgef3da95">Search for and download some media</h3>
+ <div class="outline-text-3" id="text-orgef3da95">
+ <ul class="org-ul">
+ <li>In the &ldquo;Search&rdquo; tab, click on the search bar, enter the name of some movie, and press Return. Very quickly, you should see many results, with slightly different titles, sizes, and numbers of &ldquo;Seeders&rdquo;, among other things.</li>
+ </ul>
+ <p>
+ &ldquo;Seeders&rdquo; refers to the computers that are hosting the media you want. In general, you want to download files being seeded by lots of computers to get the fastest download speeds possible
+ </p>
+ <ul class="org-ul">
+ <li>Pick a result with a name indicating the media, resolution, and episodes/seasons you want. Double-click it</li>
+ <li>A download prompt will appear. It has lots of settings, but you can simply click &ldquo;Ok&rdquo; to download it normally.</li>
+ </ul>
+ </div>
+ </div>
+ <div id="outline-container-org3df4cee" class="outline-3">
+ <h3 id="org3df4cee">Now just wait</h3>
+ <div class="outline-text-3" id="text-org3df4cee">
+ <p>
+ You can track the progress of torrents being downloaded in the &ldquo;Transfers&rdquo; tab. When it&rsquo;s 100% complete, you can right-click the file, and click &ldquo;Preview file&rdquo; to have it play in your default media player.
+ </p>
+
+ <p>
+ If you&rsquo;re feeling charitable, you can leave qBittorrent running in the background to seed the files for other users. It&rsquo;ll help keep the media accessible for everyone, and improve download speeds for others. Using a VPN is recommended if you plan on leaving the client running for long periods of time.
+ </p>
+ </div>
+ </div>
+ <div id="outline-container-org982f591" class="outline-3">
+ <h3 id="org982f591">Extra tips</h3>
+ <div class="outline-text-3" id="text-org982f591">
+ </div>
+ <div id="outline-container-orgd723eaa" class="outline-4">
+ <h4 id="orgd723eaa">Consider using a VPN</h4>
+ <div class="outline-text-4" id="text-orgd723eaa">
+ <p>
+ Some copyright holders use bots to detects users downloading their media. If you&rsquo;re not using a VPN, these companies can see your IP and potentially send complaints to your ISP. If you download many things and want to keep your ISP happy, using a VPN will ensure your torrenting can&rsquo;t be traced to your IP address. I personally use and recommend Mullvad ($5/month for 5 devices), but there are other reputable ones like Proton and IVPN.
+ </p>
+ </div>
+ </div>
+ <div id="outline-container-org7e4908e" class="outline-4">
+ <h4 id="org7e4908e">Stream Media</h4>
+ <div class="outline-text-4" id="text-org7e4908e">
+ <p>
+ When you go to download a torrent and the download prompt pops up, you can optionally select &ldquo;Download first and last pieces first&rdquo; and &ldquo;Download in sequential order&rdquo;.
+ </p>
+
+ <p>
+ This will likely make the total download take longer, but by downloading it in order, you can stream it in real time. Wait until about 5% of the download is complete, then you can watch it while the rest downloads live in the background.
+ </p>
+ </div>
+ </div>
+ <div id="outline-container-orga12a4f2" class="outline-4">
+ <h4 id="orga12a4f2">Hosting a media server with Jellyfin</h4>
+ <div class="outline-text-4" id="text-orga12a4f2">
+ <p>
+ Jellyfin is a Free and open-source media-hosting server you can run on your computer. It&rsquo;ll let you sign in to your library on a smart TV, other devices on your local network, or in a browser.
+ </p>
+
+ <p>
+ Setting it up is outside the scope of this post, but I highly recommend it. It basically just consists of downloading the server, configuring your libraries, installing the clients on your other devices, and logging in to your server.
+ </p>
+
+ <p>
+ <a href="https://jellyfin.org/">https://jellyfin.org/</a>
+ </p>
+ </div>
+ </div>
+ </div>
+ ]]></description>
+</item>
+<item>
<title>QubesOS Saltstack configuration v1</title>
- <link>./feed.html#org6756fb8</link>
+ <link>./feed.html#org4ae133c</link>
<author>user@emacs-org (nil)</author>
- <guid isPermaLink="false">./feed.html#org6756fb8</guid>
+ <guid isPermaLink="false">./feed.html#org4ae133c</guid>
<pubDate>Fri, 28 Feb 2025 14:30:00 -0700</pubDate>
- <description><![CDATA[<div id="outline-container-org34adb5e" class="outline-3">
- <h3 id="org34adb5e">Notice:</h3>
- <div class="outline-text-3" id="text-org34adb5e">
+ <description><![CDATA[<div id="outline-container-org51cf6a7" class="outline-3">
+ <h3 id="org51cf6a7">Notice:</h3>
+ <div class="outline-text-3" id="text-org51cf6a7">
<p>
<b>The repository is now hosted on this site at <a href="https://git.skylarcloud.xyz">https://git.skylarcloud.xyz</a>, not Github! For up-to-date instructions, refer to the new README.org in the new repo, there have been lots of changes since the publishing of this post.</b>
</p>
</div>
</div>
- <div id="outline-container-org0ce51c8" class="outline-3">
- <h3 id="org0ce51c8">Intro</h3>
- <div class="outline-text-3" id="text-org0ce51c8">
+ <div id="outline-container-org446009b" class="outline-3">
+ <h3 id="org446009b">Intro</h3>
+ <div class="outline-text-3" id="text-org446009b">
<p>
I&rsquo;m publishing the janky V1 of my QubesOS configuration written with Saltstack. It&rsquo;ll help set up a window manager, a couple of handy qubes, Doom Emacs, and the 3isec repo to jump-start your QubesOS experience.
