Commit 5b369498 authored by Clark's avatar Clark
Browse files

Renaming VMs, working on software installs, test/cleaning guide

parent be3263ff
......@@ -133,19 +133,19 @@ entity dom0 {
}
entity "default-mgmt-dvm" as default_mgmt_dvm {
{static} TemplateVM <f30>
{static} TemplateVM <fed30>
{static} NetVM <none>
}
rectangle << NetVMs >> {
entity "sys-net" as sys_net {
{static} TemplateVM <f30>
{static} TemplateVM <fed30>
{static} NetVM <none>
}
entity "sys-firewall" as sys_firewall {
{static} TemplateVM <f30>
{static} TemplateVM <fed30>
{static} NetVM <sys-net>
}
......@@ -155,14 +155,14 @@ entity "sys-vpn" as sys_vpn {
}
entity "sys-whonix" as sys_whonix {
{static} TemplateVM <w15-gw>
{static} TemplateVM <who15-gw>
{static} NetVM <sys-firewall>
}
}
entity "sys-usb" as sys_usb {
{static} TemplateVM <f30>
{static} TemplateVM <fed30>
{static} NetVM <none>
}
......@@ -175,7 +175,7 @@ rectangle UserSpace_Wrapper {
rectangle << UserSpace >> {
class "bytecache-dev" as bytecache_dev {
{static} TemplateVM <d10-ws>
{static} TemplateVM <deb10-ws>
{static} NetVM <sys-vpn>
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#rust Rust]]
......@@ -183,20 +183,20 @@ class "bytecache-dev" as bytecache_dev {
}
class "bytecache-email" as bytecache_email {
{static} TemplateVM <d10-email>
{static} TemplateVM <deb10-email>
{static} NetVM <sys-vpn>
{method} #Thunderbird
{method} #ProtonMail Bridge
}
class "bytecache-matrix" as bytecache_matrix {
{static} TemplateVM <d10-social>
{static} TemplateVM <deb10-social>
{static} NetVM <sys-vpn>
{method} #Element
}
class "bytecache-user" as bytecache_user {
{static} TemplateVM <w15-ws>
{static} TemplateVM <who15-ws>
{static} NetVM <sys-whonix>
}
......@@ -206,17 +206,17 @@ class "bytecache-gpg-vault" as bytecache_gpg_vault {
}
class "bytecache-ssh-vault" as bytecache_ssh_vault {
{static} TemplateVM <f30-ssh-vault>
{static} TemplateVM <fed30-ssh-vault>
{static} NetVM <none>
}
class "anon-whonix" as anon_whonix {
{static} TemplateVM <w15-ws>
{static} TemplateVM <who15-ws>
{static} NetVM <sys-vpn>
}
enum "u18-ws-dvm" as ubuntu_ws_dvm {
{static} TemplateVM <u18-ws>
enum "ubu18-ws-dvm" as ubuntu_ws_dvm {
{static} TemplateVM <ubu18-ws>
{static} NetVM <sys-whonix>
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#ethereum Ethereum]]
......@@ -227,8 +227,8 @@ enum "u18-ws-dvm" as ubuntu_ws_dvm {
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#radare-2 Radare 2]]
}
enum "d10-ws-dvm" as debian_ws_dvm {
{static} TemplateVM <d10-ws>
enum "deb10-ws-dvm" as debian_ws_dvm {
{static} TemplateVM <deb10-ws>
{static} NetVM <sys-whonix>
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#rust Rust]]
......@@ -238,29 +238,29 @@ enum "d10-ws-dvm" as debian_ws_dvm {
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#radare-2 Radare 2]]
}
enum "f30-dvm" as fedora_dvm {
{static} TemplateVM <f30>
enum "fed30-dvm" as fedora_dvm {
{static} TemplateVM <fed30>
{static} NetVM <sys-whonix>
}
class "untrusted" as untruster {
{static} TemplateVM <d10-ws>
{static} TemplateVM <deb10-ws>
{static} NetVM <sys-whonix>
}
enum "w15-ws-dvm" as whonix_ws_dvm {
{static} TemplateVM <w15-ws>
enum "who15-ws-dvm" as whonix_ws_dvm {
{static} TemplateVM <who15-ws>
{static} NetVM <sys-whonix>
}
class "work-email" as work_email {
{static} TemplateVM <d10>
{static} TemplateVM <deb10>
{static} NetVM <sys-vpn>
