Building a minimal debian for i2p use in qemu vm.WIP + usblivebuild
Posted: 11 Jun 2023 00:04
Building a minimal debian for i2p use in qemu vm.WIP
Still a wip or playwith. Just some minimal things i use and more or less just a way to bring the user to the i2p ready browsing state.
I made some scripts(lol) and a tutorial in somewhat the direction i mentioned in my other thread (http://i2pforum.i2p/viewtopic.php?t=1178).
I still don't know if this will help some to install a vm for i2p usage or it will fail because something needed is missing for good usage (like qemu copy&paste enabled, graphic performance etc.)
I hope that it will bring more i2p apps together and so more testing and usage of them for common users.
I added some videos which show the user what will happened and would like to have it for every install.
I only tested this on a linux host. So everything for the windows host is missing. Like winscp, sshfs for win, wget for win, qemu for win. These should be later in the install folder too.
Some things i haven't added are the live user with its home on tmpfs, scripts for making own live usb from the actual system with linux live kit, something i2p informative for the desktop background, videos for the apps...
Some things for future testing are i2pchat, railroad, i2ptor-manager, cryptowallets. And some apps i still haven't decided to use, like midori or in general another browser for the clearnet use, like for the app website. I use netsurf, but it is unusable for most sites. And there is the fluxbox config to play with, for having a autostart in caja or switching users instead of exit in fluxbox. Menu is also wip and not fixed in the structure.
There were also some surprise for the luks password use. Normally there would have been 2 password asked for at startup, as there are 2 partitions encrypted. But it only asked at first boot for two. After that only one password is needed. Maybe as it is the same password or because of the setup it has spared it. Don't know, but nice.
I think that with scripts/same system it is somewhat easier for others to customize/use this. So if you have some ideas for comfort, security, better scripts, other folder structure or whatever you think others could benefit, do post/paste them if you like.
Scripts for ufw in different security scenarios, privoxy, cleaning besides bleachbit.. could be useful.
There are many things in qemu i still don't know/haven't tested, like ramdisk usage for snapsots, its network config, devices...so if you have more knowledge, post.
Ideal easy would be a ready to use system with apps and bundled images. Size is there the problem. There are ways like undersizing the partition or compress the images (both 12gb raw images,comp to 6gb) and let them decompress on the users system. There are ways to change the luks partitions password, i haven't tested yet, but if it works, it is possible to have a pre encrypted image distributed, i guess.
Usage videos:
Create.Env.StartSystemInstall.h264.mp4:
http://o7jgnp7bubzdn7mxfqmghn3lzsjtpgkb ... l.h264.mp4
FirstTime.I2P.Install.h264.mp4:
http://o7jgnp7bubzdn7mxfqmghn3lzsjtpgkb ... l.h264.mp4
FirstTime.I2Pplus.Install.h264.mp4:
http://o7jgnp7bubzdn7mxfqmghn3lzsjtpgkb ... l.h264.mp4
all in one zip clearnet:
https://1fichier.com/?sv806a45o3uop6crupf4
And here is the tutorial:
.
Create 2 qemu harddisk images in raw format or qcow2 format (better for snapshots)
system.img with /boot ext4 and / with luks/btrfs
home.img with /home with luks/btrfs
# Script in InstallRoot: Create.Env.HarddiskImages.sh
qemu-img create -f raw ./system.img 12G
qemu-img create -f raw ./home.img 12G
Start the install with the 2 images, the install iso and the qemu port forwarding for ssh access from the host to the guest with ssh i2p@127.0.0.1 -p 8888
# Script in InstallRoot: Create.Env.StartSystemInstall.sh
wget http://ftp.free.fr/mirrors/cdimage.debi ... etinst.iso
qemu-system-x86_64 -enable-kvm -smp 6 -display gtk -m 4G -hda system.img -hdb home.img -cdrom debian-11.7.0-amd64-netinst.iso -device VGA,vgamem_mb=64 -device virtio-net,netdev=vmnic -netdev user,id=vmnic,hostfwd=tcp::8888-:22 -boot order=d
Give hostname: i2pqemu
new user: i2p and password i2p
encrypted partitions password: i2p (choose whatever)
Create the above partitions
Enable Openssh
[Video: Create.Env.StartSystemInstall.h264.mp4]
Shutdown system after install
### Start the System
# Script in InstallRoot: Start.I2P.System.default.sh
qemu-system-x86_64 -enable-kvm -smp 6 -display gtk -m 4G -hda system.img -hdb home.img -device VGA,vgamem_mb=64 -device virtio-net,netdev=vmnic -netdev user,id=vmnic,hostfwd=tcp::8888-:22 -boot order=c
Now you can log in or use the port forwarding of qemu to access the system by:
ssh i2p@127.0.0.1 -p 8888 from your host.