</p>
@@ -191,42 +313,42 @@
You can use my configuration almost as-is (just change the username references!) and it does work, but it&rsquo;s not very feature-filled or optimized, and it&rsquo;s probable that the next versions will conflict with it.
</p>
</div>
- <div id="outline-container-org6ef3634" class="outline-4">
- <h4 id="org6ef3634">Link to repo on Github</h4>
- <div class="outline-text-4" id="text-org6ef3634">
+ <div id="outline-container-orgba44ddd" class="outline-4">
+ <h4 id="orgba44ddd">Link to repo on Github</h4>
+ <div class="outline-text-4" id="text-orgba44ddd">
<p>
<a href="https://github.com/bumbleoats/My-QubesOS-Configuration">https://github.com/bumbleoats/My-QubesOS-Configuration</a>
</p>
</div>
</div>
- <div id="outline-container-orgd910254" class="outline-4">
- <h4 id="orgd910254">Installation</h4>
- <div class="outline-text-4" id="text-orgd910254">
+ <div id="outline-container-org0f71668" class="outline-4">
+ <h4 id="org0f71668">Installation</h4>
+ <div class="outline-text-4" id="text-org0f71668">
<p>
Make sure <code>state.user-dirs</code> is active, then just move the repo to <code>/srv/user_salt/</code> in dom0, and apply with <code>sudo qubesctl --all state.apply</code>
</p>
</div>
<ul class="org-ul">
- <li><a id="orgeed6bc0"></a>Resources for installation<br />
- <div class="outline-text-5" id="text-orgeed6bc0">
+ <li><a id="org3cea681"></a>Resources for installation<br />
+ <div class="outline-text-5" id="text-org3cea681">
</div>
<ul class="org-ul">
- <li><a id="orgab6baa0"></a>Community user guide for user-salt<br />
- <div class="outline-text-6" id="text-orgab6baa0">
+ <li><a id="org2221fce"></a>Community user guide for user-salt<br />
+ <div class="outline-text-6" id="text-org2221fce">
<ul class="org-ul">
<li><a href="https://forum.qubes-os.org/t/qubes-salt-beginners-guide/20126">https://forum.qubes-os.org/t/qubes-salt-beginners-guide/20126</a></li>
<li>This was the best resource I found as a beginner, I wasn&rsquo;t able to get anything working until I stumbled on it</li>
</ul>
</div>
</li>
- <li><a id="org0d9985b"></a>Issue I sometimes run into from a fresh QubesOS install<br />
- <div class="outline-text-6" id="text-org0d9985b">
+ <li><a id="orgd3b2949"></a>Issue I sometimes run into from a fresh QubesOS install<br />
+ <div class="outline-text-6" id="text-orgd3b2949">
<ul class="org-ul">
<li><a href="https://github.com/QubesOS/qubes-issues/issues/8491">https://github.com/QubesOS/qubes-issues/issues/8491</a></li>
<li>TL;DR: This is the solution that&rsquo;s worked for me, pulled from the discussion:</li>
</ul>
<div class="org-src-container">
- <pre class="src src-bash"><span style="color: #7fffd4;">ln</span> -s /srv/salt/qubes/user-dirs.top /srv/salt/_tops/base/user-dirs.top
+ <pre class="src src-bash"><span style="color: #fabd2f;">ln</span> -s /srv/salt/qubes/user-dirs.top /srv/salt/_tops/base/user-dirs.top
</pre>
</div>
</div>
@@ -236,9 +358,9 @@
</ul>
</div>
</div>
- <div id="outline-container-org5f783ba" class="outline-3">
- <h3 id="org5f783ba">Programs in dom0</h3>
- <div class="outline-text-3" id="text-org5f783ba">
+ <div id="outline-container-org5135ae6" class="outline-3">
+ <h3 id="org5135ae6">Programs in dom0</h3>
+ <div class="outline-text-3" id="text-org5135ae6">
<p>
My configuration will install a few programs in dom0. It&rsquo;s important that I put this at the top because generally, you want to limit the number of packages in dom0. Every new package is more attack surface on your most critical qube. I trust the programs I&rsquo;ve chosen to add, and by using my configuration, you&rsquo;re implicitly trusting them too.
</p>
@@ -248,20 +370,20 @@
</p>
</div>
</div>
- <div id="outline-container-org9acc97a" class="outline-3">
- <h3 id="org9acc97a">Window Management</h3>
- <div class="outline-text-3" id="text-org9acc97a">
+ <div id="outline-container-org3ef4622" class="outline-3">
+ <h3 id="org3ef4622">Window Management</h3>
+ <div class="outline-text-3" id="text-org3ef4622">
</div>
- <div id="outline-container-org06afe5e" class="outline-4">
- <h4 id="org06afe5e">i3</h4>
- <div class="outline-text-4" id="text-org06afe5e">
+ <div id="outline-container-orgcb3dfdf" class="outline-4">
+ <h4 id="orgcb3dfdf">i3</h4>
+ <div class="outline-text-4" id="text-orgcb3dfdf">
<p>
i3 is a tiling window manager. It&rsquo;s used primarily through the keyboard, so muscle memory can operate everything very quickly once you get used to it. When a window is opened, it will be &rsquo;tiled&rsquo;, maximizing screen space. To open windows, rofi is used to search for applications and qubes.