{method} #Thunderbird
}
class "work-dev" as work_dev {
{static} TemplateVM <u18-dev>
{static} TemplateVM <ubu18-ws>
{static} NetVM <sys-vpn>
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#ethereum Ethereum]]
......@@ -271,7 +271,7 @@ class "work-dev" as work_dev {
}
class "work-audit-gold-image" as work_audit_gold_image {
{static} TemplateVM <u18-dev>
{static} TemplateVM <ubu18-ws>
{static} NetVM <sys-vpn>
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#ethereum Ethereum]]
......@@ -282,7 +282,7 @@ class "work-audit-gold-image" as work_audit_gold_image {
}
class "work-social" as work_social {
{static} TemplateVM <d10-social>
{static} TemplateVM <deb10-social>
{static} NetVM <sys-vpn>
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} #Zoom
......@@ -295,17 +295,17 @@ class "work-gpg-vault" as work_gpg_vault {
}
class "work-ssh-vault" as work_ssh_vault {
{static} TemplateVM <f30-ssh-vault>
{static} TemplateVM <fed30-ssh-vault>
{static} NetVM <none>
}
class "backup-vault" as backup_vault {
{static} TemplateVM <f30>
{static} TemplateVM <fed30>
{static} NetVM <none>
}
class "pw-vault" as pw_vault {
{static} TemplateVM <f30>
{static} TemplateVM <fed30>
{static} NetVM <none>
}
......@@ -319,9 +319,9 @@ cloud << TemplateVMs >> {
rectangle << Debian >> {
interface "d10" as debian
interface "deb10" as debian
abstract "d10-ws" as debian_ws {
abstract "deb10-ws" as debian_ws {
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#rust Rust]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#python-3 Python3]]
......@@ -330,12 +330,12 @@ abstract "d10-ws" as debian_ws {
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#radare-2 Radare 2]]
}
abstract "d10-email" as debian_email {
abstract "deb10-email" as debian_email {
{method} #ProtonMail Bridge
{method} #Thunderbird
}
abstract "d10-social" as debian_social {
abstract "deb10-social" as debian_social {
{method} #Zoom
{method} #Slack
{method} #Element
......@@ -346,9 +346,9 @@ abstract "d10-social" as debian_social {
rectangle << Ubuntu >> {
interface "u18" as ubuntu
interface "ubu18" as ubuntu
abstract "u18-ws" as ubuntu_ws {
abstract "ubu18-ws" as ubuntu_ws {
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#emacs Emacs]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#ethereum Ethereum]]
{method} +[[https://blog.bytecache.io/Self-hosted/Workstation.html#rust Rust]]
......@@ -363,16 +363,16 @@ abstract "u18-ws" as ubuntu_ws {
rectangle Windows_Wrapper {
rectangle << Windows >> {
interface "w10" as windows
interface "win10" as windows
}
}
rectangle << Fedora >> {
interface "f30" as fedora
interface "fed30" as fedora
abstract "f30-ssh-vault" as fedora_ssh_vault {
abstract "fed30-ssh-vault" as fedora_ssh_vault {
{field} qubes-rpc qubes.SshAgent
}
......@@ -381,8 +381,8 @@ abstract "f30-ssh-vault" as fedora_ssh_vault {
rectangle Whonix_Wrapper {
rectangle << Whonix >> {
interface "w15-gw" as whonix_gw
interface "w15-ws" as whonix_ws
interface "who15-gw" as whonix_gw
interface "who15-ws" as whonix_ws
}
}
......@@ -408,9 +408,60 @@ fedora <.. fedora_ssh_vault
ubuntu <.. ubuntu_ws
#+end_src
#+RESULTS[a31702b504e47ebc4d678a603e0ccf395b64522f]:
#+RESULTS[33a800a30314671a471e4aba25356bae9dabd5a4]:
[[file:img/Qubes-VM-architecture.svg]]
* TODO Custom VMs
Creating custom virtual machines for QubesOS for Ubuntu and Windows.
