diff --git a/README.md b/README.md index e69de29..49f69dc 100644 --- a/README.md +++ b/README.md @@ -0,0 +1 @@ +# How to contribute diff --git a/index.html b/index.html new file mode 100644 index 0000000..21ce35c --- /dev/null +++ b/index.html @@ -0,0 +1,197 @@ + + + + + + + + + + + nihilist - Categories + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+

nihilist

+

Anonymity Tutorials

+

+

Showing how Anonymity can be achieved online.

+
+ + +
+
+
+ + +
+
+
+
+

nihilist

+

Server Installations

+

+

Setting up servers once, and sharing tutorials to show everyone how it's done.

+
+ + +
+
+
+ + + +
+
+
+
+

nihilist

+

HTB Writeups (General Hacking)

+ +

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.

+
+ +
+
+
+ + + +
+
+
+
+

nihilist

+

Networking

+

+

Cisco Packet Tracer Simulations.

+
+ +
+
+
+ +
+
+
+
+

nihilist

+

Binary Exploitation

+

+

gdb, gef, ghidra, pwntools, assembly, C, 32-64bit binaries, reverse engineering, CTF challenges

+
+
+
+
+ + + + +
+
+
+
+

nihilist

+

Configurations

+ +

One liners, i3 minimal installs, terminal setup, etc.

+
+ +
+
+
+ + + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + diff --git a/servers/0_ddns/0.png b/servers/0_ddns/0.png new file mode 100644 index 0000000..169bfae Binary files /dev/null and b/servers/0_ddns/0.png differ diff --git a/servers/0_ddns/index.html b/servers/0_ddns/index.html new file mode 100644 index 0000000..a05b1df --- /dev/null +++ b/servers/0_ddns/index.html @@ -0,0 +1,130 @@ + + + + + + + + + + + DuckDNS + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist - 00 / 00 / 00

+

0

+

Before we start, you will need a Debian 10+ VPS (you can get one on digitalocean for example), if you prefer to use your own self hosted server, make sure that port 80 and 443 are correctly port forwarded so that the public ip points to the server and not the router. Once that's done, go and ssh into your debian 10 server.

+

You can use DuckDNS to get a free domain name:

+ +

+[ 192.168.100.1/24 ] [ /dev/pts/13 ] [~/Nextcloud/blog/Conf]
+→ ssh root@ech4.duckdns.org
+The authenticity of host 'ech4.duckdns.org (178.128.46.38)' can't be established.
+ECDSA key fingerprint is SHA256:z2HAncB99pfbAUfj9tJY7vlo8EGUzCIUxWBAnjAflcA.
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added 'ech4.duckdns.org,178.128.46.38' (ECDSA) to the list of known hosts.
+Linux debian-s-1vcpu-1gb-lon1-01 4.19.0-10-cloud-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64
+
+The programs included with the Debian GNU/Linux system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+permitted by applicable law.
+root@debian-s-1vcpu-1gb-lon1-01:~#
+
+
+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/0_not/index.html b/servers/0_not/index.html new file mode 100644 index 0000000..011b53f --- /dev/null +++ b/servers/0_not/index.html @@ -0,0 +1,193 @@ + + + + + + + + + + + SRVNAME Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

notorious - 00 / 00 / 00

+

SRVNAME Setup

+ +

+ +
+
+
+
+ + +
+
+
+
+

Initial Setup

+

+ +

+	
+
+ +

+ +

+	
+
+ +

+ +

+	
+
+
+
+
+
+ +
+
+
+
+

Setup



+

+ +

+	
+
+ +

+ +

+	
+
+ +

+ +

+	
+
+ +
+
+
+
+ + + +
+
+
+
+

Setup



+

+

+	
+
+ +

+

+	
+
+ +

+

+	
+
+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Death Is Near. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+
+
+

About Notorious

+

Donate XMR:498pGjtN5jKGG4QJ7ubS5rVdsWEgovzgM6cCQpFwhXiPSq39q1izZE7UFTfxinyrZud2PpLRMiU6DJUnCEsR3iPGHqswj9U


Contact:notorious@notorious-cloud.com

+
+
+ +
+ + + + + + + + diff --git a/servers/0_test/index.html b/servers/0_test/index.html new file mode 100644 index 0000000..e274d55 --- /dev/null +++ b/servers/0_test/index.html @@ -0,0 +1,194 @@ + + + + + + + + + + + SRVNAME + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist - 00 / 00 / 00

+

SRVNAME Setup

+ +

+ +
+
+
+
+ + +
+
+
+
+

Initial Setup

+

+ +

+	
+
+ +

+ +

+	
+
+ +

+ +

+	
+
+
+
+
+
+ +
+
+
+
+

Setup



+

+ +

+	
+
+ +

+ +

+	
+
+ +

+ +

+	
+
+ +
+
+
+
+ + + +
+
+
+
+

Setup



+

+

+	
+
+ +

+

+	
+
+ +

+

+	
+
+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/Arch/0.png b/servers/Arch/0.png new file mode 100644 index 0000000..ef3d6b6 Binary files /dev/null and b/servers/Arch/0.png differ diff --git a/servers/Arch/0.sh b/servers/Arch/0.sh new file mode 100644 index 0000000..3082f29 --- /dev/null +++ b/servers/Arch/0.sh @@ -0,0 +1,32 @@ +######################## MANUAL !!! ############################ + +loadkeys fr +timedatectl set-ntp true +ping -c3 archlinux.org + +pacman -Syy +pacman -S reflector +reflector -c "France" -f 12 -l 10 -n 12 --save /etc/pacman.d/mirrorlist + +fdisk -l | grep /dev/sd | grep Disk +#/dev/sda 64gb +cfdisk /dev/sda +################EFI################ +#gpt +#delete existing partitions +#select freespace +#first partition : 1G (EFI) +#last partition : 499G (Linux Root x86_64) +#hit write +#hit quit +mkfs.vfat /dev/sda1 +mkfs.ext4 /dev/sda2 + +mount /dev/sda2 /mnt +mkdir /mnt/boot/ +mount /dev/sda1 /mnt/boot/ + +pacstrap /mnt base base-devel linux linux-firmware sudo nano wget +genfstab -U /mnt >> /mnt/etc/fstab +arch-chroot /mnt +#welcome to chroot, use the first script! diff --git a/servers/Arch/1.png b/servers/Arch/1.png new file mode 100644 index 0000000..75e5617 Binary files /dev/null and b/servers/Arch/1.png differ diff --git a/servers/Arch/1.sh b/servers/Arch/1.sh new file mode 100644 index 0000000..c59edc7 --- /dev/null +++ b/servers/Arch/1.sh @@ -0,0 +1,59 @@ +#!/bin/sh +################ THE FIRST SCRIPT STARTS HERE ############### +#once in arch-chroot, you must run this ! + +ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime +hwclock --systohc --utc +mkinitcpio -P +date + +echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen +echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen + +echo 'LANG=en_US.UTF-8' >/etc/locale.conf +echo 'LANGUAGE= en_US.UTF-8' >> /etc/locale.conf +echo 'LC_MESSAGES= en_US.UTF-8'>> /etc/locale.conf + +locale-gen +echo 'KEYMAP=fr' > /etc/vconsole.conf + +echo 'nowhere' > /etc/hostname + +echo "127.0.0.1 localhost" > /etc/hosts +echo "127.0.1.1 localhost" >> /etc/hosts +echo "::1 localhost" >> /etc/hosts + +pacman -S networkmanager dhcpcd refind +systemctl enable NetworkManager +systemctl enable dhcpcd + +echo +echo '[+] ENTER ROOT PASSWORD!' +passwd + +echo '[+] what is the name of the user ?' +read username + +useradd $username +mkdir /home/$username +cp /etc/skel/.* /home/$username/ +chown -R $username: /home/$username +#set nothing's password +echo +echo '[+] ENTER USERS PASSWORD!' +passwd $username +pacman -S sudo +echo '%wheel ALL=(ALL) ALL' >> /etc/sudoers +usermod -aG wheel $username + +#pacman -S grub os-prober +#grub-install /dev/sda + +#grub-mkconfig -o /boot/grub/grub.cfg + +refind-install +echo \"Boot with minimal options\" \"rw root=$(blkid /dev/sda2 | awk '{print $2}' | tr -d '"') initrd=initramfs-linux.img\" > /boot/refind_linux.conf + +echo 'now type "exit" to go out of arch-chroot' +echo 'type umount /mnt/boot /mnt' +echo 'and type "reboot" to reboot into your arch install.' diff --git a/servers/Arch/2.sh b/servers/Arch/2.sh new file mode 100644 index 0000000..d74a107 --- /dev/null +++ b/servers/Arch/2.sh @@ -0,0 +1,162 @@ +#!/bin/sh +########################SECOND SCRIPT########################## + + +if [ "$EUID" -eq 0 ] +then + echo 'MUST NOT RUN AS ROOT!' + exit +fi + +sudo pacman -Syy +sudo pacman -S reflector +sudo reflector -c "France" -f 12 -l 10 -n 12 --save /etc/pacman.d/mirrorlist + +sudo pacman -Syu +echo +#sudo pacman -S python3 python-pip +#sudo pacman -S arch-wiki-docs adobe-source-han-sans-jp-fonts adobe-source-han-sans-tw-fonts feh vi ttf-dejavu +#sudo pacman -S rofi xorg bash-completion vlc tmux git engrampa alacritty lightdm base-devel lightdm-gtk-greeter +#sudo pacman -S i3lock dmenu network-manager-applet wmctrl thunar gnome-disk-utility thunar-volman gvfs lxappearance +#sudo pacman -S udiskie mesa xorg i3 flameshot nvidia nvidia-settings nvidia-utils +#sudo pacman -S gnome-keyring +sudo pacman -S mpd ncmpcpp gnome-keyring udiskie mesa xorg i3 flameshot nvidia nvidia-settings nvidia-utils i3lock dmenu network-manager-applet wmctrl thunar gnome-disk-utility thunar-volman gvfs lxappearance python3 rofi xorg bash-completion vlc tmux git engrampa alacritty lightdm base-devel lightdm-gtk-greeter python-pip arch-wiki-docs adobe-source-han-sans-jp-fonts adobe-source-han-sans-tw-fonts feh vi ttf-dejavu remmina torbrowser-launcher +#arch wiki is in file:///usr/share/doc/arch-wiki/html/en/Arch_Linux.html + +username=$(ls /home | head -n1 | sed 's/\/$//') + +#I3 ! +cd /home/$username +mkdir .config +cd .config +mkdir i3 +cd i3 +wget https://ech1.github.io/blog/Conf/i3config -O config + + +cd /home/$username +git clone https://github.com/gpakosz/.tmux.git +ln -s -f .tmux/.tmux.conf +cp .tmux/.tmux.conf.local . + +wget https://ech1.github.io/blog/Conf/tmux.conf.local +mv tmux.conf.local .tmux.conf.local + + +wget https://ech1.netlify.app/conf/bashrc -O .bashrc + +sudo wget https://ech1.github.io/blog/Conf/i3status.conf -O /etc/i3status.conf + +cd .config +mkdir alacritty +cd alacritty +wget https://ech1.github.io/blog/Conf/alacritty.yml + +cd /home/$username/ +mkdir Pictures +mkdir Documents +mkdir .ssh +cd Pictures +wget https://ech1.github.io/blog/wallpaper3.png +#wget https://ech1.github.io/blog/wallpaper_triple.png + +cd /home/$username/ +mkdir Music +cd Music +mkdir Life +cd Life +wget https://ech1.github.io/blog/Conf/Infiltration.mp3 + +#sudo +#apt install sudo -y +#/usr/sbin/usermod -aG sudo $username + +bash -c "$(wget https://ech1.netlify.app/Conf/xfce.sh -O -)" + +#chown -R $username:$username /home/$username/ +#cp /home/$username/.bashrc ~/.bashrc + + +cd /home/$username/ +wget https://ech1.github.io/blog/Conf/lockedscreen.png +wget https://ech1.github.io/blog/assets/img/user1.png +mkdir Tools +cd Tools + +git clone https://aur.archlinux.org/yay-git.git +cd yay-git +makepkg -si +yay -S pnmixer i3lock-color xrdp archtorify-git polybar picom-jonaburg-git i3-gaps + +#yay -S polybar-git +mkdir -p /home/$username/.config/polybar/ +#cp /usr/share/doc/polybar/config ~/.config/polybar/polybar.conf + + + + + +mkdir -p /home/$username/.config/picom/ +wget https://ech1.github.io/blog/Conf/picom.conf -O /home/$username/.config/picom/picom.conf + +#sudo pip3 install i3-workspace-names-daemon + + +sudo systemctl enable xrdp + +cd + +sudo wget https://ech1.github.io/blog/servers/Arch/20-keyboard.conf -O /etc/X11/xorg.conf.d/20-keyboard.conf +sudo wget https://ech1.github.io/blog/servers/Arch/lightdm-gtk-greeter.conf -O /etc/lightdm/lightdm-gtk-greeter.conf +sudo sed -i 's/#greeter-session=.*/greeter-session=lightdm-gtk-greeter/gi' /etc/lightdm/lightdm.conf +sudo wget https://ech1.github.io/blog/Conf/Lain.rasi -O /usr/share/rofi/themes/Lain.rasi +sudo wget https://ech1.github.io/blog/servers/Arch/archtor.service -O /etc/systemd/system/archtor.service +sudo pacman -S ranger +sudo mkdir /home/$username/.config/ranger/ +sudo wget https://ech1.github.io/blog/Conf/rc.conf -O /home/$username/.config/ranger/rc.conf +sudo wget https://ech1.github.io/blog/Conf/rifle.conf -O /home/$username/.config/ranger/rifle.conf + +sudo systemctl daemon-reload +#sudo systemctl enable archtor + + +sudo mkdir /usr/share/backgrounds/ +sudo cp /home/$username/Pictures/wallpaper3.png /usr/share/backgrounds/wallpaper2.png +sudo cp /home/$username/Pictures/user1.png /usr/share/backgrounds/ + +sudo wget https://ech1.github.io/blog/servers/Arch/i3locker.sh -O /usr/local/bin/i3locker +sudo wget https://ech1.github.io/blog/servers/Arch/music.sh -O /usr/local/bin/music +sudo wget https://ech1.github.io/blog/servers/Arch/music_trance.sh -O /usr/local/bin/music_trance +chmod +x /usr/local/bin/i3locker +chmod +x /usr/local/bin/music + + +curl https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh | sh + + + +#sudo pacman -S picom +mkdir -p /home/$username/.config/picom/ +sudo wget https://ech1.github.io/blog/Conf/picom.conf -O /home/$username/.config/picom/picom.conf + + +echo '[multilib]' >> /etc/pacman.d/mirrorlist +echo 'Include = /etc/pacman.d/mirrorlist' >> /etc/pacman.d/mirrorlist + +#mpd +mkdir -p /home/$username/.config/mpd/playlists +wget https://blog.void.yt/Conf/mpd.conf -O /home/$username/.config/mpd/mpd.conf +#systemctl enable --now mpd +#broken garbage ^ must be ran by user as i3config + +sudo pacman -S noto-fonts-emoji + + + +#echo '[+] PLEASE CHOOSE THE CORRECT CARD DRIVER FOR THE STEAM INSTALLATION !!!' +#sudo pacman -Sy steam + +sudo systemctl enable --now lightdm +#lxappearance +#sudo gnome-disks to automount everything +#and you're done! diff --git a/servers/Arch/2.tor.sh b/servers/Arch/2.tor.sh new file mode 100644 index 0000000..edbfd0c --- /dev/null +++ b/servers/Arch/2.tor.sh @@ -0,0 +1,133 @@ +#!/bin/sh +########################SECOND SCRIPT########################## + + +if [ "$EUID" -eq 0 ] +then + echo 'MUST NOT RUN AS ROOT!' + exit +fi + +sudo pacman -Syy +sudo pacman -S reflector +sudo reflector -c "France" -f 12 -l 10 -n 12 --save /etc/pacman.d/mirrorlist + +sudo pacman -Syu +echo +#sudo pacman -S python3 python-pip +#sudo pacman -S arch-wiki-docs adobe-source-han-sans-jp-fonts adobe-source-han-sans-tw-fonts feh vi ttf-dejavu +#sudo pacman -S rofi xorg bash-completion vlc tmux git engrampa alacritty lightdm base-devel lightdm-gtk-greeter +#sudo pacman -S i3lock dmenu network-manager-applet wmctrl thunar gnome-disk-utility thunar-volman gvfs lxappearance +#sudo pacman -S udiskie mesa xorg i3 flameshot nvidia nvidia-settings nvidia-utils +#sudo pacman -S gnome-keyring +sudo pacman -S gnome-keyring udiskie mesa xorg i3 flameshot nvidia nvidia-settings nvidia-utils i3lock dmenu network-manager-applet wmctrl thunar gnome-disk-utility thunar-volman gvfs lxappearance python3 rofi xorg bash-completion vlc tmux git engrampa alacritty lightdm base-devel lightdm-gtk-greeter python-pip arch-wiki-docs adobe-source-han-sans-jp-fonts adobe-source-han-sans-tw-fonts feh vi ttf-dejavu remmina torbrowser-launcher +#arch wiki is in file:///usr/share/doc/arch-wiki/html/en/Arch_Linux.html + +username=$(ls /home | head -n1 | sed 's/\/$//') + +#I3 ! +cd /home/$username +mkdir .config +cd .config +mkdir i3 +cd i3 +wget https://ech1.github.io/blog/Conf/i3config -O config + + +cd /home/$username +git clone https://github.com/gpakosz/.tmux.git +ln -s -f .tmux/.tmux.conf +cp .tmux/.tmux.conf.local . + +wget https://ech1.github.io/blog/Conf/tmux.conf.local +mv tmux.conf.local .tmux.conf.local + + +wget https://ech1.netlify.app/conf/bashrc -O .bashrc + +sudo wget https://ech1.github.io/blog/Conf/i3status.conf -O /etc/i3status.conf + +cd .config +mkdir alacritty +cd alacritty +wget https://ech1.github.io/blog/Conf/alacritty.yml + +cd /home/$username/ +mkdir Pictures +cd Pictures +wget https://ech1.github.io/blog/wallpaper3.png +#wget https://ech1.github.io/blog/wallpaper_triple.png + +cd /home/$username/ +mkdir Music +cd Music +mkdir Life +cd Life +wget https://ech1.github.io/blog/Conf/Infiltration.mp3 + +#sudo +#apt install sudo -y +#/usr/sbin/usermod -aG sudo $username + +bash -c "$(wget https://ech1.netlify.app/Conf/xfce.sh -O -)" + +#chown -R $username:$username /home/$username/ +#cp /home/$username/.bashrc ~/.bashrc + + +cd /home/$username/ +wget https://ech1.github.io/blog/Conf/lockedscreen.png +wget https://ech1.github.io/blog/assets/img/user1.png +mkdir Tools +cd Tools + +git clone https://aur.archlinux.org/yay-git.git +cd yay-git +makepkg -si +yay -S pnmixer i3lock-color xrdp archtorify-git + +yay -S picom-jonaburg-git i3-gaps +mkdir -p /home/$username/.config/picom/ +wget https://ech1.github.io/blog/Conf/picom.conf -O /home/$username/.config/picom/picom.conf + +#sudo pip3 install i3-workspace-names-daemon + + +sudo systemctl enable xrdp + +cd + +sudo wget https://ech1.github.io/blog/servers/Arch/20-keyboard.conf -O /etc/X11/xorg.conf.d/20-keyboard.conf +sudo wget https://ech1.github.io/blog/servers/Arch/lightdm-gtk-greeter.conf -O /etc/lightdm/lightdm-gtk-greeter.conf +sudo wget https://ech1.github.io/blog/servers/Arch/Lain.rasi -O /usr/share/rofi/themes/Lain.rasi + +sudo wget https://ech1.github.io/blog/servers/Arch/archtor.service -O /etc/systemd/system/archtor.service +sudo systemctl daemon-reload +sudo systemctl enable --now archtor + + +sudo mkdir /usr/share/backgrounds/ +sudo cp /home/$username/Pictures/wallpaper3.png /usr/share/backgrounds/wallpaper2.png +sudo cp /home/$username/Pictures/user1.png /usr/share/backgrounds/user1.png + +sudo wget https://ech1.github.io/blog/servers/Arch/i3locker.sh -O /usr/local/bin/i3locker + +curl https://raw.githubusercontent.com/scopatz/nanorc/master/install.sh | sh + + + +sudo pacman -S picom +mkdir -p /home/$username/.config/picom/ +sudo wget https://ech1.github.io/blog/Conf/picom.conf -O /home/$username/.config/picom/picom.conf + + +echo '[multilib]' >> /etc/pacman.d/mirrorlist +echo 'Include = /etc/pacman.d/mirrorlist' >> /etc/pacman.d/mirrorlist + +echo '[+] PLEASE CHOOSE THE CORRECT CARD DRIVER FOR THE STEAM INSTALLATION !!!' +sudo pacman -Sy steam + +sudo systemctl enable --now lightdm +#lxappearance +#sudo gnome-disks to automount everything +#and you're done! diff --git a/servers/Arch/20-keyboard.conf b/servers/Arch/20-keyboard.conf new file mode 100644 index 0000000..4c2237b --- /dev/null +++ b/servers/Arch/20-keyboard.conf @@ -0,0 +1,6 @@ +Section "InputClass" + Identifier "keyboard" + MatchIsKeyboard "yes" + Option "XkbLayout" "us" + Option "XkbVariant" "nodeadkeys" +EndSection diff --git a/servers/Arch/3.sh b/servers/Arch/3.sh new file mode 100644 index 0000000..94609c5 --- /dev/null +++ b/servers/Arch/3.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +if [ "$EUID" -ne 0 ] +then + echo 'MUST RUN AS ROOT!' + exit +fi + + + +pacman -S firefox curl keepass discord telegram-desktop virt-manager qemu libvirt ebtables dnsmasq bridge-utils libreoffice + +username=$(ls /home | head -n1 | sed 's/\/$//') + + + +sudo gpasswd -a $username libvirt +sudo systemctl enable libvirtd --now +sudo systemctl status libvirtd + +mkdir /home/$username/Documents/ +mkdir /home/$username/Documents/Github/ +mkdir /home/$username/Documents/ISOS/ +mkdir /home/$username/backups + + +sudo -u $username bash -c "$(wget https://raw.githubusercontent.com/ech1/serverside/master/ssh/ssh_arch.sh -O -)" + + + + diff --git a/servers/Arch/Lain.rasi b/servers/Arch/Lain.rasi new file mode 100644 index 0000000..c30b7a5 --- /dev/null +++ b/servers/Arch/Lain.rasi @@ -0,0 +1,142 @@ +/** + * ROFI Color theme + * User: Qball + * Copyright: Dave Davenport + */ + +* { + selected-normal-foreground: rgba ( 0, 0, 0, 100 % ); /*important*/ + foreground: rgba ( 209, 204, 115, 100 % ); /*important*/ + normal-foreground: @foreground; + alternate-normal-background: rgba ( 22, 22, 22, 100 % ); /*important*/ + red: rgba ( 220, 50, 47, 100 % ); + selected-urgent-foreground: rgba ( 183, 28, 28, 100 % ); + blue: rgba ( 105, 58, 71, 100 % ); + urgent-foreground: rgba ( 255, 205, 210, 100 % ); + alternate-urgent-background: rgba ( 183, 28, 28, 100 % ); + active-foreground: rgba ( 178, 235, 242, 100 % ); + lightbg: rgba ( 238, 232, 213, 100 % ); + selected-active-foreground: rgba ( 0, 96, 100, 100 % ); + alternate-active-background: rgba ( 0, 96, 100, 100 % ); + background: rgba ( 0, 0, 0, 100 % ); /*important*/ + bordercolor: rgba ( 232, 234, 246, 100 % ); + alternate-normal-foreground: @foreground; + normal-background: rgba ( 137, 134, 76, 3 % ); + lightfg: rgba ( 88, 104, 117, 100 % ); + selected-normal-background: rgba ( 209, 204, 115, 100 % ); /*important*/ + border-color: @foreground; + spacing: 2; + separatorcolor: rgba ( 209, 204, 115, 100 % ); /*important*/ + urgent-background: rgba ( 223, 110, 0, 6 % ); + selected-urgent-background: rgba ( 255, 205, 210, 100 % ); + alternate-urgent-foreground: @urgent-foreground; + background-color: rgba ( 0, 0, 0, 0 % ); + alternate-active-foreground: @active-foreground; + active-background: rgba ( 223, 110, 0, 6 % ); + selected-active-background: rgba ( 137, 134, 76, 100 % ); +} +window { + background-color: @background; + border: 1; + padding: 5; +} +mainbox { + border: 0; + padding: 0; +} +message { + border: 2px 0px 0px ; + border-color: @separatorcolor; + padding: 1px ; +} +textbox { + text-color: @foreground; +} +listview { + fixed-height: 0; + border: 2px 0px 0px ; + border-color: @separatorcolor; + spacing: 2px ; + scrollbar: true; + padding: 2px 0px 0px ; +} +element { + border: 0; + padding: 1px ; +} +element.normal.normal { + background-color: @normal-background; + text-color: @normal-foreground; +} +element.normal.urgent { + background-color: @urgent-background; + text-color: @urgent-foreground; +} +element.normal.active { + background-color: @active-background; + text-color: @active-foreground; +} +element.selected.normal { + background-color: @selected-normal-background; + text-color: @selected-normal-foreground; +} +element.selected.urgent { + background-color: @selected-urgent-background; + text-color: @selected-urgent-foreground; +} +element.selected.active { + background-color: @selected-active-background; + text-color: @selected-active-foreground; +} +element.alternate.normal { + background-color: @alternate-normal-background; + text-color: @alternate-normal-foreground; +} +element.alternate.urgent { + background-color: @alternate-urgent-background; + text-color: @alternate-urgent-foreground; +} +element.alternate.active { + background-color: @alternate-active-background; + text-color: @alternate-active-foreground; +} +scrollbar { + width: 4px ; + border: 0; + handle-width: 8px ; + padding: 0; +} +mode-switcher { + border: 2px 0px 0px ; + border-color: @separatorcolor; +} +button.selected { + background-color: @selected-normal-background; + text-color: @selected-normal-foreground; +} +inputbar { + spacing: 0; + text-color: @normal-foreground; + padding: 1px ; +} +case-indicator { + spacing: 0; + text-color: @normal-foreground; +} +entry { + spacing: 0; + text-color: @normal-foreground; +} +prompt { + spacing: 0; + text-color: @normal-foreground; +} +inputbar { + children: [ prompt,textbox-prompt-colon,entry,case-indicator ]; +} +textbox-prompt-colon { + expand: false; + str: ":"; + margin: 0px 0.3em 0em 0em ; + text-color: @normal-foreground; +} diff --git a/servers/Arch/archtor.service b/servers/Arch/archtor.service new file mode 100644 index 0000000..a7b0737 --- /dev/null +++ b/servers/Arch/archtor.service @@ -0,0 +1,16 @@ +[Unit] +Description=Archtorify Startup Service +Wants=network-online.target + +[Service] +Type=forking +ExecStart=/usr/bin/archtorify -t +ExecReload=/usr/bin/archtorify -r +ExecStop=/usr/bin/archtorify -c +Restart=on-failure +RestartSec=10s + + +[Install] +WantedBy=multi-user.target + diff --git a/servers/Arch/echo_memento.sh b/servers/Arch/echo_memento.sh new file mode 100644 index 0000000..d2da28d --- /dev/null +++ b/servers/Arch/echo_memento.sh @@ -0,0 +1,112 @@ +#!/bin/bash +#boot into usb + +loadkeys fr +ping -c4 archlinux.org +timedatectl set-ntp true +ip a | grep inet + +pacman -Syy +pacman -S reflector + +reflector -c "France" -f 12 -l 10 -n 12 --save /etc/pacman.d/mirrorlist +fdisk -l + +#one harddrive : /dev/sda +#one partition : /dev/sda1 + +cfdisk /dev/sda +#gpt partition + +#delete this partition +#create new one (512M) (linux filesystem) + +#select freespace again +#create new one (20G) (linux filesystem) + +#select freespace again +#the rest is for home partition (linux filesystem) + +#write changes to disk type yes +#and quit + +lsblk +#now format it +#sda1 : 512M +#sda2 : 20G +#sda3 : restG +mkfs.fat -F32 /dev/sda1 +mkfs.ext4 /dev/sda2 +mkfs.ext4 /dev/sda3 + +mount /dev/sda2 /mnt +mkdir /mnt/home + +mount /dev/sda3 /mnt/home + +lsblk +#sda2 is mounted to mnt +#sda3 is mounted to /mnt/home + +pacstrap -i /mnt base linux linux-firmware sudo nano +#skid faisait base linux linux-firmware + +genfstab -U /mnt >> /mnt/etc/fstab +cat /mnt/etc/fstab +#root partition +#and home partition + +arch-chroot /mnt /bin/bash + +ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime +hwclock --systohc --utc +date +#timezone correct ? + +#nano /etc/locale.gen +echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen +echo 'LANG=en_US.UTF-8' >/etc/locale.conf +locale-gen +echo 'KEYMAP=fr' > /etc/vconsole.conf + +echo 'nowhere' > /etc/hostname + +echo "127.0.0.1 localhost" > /etc/hosts +echo "127.0.1.1 localhost" >> /etc/hosts +echo "::1 localhost" >> /etc/hosts + +pacman -S networkmanager +systemctl enable NetworkManager + +pacman -S dhcpcd +systemctl enable dhcpcd + +#set root password +passwd + +useradd nothing +mkdir /home/nothing +cp /etc/skel/.* /home/nothing/ +chown -R nothing: /home/nothing +#set nothing's password +passwd nothing +pacman -S sudo +echo '%wheel ALL=(ALL) ALL' >> /etc/sudoers +usermod -aG wheel nothing + + + +pacman -S grub os-prober efibootmgr +mkdir /boot/efi +mount /dev/sda1 /boot/efi + +lsblk + +grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --removable +grub-mkconfig -o /boot/grub/grub.cfg + +exit +umount -R /mnt +reboot + +#tarace go anarchy \ No newline at end of file diff --git a/servers/Arch/i3locker.service b/servers/Arch/i3locker.service new file mode 100644 index 0000000..5786934 --- /dev/null +++ b/servers/Arch/i3locker.service @@ -0,0 +1,12 @@ +[Unit] +Description=i3locker + +[Service] +Type=forking +Environment=DISPLAY=:0 +User=nothing +ExecStart=/usr/bin/i3lock -c 000000 + +[Install] +WantedBy=sleep.target suspend.target +Before=sleep.traget suspend.target \ No newline at end of file diff --git a/servers/Arch/i3locker.sh b/servers/Arch/i3locker.sh new file mode 100644 index 0000000..280a1a1 --- /dev/null +++ b/servers/Arch/i3locker.sh @@ -0,0 +1,24 @@ +#!/bin/sh +i3lock -c 003030 + #-i /home/nothing/Nextcloud/blog/wallpapers/wallpaper_real_blue.png + #--insidecolor=00141e \ + #--clock --datesize=70 \ + #--color=00141e \ + #--date-font=DejaVu \ + #--radius=350 \ + #--datecolor=d1cc73 \ + #--datestr="%H:%M:%S" \ + #--datepos="2140:860" \ + #--ringcolor=00141e \ + #--keyhlcolor=d1cc73 \ + #--verifcolor=00141e \ + #--indpos="2140:600" \ + #--timepos="0:0" \ + #--insidevercolor=d1cc73 \ + #--ringvercolor=d1cc73 \ + #--ring-width 5 \ + #-B 10 + #-i /home/nothing/lockedscreen.png \ + #-B 2 \ + #--color 000000 \ + diff --git a/servers/Arch/index.html b/servers/Arch/index.html new file mode 100644 index 0000000..ec8cac1 --- /dev/null +++ b/servers/Arch/index.html @@ -0,0 +1,211 @@ + + + + + + + + + + + Arch Install + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist - 27 / 09 / 2020

+

Arch Installation

+

First flash the arch iso on your usb stick:

+ +

Then just boot onto it from your BIOS.

+ +
+
+
+
+ + +
+
+
+
+

Manual beginning

+

This is the annoying part since i can't script it. If it doesn't work for you just use Anarchy installer, install arch on your + hard drive in a minimal way (with no DE (Desktop Environment) and no WM (Window Manager)).

+

+######################## MANUAL !!! ############################
+
+loadkeys fr
+timedatectl set-ntp true
+ping -c3 archlinux.org
+
+pacman -Syy
+pacman -S reflector
+reflector -c "France" -f 12 -l 10 -n 12 --save /etc/pacman.d/mirrorlist
+
+fdisk -l | grep /dev/sd | grep Disk
+#/dev/sda 64gb
+cfdisk /dev/sda
+################EFI################
+#gpt
+#delete existing partitions
+#select freespace
+#first partition : 1G (EFI) 
+#last partition : 499G (Linux Root x86_64)
+#hit write
+#hit quit
+mkfs.vfat /dev/sda1
+mkfs.ext4 /dev/sda2
+
+mount /dev/sda2 /mnt 
+mkdir /mnt/boot/
+mount /dev/sda1 /mnt/boot/
+
+pacstrap /mnt base base-devel linux linux-firmware sudo nano wget 
+genfstab -U /mnt >> /mnt/etc/fstab
+arch-chroot /mnt
+#welcome to chroot, use the first script!
+
+
+

This will setup your /dev/sda1 as a bootable linux partition, and makes the last 8GB as the swap partition.