</p>
</div>
<ul class="org-ul">
- <li><a id="orgb1f4193"></a>Keybindings<br />
- <div class="outline-text-5" id="text-orgb1f4193">
+ <li><a id="org13576b5"></a>Keybindings<br />
+ <div class="outline-text-5" id="text-org13576b5">
<p>
You can navigate i3 with &rsquo;vim-like&rsquo; keybindings, inspired by the vi text editor. Some basic keybindings are shown below, and you can see many more by reading i3&rsquo;s config file at <code>/srv/user_salt/dots/i3</code>
</p>
@@ -316,9 +438,9 @@
</li>
</ul>
</div>
- <div id="outline-container-org55e8053" class="outline-4">
- <h4 id="org55e8053">Misc</h4>
- <div class="outline-text-4" id="text-org55e8053">
+ <div id="outline-container-orgf4889ef" class="outline-4">
+ <h4 id="orgf4889ef">Misc</h4>
+ <div class="outline-text-4" id="text-orgf4889ef">
<p>
<code>wm.sls</code> will do a few other smaller things:
</p>
@@ -333,13 +455,13 @@
</div>
</div>
</div>
- <div id="outline-container-org1a282ae" class="outline-3">
- <h3 id="org1a282ae">My qubes</h3>
- <div class="outline-text-3" id="text-org1a282ae">
+ <div id="outline-container-org1138952" class="outline-3">
+ <h3 id="org1138952">My qubes</h3>
+ <div class="outline-text-3" id="text-org1138952">
</div>
- <div id="outline-container-org4148fa7" class="outline-4">
- <h4 id="org4148fa7">Emacs</h4>
- <div class="outline-text-4" id="text-org4148fa7">
+ <div id="outline-container-org40fc918" class="outline-4">
+ <h4 id="org40fc918">Emacs</h4>
+ <div class="outline-text-4" id="text-org40fc918">
<p>
If you&rsquo;re a Doom Emacs user (there are dozens of us!) this will hopefully make your life slightly easier.
</p>
@@ -353,9 +475,9 @@
</p>
</div>
</div>
- <div id="outline-container-org3d6bfce" class="outline-4">
- <h4 id="org3d6bfce">Torrenting</h4>
- <div class="outline-text-4" id="text-org3d6bfce">
+ <div id="outline-container-orgf60ce2e" class="outline-4">
+ <h4 id="orgf60ce2e">Torrenting</h4>
+ <div class="outline-text-4" id="text-orgf60ce2e">
<p>
A template and app qube for qBittorrent will be created. The gruxbox theme that I use will be moved from dom0 to the app qube so it&rsquo;s easy to apply.
</p>
@@ -374,8 +496,8 @@
</ol>
</div>
<ul class="org-ul">
- <li><a id="org0161306"></a>VPN use<br />
- <div class="outline-text-5" id="text-org0161306">
+ <li><a id="orgc4e0c66"></a>VPN use<br />
+ <div class="outline-text-5" id="text-orgc4e0c66">
<p>
If you&rsquo;re downloading copyrighted content in an area where it&rsquo;s illegal, I would strongly urge you consider using a VPN to hide your IP address. LE is unlikely to bust down your door for watching Spongebob, but copyright holders can and will send letters to your ISP, which can eventually get your internet service shut off if you continue. Tor can be used, but it&rsquo;s extremely slow, and hogs a lot of bandwidth on the network.
</p>
@@ -387,18 +509,18 @@
</li>
</ul>
</div>
- <div id="outline-container-org77af039" class="outline-4">
- <h4 id="org77af039">Personal/work email</h4>
- <div class="outline-text-4" id="text-org77af039">
+ <div id="outline-container-org769ce31" class="outline-4">
+ <h4 id="org769ce31">Personal/work email</h4>
+ <div class="outline-text-4" id="text-org769ce31">
<p>
A template for email will be created, and two app qubes, &ldquo;email-personal&rdquo; and &ldquo;email-work&rdquo;. These just have the Thunderbird email client installed so you can sign into your accounts.
</p>
</div>
</div>
</div>
- <div id="outline-container-org4534dfc" class="outline-3">
- <h3 id="org4534dfc">3isec</h3>
- <div class="outline-text-3" id="text-org4534dfc">
+ <div id="outline-container-orgfc9debb" class="outline-3">
+ <h3 id="orgfc9debb">3isec</h3>
+ <div class="outline-text-3" id="text-orgfc9debb">
<p>
The 3isec repo is a handy repository of salt files with some miscellaneous utilities. The repository will be added to dom0, their gpg key will be added from this salt repository, and their graphical interface for it will be installed in dom0. You can start it with &rsquo;qubes-task-gui&rsquo; in dom0.