** TODO Ubuntu
Need to document this...
** Windows VM
I still run Windows VMs, used exclusively for gaming.
References:
https://www.qubes-os.org/doc/windows-vm/
https://www.qubes-os.org/doc/windows-tools/
Download a Windows 10 iso to some untrusted VM.
From =dom0=, create a template.
#+BEGIN_SRC sh
qvm-create --class TemplateVM --property virt_mode=HVM --property kernel='' --label black windows-10-template
qvm-prefs windows-10-template memory 4096
qvm-prefs windows-10-template maxmem 4096
qvm-volume extend windows-10-template:root 25g
qvm-prefs windows-10-template debug true
qvm-features windows-10-template video-model cirrus
#+END_SRC
Then start the VM to begin installation using the downloaded iso.
#+BEGIN_SRC sh
qvm-start --cdrom=untrusted:/home/user/Win10_1809Oct_v2_English_x64.iso windows-10-template
#+END_SRC
Skip product key activation. Select Windows 10 Home. The VM will shutdown once the installer extracts the Windows installation files. Start the VM again to complete the installation. This may need to be done a couple times.
#+BEGIN_SRC sh
qvm-start windows-10-template
#+END_SRC
Once the installation completes, perform the following steps.
#+BEGIN_SRC sh
qvm-features --unset windows-10-template video-model
qvm-prefs windows-10-template qrexec_timeout 300
#+END_SRC
* TODO Enforce VPN Routing -> Move this to a NetVM (Qubes)
This requires some kind of VPN access. I'm using a low cost VPN provider, PIA. After signing up, the provide authentication credentials, what I'm using below as =vpn_username= and =vpn_password=.
......@@ -519,7 +570,6 @@ Add and enable the following extensions, in the following order:
5) [[https://addons.mozilla.org/en-US/firefox/addon/pay-by-privacy-com/][Pay by Privacy.com]]
6) [[https://github.com/marcelklehr/floccus][Floccus]]
** Protonmail Bridge
Download and install the Protonmail bridge, for synchronizing email locally for paid Prototonmail accounts.
......@@ -576,20 +626,6 @@ sudo add-apt-repository ppa:kelleyk/emacs && \
sudo apt update && sudo apt install emacs26
#+END_SRC
** TODO Riot and Whalebird
=Matrix= and =Mastodon= are decentralized, open-source, social networking protocols. =Riot= provides a desktop client to access =Matrix=, while =Whalebird= provides a desktop client for =Mastodon=.
#+BEGIN_SRC sh
sudo wget -O /usr/share/keyrings/riot-im-archive-keyring.gpg https://packages.riot.im/debian/riot-im-archive-keyring.gpg && \
echo "deb [signed-by=/usr/share/keyrings/riot-im-archive-keyring.gpg] https://packages.riot.im/debian/ default main" |
sudo tee /etc/apt/sources.list.d/riot-im.list && \
sudo apt update && \
sudo apt install -y riot-desktop && \
wget https://github.com/h3poteto/whalebird-desktop/releases/download/4.1.0/Whalebird-4.1.0-linux-x64.deb && \
sudo dpkg -i Whalebird-4.1.0-linux-x64.deb
#+END_SRC
** Rust
First install Rust.
......@@ -621,16 +657,29 @@ pip install virtualenv
** Ethereum
Install latest version of Node, Ethereum, solc, ganache, solium.
Steps are designed for Ubuntu.
#+BEGIN_SRC emacs-lisp
sudo add-apt-repository ppa:ethereum/ethereum -y && \
sudo apt update && \
sudo apt install -y solc && \
cd ~ && \
First install =node.js= and =npm=.
#+BEGIN_SRC sh
cd /tmp && \
sudo apt install -y curl && \
curl -sL https://deb.nodesource.com/setup_10.x -o nodesource_setup.sh && \
sudo bash nodesource_setup.sh && \
sudo apt install -y nodejs && \
sudo apt install nodejs
#+END_SRC
Install the =Solidity= compiler and =Geth=.
#+BEGIN_SRC sh
sudo add-apt-repository -y ppa:ethereum/ethereum && \
sudo apt update && \
sudo apt install -y solc ethereum
#+END_SRC
Finally, install =Truffle=, =Ganache=, and the =Solium= linter.
