Page 1 of 1

Why not run i2p in a linux/bsd distro as a vm in a standard way?

Posted: 04 May 2023 19:44
by robabok978
Why not run i2p in a linux/bsd distro as a vm in a standard way?

It could avoid some of the questions how to run i2p in x or how to install x to run in/with i2p.
Could bring more i2p apps to the user.
Could let possible users have more ?secure? access/feeling while using i2p.
Could be combined with Prestium.
More possibilities by os.



A distro specially created for i2p is not easy to maintain, so it should be more collection of scripts from users which modify their systems in a way they want to use it. More of a concept and scripts, which users can share with each other, than a tailored distro for the i2p usage. Build around one virtualizer and it should be usable on windows with a low number of interactions.

The root of the distributed bundle should have:
qemu executable installer, portable for windows; maybe static for linux or install script
sshfs/ssh installer/executables for windows, script for linux
optional ramdisk for windows, script for linux
optional tor-i2p-browser-manager
and some scripts. Best if portable.

It is the best to describe the functionality and install procedure by explaining the scripts

1. Script for installing the apps in the root

2. Script for installing the system and create the images

We create 2 disk images with qemu-img and using qcow2 for the vm image format. Qcow2 has some features like dynamic size and compression. Raw images are also thinkable, which have the benefit that it could be easier used further with other environments like vetoy or other vms. At this point i am not so sure about using 2 images or just one.

qemu-img create -f qcow2 ./system.qcow2 12G
qemu-img create -f qcow2 ./home.qcow2 12G

I split the system in two parts to make it easier to share own i2p environments and to have the separation from the user files and config, and the system. There is also some hope, that if you stay in linux most user configs in home can be exchanged while using a different linux distro. (there have to be some standard for the user name)

Then we install the linux system

There are many options. I think archlinux would be the best, as the install can easier been scripted and it should produce a even more tailored system and has a easy build system.
But I was lazy for testing this concept, so I choose debian (could use ubuntu or mint for more comfort and newer packages).

wget https://cdimage.debian.org/debian-cd/cu ... etinst.iso

qemu-system-x86_64 -enable-kvm -display gtk -m 4G -hda system.qcow2 -hdb home.qcow2 -
cdrom debian-11.6.0-amd64-netinst.iso -device VGA,vgamem_mb=64 -device virtio-net,netdev=vmnic -netdev user,id=vmnic -boot order=d

I encrypted each image and put a fs on it. I still don?t know which fs to choose, even btrfs with its compression is the first candidate. It should be one for which be later easier to re-shrink the images, but I think that the encryption and copyonwrite are destroying the ability to do that. Some scripts which do a fresh copy could achieve the size to distribute, but the size is not so important if the system has been downloaded or the install process is made by the user himself. But who wants to download this amount of gigs to just try it?



Hda
1GB /boot ext4
rest / btrfs

Hdb:
all /home btrfs

Then install the system. Notice that you have two passwords, which is not so nice, but at the moment I don?t know how to do an alternative. Maybe a keyfile with fstab will work for the /home partition.
And with the system password it will be 3 time for the user to start :). Maybe it will help using autologin or passwordless login to lower the times, but for the install it?s three times. It is to consider if an system encryption is really needed, if you only encrypt the /home image it would be enough for most.

At this point, while using a public passphrase, the system could be bundled and distributed. Ok apps are missing and could be easily installed by the scripts inside, for having java and a desktop/windows manager. File size was something around 2GB for the bare install with system tools and 5GB with lxde. All tries to get it smaller have been without success so far. I think the encryption makes the compressing with qemu qcow2 useless.

3. A script to access the users filesystem in the guest, from the host system
For this I use the sshfs which should mount the guest home folder and let it access, for example in windows, as a network access.
The user has now the ability to put files on or off and the benefit that this feature is integrated in the host system and can used within the users known environment - the explorer.

4. Scripts for starting services like the i2prouter from the host system. Let say you start the system with the start script and use the qemu feature of port forwarding to the host system for the ssh port. Now the system boots normally into the graphical login or headless and with a ssh command you start the i2prouter from the host system.

5. Script to start for using the qemu vnc feature or a guest-os tigervnc for accessing with a vnc viewer in the host system without sound

6. Script to start for using the qemu spice feature or a guest-os spice server for accessing with a viewer in the host system with sound

7.Script using qemu with the port forwarding of the i2prouter ports to the host system and then use with a browser with cache encryption like i2p-tor-browser-manager for example. Has the benefit of using gpu features of the host system in browser. For curiosity you could also use he pass-thru feature of qemu using a second graphics.

8. Script for a ?live? or restore use. Make a copy of the images. Run qemu with the copies and delete copies afterwards.
Other way: Copy images to ramdisk and run it from here.
Another way: Create a overlay for the image on ramdisk. Run qemu with overlay parameters. Delete overlay in ramdisk.