</p>
@@ -408,9 +530,9 @@
</p>
</div>
</div>
- <div id="outline-container-org1f0e0b5" class="outline-3">
- <h3 id="org1f0e0b5">Post install</h3>
- <div class="outline-text-3" id="text-org1f0e0b5">
+ <div id="outline-container-orgc905350" class="outline-3">
+ <h3 id="orgc905350">Post install</h3>
+ <div class="outline-text-3" id="text-orgc905350">
<p>
Almost everything will be done out of the box, but here are some recommended finishing touches:
</p>
@@ -422,9 +544,9 @@
</ul>
</div>
</div>
- <div id="outline-container-org388c31e" class="outline-3">
- <h3 id="org388c31e">What&rsquo;s next?</h3>
- <div class="outline-text-3" id="text-org388c31e">
+ <div id="outline-container-org1df075a" class="outline-3">
+ <h3 id="org1df075a">What&rsquo;s next?</h3>
+ <div class="outline-text-3" id="text-org1df075a">
<p>
This project will develop over time as I learn more about Saltstack and continue to work on my personal configuration. I have lots of plans:
</p>
@@ -444,19 +566,23 @@
</item>
<item>
<title>Create an anonymous Whonix environment with KVM + NixOS</title>
- <link>./feed.html#orgb869675</link>
+ <link>./feed.html#org747a82c</link>
<author>user@emacs-org (nil)</author>
- <guid isPermaLink="false">./feed.html#orgb869675</guid>
+ <guid isPermaLink="false">./feed.html#org747a82c</guid>
<pubDate>Fri, 28 Feb 2025 14:30:00 -0700</pubDate>
- <description><![CDATA[<div id="outline-container-org3a69d02" class="outline-3">
- <h3 id="org3a69d02">The why</h3>
- <div class="outline-text-3" id="text-org3a69d02">
+ <description><![CDATA[<div id="outline-container-org80001e9" class="outline-3">
+ <h3 id="org80001e9">The why</h3>
+ <div class="outline-text-3" id="text-org80001e9">
<p>
I&rsquo;ve spent significant time using QubesOS on various computers, and I&rsquo;ve been thoroughly spoiled by the VM magic Zen and the Qubes team have enabled. For a few reasons though, I&rsquo;ve recently switched my main laptop from running QubesOS to NixOS. NixOS is great: it&rsquo;s declaratively managed, fast, stable, has tons of fresh packages, but I can&rsquo;t help but feel like my trust in the system has decreased a little bit due to the lack of isolation via virtualization that QubesOS provides.
</p>
<p>
+ (3/1/2025 update: I&rsquo;m using QubesOS again)
+ </p>
+
+ <p>
Luckily, while VMs are fantastic to use especially with QubesOS, it&rsquo;s very much possible to get some of the benefits of QubesOS on a host Linux system like NixOS.
</p>
@@ -465,9 +591,9 @@
</p>
</div>
</div>
- <div id="outline-container-orgb6d7456" class="outline-3">
- <h3 id="orgb6d7456">What&rsquo;s Whonix?</h3>
- <div class="outline-text-3" id="text-orgb6d7456">
+ <div id="outline-container-orga7b32ea" class="outline-3">
+ <h3 id="orga7b32ea">What&rsquo;s Whonix?</h3>
+ <div class="outline-text-3" id="text-orga7b32ea">
<p>
Whonix is a 2-VM setup for compartmentalizing your computing, and uses the Tor Network to keep your activity anonymous. It runs on KickSecure (hardened Debian).
</p>
@@ -481,53 +607,53 @@
</p>
</div>
</div>
- <div id="outline-container-org36d91b3" class="outline-3">
- <h3 id="org36d91b3">KVM vs VirtualBox</h3>
- <div class="outline-text-3" id="text-org36d91b3">
+ <div id="outline-container-orga160189" class="outline-3">
+ <h3 id="orga160189">KVM vs VirtualBox</h3>
+ <div class="outline-text-3" id="text-orga160189">
<p>
Whonix supports 2 type-2 hypervisors: KVM and VirtualBox. KVM is build into the Linux kernel, and is thus fully <a href="https://www.gnu.org/philosophy/free-sw.en.html">Free Software</a>. VirtualBox is developed and maintained by Oracle, and is not Free software. I&rsquo;ll be using KVM for these examples, but there&rsquo;s a <a href="https://www.whonix.org/wiki/VirtualBox">convenient guide for VirtualBox</a>.
</p>
</div>
</div>
- <div id="outline-container-orga15a10c" class="outline-3">
- <h3 id="orga15a10c">KVM vs QubesOS Zen</h3>
- <div class="outline-text-3" id="text-orga15a10c">
+ <div id="outline-container-orgf2cbaa0" class="outline-3">
+ <h3 id="orgf2cbaa0">KVM vs QubesOS Zen</h3>
+ <div class="outline-text-3" id="text-orgf2cbaa0">
</div>
- <div id="outline-container-org599f44e" class="outline-4">
- <h4 id="org599f44e">Hypervisor simplicity</h4>
- <div class="outline-text-4" id="text-org599f44e">
+ <div id="outline-container-org92c3c9a" class="outline-4">
+ <h4 id="org92c3c9a">Hypervisor simplicity</h4>
+ <div class="outline-text-4" id="text-org92c3c9a">
<p>
KVM is part of the Linux kernel, meaning that the virtualization is being done by a larger, monolithic program than a type-1 hypervisor like Zen, with a larger attack surface.
</p>
</div>
</div>
- <div id="outline-container-org9239860" class="outline-4">
- <h4 id="org9239860">Type-1 vs type-2 hypervisor</h4>
- <div class="outline-text-4" id="text-org9239860">
+ <div id="outline-container-org4c28cf8" class="outline-4">
+ <h4 id="org4c28cf8">Type-1 vs type-2 hypervisor</h4>
+ <div class="outline-text-4" id="text-org4c28cf8">
<p>
KVM runs on a host Linux system, and therefor the contents of the VM are only as secure as the host system. This is perhaps the biggest downside to running this KVM setup over Qubes in terms of security. I&rsquo;d recommend delegating any risky activity to VMs like Whonix to try to mitigate the risk of malware running on your host system.