You can also mount the guest system in your host system by:
# Script in InstallRoot: Guest.I2P.FilesystemMount.Linux.sh
sshfs -p 8888 i2p@127.0.0.1:/ ./sshfsMount/
Install Apps:
# Script in /Desktop/InstallApps/Install.System.CoreTools.sh
sudo apt-get install tigervnc-standalone-server zram-tools nmap iotop lsof zulucrypt-gui zulucrypt-cli zulumount-gui zulumount-cli caja caja-open-terminal pcmanfm mate-terminal firefox-esr geeqie dillo netsurf-gtk bleachbit openjdk-17-jre openjdk-17-jre-headless mc htop fluxbox byobu nmon pluma gnome-system-monitor smplayer mpv lightdm lxde engrampa
Optional: Some minor System configs:
zram: Change the file in /etc/default/zramswap with
Script in Desktop/System.Configurations.zram.sh:
sudo mcedit /etc/default/zramswap
sudo pluma /etc/default/zramswap
set: percent=95 and priority=100
tmpfs for live user: Change the file in /etc/fstab with
Script in Desktop/System.Configurations.liveTmpfs.sh:
sudo mcedit /etc/fstab
sudo pluma /etc/fstab
add: sudo mount -t tmpfs -o size=95% none /home/live
or
tmpfs /home/live tmpfs defaults,size=95% 0 0
btrfs compression for the filesystem: Change the file in /etc/fstab with
Script in Desktop/System.Configurations.btrfsCompression.sh:
sudo mcedit /etc/fstab
sudo pluma /etc/fstab
paste: ,compress=zstd
after defaults,
https://wiki.debian.org/LightDM
Show users in lightdm: Change the file in /etc/fstab with
Script in Desktop/System.Configurations.lightdmShowUsers.sh:
sudo mcedit /etc/lightdm/lightdm.conf
sudo pluma /etc/lightdm/lightdm.conf
find/set to: greeter-hide-users=false
For sudo to work with gui apps:
https://super-unix.com/ubuntu/ubuntu-ca ... t-as-root/
added the line Defaults env_keep+="DISPLAY" to the end of the visudo file at /etc/sudoers
sudo mcedit /etc/sudoers
Shutdown system after or sudo reboot
Still a wip or playwith. Just some minimal things i use and more or less just a way to bring the user to the i2p ready browsing state.
I made some scripts(lol) and a tutorial in somewhat the direction i mentioned in my other thread (http://i2pforum.i2p/viewtopic.php?t=1178).
I still don't know if this will help some to install a vm for i2p usage or it will fail because something needed is missing for good usage (like qemu copy&paste enabled, graphic performance etc.)
I hope that it will bring more i2p apps together and so more testing and usage of them for common users.
I added some videos which show the user what will happened and would like to have it for every install.
I only tested this on a linux host. So everything for the windows host is missing. Like winscp, sshfs for win, wget for win, qemu for win. These should be later in the install folder too.
Some things i haven't added are the live user with its home on tmpfs, scripts for making own live usb from the actual system with linux live kit, something i2p informative for the desktop background, videos for the apps...
Some things for future testing are i2pchat, railroad, i2ptor-manager, cryptowallets. And some apps i still haven't decided to use, like midori or in general another browser for the clearnet use, like for the app website. I use netsurf, but it is unusable for most sites. And there is the fluxbox config to play with, for having a autostart in caja or switching users instead of exit in fluxbox. Menu is also wip and not fixed in the structure.
There were also some surprise for the luks password use. Normally there would have been 2 password asked for at startup, as there are 2 partitions encrypted. But it only asked at first boot for two. After that only one password is needed. Maybe as it is the same password or because of the setup it has spared it. Don't know, but nice.
I think that with scripts/same system it is somewhat easier for others to customize/use this. So if you have some ideas for comfort, security, better scripts, other folder structure or whatever you think others could benefit, do post/paste them if you like.
Scripts for ufw in different security scenarios, privoxy, cleaning besides bleachbit.. could be useful.
There are many things in qemu i still don't know/haven't tested, like ramdisk usage for snapsots, its network config, devices...so if you have more knowledge, post.
Ideal easy would be a ready to use system with apps and bundled images. Size is there the problem. There are ways like undersizing the partition or compress the images (both 12gb raw images,comp to 6gb) and let them decompress on the users system. There are ways to change the luks partitions password, i haven't tested yet, but if it works, it is possible to have a pre encrypted image distributed, i guess.