+
+
+
+
+ +
+
+
+
+

First Script: Chroot Script



+

+

+wget https://blog.nihilism.network/servers/Arch/1.sh
+chmod +x 1.sh
+nano 1.sh
+./1.sh 
+
+
+

Just edit whatever you want in this script using nano and then execute it with ./1.sh

+ +
+
+
+
+ + + +
+
+
+
+

Post Install Script



+

After you've rebooted into your arch installation, you can configure your arch install however you want, but here's how i do it:

+

+wget https://blog.nihilism.network/servers/Arch/2.sh
+chmod +x 2.sh
+nano 2.sh
+./2.sh 
+
+
+ +

Post-booting:

+

+wget https://blog.nihilism.network/servers/Arch/3.sh
+chmod +x 3.sh
+nano 3.sh
+./3.sh 
+
+
+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/Arch/lightdm-gtk-greeter.conf b/servers/Arch/lightdm-gtk-greeter.conf new file mode 100644 index 0000000..569a26f --- /dev/null +++ b/servers/Arch/lightdm-gtk-greeter.conf @@ -0,0 +1,11 @@ +[greeter] +background=/usr/share/backgrounds/wallpaper3.png +font-name = monospace Bold 14 +icon-theme-name = Flat-Remix-Blue-Dark +screensaver-timeout = 60 +theme-name = Numix-BLACK-SLATE +show-clock = false +position = 50%,center 50%,center +panel-position = top +default-user-image = /usr/share/backgrounds/user1.png +indicators = ~host;~spacer;~clock;~spacer;~language;~session;~ally;~power diff --git a/servers/Arch/music.sh b/servers/Arch/music.sh new file mode 100644 index 0000000..10fb2fa --- /dev/null +++ b/servers/Arch/music.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +exec mpv --player-operation-mode=pseudo-gui --shuffle /mnt/vault/MUSIC/ + diff --git a/servers/Arch/picom.conf b/servers/Arch/picom.conf new file mode 100644 index 0000000..cb4cf93 --- /dev/null +++ b/servers/Arch/picom.conf @@ -0,0 +1,132 @@ +#!/usr/bin/compton +################################ +###### iDigitalFlame 2020 ###### +# # +# -/` # +# -yy- :/` # +# ./-shho`:so` # +# .:- /syhhhh//hhs` `-` # +# :ys-:shhhhhhshhhh.:o- ` # +# /yhsoshhhhhhhhhhhyho`:/. # +# `:yhyshhhhhhhhhhhhhh+hd: # +# :yssyhhhhhyhhhhhhhhdd: # +# .:.oyshhhyyyhhhhhhddd: # +# :o+hhhhhyssyhhdddmmd- # +# .+yhhhhyssshdmmddo. # +# `///yyysshd++` # +# # +########## SPACEPORT ########### +################################ +## Picom Configuration + +dbe = false; +vsync = true; +shadow = true; +fading = true; +backend = "glx"; +blur-kern = "3x3box" +blur-method = "box"; +fade-exclude = [ +# "class_g = 'surf'", +# "class_g = 'Surf'", + "class_g = 'i3lock'", + "class_g = 'vncviewer'", + "class_g = 'Vncviewer'" +]; +fade-in-step = 0.055; +opacity-rule = [ + "80:class_g = 'alacritty'", + "85:class_g = 'slack'", + "85:class_g = 'Slack'", + "80:class_g = 'thunar'", + "80:class_g = 'Thunar'", + "85:class_g = 'discord'", + "80:class_g = 'leafpad'", + "80:class_g = 'Leafpad'", + "95:class_g = 'vscodium'", + "95:class_g = 'VSCodium'", + "85:class_g = 'lightcord'", + "90:class_g = 'bitwarden'", + "90:class_g = 'Bitwarden'", + "90:class_g = 'keepassxc'", + "90:class_g = 'KeePassXC'", + "80:class_g = 'stickynote'", + "85:class_g = 'TelegramDesktop'", + "85:class_g = 'telegram-desktop'", + "0:_NET_WM_STATE@:32a *= '_NET_WM_STATE_HIDDEN'" +]; +blur-strength = 5; +focus-exclude = []; +fade-out-step = 0.055; +frame-opacity = 1; +shadow-radius = 5; +active-opacity = 1; +shadow-opacity = 0.8; +glx-no-stencil = true; +shadow-exclude = [ + "class_g = 'Rofi'", + "class_g = 'Polybar'", + "class_g = 'firefox'", + "class_g = 'Firefox'", + "class_g = 'i3-frame'", + "class_g = 'chromium'", + "class_g = 'Chromium'", + "class_g = 'navigator'", + "class_g = 'Navigator'", + "class_g ?= 'Notify-osd'", + "class_g = 'firefox' && argb", + "name = 'Notification'", + "_GTK_FRAME_EXTENTS@:c", + "_NET_WM_STATE@:32a *= '_NET_WM_STATE_HIDDEN'" +]; +blur-background = true; +shadow-offset-x = -3; +shadow-offset-y = -3; +glx-swap-method = -1; +detect-transient = true; +inactive-opacity = 1; +mark-wmwin-focused = true; +glx-copy-from-front = false; +no-fading-openclose = false; +use-ewmh-active-win = true; +unredir-if-possible = true; +detect-client-leader = true; +mark-ovredir-focused = true; +glx-no-rebind-pixmap = true; +shadow-ignore-shaped = false; +blur-background-frame = true; +blur-background-fixed = true; +detect-client-opacity = true; +detect-rounded-corners = true; +blur-background-exclude = [ + "class_g = 'Conky'", + "class_g = 'chromium'", + "class_g = 'Chromium'", + "window_type = 'dock'", + "window_type = 'desktop'", + "_GTK_FRAME_EXTENTS@:c" +]; +glx-use-copysubbuffermesa = false; +inactive-opacity-override = false; + +wintypes: { + menu = { + shadow = true; + }; + utility = { + shadow = false; + }; + tooltip = { + fade = false; + focus = true; + shadow = true; + opacity = 0.75; + }; + popup_menu = { + shadow = true; + }; + dropdown_menu = { + shadow = true; + }; + +}; diff --git a/servers/Arch/proton_vpn.service b/servers/Arch/proton_vpn.service new file mode 100644 index 0000000..373bf77 --- /dev/null +++ b/servers/Arch/proton_vpn.service @@ -0,0 +1,13 @@ +[Unit] +Description=ProtonVPN-CLI auto-connect +Wants=network-online.target + +[Service] +Type=forking +ExecStart=/usr/bin/protonvpn connect -f +Environment=PVPN_WAIT=300 +Environment=PVPN_DEBUG=1 + +[Install] +WantedBy=multi-user.target + diff --git a/servers/Arch/skid9000_memento.sh b/servers/Arch/skid9000_memento.sh new file mode 100644 index 0000000..6bf75af --- /dev/null +++ b/servers/Arch/skid9000_memento.sh @@ -0,0 +1,66 @@ +#!/bin/bash +#Arch Install : + +loadkeys fr +#ip a | grep inet --> dhcpcd +timedatectl set-ntp true + +#Partitionnement (uefi) : +#[/boot] 512M vfat (uefi system) +#[/] le reste ext4 (Linux Root x86_64) +#mkfs.truc --> /dev/device + +#mount -> /mnt + +pacstrap /mnt base linux linux-firmware +genfstab -U /mnt >> /mnt/etc/fstab +#(ATTENTION AUX UUID et PARTUUID --> blkid) + +#Pour extract un truc : blkid | awk '{print $?}' | tr -d '"' + +#Exemple : https://puush.tuto-craft.com/1591199923-MHvA42QvSt.png + +arch-chroot /mnt + +ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime +hwclock --systohc + +echo 'fr_FR.UTF-8 UTF-8' > /etc/locale.gen +locale-gen + +echo 'LANG=en_US.UTF-8' > /etc/locale.conf +echo 'KEYMAP=fr' > /etc/vconsole.conf + +echo 'nowhere' > /etc/hostname + +echo "127.0.0.1 localhost +::1 localhost" > /etc/hosts + +mkinitcpio -P +passwd + +useradd nothing +mkdir /home/nothing +cp /etc/skel/.* /home/nothing/ +chown -R nothing: /home/nothing +passwd nothing + +pacman -S sudo +usermod -aG wheel nothing + + +pacman -S dhcpcd +systemctl enable dhcpcd +pacman -S refind +refind-install + +Check /boot/refind_linux.conf : https://puush.tuto-craft.com/1589786074-QHD8Lw5Men.png +(also check if /boot is really /boot and not / /boot lol) + +exit +umount /mnt/boot /mnt +reboot + +*login as somebody* + +sudo pacman -S base-devel git i3 xorg-server xorg-xinit \ No newline at end of file diff --git a/servers/Arch/xinitrc b/servers/Arch/xinitrc new file mode 100644 index 0000000..4287a7a --- /dev/null +++ b/servers/Arch/xinitrc @@ -0,0 +1,51 @@ +#!/bin/sh + +userresources=$HOME/.Xresources +usermodmap=$HOME/.Xmodmap +sysresources=/etc/X11/xinit/.Xresources +sysmodmap=/etc/X11/xinit/.Xmodmap + +# merge in defaults and keymaps + +if [ -f $sysresources ]; then + + + + + + + + xrdb -merge $sysresources + +fi + +if [ -f $sysmodmap ]; then + xmodmap $sysmodmap +fi + +if [ -f "$userresources" ]; then + + + + + + + + xrdb -merge "$userresources" + +fi + +if [ -f "$usermodmap" ]; then + xmodmap "$usermodmap" +fi + +# start some nice programs + +if [ -d /etc/X11/xinit/xinitrc.d ] ; then + for f in /etc/X11/xinit/xinitrc.d/?*.sh ; do + [ -x "$f" ] && . "$f" + done + unset f +fi + +exec i3 diff --git a/servers/anon.html b/servers/anon.html new file mode 100644 index 0000000..7de05af --- /dev/null +++ b/servers/anon.html @@ -0,0 +1,365 @@ + + + + + + + + + + Privacy, Anonymity and Plausible Deniability Tutorials + + + + + + +
+
+
+
+ Previous Page

Privacy, Anonymity and Plausible Deniability

+

Tutorials to show how to achieve Privacy, Anonymity and Plausible Deniability online. + I have a certain quality standard as to how i do these tutorials, if there are any improvements i can do on them please let me know. + +

SHOWCASED ARTICLE: Learn how to audit your own setup, to determine your OPSEC Level, and find out what is the most appropriate internet use for it.

+


+

Articles Status:

+
    +
  1. ✅: Completed
  2. +
  3. 🟠: Work in progress
  4. +
  5. ❌: Not started yet
  6. +

+ + + +
+
+
+
+ +
+
+ +
+
+
+
+ +
+
+
+
+
+
+

OPSEC LEVEL 2: Anonymity

+
+ +

📝 Explaining Anonymity

+
    +
  1. ✅ What is Anonymity ? Why is it Important ?
  2. +
  3. ✅ The main source of Anonymity: The Tor Network
  4. +
  5. ✅ Using Tor Safely: Tor through VPN or VPN through Tor ?
  6. +
  7. 🟠 Shifting from a public to an Anonymous online persona
  8. +
  9. 🟠 Phone Numbers are incompatible with Anonymity
  10. + +

+

💻 Clientside - Anonymity using the Tor browser (⚠️ Check if your ISP allows Tor or Not!)

+
    +
  1. ✅ If your ISP allows Anonymity (You -> Tor -> Websites)
  2. +
  3. ❌ If your ISP Does not allow Anonymity (You -> VPN -> Tor -> Websites)
  4. +
  5. ❌ If websites don't allow Anonymity (You -> Tor -> VPNs -> Websites)
  6. +
  7. ❌ If Tor and VPNs are illegal in your country ⚠️ (You -> Tor Bridge -> Tor -> Websites)
  8. +
    + +

+

💻 Clientside - Anonymity using VMs (⚠️ Check if your ISP allows Tor or Not!)

+
    +
  1. ✅ Tails OS QEMU VM for Temporary Anonymity
  2. +
  3. ✅ VMs for Long-term Anonymity (Whonix QEMU VMs)
  4. +
  5. ❌ Routing QEMU VMs through VPNs (You -> VPN -> Tor -> Websites)
  6. +
  7. ❌ Routing VPNs through Whonix / Tails QEMU VMs (You -> Tor -> VPN -> Websites)
  8. +
  9. ❌ Using Tor Bridges with Whonix / Tails QEMU VMs (You -> Tor Bridges -> Tor -> Websites)
  10. + +

+
+
+ + +

🧅 Serverside - Decentralisation in the service of Anonymity

+
    +
  1. ✅ Tor Bridge Node
  2. +
  3. ✅ Tor Node
  4. +
  5. ✅ Tor Exit Node
  6. +
  7. ✅ Monero Node
  8. +
  9. ❌ Haveno Seed Node
  10. +

+

💻 Clientside - Decentralized Finances

+
    +
  1. ✅ Why Financial decentralisation ? (Cryptocurrencies, Exchanges and KYC) ⭐
  2. +
  3. ✅ How to acquire and use Monero
  4. +
  5. ✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
  6. +
  7. ✅ Haveno DEX Dispute resolution (Fiat -> XMR)
  8. +
  9. ✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
  10. +
  11. ✅ Haveno DEX Cash By Mail -> XMR transaction ⭐
  12. +

+ + +

🧅 Serverside - Anonymity on Remote Servers (⚠️ Remote Hosting = Safer!)

+
    +
  1. ✅ Acquiring and using remote servers anonymously (non-KYC providers) ⭐
  2. +
  3. 🟠 Hosting a .onion website when the ISP allows anonymity (with custom .onion Vanity V3 address) (server -> tor)
  4. +
  5. ❌ Hosting a .onion website when the ISP doesnt allow anonymity (server -> vpn -> tor)
  6. +
    +

+

🧅 Serverside - Clearnet Services (⚠️ Remote Hosting = Safer!)

+
    + +
  1. ✅ Clearnet Bind9 DNS server setup (with DNSSEC)
  2. +
  3. ✅ Clearnet Matrix server
  4. +
  5. 🟠 XMPP server (Gajim, OMEO encryption, ejabberd .onion setup)
  6. +
  7. ✅ Remote anonymous access setup (cockpit + ssh through tor)
  8. +
  9. ✅ Anonymous self-hosted clearnet Mail Server ⭐
  10. +
    +

+ + + + +


+ +
+
+
+
+
+
+ +
+
+ + + + + +
+
+
+
+

Inspirations

+ +
    +
  1. Hack Liberty Resources
  2. +
  3. Privacy Guides
  4. +
  5. Simplified Privacy
  6. +
  7. The Hitchhiker's guide to Anonymity
  8. +


+

Non-KYC VPS providers



+

Current services used:

+
    +
  1. ServersGuru (KYC-Free reseller of cloud providers like Hetzner)
  2. +
  3. nicevps.net (KYC-Free registrar)
  4. +
+
+

Previous services:

+
    +
  1. Incognet (both registrar and cloud provider)
  2. +
  3. Hostiko (cloud provider)
  4. +
  5. Other Non-KYC Cloud Providers
  6. + +
+

+ +

+LEGAL DISCLAIMER: 
+Across the entirety of my blog, in all articles that I made, I advocate for the legal use of technologies, even when I am talking about Privacy-enhancing and Anonymity-enabling technologies. In no way am I advocating for any illegal use of any technology showcased in any article on my blog. as the goal of this blog is to remain stricly informative and educative.
+
+
+I decline any and all responsibility for any mis-use of any of the technology i showcase in the entirety of my blog. I also decline any and all responsibility for any physical, digital and psychological damage caused by the mis-use of any showcased technology, as the responsibility of such acts remains with the perpretating third-party. By reading this blog, you permanently, irrevocably and world-widely agree that I am in no way am responsible for any illegal action done by you or anyone that uses any of the showcased technology in my blog articles.
+
+
+ + + +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/anonaccess/1.png b/servers/anonaccess/1.png new file mode 100644 index 0000000..c1e9c21 Binary files /dev/null and b/servers/anonaccess/1.png differ diff --git a/servers/anonaccess/2.png b/servers/anonaccess/2.png new file mode 100644 index 0000000..3e7c62f Binary files /dev/null and b/servers/anonaccess/2.png differ diff --git a/servers/anonaccess/3.png b/servers/anonaccess/3.png new file mode 100644 index 0000000..28b945e Binary files /dev/null and b/servers/anonaccess/3.png differ diff --git a/servers/anonaccess/4.png b/servers/anonaccess/4.png new file mode 100644 index 0000000..080bbbb Binary files /dev/null and b/servers/anonaccess/4.png differ diff --git a/servers/anonaccess/5.png b/servers/anonaccess/5.png new file mode 100644 index 0000000..7df9b8f Binary files /dev/null and b/servers/anonaccess/5.png differ diff --git a/servers/anonaccess/6.png b/servers/anonaccess/6.png new file mode 100644 index 0000000..aa06e0f Binary files /dev/null and b/servers/anonaccess/6.png differ diff --git a/servers/anonaccess/index.html b/servers/anonaccess/index.html new file mode 100644 index 0000000..51485e0 --- /dev/null +++ b/servers/anonaccess/index.html @@ -0,0 +1,276 @@ + + + + + + + + + + + Remote anonymous access setup (cockpit + ssh through tor) + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-05-02

+

Remote anonymous access setup (cockpit + ssh through tor)

+ +
+
+
+
+ + +
+
+
+
+

Initial Setup

+

On your server, edit the torrc file like so:

+

+[ Datura ] [ /dev/pts/9 ] [~]
+→ cat /etc/tor/torrc
+
+HiddenServiceDir /var/lib/tor/onions/daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/
+HiddenServicePort 22 127.0.0.1:22
+HiddenServicePort 80 127.0.0.1:4443
+	
+
+

Then just edit your local .ssh config to access it:

+

+[ mainpc ] [ /dev/pts/7 ] [~]
+→ cat .ssh/config
+Host web-gw2024-dedi
+        User root
+        hostname 37.27.32.233
+        IdentityFile ~/.ssh/torified
+
+Host tortura
+        User root
+        hostname daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion
+        IdentityFile ~/.ssh/torified
+        proxyCommand ncat --proxy 127.0.0.1:9050 --proxy-type socks5 %h %p
+
+Host datura
+        User root
+        hostname 65.109.30.253
+        IdentityFile ~/.ssh/torified
+	
+
+

Then connect to the host via SSH:

+

+[ mainpc ] [ /dev/pts/5 ] [~]
+→ systemctl restart tor@default
+
+[ mainpc ] [ /dev/pts/5 ] [~]
+→ ssh tortura
+The authenticity of host 'daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion (<no hostip for proxy command>)' can't be established.
+ED25519 key fingerprint is SHA256:A0CFTeUixGoK96VenBQ7Z2U8kX5olDCqBvBNeJUfs6I.
+This host key is known by the following other names/addresses:
+    ~/.ssh/known_hosts:144: [hashed name]
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added 'daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion' (ED25519) to the list of known hosts.
+Enter passphrase for key '/home/nihilist/.ssh/torified':
+Linux Datura 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
+
+The programs included with the Debian GNU/Linux system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+permitted by applicable law.
+Last login: Thu May  2 14:47:23 2024 from 178.255.149.178
+
+[ Datura ] [ /dev/pts/11 ] [~]
+→
+	
+
+ +

So that's how you do it if you cannot access the server via a public IP directly, but keep in mind that the latency is most likely unbearable due to the 6 hops circuit (since we're doing it via the .onion link, rather than connecting to the IP directly)

+

so you're probably better off just connecting to the IP directly but forcing the SSH connection through tor using torsocks, which greatly reduces the latency (3 hops instead of 6):

+

+[ mainpc ] [ /dev/pts/7 ] [~]
+→ torsocks ssh datura
+Enter passphrase for key '/home/nihilist/.ssh/torified':
+Linux Datura 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
+
+The programs included with the Debian GNU/Linux system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+permitted by applicable law.
+Last login: Thu May  2 15:48:08 2024 from 127.0.0.1
+
+[ Datura ] [ /dev/pts/12 ] [~]
+→ id
+uid=0(root) gid=0(root) groups=0(root)
+	
+
+
+
+
+
+ +
+
+
+
+

Cockpit .onion setup



+

Let's install cockpit from the apt repositories:

+

+[ Datura ] [ /dev/pts/11 ] [~]
+→ apt install cockpit -y
+	
+[ Datura ] [ /dev/pts/11 ] [~]
+→ systemctl status cockpit
+● cockpit.service - Cockpit Web Service
+     Loaded: loaded (/lib/systemd/system/cockpit.service; static)
+     Active: active (running) since Fri 2024-05-03 13:30:51 CEST; 2min 5s ago
+TriggeredBy: ● cockpit.socket
+       Docs: man:cockpit-ws(8)
+    Process: 3563910 ExecStartPre=/usr/lib/cockpit/cockpit-certificate-ensure --for-cockpit-tls (code=exited, status=0/SUCCESS)
+   Main PID: 3563926 (cockpit-tls)
+      Tasks: 1 (limit: 77002)
+     Memory: 2.4M
+        CPU: 355ms
+     CGroup: /system.slice/cockpit.service
+             └─3563926 /usr/lib/cockpit/cockpit-tls
+
+May 03 13:30:51 Datura systemd[1]: Starting cockpit.service - Cockpit Web Service...
+May 03 13:30:51 Datura cockpit-certificate-ensure[3563918]: /usr/lib/cockpit/cockpit-certificate-helper: line 25: sscg: command not found
+May 03 13:30:51 Datura cockpit-certificate-ensure[3563919]: ......+.....+.+......+...+.........+...+..............+.+...+..+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+++++++++++++++++++++++++++++++>
+May 03 13:30:51 Datura cockpit-certificate-ensure[3563919]: .+.........+...+...+.......+........+....+..............+.........+......+.+......+..+.+..+...+....+...+.........+.....+....+.....+++++++++++++++++++++++++++++++++++++++++++++++++>
+May 03 13:30:51 Datura cockpit-certificate-ensure[3563919]: -----
+May 03 13:30:51 Datura systemd[1]: Started cockpit.service - Cockpit Web Service.
+May 03 13:30:51 Datura cockpit-tls[3563926]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
+May 03 13:30:55 Datura cockpit-tls[3563926]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
+
+
+ +

once it completes, just connect to it on port 9090:

+ +

ignore the self-signed HTTPs warning and enable javascript afterward:

+ +

In the Tor browser, select the "Safer" security level to be able to browse to the cockpit service with javascript:

+ + + + + +

if it refuses the login, make sure the user has proper sudo access like so::

+

+[ Datura ] [ /dev/pts/11 ] [~]
+→ useradd nihilist
+
+[ Datura ] [ /dev/pts/11 ] [~]
+→ passwd nihilist
+New password:
+Retype new password:
+passwd: password updated successfully
+
+[ Datura ] [ /dev/pts/11 ] [~]
+→ usermod -aG sudo nihilist
+
+[ Datura ] [ /dev/pts/11 ] [~]
+→ visudo
+
+# User privilege specification
+root    ALL=(ALL:ALL) ALL
+nihilist ALL=(ALL:ALL) ALL
+
+
+ +
+
+
+
+ + + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/anonpersona/0.png b/servers/anonpersona/0.png new file mode 100644 index 0000000..0d06634 Binary files /dev/null and b/servers/anonpersona/0.png differ diff --git a/servers/anonpersona/1.png b/servers/anonpersona/1.png new file mode 100644 index 0000000..3693490 Binary files /dev/null and b/servers/anonpersona/1.png differ diff --git a/servers/anonpersona/2.png b/servers/anonpersona/2.png new file mode 100644 index 0000000..20e218d Binary files /dev/null and b/servers/anonpersona/2.png differ diff --git a/servers/anonpersona/3.png b/servers/anonpersona/3.png new file mode 100644 index 0000000..3de0fae Binary files /dev/null and b/servers/anonpersona/3.png differ diff --git a/servers/anonpersona/index.html b/servers/anonpersona/index.html new file mode 100644 index 0000000..5cd8bd4 --- /dev/null +++ b/servers/anonpersona/index.html @@ -0,0 +1,221 @@ + + + + + + + + + + + Shifting To An Anonymous Persona Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-03-11

+

Shifting To An Anonymous Persona Setup

+ +

In this tutorial we're going to look at how you can move from a public persona to an anonymous one online along with the process behind it.

+ +
+
+
+
+ + +
+
+
+
+

Self-Auditing

+

Let's first assume that you have a public internet presence online, you have a domain name registered to your name, and you host some services online.

+

Let's also assume that you have followed the previous tutorials, meaning you now have whonix VMs in a veracrypt hidden partition that you can deny the existance of (reminder: do NOT use SSDs, use HDDs otherwise devices that use wear-leveling can reveal the existance of a hidden partition).

+

So from now on your publicly you're going to PGP sign a message for everyone to see that you wish to sell the domain and all of it's subdomain services to someone else, and to message you over email/ or a chatrom for the price. The message can look as follows:

+

+Hi all, planning to stop all of my services soon due to lack of interest / or X Y Z.
+Please note that i'm ready to take offers as i'm selling the domain and all of it's underlying services to the highest bidder.
+Contact me at email@example.com to discuss this offer if you're interested.
+
+
+ +

Basically here you're going to want someone anonymous to buy your services, officially. Secretely you will simply have moved to an anonymous way of operating.

+ +

Unless if you're hosting something incredible, Most likely noone will answer, but in the meantime you're going to audit your infrastructure on the following points:

+

+-How is your domain accessed ?
+	-Did you register your domain under your own name ?
+	-Did you buy your domain using monero ?
+-How are your servers accessed ?
+	-Did you ever not access those servers locally or through tor alone (ssh through tor)?
+	-Did you rent those servers under your own name ? 
+	-Did you ever pay for those servers without using monero ?
+-Do you have any services hosted at home ?
+	-if so, are they accessible through your public home IP ?
+	-if not, are they all accessible through a remote VPN gateway ?
+	-if not, are they all accessible through tor alone (via a .onion link) ?
+	-are they behind an open-source router such as pfsense ?
+-Did you implement the recommended physical security measures in the previous tutorials?
+	-for any local home server: movement detection, usb changes, unauthorized login attempts, secret maintenance procedure ? 
+	-for any client device (laptop/mainpc/phone):
+		-is the host OS of those devices open source ? (linux for pcs, grapheneOS for phone ?)
+		-are they all tampered protected ?
+-Did you implement a secure OPSEC for your online accesses to services ?
+	- did you ever reuse a password on a closed-source OS ?
+	- did you ever reuse a password at all for an online service ?
+	- did you ever use your public IP, or a VPN IP to create an online email account that you've used in the past ? 
+	- did you ever try to do any anonymous activity using that email account ?
+
+
+ +
+
+
+
+ +
+
+
+
+

Formulating the plan



+

Once you have the answer to all these questions, you're going to need to formulate a plan to move all of those services to their anonymous counterpart. Yes, sacrifices will need to be made.

+

+-If you have any public domains, you're going to transfer it to a non-KYC domain name registrar or reseller, one that accepts monero and tor traffic, such as https://nicevps.net
+-If you have any public servers, you're going to need to transfer all of your services to another server that will be bought with monero and accessed through tor alone. such as https://servers.guru
+-If you have any servers at home, you're going to need to make sure that no traffic ever goes to and from your public servers without going through Tor first-hand.
+-If you have any servers at home, you're going to need to make sure that they're behind an open-source router such as pfsense. (because closed-source routers cannot be trusted due to government pressures.
+-If you have not implemented the required physical security measures for your client and home server devices, apply them as listed above.
+-If you have ever used a password or an email with bad OPSEC as listed above, consider it burned and immediately give up using those moving forward. 
+	-You must have an email address for public activities, and another for anonymous activities.
+	-You must have a master password for a keepass databse for public activities, and another for private activities, and another for anonymous activities.
+
+
+

Here's how your ideal infrastructure must look like, if you want to maintain anonymity online:

+ + +
+
+
+
+ + + +
+
+
+
+

Carrying out the plan



+

Once the plan is clear to you, it's time to implement it. This whole anonymization process can be disguised as a "i've sold all of my services to this anonymous guy online" scenario, while "This anonymous guy online" is secretely you, from the Whonix VMs inside of your hidden veracrypt partitions. A typical anonymization of your services would look like this:

+

+Conversation on email / in a chatroom:
+A: Hey i want to buy your services, i can pay 2 XMR 
+you: sure, here's my XMR address:
+A:payment sent, awaiting accesses 
+you: ok payment recieved, here is the domain transfer code for domainexample.com: mkmkkljnnuju, i made sure it was unlocked
+A:  ok i've created the transfer request on nicevps.net, it will get transfered in a few days (can take 2 weeks for example). Please send me the accesses to your public servers.
+you: here is SSH root access for server A, B, and C  (typically the 2 dns servers, and the main public server)
+A: ok i changed all of the accesses, please send me the files for the X Y Z services that you host at home. i've created a temporary user you can SSH with to copy the files in /tmp/
+you: ok i just SCP'd (sent via SSH) the files in /tmp/
+A: recieved, thanks.
+you: Please publicly state, and PGP-sign that the domain, and all of it's servers have been bought by you, by mentionning the new name, email and the plan moving forward.
+A: Domain has been successfully transfered to nicevps.net, all good thanks.
+A: done, and added to the public page as an announcement, thanks.
+
+
+ +

Make sure that you save the proof of the transaction (the whole chatlog, and the monero transaction ID), and that you sign it with you PGP key just in case if an adversary asks if you still are the owner of those services.

+

As a result, publicly you will now state that you no longer offer any of the services you were doing previously, and that someone else took over the website and services after buying it.

+

While secretely onwards, these services will all be accessed, paid for and administered anonymously by you from the Whonix VMs you have inside your hidden veracrypt partition.

+ + +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/anonymity.png b/servers/anonymity.png new file mode 100644 index 0000000..2e5f8ad Binary files /dev/null and b/servers/anonymity.png differ diff --git a/servers/anonymity/1.png b/servers/anonymity/1.png new file mode 100644 index 0000000..41aa6b1 Binary files /dev/null and b/servers/anonymity/1.png differ diff --git a/servers/anonymity/10.png b/servers/anonymity/10.png new file mode 100644 index 0000000..7368291 Binary files /dev/null and b/servers/anonymity/10.png differ diff --git a/servers/anonymity/100.png b/servers/anonymity/100.png new file mode 100644 index 0000000..f68fd18 Binary files /dev/null and b/servers/anonymity/100.png differ diff --git a/servers/anonymity/101.png b/servers/anonymity/101.png new file mode 100644 index 0000000..fafcd29 Binary files /dev/null and b/servers/anonymity/101.png differ diff --git a/servers/anonymity/102.png b/servers/anonymity/102.png new file mode 100644 index 0000000..ed34ea6 Binary files /dev/null and b/servers/anonymity/102.png differ diff --git a/servers/anonymity/103.png b/servers/anonymity/103.png new file mode 100644 index 0000000..7b1b43f Binary files /dev/null and b/servers/anonymity/103.png differ diff --git a/servers/anonymity/104.png b/servers/anonymity/104.png new file mode 100644 index 0000000..8aee311 Binary files /dev/null and b/servers/anonymity/104.png differ diff --git a/servers/anonymity/105.png b/servers/anonymity/105.png new file mode 100644 index 0000000..835f272 Binary files /dev/null and b/servers/anonymity/105.png differ diff --git a/servers/anonymity/106.png b/servers/anonymity/106.png new file mode 100644 index 0000000..ad6104f Binary files /dev/null and b/servers/anonymity/106.png differ diff --git a/servers/anonymity/11.png b/servers/anonymity/11.png new file mode 100644 index 0000000..8b9a183 Binary files /dev/null and b/servers/anonymity/11.png differ diff --git a/servers/anonymity/12.png b/servers/anonymity/12.png new file mode 100644 index 0000000..0de0bf0 Binary files /dev/null and b/servers/anonymity/12.png differ diff --git a/servers/anonymity/13.png b/servers/anonymity/13.png new file mode 100644 index 0000000..985d88f Binary files /dev/null and b/servers/anonymity/13.png differ diff --git a/servers/anonymity/14.png b/servers/anonymity/14.png new file mode 100644 index 0000000..bf179d3 Binary files /dev/null and b/servers/anonymity/14.png differ diff --git a/servers/anonymity/15.png b/servers/anonymity/15.png new file mode 100644 index 0000000..539f949 Binary files /dev/null and b/servers/anonymity/15.png differ diff --git a/servers/anonymity/16.png b/servers/anonymity/16.png new file mode 100644 index 0000000..ac0b0bd Binary files /dev/null and b/servers/anonymity/16.png differ diff --git a/servers/anonymity/17.png b/servers/anonymity/17.png new file mode 100644 index 0000000..d719ac8 Binary files /dev/null and b/servers/anonymity/17.png differ diff --git a/servers/anonymity/2.png b/servers/anonymity/2.png new file mode 100644 index 0000000..91a0231 Binary files /dev/null and b/servers/anonymity/2.png differ diff --git a/servers/anonymity/20.png b/servers/anonymity/20.png new file mode 100644 index 0000000..55eef14 Binary files /dev/null and b/servers/anonymity/20.png differ diff --git a/servers/anonymity/200.png b/servers/anonymity/200.png new file mode 100644 index 0000000..4358d49 Binary files /dev/null and b/servers/anonymity/200.png differ diff --git a/servers/anonymity/21.png b/servers/anonymity/21.png new file mode 100644 index 0000000..b9adcb2 Binary files /dev/null and b/servers/anonymity/21.png differ diff --git a/servers/anonymity/22.png b/servers/anonymity/22.png new file mode 100644 index 0000000..a537562 Binary files /dev/null and b/servers/anonymity/22.png differ diff --git a/servers/anonymity/23.png b/servers/anonymity/23.png new file mode 100644 index 0000000..ee16c38 Binary files /dev/null and b/servers/anonymity/23.png differ diff --git a/servers/anonymity/24.png b/servers/anonymity/24.png new file mode 100644 index 0000000..b57f470 Binary files /dev/null and b/servers/anonymity/24.png differ diff --git a/servers/anonymity/25.png b/servers/anonymity/25.png new file mode 100644 index 0000000..2169c3e Binary files /dev/null and b/servers/anonymity/25.png differ diff --git a/servers/anonymity/26.png b/servers/anonymity/26.png new file mode 100644 index 0000000..98b55af Binary files /dev/null and b/servers/anonymity/26.png differ diff --git a/servers/anonymity/27.png b/servers/anonymity/27.png new file mode 100644 index 0000000..6cfddd6 Binary files /dev/null and b/servers/anonymity/27.png differ diff --git a/servers/anonymity/28.png b/servers/anonymity/28.png new file mode 100644 index 0000000..ca7f98e Binary files /dev/null and b/servers/anonymity/28.png differ diff --git a/servers/anonymity/29.png b/servers/anonymity/29.png new file mode 100644 index 0000000..c09d540 Binary files /dev/null and b/servers/anonymity/29.png differ diff --git a/servers/anonymity/3.png b/servers/anonymity/3.png new file mode 100644 index 0000000..1e1c843 Binary files /dev/null and b/servers/anonymity/3.png differ diff --git a/servers/anonymity/30.png b/servers/anonymity/30.png new file mode 100644 index 0000000..3095fcd Binary files /dev/null and b/servers/anonymity/30.png differ diff --git a/servers/anonymity/31.png b/servers/anonymity/31.png new file mode 100644 index 0000000..819d4f0 Binary files /dev/null and b/servers/anonymity/31.png differ diff --git a/servers/anonymity/32.png b/servers/anonymity/32.png new file mode 100644 index 0000000..53bb169 Binary files /dev/null and b/servers/anonymity/32.png differ diff --git a/servers/anonymity/33.png b/servers/anonymity/33.png new file mode 100644 index 0000000..6ee92f1 Binary files /dev/null and b/servers/anonymity/33.png differ diff --git a/servers/anonymity/34.png b/servers/anonymity/34.png new file mode 100644 index 0000000..2e0885e Binary files /dev/null and b/servers/anonymity/34.png differ diff --git a/servers/anonymity/35.png b/servers/anonymity/35.png new file mode 100644 index 0000000..ceec400 Binary files /dev/null and b/servers/anonymity/35.png differ diff --git a/servers/anonymity/36.png b/servers/anonymity/36.png new file mode 100644 index 0000000..3f7dd1d Binary files /dev/null and b/servers/anonymity/36.png differ diff --git a/servers/anonymity/37.png b/servers/anonymity/37.png new file mode 100644 index 0000000..2ee2c8a Binary files /dev/null and b/servers/anonymity/37.png differ diff --git a/servers/anonymity/38.png b/servers/anonymity/38.png new file mode 100644 index 0000000..1a19105 Binary files /dev/null and b/servers/anonymity/38.png differ diff --git a/servers/anonymity/39.png b/servers/anonymity/39.png new file mode 100644 index 0000000..c922a06 Binary files /dev/null and b/servers/anonymity/39.png differ diff --git a/servers/anonymity/4.png b/servers/anonymity/4.png new file mode 100644 index 0000000..85e406a Binary files /dev/null and b/servers/anonymity/4.png differ diff --git a/servers/anonymity/40.png b/servers/anonymity/40.png new file mode 100644 index 0000000..8db286f Binary files /dev/null and b/servers/anonymity/40.png differ diff --git a/servers/anonymity/41.png b/servers/anonymity/41.png new file mode 100644 index 0000000..0d22ad0 Binary files /dev/null and b/servers/anonymity/41.png differ diff --git a/servers/anonymity/42.png b/servers/anonymity/42.png new file mode 100644 index 0000000..942b175 Binary files /dev/null and b/servers/anonymity/42.png differ diff --git a/servers/anonymity/43.png b/servers/anonymity/43.png new file mode 100644 index 0000000..9e1bfc4 Binary files /dev/null and b/servers/anonymity/43.png differ diff --git a/servers/anonymity/44.png b/servers/anonymity/44.png new file mode 100644 index 0000000..ef30e1f Binary files /dev/null and b/servers/anonymity/44.png differ diff --git a/servers/anonymity/45.png b/servers/anonymity/45.png new file mode 100644 index 0000000..6a462d5 Binary files /dev/null and b/servers/anonymity/45.png differ diff --git a/servers/anonymity/46.png b/servers/anonymity/46.png new file mode 100644 index 0000000..93c0b6c Binary files /dev/null and b/servers/anonymity/46.png differ diff --git a/servers/anonymity/47.png b/servers/anonymity/47.png new file mode 100644 index 0000000..f026ae0 Binary files /dev/null and b/servers/anonymity/47.png differ diff --git a/servers/anonymity/48.png b/servers/anonymity/48.png new file mode 100644 index 0000000..56e347e Binary files /dev/null and b/servers/anonymity/48.png differ diff --git a/servers/anonymity/49.png b/servers/anonymity/49.png new file mode 100644 index 0000000..efb5b20 Binary files /dev/null and b/servers/anonymity/49.png differ diff --git a/servers/anonymity/5.png b/servers/anonymity/5.png new file mode 100644 index 0000000..56bcc36 Binary files /dev/null and b/servers/anonymity/5.png differ diff --git a/servers/anonymity/50.png b/servers/anonymity/50.png new file mode 100644 index 0000000..f9ffb62 Binary files /dev/null and b/servers/anonymity/50.png differ diff --git a/servers/anonymity/51.png b/servers/anonymity/51.png new file mode 100644 index 0000000..930a945 Binary files /dev/null and b/servers/anonymity/51.png differ diff --git a/servers/anonymity/52.png b/servers/anonymity/52.png new file mode 100644 index 0000000..de2b1b0 Binary files /dev/null and b/servers/anonymity/52.png differ diff --git a/servers/anonymity/53.png b/servers/anonymity/53.png new file mode 100644 index 0000000..e1d9d51 Binary files /dev/null and b/servers/anonymity/53.png differ diff --git a/servers/anonymity/54.png b/servers/anonymity/54.png new file mode 100644 index 0000000..a3835f2 Binary files /dev/null and b/servers/anonymity/54.png differ diff --git a/servers/anonymity/55.png b/servers/anonymity/55.png new file mode 100644 index 0000000..d8d4394 Binary files /dev/null and b/servers/anonymity/55.png differ diff --git a/servers/anonymity/56.png b/servers/anonymity/56.png new file mode 100644 index 0000000..8cfc430 Binary files /dev/null and b/servers/anonymity/56.png differ diff --git a/servers/anonymity/57.png b/servers/anonymity/57.png new file mode 100644 index 0000000..94c0f00 Binary files /dev/null and b/servers/anonymity/57.png differ diff --git a/servers/anonymity/58.png b/servers/anonymity/58.png new file mode 100644 index 0000000..94a1fb2 Binary files /dev/null and b/servers/anonymity/58.png differ diff --git a/servers/anonymity/59.png b/servers/anonymity/59.png new file mode 100644 index 0000000..a42d76c Binary files /dev/null and b/servers/anonymity/59.png differ diff --git a/servers/anonymity/6.png b/servers/anonymity/6.png new file mode 100644 index 0000000..d4be495 Binary files /dev/null and b/servers/anonymity/6.png differ diff --git a/servers/anonymity/60.png b/servers/anonymity/60.png new file mode 100644 index 0000000..9af728d Binary files /dev/null and b/servers/anonymity/60.png differ diff --git a/servers/anonymity/61.png b/servers/anonymity/61.png new file mode 100644 index 0000000..896733d Binary files /dev/null and b/servers/anonymity/61.png differ diff --git a/servers/anonymity/62.png b/servers/anonymity/62.png new file mode 100644 index 0000000..774a278 Binary files /dev/null and b/servers/anonymity/62.png differ diff --git a/servers/anonymity/63.png b/servers/anonymity/63.png new file mode 100644 index 0000000..ade299b Binary files /dev/null and b/servers/anonymity/63.png differ diff --git a/servers/anonymity/64.png b/servers/anonymity/64.png new file mode 100644 index 0000000..7be42a7 Binary files /dev/null and b/servers/anonymity/64.png differ diff --git a/servers/anonymity/65.png b/servers/anonymity/65.png new file mode 100644 index 0000000..c0141a5 Binary files /dev/null and b/servers/anonymity/65.png differ diff --git a/servers/anonymity/66.png b/servers/anonymity/66.png new file mode 100644 index 0000000..f74d4d1 Binary files /dev/null and b/servers/anonymity/66.png differ diff --git a/servers/anonymity/67.png b/servers/anonymity/67.png new file mode 100644 index 0000000..d1929db Binary files /dev/null and b/servers/anonymity/67.png differ diff --git a/servers/anonymity/68.png b/servers/anonymity/68.png new file mode 100644 index 0000000..9c91b4a Binary files /dev/null and b/servers/anonymity/68.png differ diff --git a/servers/anonymity/69.png b/servers/anonymity/69.png new file mode 100644 index 0000000..10c8d47 Binary files /dev/null and b/servers/anonymity/69.png differ diff --git a/servers/anonymity/7.png b/servers/anonymity/7.png new file mode 100644 index 0000000..18e8e71 Binary files /dev/null and b/servers/anonymity/7.png differ diff --git a/servers/anonymity/70.png b/servers/anonymity/70.png new file mode 100644 index 0000000..dd10a3a Binary files /dev/null and b/servers/anonymity/70.png differ diff --git a/servers/anonymity/71.png b/servers/anonymity/71.png new file mode 100644 index 0000000..6155605 Binary files /dev/null and b/servers/anonymity/71.png differ diff --git a/servers/anonymity/72.png b/servers/anonymity/72.png new file mode 100644 index 0000000..b764b59 Binary files /dev/null and b/servers/anonymity/72.png differ diff --git a/servers/anonymity/73.png b/servers/anonymity/73.png new file mode 100644 index 0000000..83028ae Binary files /dev/null and b/servers/anonymity/73.png differ diff --git a/servers/anonymity/8.png b/servers/anonymity/8.png new file mode 100644 index 0000000..2042d48 Binary files /dev/null and b/servers/anonymity/8.png differ diff --git a/servers/anonymity/9.png b/servers/anonymity/9.png new file mode 100644 index 0000000..376c04e Binary files /dev/null and b/servers/anonymity/9.png differ diff --git a/servers/anonymity/index.html b/servers/anonymity/index.html new file mode 100644 index 0000000..957c6e5 --- /dev/null +++ b/servers/anonymity/index.html @@ -0,0 +1,928 @@ + + + + + + + + + + + Anonymity Management + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nothing@nowhere - 2023-10-12

+

Anonymity Management

+

In this tutorial we're going to take a look at how to manage your online Anonymity.