</p>
</div>
</div>
- <div id="outline-container-org0ff1508" class="outline-4">
- <h4 id="org0ff1508">No sys-net/firewall/usb/audio/etc.</h4>
- <div class="outline-text-4" id="text-org0ff1508">
+ <div id="outline-container-org2c18dd0" class="outline-4">
+ <h4 id="org2c18dd0">No sys-net/firewall/usb/audio/etc.</h4>
+ <div class="outline-text-4" id="text-org2c18dd0">
<p>
QubesOS uses VMs to compartmentalize the hardware, and running Whonix on a Linux host keeps those in the domain of the large Linux kernel.
</p>
</div>
</div>
- <div id="outline-container-org0f32781" class="outline-4">
- <h4 id="org0f32781">Performance</h4>
- <div class="outline-text-4" id="text-org0f32781">
+ <div id="outline-container-orgd52ea06" class="outline-4">
+ <h4 id="orgd52ea06">Performance</h4>
+ <div class="outline-text-4" id="text-orgd52ea06">
<p>
Whonix on KVM performs about as well as on QubesOS (varying based on how much virtual CPU/memory you allocate of course), but a big benefit of having a Linux host is that the applications ran in it won&rsquo;t be slowed down by virtualization. Risky activities can be compartmentalized while keeping the main system fast and convenient to use.
</p>
</div>
</div>
- <div id="outline-container-org916c3ed" class="outline-4">
- <h4 id="org916c3ed">Relevant Whonix security documentation</h4>
- <div class="outline-text-4" id="text-org916c3ed">
+ <div id="outline-container-org562f793" class="outline-4">
+ <h4 id="org562f793">Relevant Whonix security documentation</h4>
+ <div class="outline-text-4" id="text-org562f793">
<p>
The advantages QubesOS has over KVM listed above are just a few basic examples. QubesOS has a much more robust security model in many ways, and if your security is <b>essential</b>, you should understand the downsides:
</p>
@@ -537,9 +663,9 @@
</div>
</div>
</div>
- <div id="outline-container-orgf4b1364" class="outline-3">
- <h3 id="orgf4b1364">Installing Whonix on KVM</h3>
- <div class="outline-text-3" id="text-orgf4b1364">
+ <div id="outline-container-org902f848" class="outline-3">
+ <h3 id="org902f848">Installing Whonix on KVM</h3>
+ <div class="outline-text-3" id="text-org902f848">
<p>
Make sure to check the relevant NixOS and Whonix documentation to ensure these examples are up-to-date. Always be weary of executing commands from a random blog on the internet, and go to the source whenever possible.
</p>
@@ -553,9 +679,9 @@
Some of this setup (packages, user groups, dconf settings, the actual virtualization setup) is declaratively configured, but many of the commands to set up Whonix are not. On a fresh NixOS system build with your configuration.nix, you&rsquo;ll still need to download the Whonix images and set them up with the commands outlined below. It&rsquo;s possible more (or even all?) of this could be done declaratively with more NixOS knowledge.
</p>
</div>
- <div id="outline-container-orgeeec3fa" class="outline-4">
- <h4 id="orgeeec3fa">Installing KVM + Virt-manager</h4>
- <div class="outline-text-4" id="text-orgeeec3fa">
+ <div id="outline-container-org8f12872" class="outline-4">
+ <h4 id="org8f12872">Installing KVM + Virt-manager</h4>
+ <div class="outline-text-4" id="text-org8f12872">
<p>
Enable libvirtd and virt-manager
</p>
@@ -605,16 +731,16 @@
</p>
<div class="org-src-container">
- <pre class="src src-sh"><span style="color: #00cd66;"># </span><span style="color: #00cd66;">Start qemu networking</span>
- <span style="color: #7fffd4;">sudo</span> virsh -c qemu:///system net-autostart default
- <span style="color: #7fffd4;">sudo</span> virsh -c qemu:///system net-start default
+ <pre class="src src-sh"><span style="color: #928374;"># </span><span style="color: #928374;">Start qemu networking</span>
+ <span style="color: #fabd2f;">sudo</span> virsh -c qemu:///system net-autostart default
+ <span style="color: #fabd2f;">sudo</span> virsh -c qemu:///system net-start default
</pre>
</div>
</div>
</div>
- <div id="outline-container-org1c47128" class="outline-4">
- <h4 id="org1c47128">Download the Whonix XFCE .qcow archive</h4>
- <div class="outline-text-4" id="text-org1c47128">
+ <div id="outline-container-org1815afc" class="outline-4">
+ <h4 id="org1815afc">Download the Whonix XFCE .qcow archive</h4>
+ <div class="outline-text-4" id="text-org1815afc">
<ul class="org-ul">
<li>You can the most up-to-date versions directly from their website:
<ul class="org-ul">
@@ -624,30 +750,30 @@
</ul>
</div>
</div>
- <div id="outline-container-org3eb5a57" class="outline-4">
- <h4 id="org3eb5a57">Extract the archive</h4>
- <div class="outline-text-4" id="text-org3eb5a57">
+ <div id="outline-container-org6e14587" class="outline-4">
+ <h4 id="org6e14587">Extract the archive</h4>