Usage videos:
Create.Env.StartSystemInstall.h264.mp4:
http://o7jgnp7bubzdn7mxfqmghn3lzsjtpgkb ... l.h264.mp4
FirstTime.I2P.Install.h264.mp4:
http://o7jgnp7bubzdn7mxfqmghn3lzsjtpgkb ... l.h264.mp4
FirstTime.I2Pplus.Install.h264.mp4:
http://o7jgnp7bubzdn7mxfqmghn3lzsjtpgkb ... l.h264.mp4
all in one zip clearnet:
https://1fichier.com/?sv806a45o3uop6crupf4
And here is the tutorial:
.
Create 2 qemu harddisk images in raw format or qcow2 format (better for snapshots)
system.img with /boot ext4 and / with luks/btrfs
home.img with /home with luks/btrfs
# Script in InstallRoot: Create.Env.HarddiskImages.sh
qemu-img create -f raw ./system.img 12G
qemu-img create -f raw ./home.img 12G
Start the install with the 2 images, the install iso and the qemu port forwarding for ssh access from the host to the guest with ssh i2p@127.0.0.1 -p 8888
# Script in InstallRoot: Create.Env.StartSystemInstall.sh
wget http://ftp.free.fr/mirrors/cdimage.debi ... etinst.iso
qemu-system-x86_64 -enable-kvm -smp 6 -display gtk -m 4G -hda system.img -hdb home.img -cdrom debian-11.7.0-amd64-netinst.iso -device VGA,vgamem_mb=64 -device virtio-net,netdev=vmnic -netdev user,id=vmnic,hostfwd=tcp::8888-:22 -boot order=d
Give hostname: i2pqemu
new user: i2p and password i2p
encrypted partitions password: i2p (choose whatever)
Create the above partitions
Enable Openssh
[Video: Create.Env.StartSystemInstall.h264.mp4]
Shutdown system after install
### Start the System
# Script in InstallRoot: Start.I2P.System.default.sh
qemu-system-x86_64 -enable-kvm -smp 6 -display gtk -m 4G -hda system.img -hdb home.img -device VGA,vgamem_mb=64 -device virtio-net,netdev=vmnic -netdev user,id=vmnic,hostfwd=tcp::8888-:22 -boot order=c
Now you can log in or use the port forwarding of qemu to access the system by:
ssh i2p@127.0.0.1 -p 8888 from your host.
You can also mount the guest system in your host system by:
# Script in InstallRoot: Guest.I2P.FilesystemMount.Linux.sh
sshfs -p 8888 i2p@127.0.0.1:/ ./sshfsMount/
Install Apps:
# Script in /Desktop/InstallApps/Install.System.CoreTools.sh
sudo apt-get install tigervnc-standalone-server zram-tools nmap iotop lsof zulucrypt-gui zulucrypt-cli zulumount-gui zulumount-cli caja caja-open-terminal pcmanfm mate-terminal firefox-esr geeqie dillo netsurf-gtk bleachbit openjdk-17-jre openjdk-17-jre-headless mc htop fluxbox byobu nmon pluma gnome-system-monitor smplayer mpv lightdm lxde engrampa
Optional: Some minor System configs:
zram: Change the file in /etc/default/zramswap with
Script in Desktop/System.Configurations.zram.sh:
sudo mcedit /etc/default/zramswap
sudo pluma /etc/default/zramswap
set: percent=95 and priority=100
tmpfs for live user: Change the file in /etc/fstab with
Script in Desktop/System.Configurations.liveTmpfs.sh:
sudo mcedit /etc/fstab
sudo pluma /etc/fstab
add: sudo mount -t tmpfs -o size=95% none /home/live
or
tmpfs /home/live tmpfs defaults,size=95% 0 0
btrfs compression for the filesystem: Change the file in /etc/fstab with
Script in Desktop/System.Configurations.btrfsCompression.sh:
sudo mcedit /etc/fstab
sudo pluma /etc/fstab
paste: ,compress=zstd
after defaults,
https://wiki.debian.org/LightDM
Show users in lightdm: Change the file in /etc/fstab with
Script in Desktop/System.Configurations.lightdmShowUsers.sh:
sudo mcedit /etc/lightdm/lightdm.conf
sudo pluma /etc/lightdm/lightdm.conf
find/set to: greeter-hide-users=false
For sudo to work with gui apps:
https://super-unix.com/ubuntu/ubuntu-ca ... t-as-root/
added the line Defaults env_keep+="DISPLAY" to the end of the visudo file at /etc/sudoers
sudo mcedit /etc/sudoers
Shutdown system after or sudo reboot