[Whonix-devel] [qubes-users] Guide: Monero wallet/daemon isolation w/qubes+whonix

• Previous message (by thread): [Whonix-devel] [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?
• Next message (by thread): [Whonix-devel] [qubes-users] Guide: Monero wallet/daemon isolation w/qubes+whonix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I didn't notice this thread until now.

Interesting!

Now reference here:
https://www.whonix.org/wiki/Monero


I am wondering how to save users from as many manual steps as possible.


To save users from having to edit /rw/config/rc.local...

> socat TCP-LISTEN:18081,fork,bind=127.0.0.1 EXEC:"qrexec-client-vm
monerod-ws user.monerod"

Could maybe replaced by file:

/etc/anon-ws-disable-stacked-tor.d/40_monero.conf

content:

$pre_command socat TCP-LISTEN:18081,fork,bind=127.0.0.1
EXEC:"qrexec-client-vm monerod-ws user.monerod"

Should work after reboot (or after "sudo systemctl restart
anon-ws-disable-stacked-tor").

Untested.

Reference:
https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/etc/anon-ws-disable-stacked-tor.d/30_anon-dist.conf



/etc/qubes-rpc/policy/user.monerod could maybe become:
/etc/qubes-rpc/policy/whonix.monerod

To have users from manually creating it, could be dropped here:

https://github.com/QubesOS/qubes-core-admin-addon-whonix/tree/master/qubes-rpc-policy

If you like, create a pull request and see what Marek thinks.



/home/user/monerod.service would be better in /rw so only root can write
to it. Even better perhaps systemd user services?

https://www.brendanlong.com/systemd-user-services-are-amazing.html

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820111

• Previous message (by thread): [Whonix-devel] [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?
• Next message (by thread): [Whonix-devel] [qubes-users] Guide: Monero wallet/daemon isolation w/qubes+whonix
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]