+ <div class="outline-text-4" id="text-org6e14587">
<p>
- Make sure your working directory and archive are both in your home directory. (You may need to <code class="src src-sh"><span style="color: #7fffd4;">mv</span> ~/Downloads/Whonix* ~/</code>)
+ Make sure your working directory and archive are both in your home directory. (You may need to <code class="src src-sh"><span style="color: #fabd2f;">mv</span> ~/Downloads/Whonix* ~/</code>)
</p>
<div class="org-src-container">
- <pre class="src src-sh"><span style="color: #00cd66;"># </span><span style="color: #00cd66;">Unpacking archive with gnu tar</span>
- <span style="color: #8c8c8c;">[</span>~/<span style="color: #8c8c8c;">]</span>$ tar -xvf Whonix*.libvirt.xz
+ <pre class="src src-sh"><span style="color: #928374;"># </span><span style="color: #928374;">Unpacking archive with gnu tar</span>
+ <span style="color: #fe8019;">[</span>~/<span style="color: #fe8019;">]</span>$ tar -xvf Whonix*.libvirt.xz
</pre>
</div>
</div>
</div>
- <div id="outline-container-org0fd241e" class="outline-4">
- <h4 id="org0fd241e">Agree to the Whonix Binary License Agreement</h4>
- <div class="outline-text-4" id="text-org0fd241e">
+ <div id="outline-container-org33adbc1" class="outline-4">
+ <h4 id="org33adbc1">Agree to the Whonix Binary License Agreement</h4>
+ <div class="outline-text-4" id="text-org33adbc1">
<p>
To read the agreement, use:
</p>
<div class="org-src-container">
- <pre class="src src-sh"><span style="color: #00cd66;"># </span><span style="color: #00cd66;">Prints the license agreement</span>
- <span style="color: #8c8c8c;">[</span>~/<span style="color: #8c8c8c;">]</span>$ more WHONIX_BINARY_LICENSE_AGREEMENT
+ <pre class="src src-sh"><span style="color: #928374;"># </span><span style="color: #928374;">Prints the license agreement</span>
+ <span style="color: #fe8019;">[</span>~/<span style="color: #fe8019;">]</span>$ more WHONIX_BINARY_LICENSE_AGREEMENT
</pre>
</div>
@@ -656,73 +782,73 @@
</p>
<div class="org-src-container">
- <pre class="src src-sh"><span style="color: #00cd66;"># </span><span style="color: #00cd66;">Creates an empty file "..._accepted" that tells Whonix you agree</span>
- <span style="color: #8c8c8c;">[</span>~/<span style="color: #8c8c8c;">]</span>$ <span style="color: #7fffd4;">touch</span> WHONIX_BINARY_LICENSE_AGREEMENT_accepted
+ <pre class="src src-sh"><span style="color: #928374;"># </span><span style="color: #928374;">Creates an empty file "..._accepted" that tells Whonix you agree</span>
+ <span style="color: #fe8019;">[</span>~/<span style="color: #fe8019;">]</span>$ <span style="color: #fabd2f;">touch</span> WHONIX_BINARY_LICENSE_AGREEMENT_accepted
</pre>
</div>
</div>
</div>
- <div id="outline-container-org89cedda" class="outline-4">
- <h4 id="org89cedda">Setup Whonix virtual networks</h4>
- <div class="outline-text-4" id="text-org89cedda">
+ <div id="outline-container-org88fecdb" class="outline-4">
+ <h4 id="org88fecdb">Setup Whonix virtual networks</h4>
+ <div class="outline-text-4" id="text-org88fecdb">
<div class="org-src-container">
- <pre class="src src-sh"><span style="color: #00cd66;"># </span><span style="color: #00cd66;">Add virtual networks</span>
- <span style="color: #7fffd4;">sudo</span> virsh -c qemu:///system net-define Whonix_external*.xml
- <span style="color: #7fffd4;">sudo</span> virsh -c qemu:///system net-define Whonix_internal*.xml
-
- <span style="color: #00cd66;"># </span><span style="color: #00cd66;">Activate the networks</span>
- <span style="color: #7fffd4;">sudo</span> virsh -c qemu:///system net-autostart Whonix-External
- <span style="color: #7fffd4;">sudo</span> virsh -c qemu:///system net-start Whonix-External
- <span style="color: #7fffd4;">sudo</span> virsh -c qemu:///system net-autostart Whonix-Internal
- <span style="color: #7fffd4;">sudo</span> virsh -c qemu:///system net-start Whonix-Internal
+ <pre class="src src-sh"><span style="color: #928374;"># </span><span style="color: #928374;">Add virtual networks</span>
+ <span style="color: #fabd2f;">sudo</span> virsh -c qemu:///system net-define Whonix_external*.xml
+ <span style="color: #fabd2f;">sudo</span> virsh -c qemu:///system net-define Whonix_internal*.xml
+
+ <span style="color: #928374;"># </span><span style="color: #928374;">Activate the networks</span>
+ <span style="color: #fabd2f;">sudo</span> virsh -c qemu:///system net-autostart Whonix-External
+ <span style="color: #fabd2f;">sudo</span> virsh -c qemu:///system net-start Whonix-External
+ <span style="color: #fabd2f;">sudo</span> virsh -c qemu:///system net-autostart Whonix-Internal
+ <span style="color: #fabd2f;">sudo</span> virsh -c qemu:///system net-start Whonix-Internal
