Qubes OS: GUIX Overlay Debian 11 i2p Template and DVM
The password is: a
Magnet i2p Link:
Postman Link: http://tracker2.postman.i2p/index.php?view=TorrentDetail&id=67717
Size: 6.1 GiB (6,577,838,080 bytes)
In the Qubes OS context, the template is 85% secure. This means that it is more secure than 85% of Qubes users templates. It is up to you to screw it up!
In the i2p context, a dvm will be around 42% secure. This means that 58% of i2p users have more secure setups.
Some Whys or FAQs:
What is it? It is a Guix overlay of Debian 11 Template updated. It has the OUTGOING Qubes functions INHIBITED. It has USB GPS support and GUIX NTP. Will mention some ops later.
Why the low i2p security? The learning curve is best at this level. Less secure or more secure will result in a longer learning curve. This is NOT as secure as a VM based on a HVM template of an OS that you REALLY KNOW!
How much testing has been done? 2 years but of course Qubes developers and GUIX maintainers can screw you in one swipe.
How I use it:
This is my default template and DVM.
I start sys-net with sudo gufw and enable firewall (DENY-DENY).
Dito for sys-firewall.
I start sys-usb that is connected to sys-firewall with sudo etherape and check that only NTP connection and ICMP are displayed. I start terminal in sys-usb and run the command cgps. If my Time Offset is 0.0*, I run in Dom0 terminal sudo qvm-sync-clock (the USB qube is my time VM). If you are a jack-ass and don’t have accurate time use Google TimeSync (available in Documents of dvm) and it will put you around 0.3 seconds accuracy range which is just below time attacks (Do you feel lucky, PUNK?).
I don’t have a sys-whonix but some other similar arrangements. If you use sys-whonix clone and run sudo apt remove thunar and sudo apt autoremove when the Finish connection to Tor appears. That will inhibit some Qubes function in that dvm and make it secure for Qubes updates.
Yes I also use it for default-mgm-dvm.
The i2p part should be self explanatory. You have Dillo and Icecat already configured. DO NOT INSTALL the i2p+ router or run i2pd in the actual DVM but in the disp*.
I do expect some level of knowledge and testing before comments. I will NOT support this contraption for long because I’m not your bitch. I did it only for my own benefit. The safer and more knowledgeable, you are the better it is for me.
The template is ready now you need the Mosquitto messenger for the update network.