+ +
DISCLAIMER: we're using only harddrives (HDDs) here, because using SSDs are not a secure way to have Plausible Deniability, that is due to hidden Volumes being detectable on devices that utilize wear-leveling +

+source: https://anonymousplanet.org/guide.html#understanding-hdd-vs-ssd
+
+regarding wear leveling:
+"Also as mentioned earlier, disabling Trim will reduce the lifetime of your SSD drive and will significantly impact its performance over time (your laptop will become slower and slower over several months of use until it becomes almost unusable, you will then have to clean the drive and re-install everything). But you must do it to prevent data leaks that could allow forensics to defeat your plausible deniability. The only way around this at the moment is to have a laptop with a classic HDD drive instead."
+
+
+ +

This tutorial is based on my previous explanation on OPSEC make sure that you take it into account before proceeding.

+ +

So, we basically want 3 ways to access websites. The first being while using tor, for complete anonymity, to do that we'll use whonix. The second is to do the same but to masquerade it with a non-KYC VPN which will also be acquired anonymously to be used only in the case of a website blocking tor exit nodes, and the last one is without any protection, for websites you cannot use without KYC.

+ +

As a safety measure for Anonymity, there will be a veracrypt hidden partition in use for plausible deniability.

+ +

To prepare the computer for those tasks, we will rely on opensource software to avoid any tracking, we'll remove logs from linux.

+

And lastly, we're going to take a look at how to keep track of your accesses to the websites you access anonymously

+ + +
+
+
+
+ + +
+
+
+
+

Initial Setup

+

First let's make sure all logs get erased upon system shutdown as described in my previous tutorial on host OS hardening (by piping all logs to go to the /tmp/ folder):

+ +

We also make sure that the script to remove logs also includes shutting down the VMs and closes the veracrypt volume just like the emergency shutdown script we detailed in the previous tutorial on homeserver physical security:

+

+
+[ mainpc ] [ /dev/pts/2 ] [~/logremover]
+→ cat /etc/systemd/system/reboot_logremover.service
+[Unit]
+Description=Shutdown Anti forensics
+DefaultDependencies=no
+Before=shutdown.target reboot.target halt.target
+
+[Service]
+Type=oneshot
+ExecStart=/root/shutdown.sh
+TimeoutStartSec=0
+
+[Install]
+WantedBy=shutdown.target reboot.target halt.target
+
+[ mainpc ] [ /dev/pts/2 ] [~/logremover]
+→ cat shutdown.sh
+#!/bin/bash
+
+#remove VMs
+
+sudo virsh -c qemu:///system destroy Whonix-Gateway
+sudo virsh -c qemu:///system destroy Whonix-Workstation
+sudo virsh -c qemu:///system undefine Whonix-Gateway
+sudo virsh -c qemu:///system undefine Whonix-Workstation
+sudo virsh -c qemu:///system net-destroy Whonix-External
+sudo virsh -c qemu:///system net-destroy Whonix-Internal
+sudo virsh -c qemu:///system net-undefine Whonix-External
+sudo virsh -c qemu:///system net-undefine Whonix-External
+
+#then unmount veracrypt volumes
+
+sudo veracrypt -d  -f
+
+# then cleanup logs
+
+sudo rm -rf /dev/shm/*
+sudo rm -rf /var/log/*
+sudo dmesg -c
+
+
+

In the shutdown.sh script we also make sure that the VMs are removed, and that the veracrypt volumes are unmounted, before clearing up the logs.

+ +

Next we're going to install libvirt as seen in our previous tutorial on host os hardeninghere:

+

+sudo pacman -S libvirt qemu-full virt-manager dnsmasq bridge-utils
+	
+sudo systemctl enable --now libvirtd
+
+#####################vault.sh:#######################################
+#!/bin/bash
+echo "[+] MOUNTING VAULTS..."
+
+sudo cryptsetup luksOpen /dev/nvme1n1p1 VAULT
+sudo mkdir /run/media/nihilist/VAULT 2>/dev/null
+sudo mount /dev/mapper/VAULT /run/media/nihilist/VAULT
+
+echo "[+] VAULTS MOUNTED"
+###################################################################
+
+usermod -a -G libvirt nihilist
+usermod -a -G kvm nihilist
+
+[root@nowhere ~]# vim /etc/libvirt/libvirtd.conf 
+[root@nowhere ~]# cat /etc/libvirt/libvirtd.conf  | grep sock_group
+unix_sock_group = "libvirt"
+unix_sock_rw_perms = "0770"
+
+sudo chmod 770 -R VMs 
+sudo chown nihilist:libvirt -R VMs 
+
+cat /etc/libvirt/qemu.conf
+group = "libvirt"
+user = "nihilist"
+
+systemctl restart libvirtd.service
+
+virt-manager
+
+
+ +

Next step we create the veracrypt drives, so use the /dev/sdb harddrive for it:

+

+[ 10.99.99.9/24 ] [ /dev/pts/2 ] [~/Nextcloud/Obsidian]
+→ lsblk
+NAME          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
+sda             8:0    0   1.8T  0 disk
+└─sda1          8:1    0   1.8T  0 part
+sdb             8:16   0 447.1G  0 disk
+sdc             8:32   0   3.6T  0 disk
+└─VAULTBACKUP 253:1    0   3.6T  0 crypt /mnt/VAULTBACKUP
+zram0         254:0    0     4G  0 disk  [SWAP]
+nvme1n1       259:0    0   1.8T  0 disk
+└─nvme1n1p1   259:1    0   1.8T  0 part
+  └─VAULT     253:0    0   1.8T  0 crypt /mnt/VAULT
+nvme0n1       259:2    0 465.8G  0 disk
+├─nvme0n1p1   259:3    0   511M  0 part  /boot
+└─nvme0n1p2   259:4    0 465.3G  0 part  /
+	
+
+ +

Be aware that the 3 VMs we need to place in a veracrypt container all weigh 100GB each so you need 300Gb for all 3 VMs, so you need at least 2x300Gb to replicate the setup in the decoy partition, so pick a 1.2TB harddrive instead, with some additional space so preferably a 1.8TB one just to be safe, unlike as shown below (a 500gb disk which is not enough!)

+

So let's now setup the hidden partition there:

+

+[ 10.99.99.9/24 ] [ /dev/pts/2 ] [~/Nextcloud/Obsidian]
+→ sudo pacman -S veracrypt
+	
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + +

Now that's done, let's setup the whonix and workstations templates, we will then copy them in the veracrypt harddrive afterward to edit them. So let's go here to download whonix for QEMU:

+ + +

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ mv ~/Downloads/Whonix-Xfce-17.0.3.0.Intel_AMD64.qcow2.libvirt.xz .
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ tar -xvf Whonix-Xfce-17.0.3.0.Intel_AMD64.qcow2.libvirt.xz
+WHONIX_BINARY_LICENSE_AGREEMENT
+WHONIX_DISCLAIMER
+Whonix-Gateway-Xfce-17.0.3.0.xml
+Whonix-Workstation-Xfce-17.0.3.0.xml
+Whonix_external_network-17.0.3.0.xml
+Whonix_internal_network-17.0.3.0.xml
+Whonix-Gateway-Xfce-17.0.3.0.Intel_AMD64.qcow2
+Whonix-Workstation-Xfce-17.0.3.0.Intel_AMD64.qcow2
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ touch WHONIX_BINARY_LICENSE_AGREEMENT_accepted
+
+

Next we edit the XML files to have the working VMs, for which we will give 2GB of ram for the gateway, and 4GB of ram for the workstation while also specifying the path to their .qcow2 volumes:

+

+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ vim Whonix-Workstation-Xfce-17.0.3.0.xml
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ cat Whonix-Workstation-Xfce-17.0.3.0.xml | grep GiB
+  <memory dumpCore='off' unit='GiB'>4
+  <currentMemory unit='GiB'>4
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ cat Whonix-Workstation-Xfce-17.0.3.0.xml| grep source
+      <source file='/mnt/VAULT/ISOs/whonix/Whonix-Workstation-Xfce-17.0.3.0.Intel_AMD64.qcow2'/>
+
+
+
+
+
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ vim Whonix-Workstation-Xfce-17.0.3.0.xml
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ cat Whonix-Gateway-Xfce-17.0.3.0.xml | grep GiB
+  <memory dumpCore='off' unit='GiB'>2
+  <currentMemory unit='GiB'>2
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ cat Whonix-Gateway-Xfce-17.0.3.0.xml| grep source
+      <source file='/mnt/VAULT/ISOs/whonix/Whonix-Gateway-Xfce-17.0.3.0.Intel_AMD64.qcow2'/>
+
+
+

and now to make things easier let's put a refreshvms.sh script in there to remove and restart the VMs:

+

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ vim refreshvms.sh
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ cat refreshvms.sh
+#!/bin/bash
+
+#remove VMs
+
+sudo virsh -c qemu:///system destroy Whonix-Gateway
+sudo virsh -c qemu:///system destroy Whonix-Workstation
+sudo virsh -c qemu:///system undefine Whonix-Gateway
+sudo virsh -c qemu:///system undefine Whonix-Workstation
+sudo virsh -c qemu:///system net-destroy Whonix-External
+sudo virsh -c qemu:///system net-destroy Whonix-Internal
+sudo virsh -c qemu:///system net-undefine Whonix-External
+sudo virsh -c qemu:///system net-undefine Whonix-External
+
+echo '[+] VMs removed, re-install them ? (ctrl+c to exit)'
+read
+
+#install VMs
+
+sudo virsh -c qemu:///system net-define Whonix_external*.xml
+sudo virsh -c qemu:///system net-define Whonix_internal*.xml
+sudo virsh -c qemu:///system net-autostart Whonix-External
+sudo virsh -c qemu:///system net-start Whonix-External
+sudo virsh -c qemu:///system net-autostart Whonix-Internal
+sudo virsh -c qemu:///system net-start Whonix-Internal
+sudo virsh -c qemu:///system define Whonix-Gateway*.xml
+sudo virsh -c qemu:///system define Whonix-Workstation*.xml
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ chmod +x refreshvms.sh
+
+
+

then run it:

+

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ ./refreshvms.sh
+error: Failed to destroy domain 'Whonix-Gateway'
+error: Requested operation is not valid: domain is not running
+
+error: Failed to destroy domain 'Whonix-Workstation'
+error: Requested operation is not valid: domain is not running
+
+Domain 'Whonix-Gateway' has been undefined
+
+Domain 'Whonix-Workstation' has been undefined
+
+Network Whonix-External destroyed
+
+Network Whonix-Internal destroyed
+
+Network Whonix-External has been undefined
+
+error: failed to get network 'Whonix-External'
+error: Network not found: no network with matching name 'Whonix-External'
+
+[+] VMs removed, re-install them ? (ctrl+c to exit)
+
+Network Whonix-External defined from Whonix_external_network-17.0.3.0.xml
+
+error: Failed to define network from Whonix_internal_network-17.0.3.0.xml
+error: operation failed: network 'Whonix-Internal' already exists with uuid 48298ccf-9352-4b21-b6c4-17ad13ad1d6d
+
+Network Whonix-External marked as autostarted
+
+Network Whonix-External started
+
+Network Whonix-Internal marked as autostarted
+
+Network Whonix-Internal started
+
+Domain 'Whonix-Gateway' defined from Whonix-Gateway-Xfce-17.0.3.0.xml
+
+Domain 'Whonix-Workstation' defined from Whonix-Workstation-Xfce-17.0.3.0.xml
+
+
+

Then launch the VMs from virt-manager:

+ +

let's start with the Gateway:

+ + + + + +

Now that's done you can also finish the initial setup for the workstation:

+ + +

So from here you can use whonix regularly to browse with the tor browser, don't forget to disable javascript and to always keep the browser up to date like so:

+ +

As suggested above, we'll also upgrade the VMs, and to go further we'll install unattended upgrades (note whonix's default system credentials are user:changeme:

+

+$ passwd
+$ sudo -i
+# apt update -y ; apt upgrade -y ; apt autoremove -y
+# apt install unattended-upgrades apt-listchanges -y
+# dpkg-reconfigure -plow unattended-upgrades 
+
+^ select yes there
+	
+
+

Next step is to have the second workstation which will be used as the vpn over tor setup later on so let's copy the .xml and .qcow2 after shutting down the existing workstation:

+

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ ls
+refreshvms.sh                             Whonix_external_network-17.0.3.0.xml            Whonix-Workstation-Xfce-17.0.3.0.Intel_AMD64.qcow2
+WHONIX_BINARY_LICENSE_AGREEMENT           Whonix-Gateway-Xfce-17.0.3.0.Intel_AMD64.qcow2  Whonix-Workstation-Xfce-17.0.3.0.xml
+WHONIX_BINARY_LICENSE_AGREEMENT_accepted  Whonix-Gateway-Xfce-17.0.3.0.xml                Whonix-Xfce-17.0.3.0.Intel_AMD64.qcow2.libvirt.xz
+WHONIX_DISCLAIMER                         Whonix_internal_network-17.0.3.0.xml	
+
+ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ cp Whonix-Workstation-Xfce-17.0.3.0.xml Whonix-Workstation2-Xfce-17.0.3.0.xml
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ cp Whonix-Workstation-Xfce-17.0.3.0.Intel_AMD64.qcow2 Whonix-Workstation2-Xfce-17.0.3.0.Intel_AMD64.qcow2
+
+
+

Then edit the new xml file to match the new VM name:

+

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ vim Whonix-Workstation2-Xfce-17.0.3.0.xml
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ cat Whonix-Workstation2-Xfce-17.0.3.0.xml | grep Workstation2
+  <name>Whonix-Workstation2</name>
+      <source file='/mnt/VAULT/ISOs/whonix/Whonix-Workstation2-Xfce-17.0.3.0.Intel_AMD64.qcow2'/>
+	
+
+

Then we include it in the refreshVMs.sh script:

+

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ cat refreshvms.sh
+#!/bin/bash
+
+#remove VMs
+
+sudo virsh -c qemu:///system destroy Whonix-Gateway
+sudo virsh -c qemu:///system destroy Whonix-Workstation
+sudo virsh -c qemu:///system destroy Whonix-Workstation2
+
+sudo virsh -c qemu:///system undefine Whonix-Gateway
+sudo virsh -c qemu:///system undefine Whonix-Workstation
+sudo virsh -c qemu:///system undefine Whonix-Workstation2
+
+
+sudo virsh -c qemu:///system net-destroy Whonix-External
+sudo virsh -c qemu:///system net-destroy Whonix-Internal
+sudo virsh -c qemu:///system net-undefine Whonix-External
+sudo virsh -c qemu:///system net-undefine Whonix-Internal
+
+
+
+
+echo '[+] VMs removed, re-install them ? (ctrl+c to exit)'
+read
+
+#install VMs
+sudo virsh -c qemu:///system net-define Whonix_external*.xml
+sudo virsh -c qemu:///system net-define Whonix_internal*.xml
+
+
+sudo virsh -c qemu:///system net-autostart Whonix-External
+sudo virsh -c qemu:///system net-start Whonix-External
+
+sudo virsh -c qemu:///system net-autostart Whonix-Internal
+sudo virsh -c qemu:///system net-start Whonix-Internal
+
+sudo virsh -c qemu:///system define Whonix-Gateway*.xml
+sudo virsh -c qemu:///system define Whonix-Workstation2*.xml
+sudo virsh -c qemu:///system define Whonix-Workstation-*.xml
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ ./refreshvms.sh
+error: Failed to destroy domain 'Whonix-Gateway'
+error: Requested operation is not valid: domain is not running
+
+error: Failed to destroy domain 'Whonix-Workstation'
+error: Requested operation is not valid: domain is not running
+
+error: Failed to destroy domain 'Whonix-Workstation2'
+error: Requested operation is not valid: domain is not running
+
+Domain 'Whonix-Gateway' has been undefined
+
+Domain 'Whonix-Workstation' has been undefined
+
+Domain 'Whonix-Workstation2' has been undefined
+
+Network Whonix-External destroyed
+
+Network Whonix-Internal destroyed
+
+Network Whonix-External has been undefined
+
+Network Whonix-Internal has been undefined
+
+[+] VMs removed, re-install them ? (ctrl+c to exit)
+
+Network Whonix-External defined from Whonix_external_network-17.0.3.0.xml
+
+Network Whonix-Internal defined from Whonix_internal_network-17.0.3.0.xml
+
+Network Whonix-External marked as autostarted
+
+Network Whonix-External started
+
+Network Whonix-Internal marked as autostarted
+
+Network Whonix-Internal started
+
+Domain 'Whonix-Gateway' defined from Whonix-Gateway-Xfce-17.0.3.0.xml
+
+Domain 'Whonix-Workstation2' defined from Whonix-Workstation2-Xfce-17.0.3.0.xml
+
+Domain 'Whonix-Workstation' defined from Whonix-Workstation-Xfce-17.0.3.0.xml
+
+
+

Then edit the new workstation VM to have the 10.152.152.12 ip by default (since the other one has the 10.152.152.11 ip):

+ + +

Now that our VM templates are done, let's put them on our veracrypt harddrive:

+

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ ./refreshvms.sh
+[sudo] password for nothing:
+Domain 'Whonix-Gateway' destroyed
+
+Domain 'Whonix-Workstation' destroyed
+
+Domain 'Whonix-Workstation2' destroyed
+
+Domain 'Whonix-Gateway' has been undefined
+
+Domain 'Whonix-Workstation' has been undefined
+
+Domain 'Whonix-Workstation2' has been undefined
+
+Network Whonix-External destroyed
+
+Network Whonix-Internal destroyed
+
+Network Whonix-External has been undefined
+
+Network Whonix-Internal has been undefined
+
+[+] VMs removed, re-install them ? (ctrl+c to exit)
+^C
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ ls
+refreshvms.sh                             Whonix-Gateway-Xfce-17.0.3.0.Intel_AMD64.qcow2       Whonix-Workstation-Xfce-17.0.3.0.Intel_AMD64.qcow2
+WHONIX_BINARY_LICENSE_AGREEMENT           Whonix-Gateway-Xfce-17.0.3.0.xml                     Whonix-Workstation-Xfce-17.0.3.0.xml
+WHONIX_BINARY_LICENSE_AGREEMENT_accepted  Whonix_internal_network-17.0.3.0.xml                 Whonix-Xfce-17.0.3.0.Intel_AMD64.qcow2.libvirt.xz
+WHONIX_DISCLAIMER                         Whonix-Workstation2-Xfce-17.0.3.0.Intel_AMD64.qcow2
+Whonix_external_network-17.0.3.0.xml      Whonix-Workstation2-Xfce-17.0.3.0.xml
+	
+
+ + +

Once mounted, let's copy them here and launch them:

+

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [VAULT/ISOs/whonix]
+→ cd /media/veracrypt1
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ cp /mnt/VAULT/ISOs/whonix/* .
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ ls -lash
+total 21G
+4.0K drwxr-xr-x 2 nothing nothing 4.0K Oct  8 13:35 .
+4.0K drwxr-xr-x 3 root    root    4.0K Oct  8 13:34 ..
+4.0K -rwxr-xr-x 1 nothing nothing 1.2K Oct  8 13:35 refreshvms.sh
+ 40K -rw-r--r-- 1 nothing nothing  39K Oct  8 13:35 WHONIX_BINARY_LICENSE_AGREEMENT
+   0 -rw-r--r-- 1 nothing nothing    0 Oct  8 13:35 WHONIX_BINARY_LICENSE_AGREEMENT_accepted
+8.0K -rw-r--r-- 1 nothing nothing 4.1K Oct  8 13:35 WHONIX_DISCLAIMER
+4.0K -rw-r--r-- 1 nothing nothing  172 Oct  8 13:35 Whonix_external_network-17.0.3.0.xml
+5.2G -rw-r--r-- 1 nothing nothing 101G Oct  8 13:35 Whonix-Gateway-Xfce-17.0.3.0.Intel_AMD64.qcow2
+4.0K -rw-r--r-- 1 nothing nothing 2.4K Oct  8 13:35 Whonix-Gateway-Xfce-17.0.3.0.xml
+4.0K -rw-r--r-- 1 nothing nothing   97 Oct  8 13:35 Whonix_internal_network-17.0.3.0.xml
+6.9G -rw-r--r-- 1 nothing nothing 101G Oct  8 13:35 Whonix-Workstation2-Xfce-17.0.3.0.Intel_AMD64.qcow2
+4.0K -rw-r--r-- 1 nothing nothing 2.3K Oct  8 13:35 Whonix-Workstation2-Xfce-17.0.3.0.xml
+7.0G -rw-r--r-- 1 nothing nothing 101G Oct  8 13:35 Whonix-Workstation-Xfce-17.0.3.0.Intel_AMD64.qcow2
+4.0K -rw-r--r-- 1 nothing nothing 2.3K Oct  8 13:35 Whonix-Workstation-Xfce-17.0.3.0.xml
+1.3G -rw-r--r-- 1 nothing nothing 1.3G Oct  8 13:35 Whonix-Xfce-17.0.3.0.Intel_AMD64.qcow2.libvirt.xz
+
+
+

Now that's done, you need to edit each XML to make sure it has the correct path in it:

+

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ vim Whonix-Gateway-Xfce-17.0.3.0.xml
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ vim Whonix-Workstation2-Xfce-17.0.3.0.xml
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ vim Whonix-Workstation-Xfce-17.0.3.0.xml
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ cat Whonix-Gateway-Xfce-17.0.3.0.xml| grep source
+      <source file='/media/veracrypt1/Whonix-Gateway-Xfce-17.0.3.0.Intel_AMD64.qcow2'/>
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ cat Whonix-Workstation2-Xfce-17.0.3.0.xml | grep source
+      <source file='/media/veracrypt1/whonix/Whonix-Workstation2-Xfce-17.0.3.0.Intel_AMD64.qcow2'/>
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ cat Whonix-Workstation-Xfce-17.0.3.0.xml | grep source
+      <source file='/media/veracrypt1/whonix/Whonix-Workstation-Xfce-17.0.3.0.Intel_AMD64.qcow2'/>
+	
+
+

Then you can use the VMs using the refreshvms.sh script:

+

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ ./refreshvms.sh
+[sudo] password for nothing:
+error: failed to get domain 'Whonix-Gateway'
+
+error: failed to get domain 'Whonix-Workstation'
+
+error: failed to get domain 'Whonix-Workstation2'
+
+error: failed to get domain 'Whonix-Gateway'
+
+error: failed to get domain 'Whonix-Workstation'
+
+error: failed to get domain 'Whonix-Workstation2'
+
+error: failed to get network 'Whonix-External'
+error: Network not found: no network with matching name 'Whonix-External'
+
+error: failed to get network 'Whonix-Internal'
+error: Network not found: no network with matching name 'Whonix-Internal'
+
+error: failed to get network 'Whonix-External'
+error: Network not found: no network with matching name 'Whonix-External'
+
+error: failed to get network 'Whonix-Internal'
+error: Network not found: no network with matching name 'Whonix-Internal'
+
+[+] VMs removed, re-install them ? (ctrl+c to exit)
+
+
+Network Whonix-External defined from Whonix_external_network-17.0.3.0.xml
+
+Network Whonix-Internal defined from Whonix_internal_network-17.0.3.0.xml
+
+Network Whonix-External marked as autostarted
+
+Network Whonix-External started
+
+Network Whonix-Internal marked as autostarted
+
+Network Whonix-Internal started
+
+Domain 'Whonix-Gateway' defined from Whonix-Gateway-Xfce-17.0.3.0.xml
+
+Domain 'Whonix-Workstation2' defined from Whonix-Workstation2-Xfce-17.0.3.0.xml
+
+Domain 'Whonix-Workstation' defined from Whonix-Workstation-Xfce-17.0.3.0.xml
+	
+
+

Now with this if you are forced to give away the password for that harddrive, you can give them this decoy partition, and they'll find the whonix VMs you've copied there.

+

So now dismount the veracrypt partition, to do that you need to first remove the VMs with the script, and then you need to EXIT the folder, otherwise it'll complain and tell you that the target drive is busy and can't be unmounted:

+

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ ./refreshvms.sh
+error: Failed to destroy domain 'Whonix-Gateway'
+error: Requested operation is not valid: domain is not running
+
+error: Failed to destroy domain 'Whonix-Workstation'
+error: Requested operation is not valid: domain is not running
+
+error: Failed to destroy domain 'Whonix-Workstation2'
+error: Requested operation is not valid: domain is not running
+
+Domain 'Whonix-Gateway' has been undefined
+
+Domain 'Whonix-Workstation' has been undefined
+
+Domain 'Whonix-Workstation2' has been undefined
+
+Network Whonix-External destroyed
+
+Network Whonix-Internal destroyed
+
+Network Whonix-External has been undefined
+
+Network Whonix-Internal has been undefined
+
+[+] VMs removed, re-install them ? (ctrl+c to exit)
+^C
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ cd ..
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media]
+→
+
+ +

Now that's done for the decoy partition, we do the same for the hidden partition:

+ + +

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media]
+→ cd veracrypt1
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ cp /mnt/VAULT/ISOs/whonix/* .
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ ls
+refreshvms.sh                             Whonix-Gateway-Xfce-17.0.3.0.Intel_AMD64.qcow2       Whonix-Workstation-Xfce-17.0.3.0.Intel_AMD64.qcow2
+WHONIX_BINARY_LICENSE_AGREEMENT           Whonix-Gateway-Xfce-17.0.3.0.xml                     Whonix-Workstation-Xfce-17.0.3.0.xml
+WHONIX_BINARY_LICENSE_AGREEMENT_accepted  Whonix_internal_network-17.0.3.0.xml                 Whonix-Xfce-17.0.3.0.Intel_AMD64.qcow2.libvirt.xz
+WHONIX_DISCLAIMER                         Whonix-Workstation2-Xfce-17.0.3.0.Intel_AMD64.qcow2
+Whonix_external_network-17.0.3.0.xml      Whonix-Workstation2-Xfce-17.0.3.0.xml
+	
+
+

Then edit the paths again:

+

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ vim Whonix-Gateway-Xfce-17.0.3.0.xml
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ vim Whonix-Workstation2-Xfce-17.0.3.0.xml
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ vim Whonix-Workstation-Xfce-17.0.3.0.xml
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ cat Whonix-Gateway-Xfce-17.0.3.0.xml| grep source
+      <source file='/media/veracrypt1/Whonix-Gateway-Xfce-17.0.3.0.Intel_AMD64.qcow2'/>
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ cat Whonix-Workstation2-Xfce-17.0.3.0.xml | grep source
+      <source file='/media/veracrypt1/whonix/Whonix-Workstation2-Xfce-17.0.3.0.Intel_AMD64.qcow2'/>
+
+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ cat Whonix-Workstation-Xfce-17.0.3.0.xml | grep source
+      <source file='/media/veracrypt1/whonix/Whonix-Workstation-Xfce-17.0.3.0.Intel_AMD64.qcow2'/>
+	
+
+

Then start the VMs:

+

+[ 10.99.99.9/24 ] [ /dev/pts/23 ] [/media/veracrypt1]
+→ ./refreshvms.sh
+[sudo] password for nothing:
+error: failed to get domain 'Whonix-Gateway'
+
+error: failed to get domain 'Whonix-Workstation'
+
+error: failed to get domain 'Whonix-Workstation2'
+
+error: failed to get domain 'Whonix-Gateway'
+
+error: failed to get domain 'Whonix-Workstation'
+
+error: failed to get domain 'Whonix-Workstation2'
+
+error: failed to get network 'Whonix-External'
+error: Network not found: no network with matching name 'Whonix-External'
+
+error: failed to get network 'Whonix-Internal'
+error: Network not found: no network with matching name 'Whonix-Internal'
+
+error: failed to get network 'Whonix-External'
+error: Network not found: no network with matching name 'Whonix-External'
+
+error: failed to get network 'Whonix-Internal'
+error: Network not found: no network with matching name 'Whonix-Internal'
+
+[+] VMs removed, re-install them ? (ctrl+c to exit)
+
+Network Whonix-External defined from Whonix_external_network-17.0.3.0.xml
+
+Network Whonix-Internal defined from Whonix_internal_network-17.0.3.0.xml
+
+Network Whonix-External marked as autostarted
+
+Network Whonix-External started
+
+Network Whonix-Internal marked as autostarted
+
+Network Whonix-Internal started
+
+Domain 'Whonix-Gateway' defined from Whonix-Gateway-Xfce-17.0.3.0.xml
+
+Domain 'Whonix-Workstation2' defined from Whonix-Workstation2-Xfce-17.0.3.0.xml
+
+Domain 'Whonix-Workstation' defined from Whonix-Workstation-Xfce-17.0.3.0.xml
+	
+
+

You need to keep in mind that currently we have not given out any information about ourselves, other than we've used Tor. We won't stop there, and in order to use a VPN anonymously, you need to acquire it through Tor, buy it with Monero, and force the VPN Connection itself through Tor. Cherry on top is that we're going to use a well-used VPN service, so we won't be the only user with that public VPN ip. But what matters is that we do not give any information about us to the VPN provider. If the VPN provider forces you to provide anything personal (if the vpn provider blocks tor connections, or forces you to buy it with something else than monero), then it would not truly be a non-KYC VPN provider, and thus it's against your privacy. That's the only way you can find out which ones are all just marketing.

+ +

Now that's done we can go find a vpn provider for the workstation2, let's try out the very praised mullvad vpn provider here, Firstly because it's a non-KYC VPN provider (meaning you can acquire it and use it through Tor, and pay with Monero), also due to the fact that we won't be the only ones using that service, it means we won't need to change the VPN server when we want to have another identity online. On top of that, mullvad gives us the ability to connect to a random server of theirs, via openvpn via TCP on port 443, which is definitely neat because it mimicks web HTTPS traffic, and isn't blockable by tor exit node hosters (which is definitely a trend, most of them block ports that are suceptible to abuse, 443 https being the least likely of them):

+ + +

now to not loose your accesses , make sure to save credentials in a local keepass database on the VM.

+ + + +

Now let's add time to our account, and of course we will pay with the only cryptocurrency that's used:

+ + +

To get some monero you can buy it on localmonero.co, and make sure it arrives on your monero wallet inside the whonix VM, never trust centralised exchanges with your assets, always keep them locally.

+ +

Once it finishes installing, create your monero wallet:

+ +

Then say no to mining and use an onion-based monero daemon, like the one i'm hosting, you can find a full list of other ones here:

+ +

Wait for it to finish synchronizing, then get some monero from a vendor on localmonero.co (by giving them a wallet address you'd have created:

+ + +

Once you've paid, download the .ovpn file to connect via vpn:

+ +

Then unzip and let's now make sure the vpn goes through tor:

+ + +

To do that we need to make sure the VPN goes through the local SOCKS port 9050, and to mention the entry node which is the gateway 10.152.152.10:

+ +

before we launch it keep in mind this:

+DISCLAIMER: While on a VPN, DO NOT use the tor browser, this will make the entire tor browsing visible from the VPN server. In this particular setup you need to use Firefox while the VPN connection is active!!! Make sure that all tor-related applications are shutdown before starting the VPN. I suggest to close everything, and then only have the terminal and firefox open before launching the VPN. + +

Then launch the VPN and you can then see that you no longer have a tor exit node IP:

+ + +

Now check your ip from Firefox, not the tor browser:

+ +

You can also check if there are any DNS leaks:

+ +

here we see the test revealed a dns ip leak, but upon checking (in shodan.io) we see that it's a tor exit IP address:

+ +

We can also check if there are any WebRTC leaks:

+ +

and there we see that there are no webRTC leaks either, so it's all good.

+

To make sure the vpn is started automatically we can make it a systemd service:

+

+root@workstation:~# cat /etc/systemd/system/vpn.service
+[Unit]
+Description=VPN
+After=network-online.target
+Wants=network-online.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=simple
+WorkingDirectory=/home/user/Desktop/mullvad_config_linux_nl_ams/
+ExecStart=/usr/sbin/openvpn /home/user/Desktop/mullvad_config_linux_nl_ams/mullvad_nl_ams.conf
+ExecStop=kill -9 $(pidof openvpn)
+Restart=always
+
+root@workstation:~# systemctl daemon-reload ; systemctl enable --now vpn.service ; systemctl restart vpn.service
+
+
+ +

Now thanks to that, you can still browse websites anonymously in case if they block tor exit nodes.

+
+
+
+
+ +
+
+
+
+ +
+
+
+
+ + + +
+
+
+
+

Anonymity management



+

To implement Anonymity Management, simply ask yourselves the following questions:

+

First question to answer is "Is the activity Sensitive, and will I need to be able to deny it's existence ?" If the answer is no, then we have the following questions:

+ +

If the website requires you to give it your home address like Amazon for example, you can forget trying to be anonymous because you'll anyway need to de-anonymize yourself with your actions, no matter how you accessed the website.

+

If the website doesn't block tor exit nodes, browse it via the Whonix VMs. But if it does, then use the VPN through Tor setup to circumvent the blockage.

+

And lastly, for all websites you browsed to anonymously, make sure you log it to have an global view of your online anonymity.

+ +

If your activities are sensitive enough that you need to be able to deny their existence, then we make use of veracrypt's plausible deniability features, and we open the whonix VMs from inside the hidden partition.

+

And there the same questions apply, but you better remain anonymous while you conduct said sensitive activities.

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/anonymity/old.html b/servers/anonymity/old.html new file mode 100644 index 0000000..59d1fa4 --- /dev/null +++ b/servers/anonymity/old.html @@ -0,0 +1,309 @@ + + + + + + + + + + + anonymity Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nothing@nowhere - 2023-09-24

+

anonymity Setup

+

In this tutorial we're going to take a look at how to manage your online Anonymity.

+ +

We want 3 ways to access websites. The first being while using tor, for complete anonymity. The second is to do the same but to masquerade it with a non-KYC VPN which will also be acquired anonymously, and the last is without any protection.

+ +

As a preventive measure, we're going to separate each VMs using VLANs, so that there's a clear separation between any KYC VMs, and VMs used for anonymity. To do so there will be 3 separate VLANs, one being for Anonymity purposes, and the others for KYC use. +For Anonymity, there will be a veracrypt hidden partition in use for plausible deniability.

+ +

To prepare the computer for those tasks, we will rely on opensource software to avoid any tracking, we'll remove logs from arch linux, and from pfsense.