</pre>
</div>
</div>
</div>
- <div id="outline-container-org9c5ca52" class="outline-4">
- <h4 id="org9c5ca52">Import Whonix Gateway and Workstation images</h4>
- <div class="outline-text-4" id="text-org9c5ca52">
+ <div id="outline-container-orge7e6160" class="outline-4">
+ <h4 id="orge7e6160">Import Whonix Gateway and Workstation images</h4>
+ <div class="outline-text-4" id="text-orge7e6160">
<div class="org-src-container">
- <pre class="src src-sh"><span style="color: #00cd66;"># </span><span style="color: #00cd66;">Creates two qemu profiles for the Whonix VMs</span>
- <span style="color: #7fffd4;">sudo</span> virsh -c qemu:///system define Whonix-Gateway*.xml
- <span style="color: #7fffd4;">sudo</span> virsh -c qemu:///system define Whonix-Workstation*.xml
+ <pre class="src src-sh"><span style="color: #928374;"># </span><span style="color: #928374;">Creates two qemu profiles for the Whonix VMs</span>
+ <span style="color: #fabd2f;">sudo</span> virsh -c qemu:///system define Whonix-Gateway*.xml
+ <span style="color: #fabd2f;">sudo</span> virsh -c qemu:///system define Whonix-Workstation*.xml
</pre>
</div>
</div>
</div>
- <div id="outline-container-org0672edc" class="outline-4">
- <h4 id="org0672edc">Image File Installation</h4>
- <div class="outline-text-4" id="text-org0672edc">
+ <div id="outline-container-org5cd45c3" class="outline-4">
+ <h4 id="org5cd45c3">Image File Installation</h4>
+ <div class="outline-text-4" id="text-org5cd45c3">
<div class="org-src-container">
- <pre class="src src-sh"><span style="color: #00cd66;"># </span><span style="color: #00cd66;">Assigns those qemu VMs to the Whonix .qcow2 images</span>
- <span style="color: #8c8c8c;">[</span>~/<span style="color: #8c8c8c;">]</span>$ <span style="color: #7fffd4;">sudo</span> <span style="color: #7fffd4;">mv</span> Whonix-Gateway*.qcow2 /var/lib/libvirt/images/Whonix-Gateway.qcow2
- <span style="color: #8c8c8c;">[</span>~/<span style="color: #8c8c8c;">]</span>$ <span style="color: #7fffd4;">sudo</span> <span style="color: #7fffd4;">mv</span> Whonix-Workstation*.qcow2 /var/lib/libvirt/images/Whonix-Workstation.qcow2
+ <pre class="src src-sh"><span style="color: #928374;"># </span><span style="color: #928374;">Assigns those qemu VMs to the Whonix .qcow2 images</span>
+ <span style="color: #fe8019;">[</span>~/<span style="color: #fe8019;">]</span>$ <span style="color: #fabd2f;">sudo</span> <span style="color: #fabd2f;">mv</span> Whonix-Gateway*.qcow2 /var/lib/libvirt/images/Whonix-Gateway.qcow2
+ <span style="color: #fe8019;">[</span>~/<span style="color: #fe8019;">]</span>$ <span style="color: #fabd2f;">sudo</span> <span style="color: #fabd2f;">mv</span> Whonix-Workstation*.qcow2 /var/lib/libvirt/images/Whonix-Workstation.qcow2
</pre>
</div>
</div>
</div>
- <div id="outline-container-orge764682" class="outline-4">
- <h4 id="orge764682">Remove Whonix home clutter</h4>
- <div class="outline-text-4" id="text-orge764682">
+ <div id="outline-container-orged3924f" class="outline-4">
+ <h4 id="orged3924f">Remove Whonix home clutter</h4>
+ <div class="outline-text-4" id="text-orged3924f">
<div class="org-src-container">
- <pre class="src src-sh"><span style="color: #00cd66;"># </span><span style="color: #00cd66;">WARNING: running this command will delete every file that starts with "Whonix" or "WHONIX" in your working directory.</span>
- <span style="color: #8c8c8c;">[</span>~/<span style="color: #8c8c8c;">]</span>$ <span style="color: #7fffd4;">rm</span> Whonix*
- <span style="color: #8c8c8c;">[</span>~/<span style="color: #8c8c8c;">]</span>$ <span style="color: #7fffd4;">rm</span> -r WHONIX*
+ <pre class="src src-sh"><span style="color: #928374;"># </span><span style="color: #928374;">WARNING: running this command will delete every file that starts with "Whonix" or "WHONIX" in your working directory.</span>
+ <span style="color: #fe8019;">[</span>~/<span style="color: #fe8019;">]</span>$ <span style="color: #fabd2f;">rm</span> Whonix*
+ <span style="color: #fe8019;">[</span>~/<span style="color: #fe8019;">]</span>$ <span style="color: #fabd2f;">rm</span> -r WHONIX*
</pre>
</div>
</div>
</div>
</div>
- <div id="outline-container-org943df8b" class="outline-3">
- <h3 id="org943df8b">Post-installation</h3>
- <div class="outline-text-3" id="text-org943df8b">
+ <div id="outline-container-org7c51ed4" class="outline-3">
+ <h3 id="org7c51ed4">Post-installation</h3>
+ <div class="outline-text-3" id="text-org7c51ed4">
<p>
Use the virt-manager application to start Whonix-Gateway, and open its terminal. We&rsquo;ll use setup-dist to create your Tor connection and otherwise prepare Whonix for use.
</p>
<div class="org-src-container">
- <pre class="src src-sh"><span style="color: #00cd66;"># </span><span style="color: #00cd66;">Whonix Gateway VM</span>
- <span style="color: #8c8c8c;">[</span>gateway user ~<span style="color: #8c8c8c;">]</span>% <span style="color: #7fffd4;">sudo</span> setup-dist
+ <pre class="src src-sh"><span style="color: #928374;"># </span><span style="color: #928374;">Whonix Gateway VM</span>
+ <span style="color: #fe8019;">[</span>gateway user ~<span style="color: #fe8019;">]</span>% <span style="color: #fabd2f;">sudo</span> setup-dist
</pre>
</div>
@@ -731,8 +857,8 @@
</p>
<div class="org-src-container">
- <pre class="src src-sh"><span style="color: #00cd66;"># </span><span style="color: #00cd66;">Whonix Gateway VM</span>
- <span style="color: #8c8c8c;">[</span>gateway user ~<span style="color: #8c8c8c;">]</span>% <span style="color: #7fffd4;">sudo</span> apt-get dist-upgrade
+ <pre class="src src-sh"><span style="color: #928374;"># </span><span style="color: #928374;">Whonix Gateway VM</span>
+ <span style="color: #fe8019;">[</span>gateway user ~<span style="color: #fe8019;">]</span>% <span style="color: #fabd2f;">sudo</span> apt-get dist-upgrade
</pre>
</div>
@@ -741,26 +867,26 @@
</p>
<div class="org-src-container">
- <pre class="src src-sh"><span style="color: #00cd66;"># </span><span style="color: #00cd66;">Whonix Workstation VM</span>
- <span style="color: #8c8c8c;">[</span>workstation user ~<span style="color: #8c8c8c;">]</span>% <span style="color: #7fffd4;">sudo</span> apt-get dist-upgrade
+ <pre class="src src-sh"><span style="color: #928374;"># </span><span style="color: #928374;">Whonix Workstation VM</span>
+ <span style="color: #fe8019;">[</span>workstation user ~<span style="color: #fe8019;">]</span>% <span style="color: #fabd2f;">sudo</span> apt-get dist-upgrade
</pre>
</div>
</div>
</div>
- <div id="outline-container-org5d358a1" class="outline-3">
- <h3 id="org5d358a1">Using Whonix</h3>
- <div class="outline-text-3" id="text-org5d358a1">
+ <div id="outline-container-org3a0f87a" class="outline-3">
+ <h3 id="org3a0f87a">Using Whonix</h3>
+ <div class="outline-text-3" id="text-org3a0f87a">
<p>
Assuming the VMs are booting properly and can receive updates, you should be good to go! You now have a compartmentalized environment where your traffic will be anonymized, and any malware should generally be contained to the VM (sophisticated enough malware could theoretically jump the KVM hypervisor, but if that&rsquo;s part of your threat model you probably shouldn&rsquo;t be getting security advice from this blog :P)
</p>
</div>
- <div id="outline-container-org2a9b8d1" class="outline-4">
- <h4 id="org2a9b8d1">Some tips</h4>
- <div class="outline-text-4" id="text-org2a9b8d1">
+ <div id="outline-container-org85f1f39" class="outline-4">
+ <h4 id="org85f1f39">Some tips</h4>
+ <div class="outline-text-4" id="text-org85f1f39">
</div>
<ul class="org-ul">
- <li><a id="org29d08f7"></a>Basic applications<br />
- <div class="outline-text-5" id="text-org29d08f7">
+ <li><a id="org084c03b"></a>Basic applications<br />
+ <div class="outline-text-5" id="text-org084c03b">
<ul class="org-ul">
<li>Tor Browser: Fingerprinting-resistant browser made for anonymous internet use</li>
<li>VLC: Video player capable of playing almost media file you throw at it</li>
@@ -772,8 +898,8 @@
</ul>
</div>
</li>
- <li><a id="orgc144233"></a>Staying secure and anonymous<br />
- <div class="outline-text-5" id="text-orgc144233">
+ <li><a id="org48c4753"></a>Staying secure and anonymous<br />
+ <div class="outline-text-5" id="text-org48c4753">
<p>
Think before you act! Whonix gives you a good platform for staying anonymous, but you can absolutely de-anonymize yourself if you&rsquo;re not careful.
</p>
@@ -791,8 +917,8 @@
</p>
</div>
<ul class="org-ul">
- <li><a id="orga5b2c88"></a>Use a live system when possible<br />
- <div class="outline-text-6" id="text-orga5b2c88">
+ <li><a id="org96daaba"></a>Use a live system when possible<br />
+ <div class="outline-text-6" id="text-org96daaba">
<p>
When you&rsquo;re booting the Workstation VM, you can select the option to run it &rsquo;live&rsquo;. This means that when you shutdown the VM, everything you did during the session is erased.
</p>
@@ -806,8 +932,8 @@
</p>
</div>
</li>
- <li><a id="org659aa2c"></a>Optionally disable Javascript in Tor Browser<br />
- <div class="outline-text-6" id="text-org659aa2c">
+ <li><a id="org961d50c"></a>Optionally disable Javascript in Tor Browser<br />
+ <div class="outline-text-6" id="text-org961d50c">
<p>
Javascript adds a massive attack surface to your browser, and disabling it can remove entire categories of browser-based malware. But, many many sites rely on Javascript for basic functionality.
</p>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 17:41:19 +0000