And others...

Inside the guest os:

My choices fell to 3 types of guis I use. Fluxbox for the weakest, lxde middle and mate for the stronger ones.
I am quite filebrowser centric, so if I have a different environment the use of familiar filebrowser is often useful.
So why not use scripts. The scripts made for myself are simple like just starting the i2prouter or install a app. I put these on my desktop, so if some start the desktop he would see a icon with the name start i2prouter, stop i2prouter.
I have also folders for app install scripts. Every app folder has the install/configure script plus a script which opens firefox and the download site. This is often helpful for updating the links in the script or doc usage. I like that, as I don?t have to fizzle in my bookmarks. Short videos that show what should happened are also an option.
There is also a folder with scripts for starting special apps or make system changes (change mac, zram etc.).
What I also thought of would be a autostart folder plus script on the desktop. You copy the start scripts into it and click the autostart script. It then would start all apps scripts. But I don?t know how to do that.
Appimages also got their own folder on the desktop.

I?m used to caja of the mate desktop (pcmanfm is nice, too). I think that nautilus or others have similar features. I use the bookmarks for easy accessing the i2psnark folder to add torrents and so like.
What I want to say is that if a install has default bookmarks in the filebrowser, it could be quite easier to find things for users who are not familiar with linux. ?delete x in your .config folder? would be 1 click on the bookmark to find.

Sometimes I have a separate user which home folder points to tmpfs ramdisk. I have a script in /home which copies my bookmarks to the other users folders or some scripts for getting needed addons or scripts for installing and starting the i2prouter. This could be seen as fresh, as the browser and router is new initialized/installed. There could be something in tmp, but bleachbit can erase them too, I think (and if it is encrypted, there should leave no traces). To change to the user you simply switch to the user in the graphical login.

For clearnet use I use a separate browser like firefox-esr or falcon or use the host one and copy and paste with vnc. The point is to have a separate one for clear and i2p. Tor-i2p-mangager browser and firefox for clearnet is also thinkable for similarity and cross use.

The separate user function can also be used to have a separation for different i2p services and the router. Adding a monero user and install the needed apps is also scriptable I think.

Usbstick use could be enabled by running a live system build script for linux (https://www.linux-live.org/#explore I use, for example), create a iso, copy it to your host system and make the stick (app could be in bundle).
Copy the image with bundle simply to the stick and then use it on another host.
I didn?t find a way to native boot a qcow2 image, but a way to mount it. Maybe it is possible to mount the /home image within a live system. But I never experienced any good use of browsers with usbsticks, because browsers are heavy in writing, which is hard for most sticks. If all is in ram and zram is used it fast as fk.
To have the ability to use your image on the stick with a live os also depends if it is accessible for the live system. Vetoy should and unetbootin has the ability to have a accessible partition on the stick.

Another way you can use the stick is to boot a live system with only desktop/wm and qemu. You would then use the images of your system (or live + /home) and qemu. This has the advantage that it would partly disguise the real hardware. Something which should be considered using a live system on real hardware.

The separate image for /home can also be combined with Prestium as an encrypted image for permanent saves. Added scripts could even allow to create an analog user and mount the /home or only the user into the Prestium system.

It is also a possibility to have a Prestium like system if the changes of the dev are scriptable.

I would also like to see a clickable icon for the use of bleachbit with pre configured settings. The user can clean their system easily and don?t need to clean the host system.

Desktop-Switching-feature: Maybe one desktop inside the gui for just the console window will also be useful, as the user has a point to look for it, it is always running but on another desktop as for the user is using for i2p site browsing.

Ufw firewall scripts for easy restricting the network usage.

Get more apps for i2p in use by using shared scripts for install and integration. I2P Chat/railroad for examples.

You can change the passphrase of the luks encryption afterwards, which make the distribution of a install encrypted image possible.



For sure there are more features for this:

https://qemu-project.gitlab.io/qemu/index.html

The possibilities are many and could grow with more user interactions..



I am not sure for what group of users this is for. If you have a powerful machine you would use whonix or/and have a manager for the vm with guest os?s you like. The target group also depends on in which state/progress you distribute.
If you only bundle the apps and the scripts, it is more for linux used user, even if the install process is scripted I think, but I could be wrong here, as it would only be 3 clicks or so to do.
If you distribute a system with installed user environment it could be something for novice users and have the advantage that the user has it separated of its system and configuration plus a look and feel to remember for example with prestium and qemu plus /home image.

If somebody have a interesting gui/user setup and it can be stripped of any creator information, he could distribute only the /home image (or configs as scripts) and tell the installed apps. The configs should be there and the hardware does not change for the vm.


Any ideas?

Re: Why not run i2p in a linux/bsd distro as a vm in a standard way?

Posted: 06 May 2023 12:21
by Teeed
Hi,
just an idea: maybe small remake of Tail's buildscripts would do the work?