+

And lastly, we're going to take a look at how to keep track of your accesses to the websites you access anonymously

+ + +
+
+
+
+ + +
+
+
+
+

Initial Setup

+

First let's make sure all logs get erased upon system shutdown (by piping all logs to go to the /tmp/ folder):

+

+[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/var]
+→ sudo rm -rf log
+[sudo] password for nothing:
+
+[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/var]
+→ sudo ln -s /tmp/ /var/log
+
+[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/var]
+→ ls -lash log
+0 lrwxrwxrwx 1 root root 5 Sep 24 18:43 log -> /tmp/
+	
+
+ +

Next we're going to install libvirti as seen here:

+

+sudo pacman -S libvirt qemu virt-manager dnsmasq bridge-utils
+	
+sudo systemctl enable --now libvirtd
+
+virt-manager
+
+
+

Then create the 2 separate LANs for the VMs in virt-manager like so:

+ + + +

Then you're going to need to create the pfsense VM, so first get the iso from the official website:

+ +

+[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/var]
+→ cd /mnt/VAULT/ISOs
+
+[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/mnt/VAULT/ISOs]
+→ mv ~/Downloads/pfSense-CE-2.7.0-RELEASE-amd64.iso.gz .
+
+[ 10.99.99.9/24 ] [ /dev/pts/31 ] [/mnt/VAULT/ISOs]
+→ ls -lash | grep pfSense
+730M -rw-r--r--  1 nothing      nothing      730M Sep 24 19:16 pfSense-CE-2.7.0-RELEASE-amd64.iso
+	
+
+

Then create the VM:

+ + + + +

Before installing the VM we will setup the 3 network cards it will handle: The default WAN, and the 2 LANs

+ + + + +

Now let's start installing the pfsense VM:

+ + + + + + + +

And now that's done, next step is to make sure pfsense handles the 2 VLANs properly:

+ + + + +

Then we set the ip addresses of each interface, starting with the LAN-KYC VLAN:

+ + + + +

Then do the same for the LAN-ANON VLAN:

+ + + +

For this next step, we're going to put a VM in the KYC vlan to finish the pfsense router setup

+ + +

From there, it's a matter of setting up pfsense:

+ + + + + +

To change the pfsense theme to a dark theme, go in System > General Setup > webConfiguratior > Theme > set to pfsense-dark

+ +

As you've seen above, we've set 2 temporary public dns servers, so next we're going to setup 2 local TOR DNS servers, which will allow the VMs to resolve any domain anonymously.

+ +

Once done, we make sure that pfsense takes these 2 dns servers, and only uses them, will also setup firewall rules to deny any other dns traffic.

+ +

Here you can see it's working fine:

+ +

Then shutdown the VM, clone it and you'll have the 2 tor DNSes working.

+ +

Next just put them in the anon VLAN:

+ + +

Once in there, we make sure that they are DHCP reserved so their ip won't change over time:

+ + + +

Then do the same for the other tordns:

+ + +

Then from the firewall, we allow the whole subnet to communicate to tordns1 and 2, because they will also be the bridge nodes, and we allow the tordns 1 and 2 servers to connect anywhere with any protocol. +That way, the only traffic that can escape from the anon subnet, will only be through these 2 servers, that will prevent any data leak from happening.

+

+	
+
+

+

+	
+
+

+

+	
+
+

+

+	
+
+

+

+	
+
+
+
+
+
+ +
+
+
+
+

Setup



+

+ +

+	
+
+ +

+ +

+	
+
+ +

+ +

+	
+
+ +
+
+
+
+ + + +
+
+
+
+

Setup



+

+

+	
+
+ +

+

+	
+
+ +

+

+	
+
+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/anonymity/old/10.png b/servers/anonymity/old/10.png new file mode 100644 index 0000000..175578e Binary files /dev/null and b/servers/anonymity/old/10.png differ diff --git a/servers/anonymity/old/11.png b/servers/anonymity/old/11.png new file mode 100644 index 0000000..79ffa76 Binary files /dev/null and b/servers/anonymity/old/11.png differ diff --git a/servers/anonymity/old/12.png b/servers/anonymity/old/12.png new file mode 100644 index 0000000..7a742c2 Binary files /dev/null and b/servers/anonymity/old/12.png differ diff --git a/servers/anonymity/old/13.png b/servers/anonymity/old/13.png new file mode 100644 index 0000000..1963335 Binary files /dev/null and b/servers/anonymity/old/13.png differ diff --git a/servers/anonymity/old/14.png b/servers/anonymity/old/14.png new file mode 100644 index 0000000..04648c7 Binary files /dev/null and b/servers/anonymity/old/14.png differ diff --git a/servers/anonymity/old/15.png b/servers/anonymity/old/15.png new file mode 100644 index 0000000..b21c44c Binary files /dev/null and b/servers/anonymity/old/15.png differ diff --git a/servers/anonymity/old/16.png b/servers/anonymity/old/16.png new file mode 100644 index 0000000..e5a3970 Binary files /dev/null and b/servers/anonymity/old/16.png differ diff --git a/servers/anonymity/old/17.png b/servers/anonymity/old/17.png new file mode 100644 index 0000000..45b3b4c Binary files /dev/null and b/servers/anonymity/old/17.png differ diff --git a/servers/anonymity/old/18.png b/servers/anonymity/old/18.png new file mode 100644 index 0000000..4016034 Binary files /dev/null and b/servers/anonymity/old/18.png differ diff --git a/servers/anonymity/old/19.png b/servers/anonymity/old/19.png new file mode 100644 index 0000000..91cedf2 Binary files /dev/null and b/servers/anonymity/old/19.png differ diff --git a/servers/anonymity/old/20.png b/servers/anonymity/old/20.png new file mode 100644 index 0000000..d411970 Binary files /dev/null and b/servers/anonymity/old/20.png differ diff --git a/servers/anonymity/old/21.png b/servers/anonymity/old/21.png new file mode 100644 index 0000000..dac75ea Binary files /dev/null and b/servers/anonymity/old/21.png differ diff --git a/servers/anonymity/old/22.png b/servers/anonymity/old/22.png new file mode 100644 index 0000000..866ad5a Binary files /dev/null and b/servers/anonymity/old/22.png differ diff --git a/servers/anonymity/old/23.png b/servers/anonymity/old/23.png new file mode 100644 index 0000000..b350210 Binary files /dev/null and b/servers/anonymity/old/23.png differ diff --git a/servers/anonymity/old/24.png b/servers/anonymity/old/24.png new file mode 100644 index 0000000..a03884a Binary files /dev/null and b/servers/anonymity/old/24.png differ diff --git a/servers/anonymity/old/25.png b/servers/anonymity/old/25.png new file mode 100644 index 0000000..c5bba9b Binary files /dev/null and b/servers/anonymity/old/25.png differ diff --git a/servers/anonymity/old/26.png b/servers/anonymity/old/26.png new file mode 100644 index 0000000..f49616e Binary files /dev/null and b/servers/anonymity/old/26.png differ diff --git a/servers/anonymity/old/27.png b/servers/anonymity/old/27.png new file mode 100644 index 0000000..ba6a8f5 Binary files /dev/null and b/servers/anonymity/old/27.png differ diff --git a/servers/anonymity/old/28.png b/servers/anonymity/old/28.png new file mode 100644 index 0000000..a7020d9 Binary files /dev/null and b/servers/anonymity/old/28.png differ diff --git a/servers/anonymity/old/29.png b/servers/anonymity/old/29.png new file mode 100644 index 0000000..007363b Binary files /dev/null and b/servers/anonymity/old/29.png differ diff --git a/servers/anonymity/old/3.png b/servers/anonymity/old/3.png new file mode 100644 index 0000000..ebbeae8 Binary files /dev/null and b/servers/anonymity/old/3.png differ diff --git a/servers/anonymity/old/30.png b/servers/anonymity/old/30.png new file mode 100644 index 0000000..ce3c2e5 Binary files /dev/null and b/servers/anonymity/old/30.png differ diff --git a/servers/anonymity/old/31.png b/servers/anonymity/old/31.png new file mode 100644 index 0000000..608430b Binary files /dev/null and b/servers/anonymity/old/31.png differ diff --git a/servers/anonymity/old/32.png b/servers/anonymity/old/32.png new file mode 100644 index 0000000..14b03c4 Binary files /dev/null and b/servers/anonymity/old/32.png differ diff --git a/servers/anonymity/old/33.png b/servers/anonymity/old/33.png new file mode 100644 index 0000000..350cd59 Binary files /dev/null and b/servers/anonymity/old/33.png differ diff --git a/servers/anonymity/old/34.png b/servers/anonymity/old/34.png new file mode 100644 index 0000000..3e604c4 Binary files /dev/null and b/servers/anonymity/old/34.png differ diff --git a/servers/anonymity/old/35.png b/servers/anonymity/old/35.png new file mode 100644 index 0000000..9c41364 Binary files /dev/null and b/servers/anonymity/old/35.png differ diff --git a/servers/anonymity/old/36.png b/servers/anonymity/old/36.png new file mode 100644 index 0000000..b02e830 Binary files /dev/null and b/servers/anonymity/old/36.png differ diff --git a/servers/anonymity/old/37.png b/servers/anonymity/old/37.png new file mode 100644 index 0000000..0f9c045 Binary files /dev/null and b/servers/anonymity/old/37.png differ diff --git a/servers/anonymity/old/38.png b/servers/anonymity/old/38.png new file mode 100644 index 0000000..946b210 Binary files /dev/null and b/servers/anonymity/old/38.png differ diff --git a/servers/anonymity/old/39.png b/servers/anonymity/old/39.png new file mode 100644 index 0000000..dc0972b Binary files /dev/null and b/servers/anonymity/old/39.png differ diff --git a/servers/anonymity/old/4.png b/servers/anonymity/old/4.png new file mode 100644 index 0000000..5953921 Binary files /dev/null and b/servers/anonymity/old/4.png differ diff --git a/servers/anonymity/old/40.png b/servers/anonymity/old/40.png new file mode 100644 index 0000000..d00dcef Binary files /dev/null and b/servers/anonymity/old/40.png differ diff --git a/servers/anonymity/old/41.png b/servers/anonymity/old/41.png new file mode 100644 index 0000000..5340a17 Binary files /dev/null and b/servers/anonymity/old/41.png differ diff --git a/servers/anonymity/old/42.png b/servers/anonymity/old/42.png new file mode 100644 index 0000000..ad84fd8 Binary files /dev/null and b/servers/anonymity/old/42.png differ diff --git a/servers/anonymity/old/43.png b/servers/anonymity/old/43.png new file mode 100644 index 0000000..bc28fb6 Binary files /dev/null and b/servers/anonymity/old/43.png differ diff --git a/servers/anonymity/old/44.png b/servers/anonymity/old/44.png new file mode 100644 index 0000000..8b5fade Binary files /dev/null and b/servers/anonymity/old/44.png differ diff --git a/servers/anonymity/old/45.png b/servers/anonymity/old/45.png new file mode 100644 index 0000000..05d2d5c Binary files /dev/null and b/servers/anonymity/old/45.png differ diff --git a/servers/anonymity/old/46.png b/servers/anonymity/old/46.png new file mode 100644 index 0000000..bec0028 Binary files /dev/null and b/servers/anonymity/old/46.png differ diff --git a/servers/anonymity/old/47.png b/servers/anonymity/old/47.png new file mode 100644 index 0000000..07e2756 Binary files /dev/null and b/servers/anonymity/old/47.png differ diff --git a/servers/anonymity/old/48.png b/servers/anonymity/old/48.png new file mode 100644 index 0000000..5b913f9 Binary files /dev/null and b/servers/anonymity/old/48.png differ diff --git a/servers/anonymity/old/49.png b/servers/anonymity/old/49.png new file mode 100644 index 0000000..a603176 Binary files /dev/null and b/servers/anonymity/old/49.png differ diff --git a/servers/anonymity/old/5.png b/servers/anonymity/old/5.png new file mode 100644 index 0000000..50447f1 Binary files /dev/null and b/servers/anonymity/old/5.png differ diff --git a/servers/anonymity/old/50.png b/servers/anonymity/old/50.png new file mode 100644 index 0000000..ed8bb23 Binary files /dev/null and b/servers/anonymity/old/50.png differ diff --git a/servers/anonymity/old/51.png b/servers/anonymity/old/51.png new file mode 100644 index 0000000..a3ccf35 Binary files /dev/null and b/servers/anonymity/old/51.png differ diff --git a/servers/anonymity/old/52.png b/servers/anonymity/old/52.png new file mode 100644 index 0000000..1b44848 Binary files /dev/null and b/servers/anonymity/old/52.png differ diff --git a/servers/anonymity/old/53.png b/servers/anonymity/old/53.png new file mode 100644 index 0000000..9b3988b Binary files /dev/null and b/servers/anonymity/old/53.png differ diff --git a/servers/anonymity/old/54.png b/servers/anonymity/old/54.png new file mode 100644 index 0000000..5be8a52 Binary files /dev/null and b/servers/anonymity/old/54.png differ diff --git a/servers/anonymity/old/55.png b/servers/anonymity/old/55.png new file mode 100644 index 0000000..ac98c7d Binary files /dev/null and b/servers/anonymity/old/55.png differ diff --git a/servers/anonymity/old/56.png b/servers/anonymity/old/56.png new file mode 100644 index 0000000..c5b6740 Binary files /dev/null and b/servers/anonymity/old/56.png differ diff --git a/servers/anonymity/old/57.png b/servers/anonymity/old/57.png new file mode 100644 index 0000000..3969f97 Binary files /dev/null and b/servers/anonymity/old/57.png differ diff --git a/servers/anonymity/old/6.png b/servers/anonymity/old/6.png new file mode 100644 index 0000000..ffb449e Binary files /dev/null and b/servers/anonymity/old/6.png differ diff --git a/servers/anonymity/old/7.png b/servers/anonymity/old/7.png new file mode 100644 index 0000000..8e4c87f Binary files /dev/null and b/servers/anonymity/old/7.png differ diff --git a/servers/anonymity/old/8.png b/servers/anonymity/old/8.png new file mode 100644 index 0000000..70927c7 Binary files /dev/null and b/servers/anonymity/old/8.png differ diff --git a/servers/anonymity/old/9.png b/servers/anonymity/old/9.png new file mode 100644 index 0000000..42fa57e Binary files /dev/null and b/servers/anonymity/old/9.png differ diff --git a/servers/anonymityexplained/1.png b/servers/anonymityexplained/1.png new file mode 100644 index 0000000..a1a2bec Binary files /dev/null and b/servers/anonymityexplained/1.png differ diff --git a/servers/anonymityexplained/2.png b/servers/anonymityexplained/2.png new file mode 100644 index 0000000..fd02027 Binary files /dev/null and b/servers/anonymityexplained/2.png differ diff --git a/servers/anonymityexplained/index.html b/servers/anonymityexplained/index.html new file mode 100644 index 0000000..949bd69 --- /dev/null +++ b/servers/anonymityexplained/index.html @@ -0,0 +1,212 @@ + + + + + + + + + + + What is Anonymity ? Why is it Important ? + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-06-29

+

What is Anonymity ? Why is it Important ?

+ +
+
+
+
+ + +
+
+
+
+

What is Anonymity ?

+

Anonymity is the absence of Identification (or Onymity), it is when individuals are indistinguishable from each other, they all look the same.

+ +

In short, Anonymity means you are not identified. In this example, Someone hid their identity, and is talking to Alice. That someone is anonymous until Jack can figure out who that person is.

+

Anonymity is extremely fragile when that Someone is not implementing strict OPSEC practices, relating to:

+
    +
  1. Using the correct Technology: (What is that Someone using, to protect their Anonymity ? (A mask, a Coat, a mask / the Tor network, i2p, etc))

  2. +
  3. Using the correct Behavior: (By that Someone's actions, they are not revealing who they are. (They are not saying they are Walter Hartwell White living at XYZ)

  4. +
+

DISCLAIMER: That Someone remains Anonymous UNTIL THEY MAKE ONE OPSEC MISTAKE !

+

Keep in mind that maintaining Anonymity is a much stricter practice than that of maintaining Privacy, as you will see, more threat vectors come into the picture.

+
+
+
+
+ +
+
+
+
+

The Enemies of Anonymity: Surveillance, KYC procedures and Centralisation



+

The first the and foremost enemy of Anonymity is Surveillance of any kind. Privacy is a REQUIREMENT if you want Anonymity.

+

+Example: 
+
+Jack is surveilling Bob 24/7. He sees that Bob purchases a mask and a coat, He sees that Bob wears the mask to then go outside to do something sketchy.
+	
+Conclusion:
+
+Because Bob did not have Privacy from Jack in the first place, Bob cannot have Anonymity either.
+
+
+

Surveillance CANNOT be tolerated when you want Anonymity. So before you try to learn to be anonymous online, learn why and how to get Privacy online here.

+ +

The other major enemy of Anonymity is Know Your Customer (KYC) Procedures, these are ways for services to force their customers to identify themselves, wether they like it or not.

+

+Example:
+
+Jack owns an online service (such as a centralised crypto exchange), he accumulated a large userbase over the years, over 1000 active users. The government where Jack operates is ramping up their financial regulations on businesses, and now Jack is being forced to identify all of it's users using standard KYC procedures
+
+Bob (an user on the website) that was anonymous up until that point, is now forced to do the following if he wants to keep using the platform:
+1) state his real life name
+2) his date of birth
+3) his home address
+4) send photos of his identity card
+5) send photos of his face (facial left, front and right sides)
+
+Conclusion:
+	
+Jack is either forced to identify his users or go out of business
+Bob is either forced to identify himself or stop using the service
+
+All of it because the government intends to destroy Bob's right to remain Anonymous online.
+
+
+

But the root cause of surveillance and KYC procedures, is that every centralised entity (any public or private business) will be eventually forced to comply to their government's requests, at the expense of their users.

+

There are only 2 possible long-term outcomes for Centralisation:

+
    +
  1. Act as a governmental proxy to enforce regulations/agendas, at the expense of users' rights

  2. +
  3. Or be forced out of business altogether.

  4. +
+ + +

To be able to achieve Anonymity, you need Privacy, and at least some level of Decentralisation (in the case of anonymization networks like Tor for instance), as we will see in our next tutorials.

+
+
+
+
+ + + +
+
+
+
+

Why is Anonymity Important ?



+

In a way, Anonymity is an improvement over Privacy. In the sense that Privacy is about being about to seclude yourself or information about yourself. Anonymity is the logical next step to Privacy, Where you not only just conceal what your actions are, but also who you are.

+

Depending on the context, especially if you are living in a dictatorship, Anonymity is vital for you to act freely, out of the grasp of adversaries.

+

As we have discussed previously, for a government's laws to be respected, they need to be enforced.

+ +

And for the laws to be enforced, governments need:

+
    +
  1. To know what happened (lack of Privacy, using Surveillance )

  2. +
  3. To know who did it (lack of Anonymity, using KYC procedures )

  4. +
+

Governmental control as a concept itself rests upon these fundamental 2 pillars, the detriment of the individual's Privacy, and Anonymity.

+

In order to regain the control you lost to dictatorships, you first need Privacy, and then you need Anonymity.

+

Most governments want to control the public opinion through opression and censorship, Journalism is one of the most demanding sectors in terms of Anonymity, especially in authoritarian/dictatorship governments where censorship is omnipresent, for them, very sadly, Anonymity is the difference-maker between life and death in those areas of the world.

+ +

For instance, the Freedom of the Press index is a great indicator to tell if you are living in a country that employs censorship as a means to control the population or not. Make no mistake, Governments are often ready to murder journalists to protect their public image, like in Mexico: [1] [2].

+

Essentially, the idea is to reduce your attack surface as much as possible, given the context of near-omnipresent surveillance, Privacy has it's limits, and Anonymity very often becomes the only way out of opression. If noone knows who did something, there can't be any repercussions for the perpetrating party.

+

In a way, Anonymity is superior to Privacy because whatever happened may have been hidden thanks to Privacy, but it may be discovered at a later point in time. Anonymity on the other hand, if maintained, remains a permanent way to act without any repercussions.

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/anonymousremoteserver/1.png b/servers/anonymousremoteserver/1.png new file mode 100644 index 0000000..c67c32f Binary files /dev/null and b/servers/anonymousremoteserver/1.png differ diff --git a/servers/anonymousremoteserver/10.png b/servers/anonymousremoteserver/10.png new file mode 100644 index 0000000..1064f80 Binary files /dev/null and b/servers/anonymousremoteserver/10.png differ diff --git a/servers/anonymousremoteserver/11.png b/servers/anonymousremoteserver/11.png new file mode 100644 index 0000000..065a560 Binary files /dev/null and b/servers/anonymousremoteserver/11.png differ diff --git a/servers/anonymousremoteserver/12.png b/servers/anonymousremoteserver/12.png new file mode 100644 index 0000000..f69835d Binary files /dev/null and b/servers/anonymousremoteserver/12.png differ diff --git a/servers/anonymousremoteserver/13.png b/servers/anonymousremoteserver/13.png new file mode 100644 index 0000000..50adc21 Binary files /dev/null and b/servers/anonymousremoteserver/13.png differ diff --git a/servers/anonymousremoteserver/2.png b/servers/anonymousremoteserver/2.png new file mode 100644 index 0000000..c7d925e Binary files /dev/null and b/servers/anonymousremoteserver/2.png differ diff --git a/servers/anonymousremoteserver/3.png b/servers/anonymousremoteserver/3.png new file mode 100644 index 0000000..271d176 Binary files /dev/null and b/servers/anonymousremoteserver/3.png differ diff --git a/servers/anonymousremoteserver/4.png b/servers/anonymousremoteserver/4.png new file mode 100644 index 0000000..5d6fee1 Binary files /dev/null and b/servers/anonymousremoteserver/4.png differ diff --git a/servers/anonymousremoteserver/5.png b/servers/anonymousremoteserver/5.png new file mode 100644 index 0000000..16ec5ae Binary files /dev/null and b/servers/anonymousremoteserver/5.png differ diff --git a/servers/anonymousremoteserver/6.png b/servers/anonymousremoteserver/6.png new file mode 100644 index 0000000..ccb2812 Binary files /dev/null and b/servers/anonymousremoteserver/6.png differ diff --git a/servers/anonymousremoteserver/7.png b/servers/anonymousremoteserver/7.png new file mode 100644 index 0000000..89c796c Binary files /dev/null and b/servers/anonymousremoteserver/7.png differ diff --git a/servers/anonymousremoteserver/8.png b/servers/anonymousremoteserver/8.png new file mode 100644 index 0000000..91377b7 Binary files /dev/null and b/servers/anonymousremoteserver/8.png differ diff --git a/servers/anonymousremoteserver/9.png b/servers/anonymousremoteserver/9.png new file mode 100644 index 0000000..b294c7e Binary files /dev/null and b/servers/anonymousremoteserver/9.png differ diff --git a/servers/anonymousremoteserver/index.html b/servers/anonymousremoteserver/index.html new file mode 100644 index 0000000..45980d3 --- /dev/null +++ b/servers/anonymousremoteserver/index.html @@ -0,0 +1,231 @@ + + + + + + + + + + + Acquiring remote servers anonymously (non-KYC providers) + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-05-02

+

Acquiring remote servers anonymously (non-KYC providers)

+ +
+
+
+
+ + +
+
+
+
+

Finding out a non-KYC Cloud Provider and Email Provider

+

As we discussed previously, KYC is out of the question if you want to remain anonymous. So you need to find a cloud provider that allows you to rent servers without any KYC.

+

To find one you can go on kycnot.me:

+ +

the current one I use for my services is ServersGuru, as they can resell popular cloud providers like hetzner.

+

In our example below we'll use Cockbox. but first thing we need is a non-KYC email provider, to do so we could follow Privacy Guides' recommendation and create an account on Tuta, but for simplicity i'll use a temporary email from https://tmail.link (do not use it for extended usage)

+ + + +

Now that the account is created, we can also validate if we can recieve mails:

+
+
+
+
+ +
+
+
+
+

Purchasing the server anonymously (using Monero)



+ + + +

Next we generate a SSH key to connect to the server:

+

+[ mainpc ] [ /dev/pts/5 ] [~]
+→ ssh-keygen -t ed25519 -C ""
+Generating public/private ed25519 key pair.
+Enter file in which to save the key (/home/nihilist/.ssh/id_ed25519): /home/nihilist/.ssh/ssh-key-test
+/home/nihilist/.ssh/ssh-key-test already exists.
+Overwrite (y/n)? y
+Enter passphrase (empty for no passphrase):
+Enter same passphrase again:
+Your identification has been saved in /home/nihilist/.ssh/ssh-key-test
+Your public key has been saved in /home/nihilist/.ssh/ssh-key-test.pub
+The key fingerprint is:
+SHA256:hu1aO2qMU0XuaRDTRiVHH3Jl2hNP/0prlAnpPCTGECo
+The key's randomart image is:
++--[ED25519 256]--+
+|       o=+= o.+ .|
+|      o.+= + * +.|
+|    E .*  + * o o|
+|     ..oo. = . +.|
+|      .+S.  + = .|
+|      .o+    + o |
+|     + .o     +  |
+|    o oo..   .   |
+|     oo...       |
++----[SHA256]-----+
+
+[ mainpc ] [ /dev/pts/5 ] [~]
+→ cat .ssh/ssh-key-test.pub
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHqt0O2ZbRt/7ikk0PdPRcb1GRBE5YNDdBHFCMGIdeHb
+
+
+ +

validate the VPS purchase with the Monero option:

+ + +

Then here we send the Monero payment:

+ + +

then wait 10-20 minutes for the payment to be validated by the network, and then you should recieve the mail with your server accesses:

+ +

Now that the server is provisionned, we can connect to it:

+ +
+
+
+
+ + + +
+
+
+
+

Accessing the server anonymously (SSH through Tor)



+

To access the server anonymously, you just need to ssh there through tor using torsocks:

+

+[ mainpc ] [ /dev/pts/6 ] [~]
+→ cat .ssh/config| head -n4
+Host test-server
+        User root
+        hostname 185.216.68.156
+        IdentityFile ~/.ssh/id_ed25519
+
+[ mainpc ] [ /dev/pts/6 ] [~]
+→ torsocks ssh test-server
+The authenticity of host '185.216.68.156 (185.216.68.156)' can't be established.
+ED25519 key fingerprint is SHA256:Od5FT4wcALDHXXK2B4t6lM8idsDmUfhqWpDFjStgBwI.
+This key is not known by any other names.
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '185.216.68.156' (ED25519) to the list of known hosts.
+Linux cockbox 6.1.0-13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29) x86_64
+
+The programs included with the Debian GNU/Linux system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+permitted by applicable law.
+
+root@cockbox:~# id
+uid=0(root) gid=0(root) groups=0(root)
+
+root@cockbox:~# apt update -y ; apt upgrade -y ; apt autoremove -y
+	
+
+ +

And that's it! We now have access to a remote server, we acquired it anonymously, and are now using it anonymously aswell.

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/aps/0days.png b/servers/aps/0days.png new file mode 100644 index 0000000..518d212 Binary files /dev/null and b/servers/aps/0days.png differ diff --git a/servers/aps/anonymity.png b/servers/aps/anonymity.png new file mode 100644 index 0000000..d8414db Binary files /dev/null and b/servers/aps/anonymity.png differ diff --git a/servers/aps/centralisation.png b/servers/aps/centralisation.png new file mode 100644 index 0000000..088fd05 Binary files /dev/null and b/servers/aps/centralisation.png differ diff --git a/servers/aps/decentralisation.png b/servers/aps/decentralisation.png new file mode 100644 index 0000000..ac4e2c8 Binary files /dev/null and b/servers/aps/decentralisation.png differ diff --git a/servers/aps/federation.png b/servers/aps/federation.png new file mode 100644 index 0000000..4153bac Binary files /dev/null and b/servers/aps/federation.png differ diff --git a/servers/aps/index.html b/servers/aps/index.html new file mode 100644 index 0000000..3d623cf --- /dev/null +++ b/servers/aps/index.html @@ -0,0 +1,211 @@ + + + + + + + + + + + Privacy, Anonymity, Plausible Deniability, Decentralisation, Security, and 0days + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-04-30

+

Privacy, Anonymity, Plausible Deniability, Decentralisation, Security, and 0days

+ +
+
+
+
+ + +
+
+
+
+

Privacy Analogy

+ + +

Here in this case, we can say that the conversation between Bob and Alice is private, because it excludes Jack from spying on the conversation.

+ +
+
+
+
+ +
+
+
+
+

Anonymity Analogy



+ + +

Here in this case, we can say that the person talking to Alice is Anonymous from Jack's perspective, until he can figure out who he really is. Until that someone makes an OPSEC Mistake (such as saying out loud his real name, or where he lives), he remains Anonymous.

+ +
+
+
+
+ + + +
+
+
+
+ + +

Plausible Deniability Analogy



+ + +

+ + + +
+
+
+
+ +
+
+
+
+ +

Centralisation, Federation and Decentralisation Analogy



+ +

Here, a profit Company offers an online service (such as Twitter) for their own profit, most often they will do everything they can to keep as many users on their service, in order to gather as much personal information about them as they can, for their own profit.

+ +

A federated service can be considered as semi-decentralised, due to having a company running the main instance that contains a huge amount of users, while other instances can be ran by individuals with a smaller amount of users. The federation means that instances connect to each other so that individual B may talk to individual A, or individual C.

+ + +

We can say that a service is decentralised when individuals are running the services themselves, and offering them back to the individuals, without any profit company coming into the picture.

+ +
+
+
+
+ + + +
+
+
+
+

Security Analogy



+ + +

Here in this case, we can say that the door is secure because it protects Alice and Bob's conversation from Jack's attempts to hear the contents of the conversation.

+ +
+
+
+
+ + + +
+
+
+
+

0days Analogy



+ + +

Bob and Alice are supposed to have their conversation protected by a closed door, but Jack has an 100% sure way of breaking down the door, no matter how they try to reinforce the door, There is nothing Bob and Alice can do about it.

+ +
+
+
+
+ + + + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/aps/plausibledeniability.png b/servers/aps/plausibledeniability.png new file mode 100644 index 0000000..1845592 Binary files /dev/null and b/servers/aps/plausibledeniability.png differ diff --git a/servers/aps/privacy.png b/servers/aps/privacy.png new file mode 100644 index 0000000..6b7385e Binary files /dev/null and b/servers/aps/privacy.png differ diff --git a/servers/aps/security.png b/servers/aps/security.png new file mode 100644 index 0000000..ad7df6d Binary files /dev/null and b/servers/aps/security.png differ diff --git a/servers/ce0.png b/servers/ce0.png new file mode 100644 index 0000000..0ee830f Binary files /dev/null and b/servers/ce0.png differ diff --git a/servers/ce1.png b/servers/ce1.png new file mode 100644 index 0000000..7fa67f9 Binary files /dev/null and b/servers/ce1.png differ diff --git a/servers/ce2.png b/servers/ce2.png new file mode 100644 index 0000000..4a71497 Binary files /dev/null and b/servers/ce2.png differ diff --git a/servers/closedsource/1.png b/servers/closedsource/1.png new file mode 100644 index 0000000..af64f52 Binary files /dev/null and b/servers/closedsource/1.png differ diff --git a/servers/closedsource/2.png b/servers/closedsource/2.png new file mode 100644 index 0000000..493554c Binary files /dev/null and b/servers/closedsource/2.png differ diff --git a/servers/closedsource/index.html b/servers/closedsource/index.html new file mode 100644 index 0000000..61c2f0a --- /dev/null +++ b/servers/closedsource/index.html @@ -0,0 +1,183 @@ + + + + + + + + + + + Why can't I trust closed source software? + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-04-29

+

Why can't I trust closed source software?

+

"Hey, i just wrote this code, i compiled it, it gave me this .exe file, run it on your computer!

+

What? You want the source code ? Hell no, just trust me bro!"

+ +
+
+
+
+ + +
+
+
+
+

What is closed source software?

+

To briefly explain, any software out there was first written (a developer wrote some source code, for example in the go language), it was then compiled, and then the compilation produced a binary file (for example it became a .exe file on windows)

+ +

The catch here is that when you try to reverse-engineer binary files, it's going to be very hard to figure out what the original source code was. This practice is called Reverse Engineering, a niche in cybersecurity, where someone tries to figure out what the original sourcecode was intended to be, with only the binary to work with.

+

One thing is for sure: you can't arrive at the original sourcecode from just the binary. It's mostly guess work.

+

Most software companies (which can be corporations) out there are greedy, they work hard to produce software, and they hate to have any competition. Hence they want keep their software sourcecode private, to make it as hard as possible to others to arrive at the same level of functionnality. That is exactly why closed source software is used by most people.

+ +

The most popular example out there is Windows, they would definitely not like their sourcecode to be leaked/reversed like it with Apple's IOS.

+
+
+
+
+ +
+
+
+
+

Spyware example, and how to replace it



+Discord: a Privacy Nightmare +

Let's take a popular example: Discord as detailed in their article on spyware watchdog, it's one of the worst pieces of spyware out there. It's sourcecode is not public, and they confirm that they collect large amounts of sensitive user data (as much as they can).

+

Discord even goes out of it's way and contains a process logger to spy on what you do on your computer.

+

That service even forces you to add a phone number in case if it suspects you tried to create an account anonymously (via a vpn or via tor).

+

You get it, it's a nightmare for privacy and anonymity there is out of the question. The perfect governmental proxy to spy on the masses.

+ + +Matrix : The Decentralised and Open Source Alternative +

Take the counter example, Matrix is an open source chat protocol. Meaning if there were any spyware to be baked into the software, you would see it in the sourcecode, and rest assured the entire open source community would go into huge turmoil and you would know it.

+

You are also free to use other equally elegant UX/UI clients (for example using cinny or element), you can self host both the server and the client, and it implements E2EE (end to end encryption)

+ + +
+
+
+
+ + + +
+
+
+
+

Remove surveillance using Open-Source Software



+

To conclude, here are the requirements you need to look for, for any software that you use:

+
    +
  1. It must be open source

  2. +
  3. It must be self-hostable (for decentralisation) (meaning the serverside code must also be fully opensource)

  4. +
  5. It must implement privacy features like encryption

  6. +
  7. It should not contain any telemetry, or any spyware.

  8. +
  9. It should ONLY do what it was originally meant to do.

  10. +
+

By that standard, you can already discard software like Windows, Discord, Whatsapp, Instagram, iOS, pre-installed phone host OSes, Word, Excel, etc, as none of them are open source, and you can be damn sure that they are spying on everything you do, willfully or not. (ever since the US government passed the FISA section 702.)

+ +

YOU CAN NEVER TRUST PEOPLE.

+

SO YOU CAN'T TRUST THEIR CLOSED SOURCE SOFTWARE.

+

YOU CAN ONLY TRUST TECHNOLOGY THAT CAN BE VERIFIED!

+

SO YOU NEED TO USE OPEN SOURCE SOFTWARE!

+ + + +

Now that you have the full reasoning laid out, and if being watched by an entire crowd when you are using your computer doesn't sit well with you, it's time for you to move out of all that surveillance, out of that theater/circus that is closed-source software (in which you are the clown on stage, for corporations to see), it's time for you to close the blinds and declare that the show is over to these entire crowds that have infringed upon your basic right of privacy. It's time to install Linux.

+ + +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/co0.png b/servers/co0.png new file mode 100644 index 0000000..e5484d2 Binary files /dev/null and b/servers/co0.png differ diff --git a/servers/co1.png b/servers/co1.png new file mode 100644 index 0000000..c311c69 Binary files /dev/null and b/servers/co1.png differ diff --git a/servers/co2.png b/servers/co2.png new file mode 100644 index 0000000..e8137e2 Binary files /dev/null and b/servers/co2.png differ diff --git a/servers/compilation/1.png b/servers/compilation/1.png new file mode 100644 index 0000000..7251117 Binary files /dev/null and b/servers/compilation/1.png differ diff --git a/servers/compilation/2.png b/servers/compilation/2.png new file mode 100644 index 0000000..2f34f52 Binary files /dev/null and b/servers/compilation/2.png differ diff --git a/servers/compilation/3.png b/servers/compilation/3.png new file mode 100644 index 0000000..cce658f Binary files /dev/null and b/servers/compilation/3.png differ diff --git a/servers/compilation/4.png b/servers/compilation/4.png new file mode 100644 index 0000000..6fee975 Binary files /dev/null and b/servers/compilation/4.png differ diff --git a/servers/compilation/5.5.png b/servers/compilation/5.5.png new file mode 100644 index 0000000..2091bad Binary files /dev/null and b/servers/compilation/5.5.png differ diff --git a/servers/compilation/5.png b/servers/compilation/5.png new file mode 100644 index 0000000..e9b92f3 Binary files /dev/null and b/servers/compilation/5.png differ diff --git a/servers/compilation/6.png b/servers/compilation/6.png new file mode 100644 index 0000000..b1a0a77 Binary files /dev/null and b/servers/compilation/6.png differ diff --git a/servers/compilation/7.png b/servers/compilation/7.png new file mode 100644 index 0000000..96b9781 Binary files /dev/null and b/servers/compilation/7.png differ diff --git a/servers/compilation/8.png b/servers/compilation/8.png new file mode 100644 index 0000000..2a7942f Binary files /dev/null and b/servers/compilation/8.png differ diff --git a/servers/compilation/index.html b/servers/compilation/index.html new file mode 100644 index 0000000..3c2d9cb --- /dev/null +++ b/servers/compilation/index.html @@ -0,0 +1,314 @@ + + + + + + + + + + + How to compile open source software + How to verify software integrity + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-06-28

+

How to compile open source software + How to verify software integrity

+ +
+
+
+
+ + +
+
+
+
+

Why compile even compile software yourself ?

+

as we have discussed previously, software needs to first be written by a developer, then compiled to produce a binary file (like an .exe file on windows, or a binary file on debian) to be used.

+ +

The largest website to find open-source software repositories is Github, where we can find open source projects.

+

In this case, Bob wants to have a screenshot software on debian, and he wants it to be open-source:

+ +

Here we see that there is a popular screenshot software called "Flameshot" that is available on github:

+ +

All of the sourcecode is available, and Bob if is concerned that there may be spyware, he can browse all of the code to check if there is any spyware in it or not.

+ +

Next, Bob can find the compiled binaries of flameshot in the releases tab:

+ +

But! Bob is an open-source purist, he thinks that the flameshot developers intentionally compiled the software with spyware into it, Bob doesn't trust that they could compile the software for him, hence he wants to compile the software himself.

+
+
+
+
+ +
+
+
+
+

How to compile software (ex: C++)



+

Each software can come with different compilation requirements, make sure you read their documentation on how to compile software, for example flameshot has specific instructions to compile their software:

+

+[ mainpc ] [ /dev/pts/4 ] [~]
+→ cd Documents
+
+[ mainpc ] [ /dev/pts/4 ] [~/Documents]
+→ git clone https://github.com/flameshot-org/flameshot
+Cloning into 'flameshot'...
+remote: Enumerating objects: 18204, done.
+remote: Counting objects: 100% (5467/5467), done.
+remote: Compressing objects: 100% (339/339), done.
+remote: Total 18204 (delta 5251), reused 5155 (delta 5128), pack-reused 12737
+Receiving objects: 100% (18204/18204), 23.03 MiB | 2.38 MiB/s, done.
+Resolving deltas: 100% (13494/13494), done.
+
+[ mainpc ] [ /dev/pts/4 ] [~/Documents]
+→ cd flameshot
+
+
+# Compile-time
+sudo apt install g++ cmake build-essential qtbase5-dev qttools5-dev-tools libqt5svg5-dev qttools5-dev -y
+
+# Run-time
+sudo apt install libqt5dbus5 libqt5network5 libqt5core5a libqt5widgets5 libqt5gui5 libqt5svg5 -y
+
+# Optional
+sudo apt install git openssl ca-certificates -y
+
+

Now that the dependencies are installed, we start to compile flameshot:

+

+[ mainpc ] [ /dev/pts/4 ] [~/Documents/flameshot]
+→ cmake -S . -B build && cmake --build build
+-- The CXX compiler identification is GNU 12.2.0
+-- Detecting CXX compiler ABI info
+-- Detecting CXX compiler ABI info - done
+-- Check for working CXX compiler: /usr/bin/c++ - skipped
+-- Detecting CXX compile features
+-- Detecting CXX compile features - done
+-- Setting build type to 'RelWithDebInfo' as none was specified.
+CMake Warning at cmake/Cache.cmake:28 (message):
+  ccache is enabled but was not found.  Not using it
+Call Stack (most recent call first):
+  CMakeLists.txt:84 (include)
+
+
+-- Performing Test Wall_FLAG_SUPPORTED
+-- Performing Test Wall_FLAG_SUPPORTED - Success
+-- Performing Test pedantic_FLAG_SUPPORTED
+-- Performing Test pedantic_FLAG_SUPPORTED - Success
+-- Performing Test Wextra_FLAG_SUPPORTED
+-- Performing Test Wextra_FLAG_SUPPORTED - Success
+Flameshot predefined color palette large: false
+-- Found Git: /usr/bin/git (found version "2.39.2")
+git found: /usr/bin/git in version     2.39.2
+FLAMESHOT_GIT_HASH: c1dac522
+-- Configuring done
+-- Generating done
+-- Build files have been written to: /home/nihilist/Documents/flameshot/build
+[  1%] Automatic MOC for target SingleApplication
+[  1%] Built target SingleApplication_autogen
+[  2%] Building CXX object external/singleapplication/CMakeFiles/SingleApplication.dir/SingleApplication_autogen/mocs_compilation.cpp.o
+
+[...]
+
+
+ +

Here, it's starting to compile, wait for it to reach 100%, then you can run the binary file as follows:

+ +

+[...]
+
+[ 96%] Building CXX object src/CMakeFiles/flameshot.dir/tools/abstracttwopointtool.cpp.o
+[ 97%] Building CXX object src/CMakeFiles/flameshot.dir/tools/capturecontext.cpp.o
+[ 97%] Building CXX object src/CMakeFiles/flameshot.dir/tools/toolfactory.cpp.o
+[ 98%] Building CXX object src/CMakeFiles/flameshot.dir/main.cpp.o
+[ 98%] Building CXX object src/CMakeFiles/flameshot.dir/flameshot_autogen/IJ3KGTTQ5V/qrc_graphics.cpp.o
+[100%] Linking CXX executable flameshot
+[100%] Built target flameshot
+	
+[ mainpc ] [ /dev/pts/4 ] [~/Documents/flameshot]
+→ ls
+appveyor.yml  CMakeLists.txt      docs                   LICENSE    scripts         src
+build         CODE_OF_CONDUCT.md  external               packaging  shell.nix       tests
+cmake         data                flameshot.example.ini  README.md  snapcraft.yaml
+
+[ mainpc ] [ /dev/pts/4 ] [~/Documents/flameshot]
+→ ls -lash build/src/flameshot
+49M -rwxr-xr-x 1 nihilist nihilist 49M Jun 28 14:14 build/src/flameshot
+
+[ mainpc ] [ /dev/pts/4 ] [~/Documents/flameshot]
+→ ./build/src/flameshot
+
+
+

if you want to be able to launch the flameshot binary without specifying the full path each time, you can add it to your system PATH:

+

+[ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshot]
+→ ls -lash build/src/flameshot
+49M -rwxr-xr-x 1 nihilist nihilist 49M Jun 28 14:14 build/src/flameshot
+
+[ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshot]
+→ echo $PATH
+/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
+
+[ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshot]
+→ ln -s $(pwd)/build/src/flameshot /usr/local/bin/flameshot
+ln: failed to create symbolic link '/usr/local/bin/flameshot': Permission denied
+
+[ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshot]
+→ sudo ln -s $(pwd)/build/src/flameshot /usr/local/bin/flameshot
+[sudo] password for nihilist:
+
+[ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshot]
+→ which flameshot
+/usr/bin/flameshot
+
+[ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshot]
+→ flameshot
+
+
+ +

As we run the binary from the commandline, we then see the flameshot program opening here:

+ +

as we click on the logo, we can enter the screenshot mode:

+ +

then we click and drag to select the area of the screenshot:

+ +

Then we can click the "save" icon to save the image somewhere:

+ + +
+
+
+
+ + + +
+
+
+
+

How to verify software integrity



+

Now Bob isn't going to compile everything, he doesn't have that patience. the next best thing is to download the pre-compiled binaries and to check the hash:

+ + +

Here in this case, the appimage flameshot binary has been released along with the sha256 algorithm hash, so Bob downlads both:

+

+[ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshottest]
+→ wget https://github.com/flameshot-org/flameshot/releases/download/v12.1.0/Flameshot-12.1.0.x86_64.AppImage
+--2024-06-28 14:31:09--  https://github.com/flameshot-org/flameshot/releases/download/v12.1.0/Flameshot-12.1.0.x86_64.AppImage
+
+[ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshottest]
+→ wget https://github.com/flameshot-org/flameshot/releases/download/v12.1.0/Flameshot-12.1.0.x86_64.AppImage.sha256sum
+--2024-06-28 14:32:26--  https://github.com/flameshot-org/flameshot/releases/download/v12.1.0/Flameshot-12.1.0.x86_64.AppImage.sha256sum
+
+
+ +

Next, to check the integrity of the appimage file, we check the hash that we've downloaded:

+

+[ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshottest]
+→ cat Flameshot-12.1.0.x86_64.AppImage.sha256sum
+c30634c84161f09e8dde74c76367b1ce848414bb1cc269c2a2715f6803220738  Flameshot-12.1.0.x86_64.AppImage
+	
+
+

and compare it to the hash we get when using the sha256sum command on the flameshot appimage:

+

+[ mainpc ] [ /dev/pts/5 ] [~/Documents/flameshottest]
+→ sha256sum Flameshot-12.1.0.x86_64.AppImage
+c30634c84161f09e8dde74c76367b1ce848414bb1cc269c2a2715f6803220738  Flameshot-12.1.0.x86_64.AppImage
+	
+
+

Here we see that the sha256 hash we get from the flameshot appimage binary is the same as the hash that was put online by the flameshot developers. This means that the binary didn't get tampered with from the original release, to having it inside Bob's debian VM. Hence, Bob can now use the flameshot appimage binary with peace of mind!

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/de0.png b/servers/de0.png new file mode 100644 index 0000000..cc981ea Binary files /dev/null and b/servers/de0.png differ diff --git a/servers/de1.png b/servers/de1.png new file mode 100644 index 0000000..4a7d6d7 Binary files /dev/null and b/servers/de1.png differ diff --git a/servers/de2.png b/servers/de2.png new file mode 100644 index 0000000..f880015 Binary files /dev/null and b/servers/de2.png differ diff --git a/servers/dns/0.png b/servers/dns/0.png new file mode 100644 index 0000000..de75d96 Binary files /dev/null and b/servers/dns/0.png differ diff --git a/servers/dns/1.png b/servers/dns/1.png new file mode 100644 index 0000000..89c908f Binary files /dev/null and b/servers/dns/1.png differ diff --git a/servers/dns/2.png b/servers/dns/2.png new file mode 100644 index 0000000..4af214e Binary files /dev/null and b/servers/dns/2.png differ diff --git a/servers/dns/index.html b/servers/dns/index.html new file mode 100644 index 0000000..7341e04 --- /dev/null +++ b/servers/dns/index.html @@ -0,0 +1,1165 @@ + + + + + + + + + + + bind9 DNS setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nothing@nowhere - 2024-05-28

+

bind9 DNS setup

+ +

In this tutorial we're going to take a look at how to setup DNS servers using bind9.

+

Disclaimer: If you want this service to remain anonymous, make sure you at least keep TOR between you and the service from the VPS acquisition to actual service usage.

+ + +
+
+
+
+ + +
+
+
+
+

Initial Setup

+

First install the requirements:

+

+root@Temple:~# apt update -y ; apt upgrade -y ; apt install bind9 -y
+root@Temple:~# systemctl disable --now ufw	
+
+
+ +

Next we edit the /etc/bind/named.conf.options file to define which ip the dns server will serve:

+

+root@Temple:~# vim /etc/bind/named.conf.options	
+listen-on {
+	10.10.10.0/24;
+	10.1.0.0/16;
+	...
+};
+
+#OR
+listen-on { any; };
+listen-on-v6 { any; };
+
+
+ +

Next, we allow the queries to come from any sources (not just local)

+

+allow-query { any; };
+
+
+

and lastly, we add the forwarders which are the dns servers that bind9 will ask if it can't find the domain names, we can put cloudflare's dns servers for example:

+

+forwarders {
+	1.1.1.1;
+	1.0.0.1;
+};
+
+
+

Here's the result, save it with :wq

+

+options {
+        directory "/var/cache/bind";
+        dnssec-validation auto;
+
+        listen-on-v6 { any; };
+        listen-on { any; };
+        allow-query { any; };
+        forwarders {
+                1.1.1.1;
+                1.0.0.1;
+        };
+};
+	
+
+

Then restart bind9:

+

+root@Temple:~# systemctl restart bind9
+root@Temple:~# systemctl status bind9
+● named.service - BIND Domain Name Server
+     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
+     Active: active (running) since Tue 2021-11-02 20:37:26 UTC; 4s ago
+       Docs: man:named(8)
+   Main PID: 2863095 (named)
+      Tasks: 8 (limit: 4584)
+     Memory: 30.0M
+     CGroup: /system.slice/named.service
+             └─2863095 /usr/sbin/named -f -u bind
+
+Nov 02 20:37:26 Temple named[2863095]: network unreachable resolving './NS/IN': 2001:500:12::d0d#53
+Nov 02 20:37:26 Temple named[2863095]: network unreachable resolving './NS/IN': 2001:500:2d::d#53
+Nov 02 20:37:26 Temple named[2863095]: network unreachable resolving './NS/IN': 2001:7fd::1#53
+Nov 02 20:37:26 Temple named[2863095]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
+Nov 02 20:37:26 Temple named[2863095]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
+Nov 02 20:37:26 Temple named[2863095]: resolver priming query complete
+Nov 02 20:37:30 Temple named[2863095]: listening on IPv4 interface tun0, 10.8.0.1#53
+Nov 02 20:37:30 Temple named[2863095]: listening on IPv6 interface tun0, fe80::5822:e1cd:a277:e3e3%124941#53
+Nov 02 20:37:30 Temple named[2863095]: no longer listening on 10.8.0.1#53
+Nov 02 20:37:30 Temple named[2863095]: no longer listening on fe80::5822:e1cd:a277:e3e3%124941#53
+
+
+

and then finally we test if the dns works, let's ask our dns server for the ip address of google:

+

+[ 10.66.66.2/32 ] [ /dev/pts/20 ] [Nextcloud/blog]
+→ nslookup google.com temple.void.yt
+Server:         temple.void.yt
+Address:        78.141.239.68#53
+
+Non-authoritative answer:
+Name:   google.com
+Address: 172.217.169.14
+Name:   google.com
+Address: 2a00:1450:4009:81d::200e
+	
+
+

And it worked ! Now let's setup an A record on our DNS server, for itself. To do that we need to specify the zones we're going to manage:

+

+
+root@Temple:/etc/bind# vim named.conf.local
+root@Temple:/etc/bind# cat named.conf.local
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+include "/etc/bind/zones.rfc1918";
+
+root@Temple:~# vim /etc/bind/zones.rfc1918
+root@Temple:~# cat /etc/bind/zones.rfc1918
+zone "void.yt"  {
+        type master;
+        file "db.void.yt";
+        allow-update { none; };
+};
+
+
+

Here we want to setup a subdomain of void.yt so let's do it in the db.void.yt file:

+

+$TTL    604800
+@       IN      SOA     ns1.void.yt. void.yt. (
+                  3     ; Serial
+             604800     ; Refresh
+              86400     ; Retry
+            2419200     ; Expire
+             604800 )   ; Negative Cache TTL
+;
+; name servers - NS records
+                3600     IN      NS      ns1.void.yt.
+                3600     IN      NS      ns2.void.yt.
+
+; name servers - A records
+ns1.void.yt.          IN      A      78.141.239.68
+ns2.void.yt.          IN      A      45.76.133.0
+
+; other hosts - A records
+host1.void.yt.  IN      A       1.1.1.1
+host2.void.yt.  IN      A       1.0.0.1	
+
+
+

And now we restart the bind9 service, and test if we can resolve the host1.void.yt domain:

+

+root@Temple:/etc/bind# systemctl restart bind9
+root@Temple:/etc/bind# systemctl status bind9
+● bind9.service - BIND Domain Name Server
+     Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor preset: enabled)
+     Active: active (running) since Sun 2021-11-14 10:28:16 UTC; 51s ago
+       Docs: man:named(8)
+   Main PID: 3710 (named)
+      Tasks: 8 (limit: 4582)
+     Memory: 29.7M
+     CGroup: /system.slice/bind9.service
+             └─3710 /usr/sbin/named -f -u bind
+
+Nov 14 10:28:16 Temple named[3710]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
+Nov 14 10:28:16 Temple named[3710]: network unreachable resolving './NS/IN': 2001:7fd::1#53
+Nov 14 10:28:16 Temple named[3710]: network unreachable resolving './NS/IN': 2001:500:1::53#53
+Nov 14 10:28:16 Temple named[3710]: network unreachable resolving './NS/IN': 2001:500:a8::e#53
+Nov 14 10:28:16 Temple named[3710]: network unreachable resolving './NS/IN': 2001:500:9f::42#53
+Nov 14 10:28:16 Temple named[3710]: network unreachable resolving './NS/IN': 2001:dc3::35#53
+Nov 14 10:28:16 Temple named[3710]: network unreachable resolving './NS/IN': 2001:500:2::c#53
+Nov 14 10:28:16 Temple named[3710]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
+Nov 14 10:28:16 Temple named[3710]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
+Nov 14 10:28:16 Temple named[3710]: resolver priming query complete
+	
+
+

To do that we use nslookup:

+

+[ 10.66.66.2/32 ] [ /dev/pts/115 ] [~]
+→ nslookup host1.void.yt temple.void.yt
+Server:         temple.void.yt
+Address:        78.141.239.68#53
+
+Name:   host1.void.yt
+Address: 1.1.1.1
+	
+
+

Now we fill in the db file for the rest of the hosts we need, i'll post my complete config just for reference:

+

+root@Temple:/etc/bind# vim db.void.yt
+root@Temple:/etc/bind# cat db.void.yt
+$TTL    604800
+@       IN      SOA     ns1.void.yt. void.yt. (
+                  7     ; Serial INCREMENT THIS EVERYTIME YOU EDIT THE FILE !!!!!!!!
+             604800     ; Refresh
+              86400     ; Retry
+            2419200     ; Expire
+             604800 )   ; Negative Cache TTL
+;
+; name servers - NS records
+                3600     IN      NS      ns1.void.yt.
+                3600     IN      NS      ns2.void.yt.
+
+; name servers - A records
+ns1.void.yt.          IN      A      78.141.239.68
+ns2.void.yt.          IN      A      45.76.133.0
+
+; A records, public IPs
+temple       3600 IN A     78.141.239.68
+mail         3600 IN A     45.76.133.0
+mail         3600 IN AAAA  2001:19f0:7402:2c6:5400:3ff:fea7:22a3
+;void.yt
+
+
+             3600 IN MX 10 mail.void.yt.
+             3600 IN TXT   "v=spf1 mx a:mail.void.yt -all"
+_dmarc       3600 IN TXT   "v=DMARC1; p=reject; rua=mailto:dmarc@void.yt; fo=1"
+
+autoconfig   3600 IN CNAME void.yt.
+autodiscover 3600 IN CNAME void.yt.
+
+asciinema    3600 IN CNAME void.yt.
+blog         3600 IN CNAME void.yt.
+chat         3600 IN CNAME void.yt.
+cloud        3600 IN CNAME void.yt.
+codimd       3600 IN CNAME void.yt.
+cryptpad     3600 IN CNAME void.yt.
+cyberchef    3600 IN CNAME void.yt.
+ghostblog    3600 IN CNAME void.yt.
+git          3600 IN CNAME void.yt.
+gomez        3600 IN CNAME void.yt.
+haste        3600 IN CNAME void.yt.
+img          3600 IN CNAME void.yt.
+irc          3600 IN CNAME void.yt.
+jitsi        3600 IN CNAME void.yt.
+kb           3600 IN CNAME void.yt.
+kutt         3600 IN CNAME void.yt.
+lady         3600 IN CNAME void.yt.
+lain         3600 IN CNAME void.yt.
+latex        3600 IN CNAME void.yt.
+mind         3600 IN CNAME void.yt.
+notes        3600 IN CNAME void.yt.
+openproject  3600 IN CNAME void.yt.
+pad          3600 IN CNAME void.yt.
+privatebin   3600 IN CNAME void.yt.
+pve          3600 IN CNAME void.yt.
+routeur      3600 IN CNAME void.yt.
+safe         3600 IN CNAME void.yt.
+shells       3600 IN CNAME void.yt.
+status       3600 IN CNAME void.yt.
+sx           3600 IN CNAME void.yt.
+test         3600 IN CNAME void.yt.
+tube         3600 IN CNAME void.yt.
+u            3600 IN CNAME void.yt.
+www          3600 IN CNAME void.yt.
+zabbix       3600 IN CNAME void.yt.
+
+root@Temple:/etc/bind# systemctl restart bind9
+root@Temple:/etc/bind# systemctl status bind9
+● bind9.service - BIND Domain Name Server
+     Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor preset: enabled)
+     Active: active (running) since Sun 2021-11-14 11:37:30 UTC; 2s ago
+       Docs: man:named(8)
+   Main PID: 18839 (named)
+      Tasks: 8 (limit: 4582)
+     Memory: 29.3M
+     CGroup: /system.slice/bind9.service
+             └─18839 /usr/sbin/named -f -u bind
+
+Nov 14 11:37:30 Temple named[18839]: network unreachable resolving './NS/IN': 2001:500:12::d0d#53
+Nov 14 11:37:30 Temple named[18839]: network unreachable resolving './NS/IN': 2001:500:a8::e#53
+Nov 14 11:37:30 Temple named[18839]: network unreachable resolving './NS/IN': 2001:500:1::53#53
+Nov 14 11:37:30 Temple named[18839]: network unreachable resolving './NS/IN': 2001:500:2::c#53
+Nov 14 11:37:30 Temple named[18839]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
+Nov 14 11:37:30 Temple named[18839]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
+Nov 14 11:37:30 Temple named[18839]: network unreachable resolving './NS/IN': 2001:500:200::b#53
+Nov 14 11:37:30 Temple named[18839]: network unreachable resolving './NS/IN': 2001:7fd::1#53
+Nov 14 11:37:30 Temple named[18839]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
+Nov 14 11:37:30 Temple named[18839]: resolver priming query complete
+	
+
+

Now, let's setup our secondary DNS server, first let's update the primary DNS server's zones.rfc1918 file as follows:

+

+root@Temple:/etc/bind# vim /etc/bind/zones.rfc1918
+root@Temple:/etc/bind# cat /etc/bind/zones.rfc1918
+zone "void.yt" IN {
+        type master;
+        file "/etc/bind/db.void.yt";
+        allow-update { none; };
+
+        allow-transfer { 45.76.133.0; };
+        also-notify    { 45.76.133.0; };
+};
+	
+root@Temple:/etc/bind# systemctl restart bind9
+
+
+

In the allow-transfer and allow-notify parameters we put the public IP of our second DNS server. Next we restart bind9, and setup bind9 on the second server as a slave to our first server:

+

+root@mail:~# apt install bind9 -y
+root@mail:~# vim /etc/bind/named.conf.local
+root@mail:~# cat /etc/bind/named.conf.local
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+include "/etc/bind/zones.rfc1918";
+
+root@mail:~# vim /etc/bind/zones.rfc1918
+root@mail:~# cat /etc/bind/zones.rfc1918
+zone "void.yt" {
+        type slave;
+        file "/etc/bind/db.void.yt";
+        masters {78.141.239.68;};
+};
+
+root@mail:~# vim /etc/bind/db.void.yt
+root@mail:~# cat /etc/bind/db.void.yt
+$TTL    604800
+@       IN      SOA     ns2.void.yt void.yt. (
+                  8     ; Serial INCREMENT THIS EVERYTIME YOU EDIT THE FILE !!!!!!!!
+             604800     ; Refresh
+              86400     ; Retry
+            2419200     ; Expire
+             604800 )   ; Negative Cache TTL
+;
+; name servers - NS records
+     IN      NS      ns1.void.yt.
+     IN      NS      ns2.void.yt.
+
+; name servers - A records
+ns1.void.yt.          IN      A      78.141.239.68
+ns2.void.yt.          IN      A      45.76.133.0
+
+; A records, public IPs
+temple       3600 IN A     78.141.239.68
+mail         3600 IN A     45.76.133.0
+mail         3600 IN AAAA  2001:19f0:7402:2c6:5400:3ff:fea7:22a3
+;void.yt
+
+
+             3600 IN MX 10 mail.void.yt.
+             3600 IN TXT   "v=spf1 mx a:mail.void.yt -all"
+_dmarc       3600 IN TXT   "v=DMARC1; p=reject; rua=mailto:dmarc@void.yt; fo=1"
+
+autoconfig   3600 IN CNAME void.yt.
+autodiscover 3600 IN CNAME void.yt.
+
+asciinema    3600 IN CNAME void.yt.
+blog         3600 IN CNAME void.yt.
+chat         3600 IN CNAME void.yt.
+cloud        3600 IN CNAME void.yt.
+codimd       3600 IN CNAME void.yt.
+cryptpad     3600 IN CNAME void.yt.
+cyberchef    3600 IN CNAME void.yt.
+ghostblog    3600 IN CNAME void.yt.
+git          3600 IN CNAME void.yt.
+gomez        3600 IN CNAME void.yt.
+haste        3600 IN CNAME void.yt.
+img          3600 IN CNAME void.yt.
+irc          3600 IN CNAME void.yt.
+jitsi        3600 IN CNAME void.yt.
+kb           3600 IN CNAME void.yt.
+kutt         3600 IN CNAME void.yt.
+lady         3600 IN CNAME void.yt.
+lain         3600 IN CNAME void.yt.
+latex        3600 IN CNAME void.yt.
+mind         3600 IN CNAME void.yt.
+notes        3600 IN CNAME void.yt.
+openproject  3600 IN CNAME void.yt.
+pad          3600 IN CNAME void.yt.
+privatebin   3600 IN CNAME void.yt.
+pve          3600 IN CNAME void.yt.
+routeur      3600 IN CNAME void.yt.
+safe         3600 IN CNAME void.yt.
+shells       3600 IN CNAME void.yt.
+status       3600 IN CNAME void.yt.
+sx           3600 IN CNAME void.yt.
+test         3600 IN CNAME void.yt.
+tube         3600 IN CNAME void.yt.
+u            3600 IN CNAME void.yt.
+	
+www          3600 IN CNAME void.yt.
+zabbix       3600 IN CNAME void.yt.	
+
+
+

+

+root@mail:/etc/bind# systemctl restart bind9
+
+root@mail:/etc/bind# systemctl status bind9
+● named.service - BIND Domain Name Server
+     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
+     Active: active (running) since Sun 2021-11-14 14:34:38 UTC; 1min 17s ago
+       Docs: man:named(8)
+   Main PID: 94005 (named)
+      Tasks: 5 (limit: 2340)
+     Memory: 17.8M
+        CPU: 46ms
+     CGroup: /system.slice/named.service
+             └─94005 /usr/sbin/named -f -u bind
+
+Nov 14 14:34:38 mail named[94005]: running
+Nov 14 14:34:38 mail named[94005]: zone void.yt/IN: Transfer started.
+Nov 14 14:34:38 mail named[94005]: transfer of 'void.yt/IN' from 78.141.239.68#53: connected using 45.76.133.0#53677
+Nov 14 14:34:38 mail named[94005]: zone void.yt/IN: transferred serial 9
+Nov 14 14:34:38 mail named[94005]: zone void.yt/IN: transfer: could not set file modification time of '/etc/bind/db.void.yt': permission denied
+Nov 14 14:34:38 mail named[94005]: transfer of 'void.yt/IN' from 78.141.239.68#53: Transfer status: success
+Nov 14 14:34:38 mail named[94005]: transfer of 'void.yt/IN' from 78.141.239.68#53: Transfer completed: 1 messages, 49 records, 1118 bytes, 0.001 secs (1118000 bytes/sec) (serial 9)
+Nov 14 14:34:38 mail named[94005]: zone void.yt/IN: sending notifies (serial 9)
+Nov 14 14:34:38 mail named[94005]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
+Nov 14 14:34:38 mail named[94005]: resolver priming query complete
+
+root@mail:/etc/bind# systemctl disable --now apparmor
+root@mail:/etc/bind# chown bind:bind -R /etc/bind
+
+root@mail:/etc/bind# systemctl restart bind9
+root@mail:/etc/bind# systemctl status bind9
+● named.service - BIND Domain Name Server
+     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
+     Active: active (running) since Sun 2021-11-14 14:39:17 UTC; 1s ago
+       Docs: man:named(8)
+   Main PID: 94210 (named)
+      Tasks: 4 (limit: 2340)
+     Memory: 14.1M
+        CPU: 29ms
+     CGroup: /system.slice/named.service
+             └─94210 /usr/sbin/named -f -u bind
+
+Nov 14 14:39:17 mail named[94210]: running
+Nov 14 14:39:17 mail named[94210]: zone void.yt/IN: Transfer started.
+Nov 14 14:39:17 mail named[94210]: transfer of 'void.yt/IN' from 78.141.239.68#53: connected using 45.76.133.0#51509
+Nov 14 14:39:17 mail named[94210]: zone void.yt/IN: transferred serial 9
+Nov 14 14:39:17 mail named[94210]: transfer of 'void.yt/IN' from 78.141.239.68#53: Transfer status: success
+Nov 14 14:39:17 mail named[94210]: transfer of 'void.yt/IN' from 78.141.239.68#53: Transfer completed: 1 messages, 49 records, 1118 bytes, 0.004 secs (279500 bytes/sec) (serial 9)
+Nov 14 14:39:17 mail named[94210]: zone void.yt/IN: sending notifies (serial 9)
+Nov 14 14:39:17 mail named[94210]: dumping master file: /etc/bind/tmp-PF5Ud0HF2G: open: permission denied
+Nov 14 14:39:17 mail named[94210]: resolver priming query complete
+Nov 14 14:39:17 mail named[94210]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
+
+
+

And from there let's check if the domain name resolution works:

+

+[ 10.66.66.2/32 ] [ /dev/pts/115 ] [~]
+→ nslookup ns1.void.yt temple.void.yt
+Server:         temple.void.yt
+Address:        78.141.239.68#53
+
+Name:   ns1.void.yt
+Address: 78.141.239.68
+
+
+[ 10.66.66.2/32 ] [ /dev/pts/115 ] [~]
+→ nslookup ns2.void.yt temple.void.yt
+Server:         temple.void.yt
+Address:        78.141.239.68#53
+
+Name:   ns2.void.yt
+Address: 45.76.133.0
+
+
+[ 10.66.66.2/32 ] [ /dev/pts/115 ] [~]
+→ nslookup ns2.void.yt mail.void.yt
+Server:         mail.void.yt
+Address:        45.76.133.0#53
+
+Name:   ns2.void.yt
+Address: 45.76.133.0
+
+
+[ 10.66.66.2/32 ] [ /dev/pts/115 ] [~]
+→ nslookup ns1.void.yt mail.void.yt
+Server:         mail.void.yt
+Address:        45.76.133.0#53
+
+Name:   ns1.void.yt
+Address: 78.141.239.68
+	
+
+

Everything looks good, we can resolve domain names on both the master and slave DNS servers

+
+
+
+
+ +
+
+
+
+

Dynamic bind9 DNS setup



+

Now for my current setup, i need my void.yt domain name to resolve a public IP that often changes, therefore i need a dynamic bind9 DNS setup for the A record of my void.yt domain. It is possible to set it up with bind9, so let's do it:

+

+oot@Temple:/etc/bind# apt install bind9utils
+root@Temple:/etc/bind# which ddns-confgen
+/usr/sbin/ddns-confgen
+
+	
+root@Temple:/etc/bind# ddns-confgen -s void.yt
+# To activate this key, place the following in named.conf, and
+# in a separate keyfile on the system or systems from which nsupdate
+# will be run:
+key "ddns-key.void.yt" {
+        algorithm hmac-sha256;
+        secret "Rq7gXz4Hu0AZYun6iX/ypbGRcS9W6GHqJiqksEvM8Nw=";
+};
+
+# Then, in the "zone" statement for the zone containing the
+# name "void.yt", place an "update-policy" statement
+# like this one, adjusted as needed for your preferred permissions:
+update-policy {
+          grant ddns-key.void.yt name void.yt ANY;
+};
+
+# After the keyfile has been placed, the following command will
+# execute nsupdate using this key:
+nsupdate -k <keyfile>
+
+
+
+ +

Now that's done, we follow the instructions that the command just output for us, starting with named.conf.local edit:

+

+root@Temple:/etc/bind# vim /etc/bind/named.conf.local
+root@Temple:/etc/bind# cat /etc/bind/named.conf.local
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+include "/etc/bind/zones.rfc1918";
+key "ddns-key.void.yt" {
+        algorithm hmac-sha256;
+        secret "Rq7gXz4Hu0AZYun6iX/ypbGRcS9W6GHqJiqksEvM8Nw=";
+};	
+
+
+

Next, we setup the update-policy for our void.yt zone:

+

+root@Temple:/etc/bind# vim zones.rfc1918
+root@Temple:/etc/bind# cat zones.rfc1918
+zone "void.yt" {
+        type master;
+        file "/etc/bind/db.void.yt";
+
+        allow-transfer { 45.76.133.0; };
+        also-notify    { 45.76.133.0; };
+
+        update-policy {
+          grant ddns-key.void.yt name void.yt ANY;
+        };
+};
+
+root@Temple:/etc/bind# systemctl restart bind9
+
+
+

Now that's done, we're going to setup the dynamic DNS script on our client whose public IP is changing often:

+

+root@home:~# which nsupdate
+/usr/bin/nsupdate
+
+root@home:~# vim /etc/ddnssupdate.key
+root@home:~# cat /etc/ddnssupdate.key
+key "ddns-key.void.yt" {
+        algorithm hmac-sha256;
+        secret "Rq7gXz4Hu0AZYun6iX/ypbGRcS9W6GHqJiqksEvM8Nw=";
+};
+	
+root@home:~# cd /var/www/void.yt/
+root@home:/var/www/void.yt# vim dyndns.sh
+root@home:/var/www/void.yt# cat dyndns.sh
+#!/bin/bash
+
+#MYIP=$(dig +short myip.opendns.com @resolver1.opendns.com)
+MYIP=$(curl ifconfig.me)
+
+KEY=/etc/ddnsupdate.key
+NS=ns1.void.yt
+DOMAIN=void.yt.
+ZONE=void.yt.
+
+nsupdate -k $KEY -v << EOF
+server $NS
+zone $ZONE
+update delete $DOMAIN A
+update add $DOMAIN 30 A $MYIP
+send
+EOF
+
+
+

Now let's test it:

+

+root@home:/var/www/void.yt# chattr -i /etc/resolv.conf
+root@home:/var/www/void.yt# vim /etc/resolv.conf
+root@home:/var/www/void.yt# cat /etc/resolv.conf
+#nameserver 1.1.1.1
+#nameserver 1.0.0.1
+nameserver 78.141.239.68
+nameserver 45.76.133.0
+root@home:/var/www/void.yt# chattr +i /etc/resolv.conf
+
+root@home:/var/www/void.yt# chmod +x dyndns.sh
+root@home:/var/www/void.yt# ./dyndns.sh
+  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                 Dload  Upload   Total   Spent    Left  Speed
+100    14  100    14    0     0     89      0 --:--:-- --:--:-- --:--:--    89
+update failed: SERVFAIL
+
+
+

Now if you get this error, it probably means that the dns bind server does not have permissions to edit files in /etc/bind/, and rather has access to /var/lib/bind, so let's make those changes:

+

+root@Temple:/etc/bind# vim /etc/bind/zones.rfc1918
+root@Temple:/etc/bind# cat /etc/bind/zones.rfc1918
+zone "void.yt" {
+        type master;
+        file "/var/lib/bind/db.void.yt";
+
+        allow-transfer { 45.76.133.0; };
+        also-notify    { 45.76.133.0; };
+
+        update-policy {
+          grant ddns-key.void.yt name void.yt ANY;
+        };
+};
+	
+root@Temple:/etc/bind# mv /etc/bind/db.void.yt /var/lib/bind/
+root@Temple:/etc/bind# systemctl restart bind9
+
+
+

Now that's done, let's also do it on the secondary dns:

+

+root@mail:~# vim /etc/bind/zones.rfc1918
+root@mail:~# mv /etc/bind/db.void.yt /var/lib/bind/
+root@mail:~# mv /etc/bind/db._domainkey.void.yt /var/lib/bind/
+root@mail:~# systemctl restart bind9
+	
+
+

Now that's done, let's test our dynamic dns script:

+

+root@home:/var/www/void.yt# ./dyndns.sh
+  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                 Dload  Upload   Total   Spent    Left  Speed
+100    14  100    14    0     0     72      0 --:--:-- --:--:-- --:--:--    72
+root@home:/var/www/void.yt#
+
+
+

No error messages, so let's check if our script updated the the zone file as intended:

+

+root@Temple:/etc/bind# cat /var/lib/bind/db.void.yt
+$ORIGIN .
+$TTL 604800     ; 1 week
+void.yt                 IN SOA  ns1.void.yt. void.yt. (
+                                10         ; serial
+                                604800     ; refresh (1 week)
+                                86400      ; retry (1 day)
+                                2419200    ; expire (4 weeks)
+                                604800     ; minimum (1 week)
+                                )
+$TTL 3600       ; 1 hour
+                        NS      ns1.void.yt.
+                        NS      ns2.void.yt.
+$TTL 30 ; 30 seconds
+                        A       92.148.147.119
+$ORIGIN void.yt.
+$TTL 3600       ; 1 hour
+_dmarc                  TXT     "v=DMARC1; p=reject; rua=mailto:dmarc@void.yt; fo=1"
+asciinema               CNAME   void.yt.
+
+[...]
+	
+
+

And it did! Now let's make sure our dynamic dns script runs every minute:

+

+root@home:/var/www/void.yt# crontab -e
+* * * * * "/var/www/void.yt/dyndns.sh"
+
+root@home:/var/www/void.yt# cronitor select
+
+✔ "/var/www/void.yt/dyndns.sh"
+----► Running command: "/var/www/void.yt/dyndns.sh"
+
+[+] updating ns1.void.yt:
+
+----► ✔ Command successful    Elapsed time 0.353s
+	
+
+

Looks good! Now don't forget to edit the options file for your secondary dns server:

+

+root@mail:~# vim /etc/bind/named.conf.options
+root@mail:~# cat /etc/bind/named.conf.options
+
+options {
+        directory "/var/cache/bind";
+        dnssec-validation auto;
+
+        listen-on-v6 { any; };
+        listen-on { any; };
+
+        allow-query { any; };
+
+        forwarders {
+                1.1.1.1;
+                1.0.0.1;
+        };
+};
+root@mail:~# systemctl restart bind9
+	
+
+

And that's it! We managed to setup 2 DNS servers using bind9 with a master-slave configuration along with dynamic DNS. Now if you want your DNS servers to propagate, you will have to wait:

+ +

You can check the status of the DNS propagation on this website:

+ +

As you can see, none of the major DNS servers around the world are aware of my ns1.void.yt record, therefore i need to wait for my dns record to propagate (by setting the DNS server as the DNS servers for a particular domain, on a registrar):

+ + +
+
+
+
+ + + +
+
+
+
+

DNSSEC Setup



+

Once your dns records have propagated we can setup DNSSEC:

+

+root@mail-gw:~# vim /etc/bind/named.conf.options
+root@mail-gw:~# cat /etc/bind/named.conf.options
+options {
+        directory "/var/cache/bind";
+
+        //dnssec-validation yes;
+        //dnssec-enable yes;
+        //dnssec-lookaside auto; //since debian 12 these are no longer needed
+
+        listen-on-v6 { any; };
+        listen-on { any; };
+        allow-query { any; };
+        forwarders {
+                1.1.1.1;
+                1.0.0.1;
+        };
+};
+	
+
+

Then generate the DNS keys for your domain:

+

+root@mail-gw:~# cd /var/cache/bind
+root@mail-gw:/var/cache/bind# dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE nihilism.network
+Generating key pair...................+++++ ..................................................................................................................+++++
+Knihilism.network.+007+54398
+root@mail-gw:/var/cache/bind# dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE nihilism.network
+Generating key pair........................................................................++++ .....................++++
+Knihilism.network.+007+44145
+	
+
+

then create the zone file:

+

+root@mail-gw:/var/cache/bind# for key in `ls Knihilism.network*.key`; do echo "\$INCLUDE $key">> nihilism.network.zone; done
+root@mail-gw:/var/cache/bind# cat nihilism.network.zone
+$INCLUDE Knihilism.network.+007+44145.key
+$INCLUDE Knihilism.network.+007+54398.key
+
+
+

Then sign the zone with the dnssec-signzone command:

+

+root@mail-gw:/var/cache/bind# for key in `ls Knihilism.network*.key`; do echo "\$INCLUDE $key">> nihilism.network.zone; done
+root@mail-gw:/var/cache/bind# cat nihilism.network.zone
+$INCLUDE Knihilism.network.+007+44145.key
+$INCLUDE Knihilism.network.+007+54398.key
+root@mail-gw:/var/cache/bind# dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16)			-N INCREMENT -o nihilism.network -t nihilism.network.zone
+
+
+dnssec-signzone: warning: Knihilism.network.+007+44145.key:5: no TTL specified; zone rejected
+dnssec-signzone: fatal: failed loading zone from 'nihilism.network.zone': no ttl
+
+
+

if you get the no ttl error like me, regen the keys with the TTL thanks to the -L flag:

+

+
+root@mail-gw:/var/cache/bind# dnssec-keygen -L 3600 -a NSEC3RSASHA1 -b 2048 -n ZONE nihilism.network
+Generating key pair.........................................+++++ .......+++++
+Knihilism.network.+007+35034
+
+root@mail-gw:/var/cache/bind# dnssec-keygen -L 3600 -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE nihilism.network
+Generating key pair......++++ ..................................................................................................................................................................++++
+Knihilism.network.+007+23388
+
+root@mail-gw:/var/cache/bind# for key in `ls Knihilism.network*.key`; do echo "\$INCLUDE $key">> nihilism.network.zone; done
+
+root@mail-gw:/var/cache/bind# cat nihilism.network.zone
+
+$INCLUDE Knihilism.network.+007+23388.key
+$INCLUDE Knihilism.network.+007+35034.key
+
+root@mail-gw:/var/cache/bind# dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o nihilism.network -t db.nihilism.network
+dnssec-signzone: warning: db.nihilism.network:17: TTL set to prior TTL (3600)
+dnssec-signzone: fatal: No signing keys specified or found.
+
+root@mail-gw:/var/cache/bind# cat nihilism.network.zone >> db.nihilism.network
+
+
+root@mail-gw:/var/cache/bind# dnssec-signzone -AA -n 3 -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16)	-N INCREMENT -o nihilism.network -t db.nihilism.network
+
+dnssec-signzone: warning: db.nihilism.network:17: TTL set to prior TTL (3600)
+Verifying the zone using the following algorithms:
+- NSEC3RSASHA1
+Zone fully signed:
+Algorithm: NSEC3RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked
+                         ZSKs: 1 active, 0 stand-by, 0 revoked
+db.nihilism.network.signed
+Signatures generated:                       51
+Signatures retained:                         0
+Signatures dropped:                          0
+Signatures successfully verified:            0
+Signatures unsuccessfully verified:          0
+Signing time in seconds:                 0.068
+Signatures per second:                 750.000
+Runtime in seconds:                      0.076
+	
+
+

If it gives you further errors, debug it here https://dnsviz.net/d/nihilism.network/dnssec/:

+

Then we continue:

+

+root@mail-gw:/var/cache/bind# vim /etc/bind/named.conf.local
+root@mail-gw:/var/cache/bind# cat /etc/bind/named.conf.local
+zone "nihilism.network"  {
+        type master;
+        file "db.nihilism.network.signed";
+        allow-update { none; };
+};
+	
+
+

Then restart bind9:

+

+root@mail-gw:/var/cache/bind# systemctl restart bind9
+root@mail-gw:/var/cache/bind# systemctl status bind9
+* named.service - BIND Domain Name Server
+     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
+     Active: active (running) since Fri 2022-09-30 19:58:12 CEST; 3s ago
+       Docs: man:named(8)
+   Main PID: 42611 (named)
+      Tasks: 4 (limit: 507)
+     Memory: 7.8M
+        CPU: 19ms
+     CGroup: /system.slice/named.service
+             `-42611 /usr/sbin/named -f -u bind
+
+Sep 30 19:58:12 mail-gw named[42611]: zone 127.in-addr.arpa/IN: loaded serial 1
+Sep 30 19:58:12 mail-gw named[42611]: zone localhost/IN: loaded serial 2
+Sep 30 19:58:12 mail-gw named[42611]: zone nihilism.network/IN: sig-re-signing-interval less than 3 * refresh.
+Sep 30 19:58:12 mail-gw named[42611]: zone nihilism.network/IN: loaded serial 18 (DNSSEC signed)
+Sep 30 19:58:12 mail-gw named[42611]: all zones loaded
+Sep 30 19:58:12 mail-gw named[42611]: running
+Sep 30 19:58:12 mail-gw named[42611]: zone nihilism.network/IN: sending notifies (serial 18)
+Sep 30 19:58:12 mail-gw named[42611]: client @0x7fad306d5130 23.137.250.141#48501 (nihilism.network): transfer of 'nihilism.network/IN': IXFR version not in journal, falling back to AXFR
+Sep 30 19:58:12 mail-gw named[42611]: client @0x7fad306d5130 23.137.250.141#48501 (nihilism.network): transfer of 'nihilism.network/IN': AXFR-style IXFR started (serial 18)
+Sep 30 19:58:12 mail-gw named[42611]: client @0x7fad306d5130 23.137.250.141#48501 (nihilism.network): transfer of 'nihilism.network/IN': AXFR-style IXFR ended: 2 messages, 104 records, 19335 bytes, 0.001 secs (19335000 bytes/sec) (serial 18)
+
+ +

So from now on when you want to edit your zone, you will need to first edit the db file and then run the dnssign command:

+

+root@mail-gw:/var/cache/bind# vim db.nihilism.network
+
+root@mail-gw:/var/cache/bind# dnssec-signzone -AA -n 3 -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16)	-N INCREMENT -o nihilism.network -t db.nihilism.network
+
+dnssec-signzone: warning: db.nihilism.network:17: TTL set to prior TTL (3600)
+Verifying the zone using the following algorithms:
+- NSEC3RSASHA1
+Zone fully signed:
+Algorithm: NSEC3RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked
+                         ZSKs: 1 active, 0 stand-by, 0 revoked
+db.nihilism.network.signed
+Signatures generated:                       53
+Signatures retained:                         0
+Signatures dropped:                          0
+Signatures successfully verified:            0
+Signatures unsuccessfully verified:          0
+Signing time in seconds:                 0.068
+Signatures per second:                 779.411
+Runtime in seconds:                      0.080
+
+root@mail-gw:/var/cache/bind# systemctl restart bind9
+
+root@mail-gw:/var/cache/bind# systemctl status bind9
+* named.service - BIND Domain Name Server
+     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
+     Active: active (running) since Sat 2022-10-01 10:37:34 CEST; 1s ago
+       Docs: man:named(8)
+   Main PID: 45909 (named)
+      Tasks: 4 (limit: 507)
+     Memory: 7.8M
+        CPU: 21ms
+     CGroup: /system.slice/named.service
+             `-45909 /usr/sbin/named -f -u bind
+	
+
+

Now when we test the dnssec to our bindserver we see the following:

+

+[ 10.0.0.10/16 ] [ nowhere ] [~]
+→ dig @23.137.250.140 stream.nihilism.network. A +dnssec +multiline
+
+; <<>> DiG 9.18.4-2-Debian <<>> @23.137.250.140 stream.nihilism.network. A +dnssec +multiline
+; (1 server found)
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52175
+;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
+
+;; OPT PSEUDOSECTION:
+; EDNS: version: 0, flags: do; udp: 1232
+; COOKIE: bb834e65ec1896a601000000633c65914ff2b9c6c7b43b1d (good)
+;; QUESTION SECTION:
+;stream.nihilism.network. IN A
+
+;; ANSWER SECTION:
+stream.nihilism.network. 604800 IN CNAME web-gw.nihilism.network.
+stream.nihilism.network. 604800 IN RRSIG CNAME 7 3 604800 (
+                                20221103152726 20221004152726 35034 nihilism.network.
+                                qIu/a2pi8e52tLqNBmCbeFHGK3TkQLquJNcziCoCYlQY
+                                qOOFiXisOz7sg05uWxvX04kKofQyuUb9X/+e20r28WUe
+                                gAhS1LJWE9BfBHfq/iQBXX4yWLTTYMqyjDyW56RUX7Z9
+                                zJs46TJB983ggZ1VwAJOifDGvl4vYSld/XeFy0EQy62G
+                                3Etq9GZe+O5ZEKsuYA+9RGockq/TwwLn6ibZfst172xt
+                                B/uKxmX+J3gcBzeGp1wwGd07UdlxaLyniQ41DSYmdTdD
+                                jECbxVQRvMnC1MhD8nYsmhm/YroKXeQpMX7ugJD1ZomY
+                                A7/ofGO6asXTGY2V3JxiITop0nKlfSlLbA== )
+web-gw.nihilism.network. 604800 IN A 23.137.250.141
+web-gw.nihilism.network. 604800 IN RRSIG A 7 3 604800 (
+                                20221103152726 20221004152726 35034 nihilism.network.
+                                hlE0hXZiU9/LnSKghK3OKMxIbrrimFqF0HfHJubzQ50U
+                                f9g3m9bZJeANu4iJHCmPR1TVJUp0qYxUTRb815kWGKIq
+                                DHUNErDN+WhZoTBMT8jzdX8kntKFnd8+N/d/gjQ91Oxp
+                                MOGf2V1fAu0wnvVZGzn6PGmQfb1vsZ3pskmTd5bz/A1g
+                                nPoT3MXYWQol8x8h9bYdBwwz/cmbHbeZ2s8NIgFj/F46
+                                cciq3lIs6HDmmYzE50TQ5YApCyHDYSM7gu/u/O/4pxAP
+                                55Fo5qtkZQCMoRtcRJh+GG5X7W2onoi4zICAZXpD5L6z
+                                IaBl++bwjDaSIOiAsV2j+gRGETtUQ4Ef4w== )
+
+;; Query time: 23 msec
+;; SERVER: 23.137.250.140#53(23.137.250.140) (UDP)
+;; WHEN: Tue Oct 04 18:56:01 CEST 2022
+;; MSG SIZE  rcvd: 725
+
+
+

for simplicity sake i have this script to automate the signing of the dns zone file, the checking of it and the restarting of the service in one script:

+

+root@mail-gw:/var/cache/bind# cat restartdns.sh
+
+#!/bin/bash
+
+# check the zone for errors:
+named-checkzone nihilism.network db.nihilism.network
+
+# sign it:
+dnssec-signzone -AA -n 3 -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16)        -N INCREMENT -o nihilism.network -t db.nihilism.network
+
+#restart bind9
+systemctl restart bind9
+
+#check bind9 status
+systemctl status bind9
+
+
+

updated restartdns.sh script: (thanks to Notorious from notlean.net)

+

+
+1) updated algorythms  to avoid errors https://dnsviz.net/d/nihilism.network/dnssec/ 
+
+dnssec-keygen -L 3600 -a ECDSAP256SHA256 -b 2048 -n ZONE notlean.net
+dnssec-keygen -L 3600 -f KSK -a ECDSAP256SHA256 -b 2048 -n ZONE notlean.net
+for key in `ls Knotlean.net*.key`; do echo "\$INCLUDE $key">> notlean.net.zone; done
+cat notlean.net.zone >> forward.notlean.net.db
+dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o notlean.net -t forward.notlean.net.db
+rndc reload
+systemctl status named
+
+
+2) cat restartdns.sh 
+
+#!/bin/bash
+
+set -eu
+
+# Bnd Path
+ZONE_PATH="/var/cache/bind/notorious"
+
+# Domain name
+ZONE_NAME="notlean.net"
+
+# Bind zone file name
+ZONE_FILE="forward.notlean.net.db"
+
+# Generate NSEC3 salt
+NSEC3_SALT=$(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16)
+
+# Go to zone path
+pushd $ZONE_PATH
+
+# Verify zone and check for errors
+echo "Chcking zone errors for $ZONE_NAME ..."
+if ! named-checkzone $ZONE_NAME $ZONE_FILE; then
+    echo "Error during zonbe checking. Verify the file."
+    exit 1
+fi
+
+# Signing zone DNSSEC
+echo "Signing zone file for $ZONE_NAME..."
+dnssec-signzone -A -3 $NSEC3_SALT -N INCREMENT -o $ZONE_NAME -t $ZONE_FILE
+
+# Restart BIND9
+echo "Restart BIND9..."
+rndc reload
+
+# Check bind status
+echo "Vérification du statut de BIND9..."
+systemctl status bind9
+
+# Back to local dir
+popd
+
+echo "Execution end"
+
+
+ + + +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/encryption/1.png b/servers/encryption/1.png new file mode 100644 index 0000000..7c4917d Binary files /dev/null and b/servers/encryption/1.png differ diff --git a/servers/encryption/2.png b/servers/encryption/2.png new file mode 100644 index 0000000..6658785 Binary files /dev/null and b/servers/encryption/2.png differ diff --git a/servers/encryption/3.png b/servers/encryption/3.png new file mode 100644 index 0000000..e978268 Binary files /dev/null and b/servers/encryption/3.png differ diff --git a/servers/encryption/4.png b/servers/encryption/4.png new file mode 100644 index 0000000..d543551 Binary files /dev/null and b/servers/encryption/4.png differ diff --git a/servers/encryption/5.png b/servers/encryption/5.png new file mode 100644 index 0000000..c4925c2 Binary files /dev/null and b/servers/encryption/5.png differ diff --git a/servers/encryption/6.png b/servers/encryption/6.png new file mode 100644 index 0000000..015d7cb Binary files /dev/null and b/servers/encryption/6.png differ diff --git a/servers/encryption/index.html b/servers/encryption/index.html new file mode 100644 index 0000000..eeaffd2 --- /dev/null +++ b/servers/encryption/index.html @@ -0,0 +1,174 @@ + + + + + + + + + + + What is Plausible Deniability ? Why is it Important ? + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-05-01

+

What is Plausible Deniability ? Why is it Important ?

+ +
+
+
+
+ + +
+
+
+
+

Encryption Provides Privacy

+

Let's take our previous analogy to explain what Privacy is:

+

+Bob wants to talk to Alice, He wants the conversation to remain private, so he closes the door
+Jack can't spy on bob and alice's conversation, because the door is closed, 
+The door is closed, the conversation remains between Alice and Bob, their conversation is Private.
+	
+
+ +

For Alice and Bob to protect their conversation from being spied on by Jack, they encrypt their conversation for example by using PGP.

+ +

Here the most common usecase for encryption is for people to encrypt their system disk on their computers, because if someone (like jack) were to steal their computer, they don't want to read all of their data.

+ +

All in all, encryption is used to provide privacy. As long as the encrypted volumes are closed when Jack is trying to open them, Jack cannot read the contents of the volumes.

+
+
+
+
+ +
+
+
+
+

What happens when Bob is forced to give out his password ?



+

Encryption however, cannot protect against everything.

+ +

In this case, Bob is legally, although questionably morally, forced to decrypt his encrypted system disk by the judge. Keep in mind that this is not a far fetched scenario, this has happened previously.

+
    +
  1. in January 2012 (source)

  2. +
  3. in Febuary 2009 (source)

  4. +
+

When that is the case, simply encrypting the disk is not enough, as all that is required is for the adversary to know of the existance of the encrypted drive, to be able to force Bob to open it

+ +

As far as key encryption laws, the trend is that most developed countries are forcing their citizens to incriminate themselves and to surrender the encryption keys to authorities, when asked. In short,If the encrypted volume is proven to exist, you can be forced to surrender the decryption key/password to open it.

+ +
+
+
+
+ + + +
+
+
+
+

Why is Plausible Deniability is Vital?



+

From a legal standpoint, the only way to be protected against that scenario where you're forced to decrypt your harddrive is to be able to deny the existance of said encrypted volume (Plausible Deniability) . If the encrypted volume does not exist, there is no password to be given for it.

+

So here we need a technology that can provide us Plausible Deniability. That is what Veracrypt can do for us.

+ +

In short, Veracrypt allows you to encrypt volumes, just like LUKS encryption does. However it gives you the choice to hide another encrypted volume inside the same volume, that is exactly what you can deny the existance of.

+

So you can hide some random meaningless data inside the decoy volume, while the real data that needs protection sits inside the hidden volume.

+

This means, when Jack forces Bob to open the vercrypt volume, Bob types Password A to open the decoy volume, Then, when asked by Jack, Bob declares that there is no Hidden volume, and Jack has no way to prove the existance the Hidden Volume.

+

To see how to implement Plausible Deniability protection with Veracrypt, check out this tutorial.

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/endgame/0.png b/servers/endgame/0.png new file mode 100644 index 0000000..b32d9cb Binary files /dev/null and b/servers/endgame/0.png differ diff --git a/servers/endgame/1.png b/servers/endgame/1.png new file mode 100644 index 0000000..8464359 Binary files /dev/null and b/servers/endgame/1.png differ diff --git a/servers/endgame/10.png b/servers/endgame/10.png new file mode 100644 index 0000000..5fc5808 Binary files /dev/null and b/servers/endgame/10.png differ diff --git a/servers/endgame/11.png b/servers/endgame/11.png new file mode 100644 index 0000000..c9af878 Binary files /dev/null and b/servers/endgame/11.png differ diff --git a/servers/endgame/12.png b/servers/endgame/12.png new file mode 100644 index 0000000..aa8f77f Binary files /dev/null and b/servers/endgame/12.png differ diff --git a/servers/endgame/13.png b/servers/endgame/13.png new file mode 100644 index 0000000..432935b Binary files /dev/null and b/servers/endgame/13.png differ diff --git a/servers/endgame/14.png b/servers/endgame/14.png new file mode 100644 index 0000000..0a65c5f Binary files /dev/null and b/servers/endgame/14.png differ diff --git a/servers/endgame/15.png b/servers/endgame/15.png new file mode 100644 index 0000000..1ec5512 Binary files /dev/null and b/servers/endgame/15.png differ diff --git a/servers/endgame/16.png b/servers/endgame/16.png new file mode 100644 index 0000000..e417ff4 Binary files /dev/null and b/servers/endgame/16.png differ diff --git a/servers/endgame/17.png b/servers/endgame/17.png new file mode 100644 index 0000000..1183b17 Binary files /dev/null and b/servers/endgame/17.png differ diff --git a/servers/endgame/18.png b/servers/endgame/18.png new file mode 100644 index 0000000..8e2a4a1 Binary files /dev/null and b/servers/endgame/18.png differ diff --git a/servers/endgame/19.png b/servers/endgame/19.png new file mode 100644 index 0000000..a03fc9c Binary files /dev/null and b/servers/endgame/19.png differ diff --git a/servers/endgame/2.png b/servers/endgame/2.png new file mode 100644 index 0000000..fc62e02 Binary files /dev/null and b/servers/endgame/2.png differ diff --git a/servers/endgame/20.png b/servers/endgame/20.png new file mode 100644 index 0000000..9066106 Binary files /dev/null and b/servers/endgame/20.png differ diff --git a/servers/endgame/21.png b/servers/endgame/21.png new file mode 100644 index 0000000..f9584f3 Binary files /dev/null and b/servers/endgame/21.png differ diff --git a/servers/endgame/22.png b/servers/endgame/22.png new file mode 100644 index 0000000..3373a7b Binary files /dev/null and b/servers/endgame/22.png differ diff --git a/servers/endgame/23.png b/servers/endgame/23.png new file mode 100644 index 0000000..72d5d1a Binary files /dev/null and b/servers/endgame/23.png differ diff --git a/servers/endgame/3.png b/servers/endgame/3.png new file mode 100644 index 0000000..e36a139 Binary files /dev/null and b/servers/endgame/3.png differ diff --git a/servers/endgame/4.png b/servers/endgame/4.png new file mode 100644 index 0000000..2c77669 Binary files /dev/null and b/servers/endgame/4.png differ diff --git a/servers/endgame/5.png b/servers/endgame/5.png new file mode 100644 index 0000000..ed7ecb0 Binary files /dev/null and b/servers/endgame/5.png differ diff --git a/servers/endgame/6.png b/servers/endgame/6.png new file mode 100644 index 0000000..009ef1a Binary files /dev/null and b/servers/endgame/6.png differ diff --git a/servers/endgame/7.png b/servers/endgame/7.png new file mode 100644 index 0000000..bd923fa Binary files /dev/null and b/servers/endgame/7.png differ diff --git a/servers/endgame/8.png b/servers/endgame/8.png new file mode 100644 index 0000000..05b7c8c Binary files /dev/null and b/servers/endgame/8.png differ diff --git a/servers/endgame/9.png b/servers/endgame/9.png new file mode 100644 index 0000000..b2dff3c Binary files /dev/null and b/servers/endgame/9.png differ diff --git a/servers/endgame/index.html b/servers/endgame/index.html new file mode 100644 index 0000000..d027fdf --- /dev/null +++ b/servers/endgame/index.html @@ -0,0 +1,1003 @@ + + + + + + + + + + + EndGame V3 Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-04-13

+

EndGame V3 Setup

+ +

In this tutorial we're going to setup the EndGameV3 Anti DDOS / Load Balancer / WAF service popularized by Dread, it was originally built to block off the incessant DDOS attacks that onion services were facing. Because of that, EndGame was developped, along with the Proof of Work (POW) Defense released by TorProject for more details you can click here.

+

+Endgame should be on a separate server to your backend server. It only proxies content from your backend to the user. You will still need to configure your backend to handle requests from the Endgame Front.
+
+This is the same system that anti-DDOS services like Cloudflare, Indusface, and Imperva use to protect websites from attacks. The difference is this is self-hosted and fully controlled by you for your own needs and made for darknet networks.
+
+
+

Now we'll first cover how to have a single Endgame V3 front, to redirect to 2 onion backends, but keep in mind that there is very high latency involved here. The ideal setup as we'll see later, is to have local redirection behind the Endgame front. And we'll also make use of the onionbalance technology to setup multiple Endgame fronts for the same Master Onion!

+ +
+
+
+
+ + +
+
+
+
+

Prerequisites

+

First of all you need at least 2 backend servers that are reachable via their .onion links. To set them up you can look at my tutorial here.

+

In this example we'll use my 2 main websites' onion links:

+

+http://daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion/
+http://nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion/
+	
+
+ +

Obviously these are not the same service, but we'll pretend that they are. Now let's setup Endgame on a blank Debian 12 VM with internet access:

+ +
+
+
+
+ +
+
+
+
+

1 Endgame Front, 2 Backend Servers



+

Let's first download the tar.gz file for endgamev3, and verify the sha256sum hash of the tar.gz file according to the original post's recommendations. Here i downloaded it from the git mirror i host, but if you want the original URL you can get it from here: http://g66ol3eb5ujdckzqqfmjsbpdjufmjd5nsgdipvxmsh7rckzlhywlzlqd.onion/EndGameV3.tar.gz

+

+root@debian:~# wget https://git.datura.network/nihilist/EndGameV3/raw/branch/main/EndGameV3.tar.gz
+--2024-04-13 12:39:00--  https://git.datura.network/nihilist/EndGameV3/raw/branch/main/EndGameV3.tar.gz
+Resolving git.datura.network (git.datura.network)... 65.109.30.253
+Connecting to git.datura.network (git.datura.network)|65.109.30.253|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 35340090 (34M) [application/octet-stream]
+Saving to: ‘EndGameV3.tar.gz’
+
+EndGameV3.tar.gz                                            100%[===========================================================================================================================================>]  33.70M  4.22MB/s    in 10s
+
+2024-04-13 12:39:12 (3.27 MB/s) - ‘EndGameV3.tar.gz’ saved [35340090/35340090]
+
+root@debian:~# sha256sum EndGameV3.tar.gz
+89036a0ae8631aa1683bb370f357a4042b2e138eebeaea14bb35824f5d1f6bbb  EndGameV3.tar.gz
+	
+
+ +

As of 13/04/2024, the SHA256 Hash of EndGameV3.tar.gz is 89036a0ae8631aa1683bb370f357a4042b2e138eebeaea14bb35824f5d1f6bbb. let's unpack it:

+

+root@debian:~# neofetch
+       _,met$$$$$gg.          root@debian
+    ,g$$$$$$$$$$$$$$$P.       -----------
+  ,g$$P"     """Y$$.".        OS: Debian GNU/Linux 12 (bookworm) x86_64
+ ,$$P'              `$$$.     Host: KVM/QEMU (Standard PC (Q35 + ICH9, 2009) pc-q35-7.2)
+',$$P       ,ggs.     `$$b:   Kernel: 6.1.0-13-amd64
+`d$$'     ,$P"'   .    $$$    Uptime: 1 hour, 19 mins
+ $$P      d$'     ,    $$P    Packages: 447 (dpkg)
+ $$:      $$.   -    ,d$$'    Shell: bash 5.2.15
+ $$;      Y$b._   _,d$P'      Resolution: 1632x1684
+ Y$$.    `.`"Y$$$$P"'         CPU: AMD Ryzen 7 5700X (2) @ 3.393GHz
+ `$$b      "-.__              GPU: 00:01.0 Red Hat, Inc. Virtio 1.0 GPU
+  `Y$$                        Memory: 140MiB / 1966MiB
+   `Y$$.
+     `$$b.
+       `Y$$b.
+          `"Y$b._
+              `"""
+
+root@debian:~# mkdir endgame
+
+root@debian:~# mv EndGameV3.tar.gz endgame/
+
+root@debian:~# cd endgame
+
+root@debian:~/endgame# tar -xzvf EndGameV3.tar.gz
+	
+root@debian:~/endgame# ls -lash
+total 34M
+4.0K drwxr-xr-x  8 root     root     4.0K Apr 13 13:54 .
+4.0K drwx------  5 root     root     4.0K Apr 13 13:54 ..
+4.0K -rw-r--r--  1 nihilist nihilist  178 Jul 11  2022 aptpreferences
+4.0K drwxr-xr-x 11 nihilist nihilist 4.0K Mar 18 18:50 dependencies
+8.0K -rw-r--r--  1 nihilist nihilist 6.1K Apr 10 05:10 endgame.config
+ 34M -rw-r--r--  1 root     root      34M Apr 13 12:48 EndGameV3.tar.gz
+4.0K -rwxr-xr-x  1 nihilist nihilist 1.1K Sep 16  2023 getdependencies.sh
+ 12K -rw-r--r--  1 nihilist nihilist 9.5K May  9  2023 i2pd.conf
+4.0K -rw-r--r--  1 nihilist nihilist  145 Mar 30  2023 jail.local
+4.0K -rw-r--r--  1 nihilist nihilist 2.0K Mar 30  2023 limits.conf
+4.0K drwxr-xr-x  2 nihilist nihilist 4.0K Apr  9 17:45 lua
+4.0K -rw-r--r--  1 nihilist nihilist  357 Nov  8 01:35 mentions.txt
+8.0K -rw-r--r--  1 nihilist nihilist 5.9K Jun 29  2022 naxsi_core.rules
+4.0K -rw-r--r--  1 nihilist nihilist  209 Jun 12  2023 naxsi_whitelist.rules
+4.0K -rw-r--r--  1 nihilist nihilist 2.0K Jul 18  2023 nginx.conf
+4.0K -rwxr-xr-x  1 nihilist nihilist 1.3K May  9  2023 nginx-update.sh
+ 12K -rw-r--r--  1 nihilist nihilist  11K Apr 10 04:00 README.md
+4.0K drwxr-xr-x  2 nihilist nihilist 4.0K Jun  1  2023 repokeys
+4.0K drwxr-xr-x  2 nihilist nihilist 4.0K Sep  7  2023 resty
+ 72K -rw-r--r--  1 nihilist nihilist  71K Apr 10 05:53 resty.tgz
+ 16K -rwxr-xr-x  1 nihilist nihilist  13K Apr 11 23:36 setup.sh
+ 12K -rw-r--r--  1 nihilist nihilist  12K Apr 10 04:50 site.conf
+4.0K drwxr-xr-x  4 nihilist nihilist 4.0K May  6  2023 sourcecode
+4.0K -rwxr-xr-x  1 nihilist nihilist  464 May 25  2023 startup.sh
+4.0K -rw-r--r--  1 nihilist nihilist 1.5K May 17  2023 sysctl.conf
+4.0K drwxr-xr-x  2 nihilist nihilist 4.0K Apr 10 05:32 tor-patch
+4.0K -rw-rw-rw-  1 nihilist nihilist 1.8K Apr 10 04:50 torrc
+4.0K -rw-r--r--  1 nihilist nihilist  157 Mar 29  2023 torrc2
+4.0K -rw-r--r--  1 nihilist nihilist  157 Mar 29  2023 torrc3
+4.0K -rw-r--r--  1 nihilist nihilist  179 May  5  2023 tunnels.conf
+
+
+ +

From there we can follow the steps as detailed in the README.md

+Go to sourcecode/gobalance and build gobalance with go. Read the README.md about how to compile and generate the gobalance configuration. With that configuration you will be able to see your MASTERONION url. The starting before .key is your master onion address. You will use that as your MASTERONION in the EndGame.config ending it with '.onion'. +

+root@debian:~/endgame# cd sourcecode/gobalance/
+root@debian:~/endgame/sourcecode/gobalance# ls
+go.mod  go.sum  main.go  pkg  README.md  torrc  vendor
+root@debian:~/endgame/sourcecode/gobalance# cat README.md
+
+[...]
+
+# Compiling
+
+- `go get -u` - updates all dependencies
+- `go mod vendor` - stores the updates in the vendor folder
+- `go build -o gobalance main.go` - builds the gobalance application
+
+# Generate Configuration
+
+- `./gobalance g`
+
+or simply use your python onionbalance one! Drop in replacement support (no multisite)!
+
+# Running
+After you have configured your gobalance, you will need a tor process on your localhost. There is a provided torrc file. Run it with Tor like this:
+
+- `tor -f torrc`
+
+After that run gobalance
+
+- `./gobalance`
+
+If you need to run these in the background (in the event your server connection dies or drops) you can use `nohup` or a detached terminal session.
+I, /u/Paris, recommend just running it locally with geo redundancy to not need to worry about server crashes or compromises. Onion key safety is your absolute priority. When it's compromised your operation is done.
+
+
+

So as advised, let's compile gobalance using go:

+

+root@debian:~/endgame/sourcecode/gobalance# apt update -y ;  apt install golang -y
+
+root@debian:~/endgame/sourcecode/gobalance# go get -u
+go: downloading github.com/sirupsen/logrus v1.9.3
+go: downloading github.com/urfave/cli/v2 v2.27.1
+go: downloading golang.org/x/crypto v0.17.0
+go: downloading golang.org/x/crypto v0.22.0
+go: downloading github.com/urfave/cli v1.22.14
+go: downloading gopkg.in/yaml.v3 v3.0.1
+go: downloading golang.org/x/sys v0.15.0
+go: downloading golang.org/x/sys v0.19.0
+go: downloading maze.io/x/crypto v0.0.0-20190131090603-9b94c9afe066
+go: downloading github.com/cpuguy83/go-md2man/v2 v2.0.3
+go: downloading github.com/cpuguy83/go-md2man/v2 v2.0.4
+go: downloading github.com/cpuguy83/go-md2man v1.0.10
+go: downloading github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e
+go: downloading github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913
+go: downloading github.com/russross/blackfriday/v2 v2.1.0
+go: downloading github.com/russross/blackfriday v1.6.0
+go: upgraded github.com/cpuguy83/go-md2man/v2 v2.0.3 => v2.0.4
+go: upgraded github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e => v0.0.0-20240312152122-5f08fbb34913
+go: upgraded golang.org/x/crypto v0.17.0 => v0.22.0
+go: upgraded golang.org/x/sys v0.15.0 => v0.19.0
+
+root@debian:~/endgame/sourcecode/gobalance# go mod vendor
+go: downloading github.com/stretchr/testify v1.8.0
+go: downloading github.com/pmezard/go-difflib v1.0.0
+go: downloading github.com/davecgh/go-spew v1.1.1
+root@debian:~/endgame/sourcecode/gobalance# go build -o gobalance main.go
+
+root@debian:~/endgame/sourcecode/gobalance# ./gobalance g
+root@debian:~/endgame/sourcecode/gobalance# ls
+config.yaml  uyrpqcefaftpfq755fv4fe3noc6l3be4qehq3twcu3nfzvycdqko2yyd.key  gobalance  go.mod  go.sum  main.go  pkg  README.md  torrc  vendor
+
+root@debian:~/endgame/sourcecode/gobalance# cat torrc
+RunAsDaemon 0
+ControlPort 9051
+DataDirectory torfiles
+
+
+ +

So in this case our MASTERONION url is uyrpqcefaftpfq755fv4fe3noc6l3be4qehq3twcu3nfzvycdqko2yyd.onion Next step is to edit the endgame.config file:

+
	
+root@debian:~/endgame/sourcecode/gobalance# cd ../..
+root@debian:~/endgame# vim endgame.config
+
+
+

To edit the file we follow the setup process from the README:

+

+Open up and edit the endgame.config, you will need to change your TORAUTHPASSWORD. Change it to a random alphanumeric password of your choice. This is just used for authentication on nginx's layer to send circuit kill commands.
+You have two options for how EndGame sends the traffic to your backend. You can have it direct it to an onion address, or you can have it locally proxy to a server on the same network.
+
+    Tor Proxy: You will need to set both of the BACKENDONION variables to your main onion service you want protected. This means your origin application server needs to have tor running with its own onion service address. You put that onion address on the BACKENDONION(1/2). If you have multiple backends (highly recommended) you can put different backend addresses to have load balancing and fallover. It's easy to add in even more by customizing endgame for your needs.
+    Local Proxy: Change LOCALPROXY to true and edit the PROXYPASSURL to the specific IP or hostname of your backend location. It will default to connect on port 80 via http but you can edit line 320 of the site.conf to change that to your specific needs.
+
+Enable I2PSETUP and/or TORSETUP by setting them to true. You can also enable TORINTRODEFENSE and TORPOWDEFENSE to provide more protection against introduction attacks on the Tor network.
+Edit KEY and SALT to a secure cookie value. PROTECT THESE VALUES. If they get leaked, an attacker could generate EndGame cookies and hurt your EndGame protection.
+
+    KEY: is your encryption key used for encryption. It should be to be between 68 and 128 random alphanumeric characters.
+    SALT: is your salt for the encryption key. It must be exactly 8 alphanumeric characters.
+
+Branding is important. EndGame makes it easy to use your own branding on it. By default, it will use dread's branding, but you should change it.
+
+    HEXCOLOR and HEXCOLORDARK are for the specific colors used on the pages. Set HEXCOLOR to your main site color and HEXCOLORDARK to just a slightly darker version of it.
+    SITENAME, SITETAGLINE, SITESINCE is all information about your site. Self-explanatory.
+    FAVICON is used as your site's favicon in base64. This limits the amount of requests a browser may do when first loading the queue page. Make sure this value is set to something. Otherwise people's connections will get cut off from the queue when their browser makes a request to the favicon.ico.
+    SQUARELOGO is used as the icon for the queue running man and the main splash logo on the captcha page. In base64 format.
+    NETWORKLOGO is used as a bottom network icon for on the captcha page which allows different sites a part of the same organization to be shown. In base64 format.
+
+After you are done EndGame's configuration, you should archive everything except the sourcecode folder. Transfer the archive to a blank debian 12 system. As root, extract the archive and run setup.sh like './setup.sh'. At the end of the setup, it will export an onion address (and i2p if set but don't add that to gobalance) which you can provide to users or add to your gobalance configuration.
+	
+
+