#+BEGIN_SRC sh
sudo npm install -g truffle ganache-cli solium
#+END_SRC
......@@ -665,54 +714,47 @@ sudo apt install radare2 && \
r2pm -i rarop
#+END_SRC
** TODO Cell Phone Utilities
** Zoom
I have a Pixel 3 running the [[https://grapheneos.org/][GrapheneOS]]. To flash the OS to my cell phone, it requires =abd= and =fastboot=, which are not part of Debian. To add these utilities, I'll download and install the [[https://developer.android.com/studio/releases/platform-tools][Android SDK Platform-Tools]], as follows.
Install Zoom on Fedora.
#+BEGIN_SRC sh
cd ~/ && \
wget https://dl.google.com/android/repository/platform-tools-latest-linux.zip && \
sudo unzip platform-tools-latest-linux.zip -d /etc/ && rm platform-tools-latest-linux.zip && \
export PATH="/etc/platform-tools:$PATH"
sudo dnf install -y ibus-m17n libXScrnSaver && \
cd /tmp && \
wget --https-only --secure-protocol=PFS https://zoom.us/client/latest/zoom_x86_64.rpm && \
sudo dnf localinstall -y zoom_x86_64.rpm
#+END_SRC
** Element
* Windows VM
I still run Windows VMs, used exclusively for gaming.
References:
https://www.qubes-os.org/doc/windows-vm/
https://www.qubes-os.org/doc/windows-tools/
Download a Windows 10 iso to some untrusted VM.
From =dom0=, create a template.
=Matrix= is a decentralized, open-source, chat protocol. =Element= (formerly known as Riot) provides a desktop client to access =Matrix=.
#+BEGIN_SRC sh
qvm-create --class TemplateVM --property virt_mode=HVM --property kernel='' --label black windows-10-template
qvm-prefs windows-10-template memory 4096
qvm-prefs windows-10-template maxmem 4096
qvm-volume extend windows-10-template:root 25g
qvm-prefs windows-10-template debug true
qvm-features windows-10-template video-model cirrus
sudo wget -O /usr/share/keyrings/riot-im-archive-keyring.gpg https://packages.riot.im/debian/riot-im-archive-keyring.gpg && \
echo "deb [signed-by=/usr/share/keyrings/riot-im-archive-keyring.gpg] https://packages.riot.im/debian/ default main" |
sudo tee /etc/apt/sources.list.d/riot-im.list && \
sudo apt update && \
sudo apt install -y riot-desktop
#+END_SRC
Then start the VM to begin installation using the downloaded iso.
#+BEGIN_SRC sh
qvm-start --cdrom=untrusted:/home/user/Win10_1809Oct_v2_English_x64.iso windows-10-template
#+END_SRC
** Slack
Skip product key activation. Select Windows 10 Home. The VM will shutdown once the installer extracts the Windows installation files. Start the VM again to complete the installation. This may need to be done a couple times.
Install Slack on Fedora.
#+BEGIN_SRC sh
qvm-start windows-10-template
cd /tmp && \
wget --https-only --secure-protocol=PFS https://downloads.slack-edge.com/linux_releases/slack-4.11.3-0.1.fc21.x86_64.rpm && \
sudo dnf localinstall -y slack-4.11.3-0.1.fc21.x86_64.rpm
#+END_SRC
Once the installation completes, perform the following steps.
** TODO Cell Phone Utilities
I have a Pixel 3 running the [[https://grapheneos.org/][GrapheneOS]]. To flash the OS to my cell phone, it requires =abd= and =fastboot=, which are not part of Debian. To add these utilities, I'll download and install the [[https://developer.android.com/studio/releases/platform-tools][Android SDK Platform-Tools]], as follows.
#+BEGIN_SRC sh
qvm-features --unset windows-10-template video-model
qvm-prefs windows-10-template qrexec_timeout 300
cd ~/ && \
wget https://dl.google.com/android/repository/platform-tools-latest-linux.zip && \
sudo unzip platform-tools-latest-linux.zip -d /etc/ && rm platform-tools-latest-linux.zip && \
export PATH="/etc/platform-tools:$PATH"
#+END_SRC
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment