This is NOT a privacy guide.
This guide will mix your clearnet traffic with I2P, IPFS and Tor traffic. It increases your privacy compared to always using clearnet, but if you require strong privacy then use sys-whonix and refer to other guides.
On the other hand, if you want to just be able to click on a .onion link whenever you run into one, or an .i2p link , or you want to access your local copy of IPFS sites like vitalik.eth, and you just like tinkering with these technologies, read on.
In dom0
sudo vim /etc/qubes-rpc/policy/qubes.ConnectTCP
Add these lines, assuming your browsing VM is called 'browsing":
browsing proxy-i2p allow
browsing proxy-ipfs allow
browsing proxy-tor allow
In the template:
sudo apt install tor i2pd
Install Kubo for IPFS. Place the executable somewhere in the template that will be available in VMs based on it. I placed it in /software/system-owned/ipfs-kubo/
(but I’m looking forward to organize my applications that aren’t in repos using nix-shell
from NyxOS some day).
I like disabling services in the template and later enabling them in whichever VM I need:
sudo service i2p stop
sudo service tor stop
sudo systemctl mask i2p
sudo systemctl mask tor
Configuration for the new proxy- VMs
/rw/config/rc.local
of sys-i2p:
#!/usr/bin/env bash
# vim:ft=sh
exec 1> >(systemd-cat --identifier=rw-config-rc-local) 2>&1
## i2pd
systemctl unmask i2pd
# It cannot be a symlink
cp -fv /rw/config/i2pd.conf /etc/i2pd/i2pd.conf
service i2pd start
echo 'End of /rw/config/rc.local'
/rw/config/rc.local
of sys-ipfs:
#!/usr/bin/env bash
# vim:ft=sh
exec 1> >(systemd-cat --identifier=rw-config-rc-local) 2>&1
# From https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes#non-bsd
sysctl -w net.core.rmem_max=7500000
sysctl -w net.core.wmem_max=7500000
IPFS="sudo -u user /software/system-owned/ipfs-kubo/ipfs"
$IPFS --version
$IPFS cat /ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme
$IPFS daemon &
echo "End of /rw/config/rc.local"
/rw/config/rc.local
of proxy-tor:
#!/usr/bin/env dash
# vim:ft=sh
exec 1> >(systemd-cat --identifier=rw-config-rc-local) 2>&1
systemctl unmask tor
service tor start
echo 'End of /rw/config/rc.local'
Configuration for your browsing appVM
/rw/config/rc.local
for browsing appVM:
#!/usr/bin/env bash
# vi:syntax=sh
exec 1> >(systemd-cat --identifier=rw-config-rc-local) 2>&1
# Connect to I2P
qvm-connect-tcp 4444:proxy-i2p:4444
# Connect to IPFS
#qvm-connect-tcp 5001:proxy-ipfs:5001 # Better control Kubo from sys-ipfs browser
qvm-connect-tcp 8080:proxy-ipfs:8080
# Connect to Tor
qvm-connect-tcp 9050:proxy-tor:9050
echo "End of /rw/config/rc.local"
exit 0
If you use Brave, install SwitchyOmega. If you use Firefox, install FoxyProxy.
Now configure the 3 proxies in SwitchyOmega or FoxyProxy:
- I2P: Protocol: HTTP, Server:
localhost
, Port:4444
- IPFS: Protocol: HTTP, Server:
localhost
, Port:8080
- Tor: Protocol: SOCKS5, Server:
localhost
, Port:9050
Create switch rules in SwitchyOmega or FoxyProxy:
- Condition Type: Host wildcard, Condition Details:
*.i2p
, Profile: I2P - Condition Type: Host wildcard, Condition Details:
*.localhost:8080
, Profile:IPFS - Condition Type: Host wildcard, Condition Details:
*.onion
, Profile: Tor
Now install Redirector extension.
Configure Redirector extension:
- ENS domains to local IPFS: Redirect:
http*://*.eth/*
, to:http://$2.eth.ipns.localhost:8080/$3
, Example: https://vitalik.eth - ipfs.io to local IPFS: Redirect:
https://ipfs.io/ipfs/*/*
, to:http://$1.ipfs.localhost:8080/$2
, Example: https://ipfs.io/ipfs/bafybeia5tg2hsulnzzenub5twq4sf2g3pkrkqp4q4u4ui4xwowrarb5c5q/general/2024/12/03/wallets.html - ipfs.dweb.link to local IPFS: Redirect:
https://*.ipfs.dweb.link/*
, to:http://$1.ipfs.localhost:8080/$2
, Example: https://bafybeia5esoynn6udnsocgpwufk6one5vbkcvowseql5tfilf46asmveqy.ipfs.dweb.link/ - ipfs.cf-ipfs.io to local IPFS: Redirect:
https://*.ipfs.cf-ipfs.com/*
, to:http://$1.ipfs.localhost:8080/$2
, Example: https://bafybeia5esoynn6udnsocgpwufk6one5vbkcvowseql5tfilf46asmveqy.ipfs.cf-ipfs.com/
More
This guide could be extended to include:
- .sol Solana domains
- cjdns/Hyperboria
- Hyphanet (formerly known as Freenet)
- ZeroNet