Let's first generate our KEY (max 128chars) and SALT (8 chars):

+

+[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
+→ sudo apt install pwgen -y
+
+[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
+→ pwgen 8 1
+OotoNg0s
+
+[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
+→ pwgen 127 1
+Ex6meeghah2Voo4iezeequieFoChieyoch2kuish8ubopheikux2hedu5ahng5Iwooquii3tuowi6quie1leeTaeN5ugh0Dooch1naexaetoya9hoh2Fohlu5oP5ohm
+	
+
+

So we have the following config:

+
	
+root@debian:~/endgame# cat endgame.config
+#This area
+
+#OPTIONS!
+MASTERONION="uyrpqcefaftpfq755fv4fe3noc6l3be4qehq3twcu3nfzvycdqko2yyd.onion"
+TORAUTHPASSWORD="MYCOMPLEXPASSWORDTOREPLACE!!!"
+BACKENDONION1="daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion"
+BACKENDONION2="nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion"
+
+#set to true if you want to setup local proxy instead of proxy over Tor
+LOCALPROXY=false
+PROXYPASSURL="10.10.10.0"
+
+#Install the latest kernel from debian unstable. Recommended but may cause some issues on old systems.
+LATESTKERNEL=true
+
+#reboot after completion. Highly recommended to get the new kernel active.
+REBOOT=true
+
+#set to true if you want i2pd installed and setup
+I2PSETUP=false
+
+#set to true if you want tor installed and setup
+TORSETUP=true
+
+#enable Tor introduction defense. Keeps the Tor process from stalling but hurts reliability. Only recommended if running on low powered fronts.
+TORINTRODEFENSE=false
+
+#enable Tor POW introduction defense. This should be enabled!
+TORPOWDEFENSE=true
+
+#enable Tor minimum work patch. This builds a new tor binary locally.
+TORMINWORK=true
+
+#Shared Front Captcha Key. Key should be alphanumeric between 64-128. Salt needs to be exactly 8 chars.
+KEY="Ex6meeghah2Voo4iezeequieFoChieyoch2kuish8ubopheikux2hedu5ahng5Iwooquii3tuowi6quie1leeTaeN5ugh0Dooch1naexaetoya9hoh2Fohlu5oP5ohm"
+SALT="OotoNg0s"
+#session length is in seconds. Default is 12 hours.
+SESSION_LENGTH=43200
+
+#Rate Limits!
+#Make sure to set these to reasonable defaults! Having them too low for your site can cause lots of disconnections while having them too high can make endgame ineffective!
+#Set the request rate to the max requests on your largest page! (try to keep it below 10! The lower you go the better endgame's protection is!)
+#Keep the stream limit 1 to 2 higher than your request limit!
+REQUESTRATELIMIT=8
+STREAMRATELIMIT=10
+
+#CSS Branding
+
+HEXCOLOR="9b59b6"
+HEXCOLORDARK="713C86"
+SITENAME="Nihilism"
+SITETAGLINE="Until there is nothing left."
+SITESINCE="2024"
+FAVICON="data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAABMLAAATCwAAAAAAAAAAAACtRI7/rUSO/61Ejv+tRI7/rUSO/61Fjv+qPor/pzaG/6k7if+sQo3/qDiH/6g4h/+sQ43/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/61Fjv+sQo3/uV6e/8iBs/+9aaT/sEyT/8V7r//Feq//sEqS/6xDjf+tRI7/rUSO/61Ejv+tRI7/rUSO/65Fj/+vR5D/rEGM/+fI3v///////fv8/+/a6f/+/f7/+vT4/7Zam/+rP4v/rkWP/61Ejv+tRI7/rUSO/61Fjv+sQYz/qTqI/6g4h//hudX/5sXc/+7Z6P////////7///ft9P+2WZr/q0CL/61Fj/+tRI7/rUSO/61Fj/+rQIv/uFyd/82Ou//Njrv/uWGf/6g6iP+uR5D/5sbc///////47vX/tlma/6s/i/+tRY//rUSO/61Ejv+uRo//qDqI/9aix///////69Hj/61Ejv+vSJD/qTqI/8BvqP//////+O/1/7ZZmv+rP4v/rUWP/61Ejv+tRI7/rkaP/6k8if/fttP//////9ekyP+oOIf/sEuS/6tAi/+7ZKH//vv9//nw9v+2WJr/qz+L/61Fj/+tRI7/rUSO/65Gj/+oOoj/1qHG///////pzeH/qj6K/6o8if+lMoP/0pjB///////47vX/tlma/6s/i/+tRY//rUSO/61Ejv+uRo//qj2K/7xmo//8+Pv//////+G61f+8ZqP/zpC8//v2+v//////+O/1/7ZZmv+rP4v/rUWP/61Ejv+tRI7/rUSO/65Gj/+pPIn/zo+7//79/v///////////////////v////////jw9v+2WZr/qz+L/61Fj/+tRI7/rUSO/61Ejv+tRI7/rUWP/6o9iv/Ab6j/37bT/+vR4//kwdr/16XI//36/P/58ff/tlma/6s/i/+tRY//rUSO/61Ejv+tRI7/rUSO/61Ejv+uRo//qj2K/6o9if+tRY7/qDmH/7VYmv/9+fv/+fH3/7ZYmv+rP4v/rUWP/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/65Gj/+uRo//rkaP/6s/i/+6Y6H//Pf6//ju9f+1WJr/q0CL/61Fj/+tRI7/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/65Gj/+qPor/umOh//79/v/69Pj/tlqb/6s/i/+uRY//rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rEKN/7FNk//GfLD/xHmu/7BKkv+sQ43/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/61Ejv+sQo3/qDiH/6g4h/+sQ43/rUSO/61Ejv+tRI7/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="
+SQUARELOGO="data:image/webp;base64,UklGRkwCAABXRUJQVlA4WAoAAAAQAAAATwAATwAAQUxQSC8AAAABH6CobRuIP9xev3ajERHxDWAqkg1PshdNnqeZJBfAR0T/J2ADngp0E/PbifAGPABWUDgg9gEAAFAMAJ0BKlAAUAA+bS6URiQioiEuGikggA2JQBoZQmgR/d8Cdib6gNsB5gPNy04Dej0a2NXoYw8XMJObQmvWHz52jkOgFebAO+W2C3pjVzORG7gs9ssx8qnjo3F96nSITr1LFsVBFyXhL7ywAP7cUf/iHNu+tvSh+rohhPqZvzMSRXtv7e8U/Dh5LwZIJHvcIx9GmDQsAejcJZBn+c5L63sC8fmQQAde+N776pYSR99TxW58l33OS2vwEbv0MLQQeKEkfOYxulikHr7tl/6ZwLnjENpEv6OnhDWVW53x32zxICdEDZ9TnGenzgbr1pGHJwZ3LX7o1h0RQkYVBag7IsYd+buU+m5wgCohMPbEwS+Vi02J7tVFAvUPVW5VfdjGFbzTfD5g/+nMoacT15PcUWxFNYCacgap7Zh5g0OaAa1rGJBuVbsFrGbbp5C85U3y+OuVTJcUt2wPNQJPA4lpjOyM5wGGRUxrjwy/+cOaOkfLlYc2ImOJLSmchU0u727olq8AMLRMZc/queUbr0E5ec/vKzZb9Z00D8dh5Hk6XNob6WDIFIusbW9UiKlnDFOz6ewFp4sONEBGGtI3gWG86cC+hmvHDzYlWupLMc2pRS9aO6FRiFAPmQXiJyK+lCZPtevTMxcUM4a6g3otDsiMGAOMbvIgAAA="
+NETWORKLOGO="data:image/webp;base64,UklGRpgFAABXRUJQVlA4WAoAAAAQAAAANgAAOwAAQUxQSCMFAAABoLBt2zE3HtddZhone8SubSt2bdu27a7rNqjtJlnvJqljJ7Xbqd1o0Ps4dt7v+6aTiIDgRpIiybnMu3cFb4DxaXs0+0hbmD4tbpO81cLkXLNJklmuptaLYnqa2kKJRaZVddJ9iQeTqppQRAKZK8glEyJMpdZeDdM6zhTM7phC7b66plB5/S1qFzqbFb5KYcqrQjOnOaW880P1bzYmi4xpDERz2VROWcoYoOFuMmfyt2n7z01m+KmAEP1d1TAON7urDwXMulyjLrmr8Vy2FjNjpB0AVTIXYCEXYj6v2QCwHaxmaZSnIisLAHaT1fz8swMAYBLzLLCcy2GRol0GALDf9ImvZtgDsLQSOUyJO9XHKaCAxfHNIMT9EfsBy7gMaDw5GGIaxxXzRqBTnzMJ0xwBuCaT1KVqXv8RDoh2MwrAAs4DKqlUlrbWlQEAYb+/0qTqSF5yQ41fKeRdf1SxEVI1sPRjHQvLauv4PTDq/Mlj5481h6WDjU0V9HlHIdvN/Z6KHsecSExKTExMunj4Lj+f/+vvcw+oDkY0STIM268lJiWdjH4kUgf0/kwxn3QUoiNZQjFzsfYryddtkCd8pE8Ufenrniyxwa1FSGhoWEDoQy4NCA4N9jvAs07YaPDGHx36h4a0cNsgcdkTAeI9VG9tAAAYW3IFQmZyGiTEF2ywVc23giAAkWkk74/N5ftYb6BJCTuI1nO9lOHjece+Y/bY+yRTIwEAAfr8ON0UxwU63p2NGEZD1HpRa2CD5MRs1V1yieMUfUK+PgCC+l8TPDOL66JuDHUF5QW1IZvVeoNOOETuq4d6xdk+CV/rS5oj0zGDF1RQtbtEFnkA3/XaGBMbtSsqemsmDdriwa0OKqjiOAvpbCFVaFOjgGMArODnXVXNRt4o+0pJJJ7FABjLAnPrAjkFLhjFO45o9FrbCxa7SVJBB2RqGsPpLsfAOV9BlctchyiuRvVYGsEPUYzCel6ppgxdy9UztU+8MY+C4luFahnBaPBaM1ut6QojYBvJGaj9WnCif22PTqufSgQBc0jugFFsiphcAxtpsBRC2tyRUSmRN62N9g/MrxschCQdiuXZwNgrjys3fEXySyNIc0xqLsntgFEPefHjf/AlyWvmMiZqZB4y65mmK4x6oQ0WIxBicNZSRv8vci+0zqgXGsW7jlAh3CBBzrBiuX8zxzsc/T/Ff+qxAOBfRvKOs4xVOvGf+mkMgDGSf2r5EopXwcbf1vsBSU6TUqVQdF8ooQuciXS2kC/Y+qhzhEOwPuPs6SvbbCWWayhXsPVRtzjLK15asIH6/Dj9NMf5WhaGQojNTz2rAnBfpiUV20N8nqQ9dE8n+XB8Dt/H+kBkls+dU8YuEopcvhnljnsgbUYh8q1PKl6u8pRan9jXA+B1Rb7RhgxuJfhdwWs/xUab7N73i1JbjwMAVbqCD10U2/rnXoFq0aNoYYhcX25QbXc55eOrOESe+FpsF73tK4wsRwsAgEXbrn6+XX39/f39fH0jQ2wUR9YvKrhdIqlL0bz+IwyS1J7YBEpRGpBJLgAcpyWc7uMYWMDiuKaiRq9e9gVG5Y8CeuSeMVcaxyfjJjsYO/yrzmGeBdZwDSxyuLqydPi/nGYPwMIKSnHbUcwXwqphJq4aizCfl8wlq0bJLncYnfb/aoxebLRJnU25Ri1hNNBwF5kzsaKWtgpaEStoITXp+vugQtZfAIsqZtkGelbUau+aJch0hanT4ibJG81h+rQ5kn2kDYwGAFZQOCBOAAAA0AQAnQEqNwA8AD5tLJJFpCKhmAQAQAbEtIAASD/dKxnoTlaUzRT/Q9kkRNlNuAAA/TH//9wDj/sFX/91UzfhNf+E8DE//4h3B/k1wAAA"
+
+
+

SIDENOTES FROM /u/Paris :

+

+If you are using the TORMINWORK=true setting generally you don't need gobalance at all. You can just have a single front handle the load. Gobalance can't handle POW at this time as there are tor control systems to really handle it at this time. When arti is finished with POW onionbalance will be finished in rust. We are waiting for that. Should be within the year.
+
+If you are running endgame and onionbalance on the same server are you doing it wrong. Onionbalance is designed to combine multiple fronts into a single descriptor for load balancing. One address with multiple fronts holding it up. If you only have a single server just run endgame and pass the ending address to others. No onionbalance needed at all.
+
+If you want to have a custom address created use a tool like mkp224o and generate a custom one. You can then transfer the custom one over to your front (replacing the /etc/tor/hidden_service files with the generated one). Then go into /etc/nginx/sites-enabled/site.conf and change out the onion address to your new one. After that reboot and your new custom address should be live on your front.
+
+
+ +

Now from here you can run the setup.sh file. However just in case if you messed up at any point up until now, i recommend you take a VM snapshot to revert to in case if something goes wrong.

+ +

Snapshot taken, now let's run setup.sh:

+

+root@debian:~/endgame# ./setup.sh
+Welcome To The End Game DDOS Prevention Setup...
+Proceeding to do the configuration and setup. This will take awhile.
+The system will reboot after finishing setup!
+Generating Master Key... should only take a second...
+Done. MASTER_KEY = 1DWWADWAAWAWDWDAWAAWWAWAD3121556778652
+
+[...]
+
+#let it run and reboot
+
+[..]
+
+
+User sessions running outdated binaries:
+ nihilist @ session #1: bash[527], login[466], su[537]
+ nihilist @ session #3: bash[669], sshd[661,668], su[672]
+ nihilist @ user manager service: systemd[520]
+
+No VM guests are running outdated hypervisor (qemu) binaries on this host.
+EndGame Setup Script Finished!
+TOR Hostname:
+gllrw5gzdvje5axxexdtncpxzbrgxp2l5hghbiysgtfxpjmloah2qrqd.onion
+The address it to your gobalance config.yaml file!
+This system will now reboot in 10 seconds! 
+
+root@debian:~/endgame# Connection to 10.99.99.216 closed by remote host.
+Connection to 10.99.99.216 closed.
+	
+
+

VM rebooted, so reconnect there:

+

+root@debian:~/endgame# Connection to 10.99.99.216 closed by remote host.
+Connection to 10.99.99.216 closed.
+
+[ LAN-Home ] [ /dev/pts/4 ] [~]
+→ ssh nihilist@10.99.99.216
+nihilist@10.99.99.216's password:
+Linux debian 6.7.9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.7.9-2 (2024-03-13) x86_64
+
+The programs included with the Debian GNU/Linux system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+permitted by applicable law.
+You have mail.
+Last login: Sat Apr 13 12:38:34 2024 from 10.99.99.101
+nihilist@debian:~$ su -
+Password:
+
+root@debian:~# systemctl status endgame
+● endgame.service - Endgame Startup Script Service
+     Loaded: loaded (/etc/systemd/system/endgame.service; enabled; preset: enabled)
+     Active: active (running) since Sat 2024-04-13 15:27:20 CEST; 1min 39s ago
+    Process: 501 ExecStart=/startup.sh (code=exited, status=0/SUCCESS)
+      Tasks: 8 (limit: 2323)
+     Memory: 183.0M
+        CPU: 1.245s
+     CGroup: /system.slice/endgame.service
+             ├─521 tor -f /etc/tor/torrc2
+             ├─524 tor -f /etc/tor/torrc3
+             ├─525 socat UNIX-LISTEN:/run/tor_pass1.sock,fork,reuseaddr,unlink-early,user=www-data,group=www-data,mode=777 SOCKS4A:localhost:daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion:80,socksport=9060
+             └─526 socat UNIX-LISTEN:/run/tor_pass2.sock,fork,reuseaddr,unlink-early,user=www-data,group=www-data,mode=777 SOCKS4A:localhost:nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion:80,socksport=9070
+
+Apr 13 15:27:20 debian startup.sh[513]: Apr 13 15:27:20.586 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
+Apr 13 15:27:20 debian startup.sh[513]: Apr 13 15:27:20.594 [notice] Read configuration file "/etc/tor/torrc2".
+Apr 13 15:27:20 debian startup.sh[521]: Apr 13 15:27:20.596 [notice] Opening Socks listener on 127.0.0.1:9060
+Apr 13 15:27:20 debian startup.sh[521]: Apr 13 15:27:20.596 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9060
+Apr 13 15:27:20 debian startup.sh[522]: Apr 13 15:27:20.610 [notice] Tor 0.4.8.11 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.0.11, Zlib 1.2.13, Liblzma 5.4.1, Libzstd 1.5.4 and Glibc 2.36 as libc.
+Apr 13 15:27:20 debian startup.sh[522]: Apr 13 15:27:20.610 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
+Apr 13 15:27:20 debian startup.sh[522]: Apr 13 15:27:20.610 [notice] Read configuration file "/etc/tor/torrc3".
+Apr 13 15:27:20 debian startup.sh[524]: Apr 13 15:27:20.615 [notice] Opening Socks listener on 127.0.0.1:9070
+Apr 13 15:27:20 debian startup.sh[524]: Apr 13 15:27:20.615 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9070
+Apr 13 15:27:20 debian systemd[1]: Started endgame.service - Endgame Startup Script Service.
+	
+
+

And here you can see that the endgame systemd service launched successfully, but as hinted above, we need to edit the gobalance config.yaml file:

+

+root@debian:~# vim endgame/sourcecode/gobalance/config.yaml
+root@debian:~# cat endgame/sourcecode/gobalance/config.yaml
+services:
+    - key: uyrpqcefaftpfq755fv4fe3noc6l3be4qehq3twcu3nfzvycdqko2yyd.key
+      instances:
+        - address: gllrw5gzdvje5axxexdtncpxzbrgxp2l5hghbiysgtfxpjmloah2qrqd.onion
+
+root@debian:~/endgame# systemctl restart endgame
+root@debian:~/endgame# systemctl status endgame
+● endgame.service - Endgame Startup Script Service
+     Loaded: loaded (/etc/systemd/system/endgame.service; enabled; preset: enabled)
+     Active: active (running) since Sat 2024-04-13 15:32:26 CEST; 5s ago
+    Process: 1002 ExecStart=/startup.sh (code=exited, status=0/SUCCESS)
+      Tasks: 8 (limit: 2323)
+     Memory: 74.3M
+        CPU: 867ms
+     CGroup: /system.slice/endgame.service
+             ├─1006 tor -f /etc/tor/torrc2
+             ├─1009 tor -f /etc/tor/torrc3
+             ├─1010 socat UNIX-LISTEN:/run/tor_pass1.sock,fork,reuseaddr,unlink-early,user=www-data,group=www-data,mode=777 SOCKS4A:localhost:daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion:80,socksport=9060
+             └─1011 socat UNIX-LISTEN:/run/tor_pass2.sock,fork,reuseaddr,unlink-early,user=www-data,group=www-data,mode=777 SOCKS4A:localhost:nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion:80,socksport=9070
+
+Apr 13 15:32:26 debian startup.sh[1004]: Apr 13 15:32:26.730 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
+Apr 13 15:32:26 debian startup.sh[1004]: Apr 13 15:32:26.730 [notice] Read configuration file "/etc/tor/torrc2".
+Apr 13 15:32:26 debian startup.sh[1006]: Apr 13 15:32:26.731 [notice] Opening Socks listener on 127.0.0.1:9060
+Apr 13 15:32:26 debian startup.sh[1006]: Apr 13 15:32:26.732 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9060
+Apr 13 15:32:26 debian startup.sh[1007]: Apr 13 15:32:26.740 [notice] Tor 0.4.8.11 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.0.11, Zlib 1.2.13, Liblzma 5.4.1, Libzstd 1.5.4 and Glibc 2.36 as libc.
+Apr 13 15:32:26 debian startup.sh[1007]: Apr 13 15:32:26.740 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
+Apr 13 15:32:26 debian startup.sh[1007]: Apr 13 15:32:26.740 [notice] Read configuration file "/etc/tor/torrc3".
+Apr 13 15:32:26 debian startup.sh[1009]: Apr 13 15:32:26.742 [notice] Opening Socks listener on 127.0.0.1:9070
+Apr 13 15:32:26 debian startup.sh[1009]: Apr 13 15:32:26.742 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9070
+Apr 13 15:32:26 debian systemd[1]: Started endgame.service - Endgame Startup Script Service.
+
+
+

Now before we continue, keep in mind that we will access the backend servers using the URL http://gllrw5gzdvje5axxexdtncpxzbrgxp2l5hghbiysgtfxpjmloah2qrqd.onion/, so we need to make sure that the nginx server there has that URL aliased:

+

+[ Belladona ] [ /dev/pts/18 ] [/srv/Binternet]
+→ cat /etc/nginx/sites-available/nihilism.network.conf
+server {
+        listen 80;
+        listen [::]:80;
+        server_name nihilism.network;
+        return 301 https://$server_name$request_uri;
+}
+
+server {
+        ######## TOR CHANGES ########
+        listen 4445;
+        listen [::]:4445;
+        server_name nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion gllrw5gzdvje5axxexdtncpxzbrgxp2l5hghbiysgtfxpjmloah2qrqd.onion;
+        add_header Onion-Location "http://nihilhfjmj55gfbleupwl2ub7lvbhq4kkoioatiopahfqwkcnglsawyd.onion/onion.html" always;
+        ######## TOR CHANGES ########
+
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+        server_name nihilism.network;
+[...]
+
+}
+
+#do the same on the other backend server!
+
+
+

Then after restarting the endgame service we check if it works as intended by accessing the main onion at the following URL http://gllrw5gzdvje5axxexdtncpxzbrgxp2l5hghbiysgtfxpjmloah2qrqd.onion/:

+ +

Here as you can see we're placed into a queue before being redirected to the captcha:

+ +

Then we fill in the captcha before getting redirected to one of the backend servers:

+ +

And that's it ! We have been redirected to one of the backend servers as intended. We can redo the whole process again by picking a new Identity in the tor browser to see if it redirects us to the other backend server as intended:

+ +

Now you can scale your hidden service operations over multiple backend servers, while still protecting against DDOS attacks.

+ +
+
+
+
+ +
+
+
+
+

2 Endgame Fronts, 2 Backend Servers

+
Problem 1: Latency +

Now there are 2 issues with that setup. First there are performance issues due to latency as in this current setup we have to go through Tor twice to get to the backend server, that's not ideal at all.

+ +

Problem 2: Not big enough! +

Second issue, why is there onionbalance in the mix and only one endgame frontend ?! As detailed in the article, onionbalance allows us to introduce high availability over a single onion service (like DNS Load balancing):

+

+Onionbalance is software designed and written by Donncha O'Cearbhaill as part of Tor's Summer of Privacy 2015. It allows onion service operators to achieve the property of high availability by allowing multiple machines to handle requests for a single onion service. You can think of it as the onion service equivalent of load balancing using round-robin DNS.
+
+
+

The true goal here is to have multiple Endgame fronts spread across multiple servers, under the same Master Onion Link! So for this second part of the tutorial we have this following setup:

+ +

So here we'll have 3 local backend servers for the same service, and we're going to have 2 Endgame servers, which will be under the same master subnet.

+

Let's first setup our 3 local backend servers, this time they will be 3 instances of the same service:

+

+root@backend1:~# apt install nginx vim -y
+
+root@backend1:~# vim /var/www/html/index.nginx-debian.html
+root@backend1:~# cat /var/www/html/index.nginx-debian.html
+Welcome to our Nihilist's service!
+
+We are currently on backend server 1 !
+
+
+

We clone that VM to the 2 other backend servers:

+ +

We edit the web page of the 2 backend servers to know on which backend server we land, and we have the following:

+

+[ LAN-Home ] [ /dev/pts/3 ] [~]
+→ curl 10.99.99.216
+Welcome to our Nihilist's service!
+
+We are currently on backend server 1 !
+
+[ LAN-Home ] [ /dev/pts/3 ] [~]
+→ curl 10.99.99.219
+Welcome to our Nihilist's service!
+
+We are currently on backend server 2 !
+
+
+ +

Our backend servers are now be reachable locally at the local IPs 10.99.99.216, and 10.99.99.219 on port 80

+ + +

Now let's setup our 2 Endgame Fronts servers on 2 other VMs, this will be a repeat of what we went through above for our previous endgame setup:

+ +

So as advised, here we need to configure endgame once, and then archive everything except the sourcecode

+

+After you are done EndGame's configuration, you should archive everything except the sourcecode folder. Transfer the archive to a blank debian 12 system. As root, extract the archive and run setup.sh like './setup.sh'. At the end of the setup, it will export an onion address (and i2p if set but don't add that to gobalance) which you can provide to users or add to your gobalance configuration.
+
+
+

So on our Endgame front 1, we configure gobalance to generate the .key file: (not on Endgame front 2!)

+

+root@endgame1:~/endgame/sourcecode/gobalance# go get -u ; go mod vendor ; go build -o gobalance main.go ; ./gobalance g
+go: downloading github.com/sirupsen/logrus v1.9.3
+go: downloading github.com/urfave/cli/v2 v2.27.1
+go: downloading golang.org/x/crypto v0.17.0
+go: downloading golang.org/x/crypto v0.22.0
+go: downloading github.com/urfave/cli v1.22.14
+go: downloading gopkg.in/yaml.v3 v3.0.1
+go: downloading golang.org/x/sys v0.15.0
+go: downloading golang.org/x/sys v0.19.0
+go: downloading maze.io/x/crypto v0.0.0-20190131090603-9b94c9afe066
+go: downloading github.com/cpuguy83/go-md2man/v2 v2.0.3
+go: downloading github.com/cpuguy83/go-md2man v1.0.10
+go: downloading github.com/cpuguy83/go-md2man/v2 v2.0.4
+go: downloading github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e
+go: downloading github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913
+go: downloading github.com/russross/blackfriday/v2 v2.1.0
+go: downloading github.com/russross/blackfriday v1.6.0
+go: upgraded github.com/cpuguy83/go-md2man/v2 v2.0.3 => v2.0.4
+go: upgraded github.com/xrash/smetrics v0.0.0-20231213231151-1d8dd44e695e => v0.0.0-20240312152122-5f08fbb34913
+go: upgraded golang.org/x/crypto v0.17.0 => v0.22.0
+go: upgraded golang.org/x/sys v0.15.0 => v0.19.0
+go: downloading github.com/stretchr/testify v1.8.0
+go: downloading github.com/pmezard/go-difflib v1.0.0
+go: downloading github.com/davecgh/go-spew v1.1.1
+root@endgame1:~/endgame/sourcecode/gobalance# ls
+config.yaml                                                   gobalance  go.sum   pkg        torrc
+ehfs47i5jjzlyolgd24ogkndodz7n4mlbcmhdakyma4lfh2alossuvad.key  go.mod     main.go  README.md  vendor
+
+
+

Here again i recommend making a snapshot of both VMs before continuing. Next we configure engame.config on the endgame front 1:

+

+root@endgame1:~/endgame# vim endgame.config
+root@endgame1:~/endgame# cat endgame.config
+#This area
+
+#OPTIONS!
+MASTERONION="ehfs47i5jjzlyolgd24ogkndodz7n4mlbcmhdakyma4lfh2alossuvad.onion"
+TORAUTHPASSWORD="CHANGETHISPASSWORD!!!!"
+BACKENDONION1=""
+BACKENDONION2=""
+
+#set to true if you want to setup local proxy instead of proxy over Tor
+LOCALPROXY=true
+PROXYPASSURL="10.99.99.216"
+
+#Install the latest kernel from debian unstable. Recommended but may cause some issues on old systems.
+LATESTKERNEL=true
+
+#reboot after completion. Highly recommended to get the new kernel active.
+REBOOT=true
+
+#set to true if you want i2pd installed and setup
+I2PSETUP=false
+
+#set to true if you want tor installed and setup
+TORSETUP=true
+
+#enable Tor introduction defense. Keeps the Tor process from stalling but hurts reliability. Only recommended if running on low powered fronts.
+TORINTRODEFENSE=false
+
+#enable Tor POW introduction defense. This should be enabled!
+TORPOWDEFENSE=false
+
+#enable Tor minimum work patch. This builds a new tor binary locally.
+TORMINWORK=false
+
+#Shared Front Captcha Key. Key should be alphanumeric between 64-128. Salt needs to be exactly 8 chars.
+KEY="thoh1me2aemoonuo1eiNgaejahbeep5oe9eiZ3aezee5igae9faiv9sailoo1laath9vu7aeteeCh4ShaeVeidooy3see7Goong6gei3eePh6Ba5Leepee7zawooch3"
+SALT="agieLae8"
+#session length is in seconds. Default is 12 hours.
+SESSION_LENGTH=43200
+
+#Rate Limits!
+#Make sure to set these to reasonable defaults! Having them too low for your site can cause lots of disconnections while having them too high can make endgame ineffective!
+#Set the request rate to the max requests on your largest page! (try to keep it below 10! The lower you go the better endgame's protection is!)
+#Keep the stream limit 1 to 2 higher than your request limit!
+REQUESTRATELIMIT=8
+STREAMRATELIMIT=10
+
+#CSS Branding
+
+HEXCOLOR="9b59b6"
+HEXCOLORDARK="713C86"
+SITENAME="Nihilism"
+SITETAGLINE="Until there is nothing left."
+SITESINCE="2024"
+FAVICON="data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAABMLAAATCwAAAAAAAAAAAACtRI7/rUSO/61Ejv+tRI7/rUSO/61Fjv+qPor/pzaG/6k7if+sQo3/qDiH/6g4h/+sQ43/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/61Fjv+sQo3/uV6e/8iBs/+9aaT/sEyT/8V7r//Feq//sEqS/6xDjf+tRI7/rUSO/61Ejv+tRI7/rUSO/65Fj/+vR5D/rEGM/+fI3v///////fv8/+/a6f/+/f7/+vT4/7Zam/+rP4v/rkWP/61Ejv+tRI7/rUSO/61Fjv+sQYz/qTqI/6g4h//hudX/5sXc/+7Z6P////////7///ft9P+2WZr/q0CL/61Fj/+tRI7/rUSO/61Fj/+rQIv/uFyd/82Ou//Njrv/uWGf/6g6iP+uR5D/5sbc///////47vX/tlma/6s/i/+tRY//rUSO/61Ejv+uRo//qDqI/9aix///////69Hj/61Ejv+vSJD/qTqI/8BvqP//////+O/1/7ZZmv+rP4v/rUWP/61Ejv+tRI7/rkaP/6k8if/fttP//////9ekyP+oOIf/sEuS/6tAi/+7ZKH//vv9//nw9v+2WJr/qz+L/61Fj/+tRI7/rUSO/65Gj/+oOoj/1qHG///////pzeH/qj6K/6o8if+lMoP/0pjB///////47vX/tlma/6s/i/+tRY//rUSO/61Ejv+uRo//qj2K/7xmo//8+Pv//////+G61f+8ZqP/zpC8//v2+v//////+O/1/7ZZmv+rP4v/rUWP/61Ejv+tRI7/rUSO/65Gj/+pPIn/zo+7//79/v///////////////////v////////jw9v+2WZr/qz+L/61Fj/+tRI7/rUSO/61Ejv+tRI7/rUWP/6o9iv/Ab6j/37bT/+vR4//kwdr/16XI//36/P/58ff/tlma/6s/i/+tRY//rUSO/61Ejv+tRI7/rUSO/61Ejv+uRo//qj2K/6o9if+tRY7/qDmH/7VYmv/9+fv/+fH3/7ZYmv+rP4v/rUWP/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/65Gj/+uRo//rkaP/6s/i/+6Y6H//Pf6//ju9f+1WJr/q0CL/61Fj/+tRI7/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/65Gj/+qPor/umOh//79/v/69Pj/tlqb/6s/i/+uRY//rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rEKN/7FNk//GfLD/xHmu/7BKkv+sQ43/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/61Ejv+sQo3/qDiH/6g4h/+sQ43/rUSO/61Ejv+tRI7/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="
+SQUARELOGO="data:image/webp;base64,UklGRkwCAABXRUJQVlA4WAoAAAAQAAAATwAATwAAQUxQSC8AAAABH6CobRuIP9xev3ajERHxDWAqkg1PshdNnqeZJBfAR0T/J2ADngp0E/PbifAGPABWUDgg9gEAAFAMAJ0BKlAAUAA+bS6URiQioiEuGikggA2JQBoZQmgR/d8Cdib6gNsB5gPNy04Dej0a2NXoYw8XMJObQmvWHz52jkOgFebAO+W2C3pjVzORG7gs9ssx8qnjo3F96nSITr1LFsVBFyXhL7ywAP7cUf/iHNu+tvSh+rohhPqZvzMSRXtv7e8U/Dh5LwZIJHvcIx9GmDQsAejcJZBn+c5L63sC8fmQQAde+N776pYSR99TxW58l33OS2vwEbv0MLQQeKEkfOYxulikHr7tl/6ZwLnjENpEv6OnhDWVW53x32zxICdEDZ9TnGenzgbr1pGHJwZ3LX7o1h0RQkYVBag7IsYd+buU+m5wgCohMPbEwS+Vi02J7tVFAvUPVW5VfdjGFbzTfD5g/+nMoacT15PcUWxFNYCacgap7Zh5g0OaAa1rGJBuVbsFrGbbp5C85U3y+OuVTJcUt2wPNQJPA4lpjOyM5wGGRUxrjwy/+cOaOkfLlYc2ImOJLSmchU0u727olq8AMLRMZc/queUbr0E5ec/vKzZb9Z00D8dh5Hk6XNob6WDIFIusbW9UiKlnDFOz6ewFp4sONEBGGtI3gWG86cC+hmvHDzYlWupLMc2pRS9aO6FRiFAPmQXiJyK+lCZPtevTMxcUM4a6g3otDsiMGAOMbvIgAAA="
+NETWORKLOGO="data:image/webp;base64,UklGRpgFAABXRUJQVlA4WAoAAAAQAAAANgAAOwAAQUxQSCMFAAABoLBt2zE3HtddZhone8SubSt2bdu27a7rNqjtJlnvJqljJ7Xbqd1o0Ps4dt7v+6aTiIDgRpIiybnMu3cFb4DxaXs0+0hbmD4tbpO81cLkXLNJklmuptaLYnqa2kKJRaZVddJ9iQeTqppQRAKZK8glEyJMpdZeDdM6zhTM7phC7b66plB5/S1qFzqbFb5KYcqrQjOnOaW880P1bzYmi4xpDERz2VROWcoYoOFuMmfyt2n7z01m+KmAEP1d1TAON7urDwXMulyjLrmr8Vy2FjNjpB0AVTIXYCEXYj6v2QCwHaxmaZSnIisLAHaT1fz8swMAYBLzLLCcy2GRol0GALDf9ImvZtgDsLQSOUyJO9XHKaCAxfHNIMT9EfsBy7gMaDw5GGIaxxXzRqBTnzMJ0xwBuCaT1KVqXv8RDoh2MwrAAs4DKqlUlrbWlQEAYb+/0qTqSF5yQ41fKeRdf1SxEVI1sPRjHQvLauv4PTDq/Mlj5481h6WDjU0V9HlHIdvN/Z6KHsecSExKTExMunj4Lj+f/+vvcw+oDkY0STIM268lJiWdjH4kUgf0/kwxn3QUoiNZQjFzsfYryddtkCd8pE8Ufenrniyxwa1FSGhoWEDoQy4NCA4N9jvAs07YaPDGHx36h4a0cNsgcdkTAeI9VG9tAAAYW3IFQmZyGiTEF2ywVc23giAAkWkk74/N5ftYb6BJCTuI1nO9lOHjece+Y/bY+yRTIwEAAfr8ON0UxwU63p2NGEZD1HpRa2CD5MRs1V1yieMUfUK+PgCC+l8TPDOL66JuDHUF5QW1IZvVeoNOOETuq4d6xdk+CV/rS5oj0zGDF1RQtbtEFnkA3/XaGBMbtSsqemsmDdriwa0OKqjiOAvpbCFVaFOjgGMArODnXVXNRt4o+0pJJJ7FABjLAnPrAjkFLhjFO45o9FrbCxa7SVJBB2RqGsPpLsfAOV9BlctchyiuRvVYGsEPUYzCel6ppgxdy9UztU+8MY+C4luFahnBaPBaM1ut6QojYBvJGaj9WnCif22PTqufSgQBc0jugFFsiphcAxtpsBRC2tyRUSmRN62N9g/MrxschCQdiuXZwNgrjys3fEXySyNIc0xqLsntgFEPefHjf/AlyWvmMiZqZB4y65mmK4x6oQ0WIxBicNZSRv8vci+0zqgXGsW7jlAh3CBBzrBiuX8zxzsc/T/Ff+qxAOBfRvKOs4xVOvGf+mkMgDGSf2r5EopXwcbf1vsBSU6TUqVQdF8ooQuciXS2kC/Y+qhzhEOwPuPs6SvbbCWWayhXsPVRtzjLK15asIH6/Dj9NMf5WhaGQojNTz2rAnBfpiUV20N8nqQ9dE8n+XB8Dt/H+kBkls+dU8YuEopcvhnljnsgbUYh8q1PKl6u8pRan9jXA+B1Rb7RhgxuJfhdwWs/xUab7N73i1JbjwMAVbqCD10U2/rnXoFq0aNoYYhcX25QbXc55eOrOESe+FpsF73tK4wsRwsAgEXbrn6+XX39/f39fH0jQ2wUR9YvKrhdIqlL0bz+IwyS1J7YBEpRGpBJLgAcpyWc7uMYWMDiuKaiRq9e9gVG5Y8CeuSeMVcaxyfjJjsYO/yrzmGeBdZwDSxyuLqydPi/nGYPwMIKSnHbUcwXwqphJq4aizCfl8wlq0bJLncYnfb/aoxebLRJnU25Ri1hNNBwF5kzsaKWtgpaEStoITXp+vugQtZfAIsqZtkGelbUau+aJch0hanT4ibJG81h+rQ5kn2kDYwGAFZQOCBOAAAA0AQAnQEqNwA8AD5tLJJFpCKhmAQAQAbEtIAASD/dKxnoTlaUzRT/Q9kkRNlNuAAA/TH//9wDj/sFX/91UzfhNf+E8DE//4h3B/k1wAAA"
+
+
+

Here notice that we set both TORPOWDEFENSE and TORMINWORK to false, this is due to not being supported by gobalance as gobalance does not handle POW and won't combine the descriptors correclty. We also left the BACKENDONIONs to empty strings, and instead changed the LOCALPROXY to true, with the PROXYPASSURL set to one of our local backend servers 10.99.99.216. as advised in the README:

+

+Local Proxy: Change LOCALPROXY to true and edit the PROXYPASSURL to the specific IP or hostname of your backend location. It will default to connect on port 80 via http but you can edit line 320 of the site.conf to change that to your specific needs.
+
+
+

Then here, we need to archive the entire endgame folder, and extract it to our endgame2 front before running setup.sh:

+

+root@endgame1:~/endgame# cd ..
+root@endgame1:~# tar -czvf EndgameV3-nihilism.tar.gz endgame >/dev/null
+root@endgame1:~# ls
+endgame  EndgameV3-nihilism.tar.gz  go
+
+
+

Now that the archive is created, let's transfer it to endgame2 and extract it:

+

+[term1]
+root@endgame1:~# ip a | grep inet ; python3 -m http.server 9090
+    inet 127.0.0.1/8 scope host lo
+    inet6 ::1/128 scope host noprefixroute
+    inet 10.99.99.221/24 brd 10.99.99.255 scope global dynamic enp1s0
+    inet6 fe80::5054:ff:fe00:3bfa/64 scope link
+Serving HTTP on 0.0.0.0 port 9090 (http://0.0.0.0:9090/) ...
+
+[term2]
+root@endgame2:~/# wget http://10.99.99.221:9090/EndgameV3-nihilism.tar.gz
+--2024-04-14 13:42:20--  http://10.99.99.221:9090/EndgameV3-nihilism.tar.gz
+Connecting to 10.99.99.221:9090... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 75225067 (72M) [application/gzip]
+Saving to: ‘EndgameV3-nihilism.tar.gz’
+
+EndgameV3-nihilism.tar.gz 100%[====================================>]  71.74M  --.-KB/s    in 0.09s
+
+2024-04-14 13:42:20 (784 MB/s) - ‘EndgameV3-nihilism.tar.gz’ saved [75225067/75225067]
+root@endgame2:~# tar -xzvf EndgameV3-nihilism.tar.gz >/dev/null
+root@endgame2:~# ls
+endgame  EndgameV3-nihilism.tar.gz
+root@endgame2:~# ls endgame
+aptpreferences      i2pd.conf     naxsi_core.rules       repokeys   sourcecode   torrc2
+dependencies        jail.local    naxsi_whitelist.rules  resty      startup.sh   torrc3
+endgame.config      limits.conf   nginx.conf             resty.tgz  sysctl.conf  tunnels.conf
+EndGameV3.tar.gz    lua           nginx-update.sh        setup.sh   tor-patch
+getdependencies.sh  mentions.txt  README.md              site.conf  torrc
+
+
+

Now back to our endgame front 1: we run setup.sh:

+

+root@endgame1:~/endgame# ./setup.sh
+Welcome To The End Game DDOS Prevention Setup...
+Proceeding to do the configuration and setup. This will take awhile.
+The system will reboot after finishing setup!
+
+
+

Let it run and take note of the endgame front instance TOR hostname as displayed at the end, which will be our first endgame instance's .onion link:

+

+EndGame Setup Script Finished!
+TOR Hostname:
+xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd.onion
+The address it to your gobalance config.yaml file!
+This system will now reboot in 10 seconds!
+root@endgame1:~/endgame# Connection to 10.99.99.221 closed by remote host.
+Connection to 10.99.99.221 closed.
+
+[ LAN-Home ] [ /dev/pts/6 ] [~]
+→ ssh nihilist@10.99.99.221
+nihilist@10.99.99.221's password:
+Linux endgame1 6.7.9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.7.9-2 (2024-03-13) x86_64
+
+The programs included with the Debian GNU/Linux system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+permitted by applicable law.
+You have new mail.
+Last login: Sun Apr 14 14:09:56 2024 from 10.99.99.101
+nihilist@endgame1:~$ su -
+Password:
+root@endgame1:~#
+
+root@endgame1:~/endgame/sourcecode/gobalance# vim config.yaml
+root@endgame1:~/endgame/sourcecode/gobalance# cat config.yaml
+services:
+    - key: ehfs47i5jjzlyolgd24ogkndodz7n4mlbcmhdakyma4lfh2alossuvad.key
+      instances:
+        - address: xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd.onion
+
+root@endgame1:~/endgame/sourcecode/gobalance# reboot now
+
+
+

Now on the Endgame front 2 VM, edit the endgame.config file to make sure that i redirects to the second backend server:

+

+root@endgame2:~# cat endgame/endgame.config
+#This area
+
+#OPTIONS!
+MASTERONION="ehfs47i5jjzlyolgd24ogkndodz7n4mlbcmhdakyma4lfh2alossuvad.onion"
+TORAUTHPASSWORD="CHANGETHISPASSWORD!!!!"
+BACKENDONION1=""
+BACKENDONION2=""
+
+#set to true if you want to setup local proxy instead of proxy over Tor
+LOCALPROXY=true
+PROXYPASSURL="10.99.99.219"
+
+#Install the latest kernel from debian unstable. Recommended but may cause some issues on old systems.
+LATESTKERNEL=true
+
+#reboot after completion. Highly recommended to get the new kernel active.
+REBOOT=true
+
+#set to true if you want i2pd installed and setup
+I2PSETUP=false
+
+#set to true if you want tor installed and setup
+TORSETUP=true
+
+#enable Tor introduction defense. Keeps the Tor process from stalling but hurts reliability. Only recommended if running on low powered fronts.
+TORINTRODEFENSE=false
+
+#enable Tor POW introduction defense. This should be enabled!
+TORPOWDEFENSE=false
+
+#enable Tor minimum work patch. This builds a new tor binary locally.
+TORMINWORK=false
+
+#Shared Front Captcha Key. Key should be alphanumeric between 64-128. Salt needs to be exactly 8 chars.
+KEY="thoh1me2aemoonuo1eiNgaejahbeep5oe9eiZ3aezee5igae9faiv9sailoo1laath9vu7aeteeCh4ShaeVeidooy3see7Goong6gei3eePh6Ba5Leepee7zawooch3"
+SALT="agieLae8"
+#session length is in seconds. Default is 12 hours.
+SESSION_LENGTH=43200
+
+#Rate Limits!
+#Make sure to set these to reasonable defaults! Having them too low for your site can cause lots of disconnections while having them too high can make endgame ineffective!
+#Set the request rate to the max requests on your largest page! (try to keep it below 10! The lower you go the better endgame's protection is!)
+#Keep the stream limit 1 to 2 higher than your request limit!
+REQUESTRATELIMIT=8
+STREAMRATELIMIT=10
+
+#CSS Branding
+
+HEXCOLOR="9b59b6"
+HEXCOLORDARK="713C86"
+SITENAME="Nihilism"
+SITETAGLINE="Until there is nothing left."
+SITESINCE="2024"
+FAVICON="data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAABMLAAATCwAAAAAAAAAAAACtRI7/rUSO/61Ejv+tRI7/rUSO/61Fjv+qPor/pzaG/6k7if+sQo3/qDiH/6g4h/+sQ43/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/61Fjv+sQo3/uV6e/8iBs/+9aaT/sEyT/8V7r//Feq//sEqS/6xDjf+tRI7/rUSO/61Ejv+tRI7/rUSO/65Fj/+vR5D/rEGM/+fI3v///////fv8/+/a6f/+/f7/+vT4/7Zam/+rP4v/rkWP/61Ejv+tRI7/rUSO/61Fjv+sQYz/qTqI/6g4h//hudX/5sXc/+7Z6P////////7///ft9P+2WZr/q0CL/61Fj/+tRI7/rUSO/61Fj/+rQIv/uFyd/82Ou//Njrv/uWGf/6g6iP+uR5D/5sbc///////47vX/tlma/6s/i/+tRY//rUSO/61Ejv+uRo//qDqI/9aix///////69Hj/61Ejv+vSJD/qTqI/8BvqP//////+O/1/7ZZmv+rP4v/rUWP/61Ejv+tRI7/rkaP/6k8if/fttP//////9ekyP+oOIf/sEuS/6tAi/+7ZKH//vv9//nw9v+2WJr/qz+L/61Fj/+tRI7/rUSO/65Gj/+oOoj/1qHG///////pzeH/qj6K/6o8if+lMoP/0pjB///////47vX/tlma/6s/i/+tRY//rUSO/61Ejv+uRo//qj2K/7xmo//8+Pv//////+G61f+8ZqP/zpC8//v2+v//////+O/1/7ZZmv+rP4v/rUWP/61Ejv+tRI7/rUSO/65Gj/+pPIn/zo+7//79/v///////////////////v////////jw9v+2WZr/qz+L/61Fj/+tRI7/rUSO/61Ejv+tRI7/rUWP/6o9iv/Ab6j/37bT/+vR4//kwdr/16XI//36/P/58ff/tlma/6s/i/+tRY//rUSO/61Ejv+tRI7/rUSO/61Ejv+uRo//qj2K/6o9if+tRY7/qDmH/7VYmv/9+fv/+fH3/7ZYmv+rP4v/rUWP/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/65Gj/+uRo//rkaP/6s/i/+6Y6H//Pf6//ju9f+1WJr/q0CL/61Fj/+tRI7/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/65Gj/+qPor/umOh//79/v/69Pj/tlqb/6s/i/+uRY//rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rEKN/7FNk//GfLD/xHmu/7BKkv+sQ43/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/61Ejv+tRI7/rUSO/61Ejv+sQo3/qDiH/6g4h/+sQ43/rUSO/61Ejv+tRI7/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="
+SQUARELOGO="data:image/webp;base64,UklGRkwCAABXRUJQVlA4WAoAAAAQAAAATwAATwAAQUxQSC8AAAABH6CobRuIP9xev3ajERHxDWAqkg1PshdNnqeZJBfAR0T/J2ADngp0E/PbifAGPABWUDgg9gEAAFAMAJ0BKlAAUAA+bS6URiQioiEuGikggA2JQBoZQmgR/d8Cdib6gNsB5gPNy04Dej0a2NXoYw8XMJObQmvWHz52jkOgFebAO+W2C3pjVzORG7gs9ssx8qnjo3F96nSITr1LFsVBFyXhL7ywAP7cUf/iHNu+tvSh+rohhPqZvzMSRXtv7e8U/Dh5LwZIJHvcIx9GmDQsAejcJZBn+c5L63sC8fmQQAde+N776pYSR99TxW58l33OS2vwEbv0MLQQeKEkfOYxulikHr7tl/6ZwLnjENpEv6OnhDWVW53x32zxICdEDZ9TnGenzgbr1pGHJwZ3LX7o1h0RQkYVBag7IsYd+buU+m5wgCohMPbEwS+Vi02J7tVFAvUPVW5VfdjGFbzTfD5g/+nMoacT15PcUWxFNYCacgap7Zh5g0OaAa1rGJBuVbsFrGbbp5C85U3y+OuVTJcUt2wPNQJPA4lpjOyM5wGGRUxrjwy/+cOaOkfLlYc2ImOJLSmchU0u727olq8AMLRMZc/queUbr0E5ec/vKzZb9Z00D8dh5Hk6XNob6WDIFIusbW9UiKlnDFOz6ewFp4sONEBGGtI3gWG86cC+hmvHDzYlWupLMc2pRS9aO6FRiFAPmQXiJyK+lCZPtevTMxcUM4a6g3otDsiMGAOMbvIgAAA="
+NETWORKLOGO="data:image/webp;base64,UklGRpgFAABXRUJQVlA4WAoAAAAQAAAANgAAOwAAQUxQSCMFAAABoLBt2zE3HtddZhone8SubSt2bdu27a7rNqjtJlnvJqljJ7Xbqd1o0Ps4dt7v+6aTiIDgRpIiybnMu3cFb4DxaXs0+0hbmD4tbpO81cLkXLNJklmuptaLYnqa2kKJRaZVddJ9iQeTqppQRAKZK8glEyJMpdZeDdM6zhTM7phC7b66plB5/S1qFzqbFb5KYcqrQjOnOaW880P1bzYmi4xpDERz2VROWcoYoOFuMmfyt2n7z01m+KmAEP1d1TAON7urDwXMulyjLrmr8Vy2FjNjpB0AVTIXYCEXYj6v2QCwHaxmaZSnIisLAHaT1fz8swMAYBLzLLCcy2GRol0GALDf9ImvZtgDsLQSOUyJO9XHKaCAxfHNIMT9EfsBy7gMaDw5GGIaxxXzRqBTnzMJ0xwBuCaT1KVqXv8RDoh2MwrAAs4DKqlUlrbWlQEAYb+/0qTqSF5yQ41fKeRdf1SxEVI1sPRjHQvLauv4PTDq/Mlj5481h6WDjU0V9HlHIdvN/Z6KHsecSExKTExMunj4Lj+f/+vvcw+oDkY0STIM268lJiWdjH4kUgf0/kwxn3QUoiNZQjFzsfYryddtkCd8pE8Ufenrniyxwa1FSGhoWEDoQy4NCA4N9jvAs07YaPDGHx36h4a0cNsgcdkTAeI9VG9tAAAYW3IFQmZyGiTEF2ywVc23giAAkWkk74/N5ftYb6BJCTuI1nO9lOHjece+Y/bY+yRTIwEAAfr8ON0UxwU63p2NGEZD1HpRa2CD5MRs1V1yieMUfUK+PgCC+l8TPDOL66JuDHUF5QW1IZvVeoNOOETuq4d6xdk+CV/rS5oj0zGDF1RQtbtEFnkA3/XaGBMbtSsqemsmDdriwa0OKqjiOAvpbCFVaFOjgGMArODnXVXNRt4o+0pJJJ7FABjLAnPrAjkFLhjFO45o9FrbCxa7SVJBB2RqGsPpLsfAOV9BlctchyiuRvVYGsEPUYzCel6ppgxdy9UztU+8MY+C4luFahnBaPBaM1ut6QojYBvJGaj9WnCif22PTqufSgQBc0jugFFsiphcAxtpsBRC2tyRUSmRN62N9g/MrxschCQdiuXZwNgrjys3fEXySyNIc0xqLsntgFEPefHjf/AlyWvmMiZqZB4y65mmK4x6oQ0WIxBicNZSRv8vci+0zqgXGsW7jlAh3CBBzrBiuX8zxzsc/T/Ff+qxAOBfRvKOs4xVOvGf+mkMgDGSf2r5EopXwcbf1vsBSU6TUqVQdF8ooQuciXS2kC/Y+qhzhEOwPuPs6SvbbCWWayhXsPVRtzjLK15asIH6/Dj9NMf5WhaGQojNTz2rAnBfpiUV20N8nqQ9dE8n+XB8Dt/H+kBkls+dU8YuEopcvhnljnsgbUYh8q1PKl6u8pRan9jXA+B1Rb7RhgxuJfhdwWs/xUab7N73i1JbjwMAVbqCD10U2/rnXoFq0aNoYYhcX25QbXc55eOrOESe+FpsF73tK4wsRwsAgEXbrn6+XX39/f39fH0jQ2wUR9YvKrhdIqlL0bz+IwyS1J7YBEpRGpBJLgAcpyWc7uMYWMDiuKaiRq9e9gVG5Y8CeuSeMVcaxyfjJjsYO/yrzmGeBdZwDSxyuLqydPi/nGYPwMIKSnHbUcwXwqphJq4aizCfl8wlq0bJLncYnfb/aoxebLRJnU25Ri1hNNBwF5kzsaKWtgpaEStoITXp+vugQtZfAIsqZtkGelbUau+aJch0hanT4ibJG81h+rQ5kn2kDYwGAFZQOCBOAAAA0AQAnQEqNwA8AD5tLJJFpCKhmAQAQAbEtIAASD/dKxnoTlaUzRT/Q9kkRNlNuAAA/TH//9wDj/sFX/91UzfhNf+E8DE//4h3B/k1wAAA"
+
+

Once that's done, we run setup.sh on the Endgame front 2 VM, here also let it run and take note of the endgame front instance TOR hostname as displayed at the end:

+

+root@endgame2:~/endgame# ./setup.sh
+Welcome To The End Game DDOS Prevention Setup...
+Proceeding to do the configuration and setup. This will take awhile.
+The system will reboot after finishing setup!
+
+[...]
+
+EndGame Setup Script Finished!
+TOR Hostname:
+e7nqqkmeripx7hxov4hy32ovg34nxsrooy7ipxaeaw5edkek73dgowad.onion
+The address it to your gobalance config.yaml file!
+This system will now reboot in 10 seconds!
+
+
+
+

So here we're going to mention the 2 endgame onion hostnames in the gobalance config file of both endgame fronts 1 and 2:

+

+[term1]
+root@endgame1:~/endgame# vim sourcecode/gobalance/config.yaml
+root@endgame1:~/endgame# cat sourcecode/gobalance/config.yaml
+services:
+    - key: ehfs47i5jjzlyolgd24ogkndodz7n4mlbcmhdakyma4lfh2alossuvad.key
+      instances:
+        - address: xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd.onion
+        - address: e7nqqkmeripx7hxov4hy32ovg34nxsrooy7ipxaeaw5edkek73dgowad.onion
+
+
+

Then we test if both endgame fronts work starting with front 1 on the URL http://xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd.onion :

+ +

and we test the other one on the URL http://e7nqqkmeripx7hxov4hy32ovg34nxsrooy7ipxaeaw5edkek73dgowad.onion :

+ +

And lastly we enable gobalance to make sure that the masteronion can redirect to either of the 2 after editing the config.yaml file:

+

+root@endgame1:~/endgame/sourcecode/gobalance# cat config.yaml
+services:
+    - key: ehfs47i5jjzlyolgd24ogkndodz7n4mlbcmhdakyma4lfh2alossuvad.key
+      instances:
+        - address: xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd.onion
+        - address: e7nqqkmeripx7hxov4hy32ovg34nxsrooy7ipxaeaw5edkek73dgowad.onion
+
+root@endgame1:~/endgame/sourcecode/gobalance# ./gobalance --torPassword 'CHANGETHISPASSWORD!!!!' -c config.yaml
+WARN[2024-04-14 19:26:24] Initializing gobalance (version: 1.0.0)...
+INFO[2024-04-14 19:26:24] Loaded the config file '/root/endgame/sourcecode/gobalance/config.yaml'.
+WARN[2024-04-14 19:26:24] Loaded onion ehfs47i5jjzlyolgd24ogkndodz7n4mlbcmhdakyma4lfh2alossuvad.onion from /root/endgame/sourcecode/gobalance/ehfs47i5jjzlyolgd24ogkndodz7n4mlbcmhdakyma4lfh2alossuvad.key
+WARN[2024-04-14 19:26:24] Loaded instance xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd
+WARN[2024-04-14 19:26:24] Loaded instance e7nqqkmeripx7hxov4hy32ovg34nxsrooy7ipxaeaw5edkek73dgowad
+WARN[2024-04-14 19:26:24] OnionBalance initialized (tor version: 0.4.8.11-dev (git-caa2ddaa8dc1f4f3))!
+WARN[2024-04-14 19:26:24] ================================================================================
+INFO[2024-04-14 19:26:24] [ADAPTIVE] Waiting for 2 instance descriptors.
+INFO[2024-04-14 19:26:24] [*] FetchInstanceDescriptors() called [*]
+INFO[2024-04-14 19:26:24] Initiating fetch of descriptors for all service instances.
+INFO[2024-04-14 20:02:22] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $5FAE28CF4D1C520341EE104BF72516F4308B9485~nuker
+INFO[2024-04-14 20:02:22] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $778DCB9DB6CDD5FF2F1A85571308B492D6DFF962~TorHet
+INFO[2024-04-14 20:02:22] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $B72663DDF48F7047003DE6E3927936994DA44152~Unnamed
+INFO[2024-04-14 20:02:22] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $7AC2E7E67ADAC32F6F46AF607896637BBB455D64~mysocratesnote
+INFO[2024-04-14 20:02:23] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $484F666C491BCDE22B45E0E19D1CEA5ACC5A9611~WinstonSmith
+INFO[2024-04-14 20:02:24] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $3CA0D15567024D2E0B557DC0CF3E962B37999A79~QuintexAirVPN30
+INFO[2024-04-14 20:02:24] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $846B3EAAF0C07FF72FC79AEBB11FA3ADC58F240F~dc6jgk5b
+INFO[2024-04-14 20:02:24] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $455469D1C610E43498ECF88E83E29C0A694EF73B~whyza1
+INFO[2024-04-14 20:02:24] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $65379EED488599B0A1512E80D4743BC9125CB306~BlueMold
+INFO[2024-04-14 20:02:25] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $C111AC86B3719F0A2FB6254725CB5A7A62C9B451~LauchYT
+INFO[2024-04-14 20:02:25] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $235396838BB8FC7AFA529042B19615DF9E2AF218~soP49mzpYUFEwVdiFN3
+INFO[2024-04-14 20:02:26] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $4ADB08AFCF04657E0A0288AA230EEB74A96B1CEE~Lemminkainen
+INFO[2024-04-14 20:02:27] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $961B9D86125A08FAA9F7E742B228307EF7E2E082~TorNodeCzech
+INFO[2024-04-14 20:02:28] Successfully uploaded descriptor for xkdrgt35dw4rtmqacjdaymocotcvarfqlodtw2dfykqn3rk2eqxmr4yd to $FBDE535D810756541B31C452C6694876C96A7FC1~BSDnodeAMS
+
+
+

And now we test if the masteronion http://ehfs47i5jjzlyolgd24ogkndodz7n4mlbcmhdakyma4lfh2alossuvad.onion/ is reachable:

+ + +

Here we see that we were on the endgame front 1 instance, which redirected us to the backend server 1:

+ +

Then we check if it still works after shutting down the endgame front 1:

+

+root@endgame1:~# shutdown now
+
+
+

As you can see it still works:

+ + +

And as you can see here we're being redirected to the backend server 2 as intended:

+ + +
+
+
+
+ + + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/failover-wan/0.png b/servers/failover-wan/0.png new file mode 100644 index 0000000..ae105d9 Binary files /dev/null and b/servers/failover-wan/0.png differ diff --git a/servers/failover-wan/1.png b/servers/failover-wan/1.png new file mode 100644 index 0000000..8928960 Binary files /dev/null and b/servers/failover-wan/1.png differ diff --git a/servers/failover-wan/10.png b/servers/failover-wan/10.png new file mode 100644 index 0000000..53c6d79 Binary files /dev/null and b/servers/failover-wan/10.png differ diff --git a/servers/failover-wan/11.png b/servers/failover-wan/11.png new file mode 100644 index 0000000..da639a4 Binary files /dev/null and b/servers/failover-wan/11.png differ diff --git a/servers/failover-wan/12.png b/servers/failover-wan/12.png new file mode 100644 index 0000000..abd29df Binary files /dev/null and b/servers/failover-wan/12.png differ diff --git a/servers/failover-wan/13.png b/servers/failover-wan/13.png new file mode 100644 index 0000000..7a04ae0 Binary files /dev/null and b/servers/failover-wan/13.png differ diff --git a/servers/failover-wan/14.png b/servers/failover-wan/14.png new file mode 100644 index 0000000..2af4804 Binary files /dev/null and b/servers/failover-wan/14.png differ diff --git a/servers/failover-wan/15.png b/servers/failover-wan/15.png new file mode 100644 index 0000000..ab106d1 Binary files /dev/null and b/servers/failover-wan/15.png differ diff --git a/servers/failover-wan/16.png b/servers/failover-wan/16.png new file mode 100644 index 0000000..6dd6c9c Binary files /dev/null and b/servers/failover-wan/16.png differ diff --git a/servers/failover-wan/17.png b/servers/failover-wan/17.png new file mode 100644 index 0000000..73bc4f5 Binary files /dev/null and b/servers/failover-wan/17.png differ diff --git a/servers/failover-wan/18.png b/servers/failover-wan/18.png new file mode 100644 index 0000000..88fc71d Binary files /dev/null and b/servers/failover-wan/18.png differ diff --git a/servers/failover-wan/19.png b/servers/failover-wan/19.png new file mode 100644 index 0000000..5c4ce48 Binary files /dev/null and b/servers/failover-wan/19.png differ diff --git a/servers/failover-wan/2.png b/servers/failover-wan/2.png new file mode 100644 index 0000000..737fff4 Binary files /dev/null and b/servers/failover-wan/2.png differ diff --git a/servers/failover-wan/20.png b/servers/failover-wan/20.png new file mode 100644 index 0000000..5713d9a Binary files /dev/null and b/servers/failover-wan/20.png differ diff --git a/servers/failover-wan/21.png b/servers/failover-wan/21.png new file mode 100644 index 0000000..bc6217d Binary files /dev/null and b/servers/failover-wan/21.png differ diff --git a/servers/failover-wan/22.png b/servers/failover-wan/22.png new file mode 100644 index 0000000..85c2b92 Binary files /dev/null and b/servers/failover-wan/22.png differ diff --git a/servers/failover-wan/3.png b/servers/failover-wan/3.png new file mode 100644 index 0000000..a637d2c Binary files /dev/null and b/servers/failover-wan/3.png differ diff --git a/servers/failover-wan/4.png b/servers/failover-wan/4.png new file mode 100644 index 0000000..14d8b99 Binary files /dev/null and b/servers/failover-wan/4.png differ diff --git a/servers/failover-wan/5.png b/servers/failover-wan/5.png new file mode 100644 index 0000000..479fceb Binary files /dev/null and b/servers/failover-wan/5.png differ diff --git a/servers/failover-wan/6.png b/servers/failover-wan/6.png new file mode 100644 index 0000000..ba6cdc5 Binary files /dev/null and b/servers/failover-wan/6.png differ diff --git a/servers/failover-wan/7.png b/servers/failover-wan/7.png new file mode 100644 index 0000000..eef5a7d Binary files /dev/null and b/servers/failover-wan/7.png differ diff --git a/servers/failover-wan/8.png b/servers/failover-wan/8.png new file mode 100644 index 0000000..5bb5dea Binary files /dev/null and b/servers/failover-wan/8.png differ diff --git a/servers/failover-wan/9.png b/servers/failover-wan/9.png new file mode 100644 index 0000000..adc38da Binary files /dev/null and b/servers/failover-wan/9.png differ diff --git a/servers/failover-wan/index.html b/servers/failover-wan/index.html new file mode 100644 index 0000000..9ef9401 --- /dev/null +++ b/servers/failover-wan/index.html @@ -0,0 +1,167 @@ + + + + + + + + + + + Internet Failover Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-04-07

+

Internet Failover (dual wan pfsense setup)

+Threat Model: +

Your ISP connection comes with a closed-source router. What makes you think that your ISP isn't giving access to it to an adversary so that he may be able to spy on your home network ? How do you protect against that?

+

That same adversary suspects that you are running a hidden service from home. That adversary makes your ISP shut down your internet connection to check if you are actually running it or not. How do you ensure your hidden service keeps running ?

+ +

In this tutorial we're going to setup a pfsense VM inside of virt-manager to make sure that our .onion Hidden service is hidden behind an open-source router, rather than a closed-source one. as detailed below:

+ +

We're going to also make sure that we protect the hidden service from controlled internet downtimes, with a failover internet connection to a mobile hotspot.

+ +
+
+
+
+ + +
+
+
+
+

Initial Setup

+

First you're going to need a Libvirtd QEMU hypervisor on your home server, check this tutorial to know how to set it up.

+

So here we create the pfsense VM as shown in this tutorial, and we make sure to adjust it to have the following network configuration:

+

So for the main network interface we setup the network interface as a direct attachment to the host network interface enp8s0 (as a macvtap device in virt-manager):

+ +

As detailed in the previous tutorial, for the LAN network we setup an isolated network and use it like so:

+ +

Then from inside pfsense we can set them both like so:

+ +

Then we setup the second WAN, which is our mobile USB tethering hotspot. First just connect the mobile phone to the homeserver via USB:

+ +

Once plugged in, you can check if the homeserver detects it via the lsusb command, and if it does, just add the USB host device to the VM directly like so:

+ + +

However that's not enough as when you enable USB tethering the USB device ID changes, so we enable USB tethering like so (ex: in Graphene OS you go to: Settings > Network and Internet > Hotspot & Tethering > Toggle USB Tethering ON) before adding it in the pfsense VM:

+ +

Now that the device is added, enable USB tethering from your phone , then let's make sure that it is proprely configured as a second WAN interface in pfsense:

+ +

Here you see the pfsense VM detecting the usb device from console, however to make the setup simpler we'll set it up from the pfsense dashboard, from the VM inside the LAN network:

+ +

So after clicking "add" we have now the OPT3 interface that we can configure:

+ +

We rename it to WAN-Mobile, set it to DHCP (as it is the mobile phone that gives the DHCP lease to that interface), and hit save:

+ + +

Here you can also see that pfsense detects that interface as a gateway in the routing section:

+ +

Now that's done, we need to setup the failover by first having both gateways into the same gateway group:

+ + +

Now here we have a gateway group, we have set our main WAN interface (WANGW, the ethernet connection) to be tier 1 as in first priority, and we have set our secondary WAN interface (WANMOBILE) to be Tier 2 as in second priority. The trigger level to switch between the 2 is going to be Packet Loss. Meaning if the ethernet connection goes down, the internet connection will resume through the mobile USB tethering hotspot:

+

Now we hit save and apply, then we need to edit the LAN firewall rule because otherwise it won't accept any traffic to be routed to the other gateway:

+ + + +

Now with this, the lan subnet will automatically route traffic through either gateway as dictated by pfsense. which is what we want. Now hit save and apply:

+ +

And now we can see it in action when we unplug the ethernet cable like so:

+ +

As you can see here, the traffic first goes through the default WAN interface, and after i unplug the ethernet cable, the same traffic starts to go through the other WAN interface via the mobile connection. Which concludes today's tutorial.

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/failovers/0.png b/servers/failovers/0.png new file mode 100644 index 0000000..4c36deb Binary files /dev/null and b/servers/failovers/0.png differ diff --git a/servers/failovers/1.png b/servers/failovers/1.png new file mode 100644 index 0000000..91cea37 Binary files /dev/null and b/servers/failovers/1.png differ diff --git a/servers/failovers/10.png b/servers/failovers/10.png new file mode 100644 index 0000000..bc213ee Binary files /dev/null and b/servers/failovers/10.png differ diff --git a/servers/failovers/11.png b/servers/failovers/11.png new file mode 100644 index 0000000..867645e Binary files /dev/null and b/servers/failovers/11.png differ diff --git a/servers/failovers/2.png b/servers/failovers/2.png new file mode 100644 index 0000000..55ae7b4 Binary files /dev/null and b/servers/failovers/2.png differ diff --git a/servers/failovers/3.png b/servers/failovers/3.png new file mode 100644 index 0000000..8656cdd Binary files /dev/null and b/servers/failovers/3.png differ diff --git a/servers/failovers/4.png b/servers/failovers/4.png new file mode 100644 index 0000000..be1a571 Binary files /dev/null and b/servers/failovers/4.png differ diff --git a/servers/failovers/5.png b/servers/failovers/5.png new file mode 100644 index 0000000..34fad72 Binary files /dev/null and b/servers/failovers/5.png differ diff --git a/servers/failovers/6.png b/servers/failovers/6.png new file mode 100644 index 0000000..34fad72 Binary files /dev/null and b/servers/failovers/6.png differ diff --git a/servers/failovers/7.png b/servers/failovers/7.png new file mode 100644 index 0000000..f67e306 Binary files /dev/null and b/servers/failovers/7.png differ diff --git a/servers/failovers/8.png b/servers/failovers/8.png new file mode 100644 index 0000000..cb3f449 Binary files /dev/null and b/servers/failovers/8.png differ diff --git a/servers/failovers/9.png b/servers/failovers/9.png new file mode 100644 index 0000000..2973a21 Binary files /dev/null and b/servers/failovers/9.png differ diff --git a/servers/failovers/index.html b/servers/failovers/index.html new file mode 100644 index 0000000..31a99ac --- /dev/null +++ b/servers/failovers/index.html @@ -0,0 +1,389 @@ + + + + + + + + + + + Electrical Failover Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-04-06

+

Electrical Failover (basic UPS setup)

+Threat Model: +

What if an adversary tells your electricity provider to temporarily power off your electricity to check if it manages to shut down a particular hidden service ? How do you ensure that your hidden service running at home remains accessible even without the main electrical input ?

+ +

In this tutorial we'll look at the most fundamental part of both Disaster Recovery Planning and Business Continuity for home servers. We'll look at how to deal with power outages.

+ +

For the Electrical Outages, we'll setup a UPS in between our homeserver and the main electrical input, so that in case of a power outage the home server can keep running for a while before finally shutting down. The UPS will then send a message to the Network UPS Tools suite to tell the server to shutdown when the batteries run low.

+ +
+
+
+
+ + +
+
+
+
+

Electrical Outages - UPS setup

+

Before buying a UPS, you need to know how much your home server can draw power (in watts), to make it simple just look at your power supply in your Homeserver. Mine is a RM 750x:

+ +

and as explained in the technical specs, it can draw up to 750 Watts of power:

+ +

So you need a UPS that can generate at least 750 Watts of power, such as the APC Back-UPS 1600VA:

+ +

For my usecase, i picked that one because it can power my homeserver with the 900Watts it can output. Perfect for my server that can draw 750Watts.

+

First make sure your homeserver's plugged onto the UPS which is plugged onto the main electrical source. Then power on the homeserver, and after it booted, connect the serial to usb cable from the UPS to the homeserver, and you'll see it appear like so:

+

+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ lsusb
+
+[...]
+
+Bus 003 Device 003: ID 051d:0002 American Power Conversion Uninterruptible Power Supply
+
+[...]
+	
+
+ +

Then, let's install network ups tools (nut) and make it scan for any ups connected via UPS like ours:

+

+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ apt update -y ; apt install nut nut-client nut-server -y
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ sudo nut-scanner -U
+Scanning USB bus.
+[nutdev1]
+        driver = "usbhid-ups"
+        port = "auto"
+        vendorid = "051D"
+        productid = "0002"
+        product = "Back-UPS BX1600MI FW:378600G -302202G"
+        serial = "DWAADWAWDWA"
+        vendor = "American Power Conversion"
+        bus = "003"
+	
+
+ +

+

+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ cat /etc/nut/upsmon.conf
+RUN_AS_USER root
+MONITOR apc-ups@localhost 1 admin secret master
+
+MINSUPPLIES 1
+SHUTDOWNCMD "/sbin/shutdown -h +0"
+POLLFREQ 5
+POLLFREQALERT 5
+HOSTSYNC 15
+DEADTIME 15
+POWERDOWNFLAG /etc/killpower
+RBWARNTIME 43200
+NOCOMMWARNTIME 300
+FINALDELAY 5
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ cat /etc/nut/upsd.conf
+LISTEN 0.0.0.0 3493
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ cat /etc/nut/nut.conf
+
+MODE=netserver
+
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ cat /etc/nut/upsd.users
+[monuser]
+        password = secret
+        admin master
+	
+
+ +

+

+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ systemctl status nut-server nut-client nut-monitor
+● nut-server.service - Network UPS Tools - power devices information server
+     Loaded: loaded (/lib/systemd/system/nut-server.service; enabled; preset: enabled)
+     Active: active (running) since Sat 2024-04-06 17:23:47 CEST; 5s ago
+   Main PID: 707274 (upsd)
+      Tasks: 1 (limit: 76930)
+     Memory: 620.0K
+        CPU: 2ms
+     CGroup: /system.slice/nut-server.service
+             └─707274 /lib/nut/upsd -F
+
+Apr 06 17:23:47 wonderland systemd[1]: Started nut-server.service - Network UPS Tools - power devices information server.
+Apr 06 17:23:47 wonderland nut-server[707274]: fopen /run/nut/upsd.pid: No such file or directory
+Apr 06 17:23:47 wonderland nut-server[707274]: Could not find PID file '/run/nut/upsd.pid' to see if previous upsd instance is already running!
+Apr 06 17:23:47 wonderland nut-server[707274]: listening on 0.0.0.0 port 3493
+Apr 06 17:23:47 wonderland upsd[707274]: listening on 0.0.0.0 port 3493
+Apr 06 17:23:47 wonderland upsd[707274]: Connected to UPS [apc-ups]: usbhid-ups-apc-ups
+Apr 06 17:23:47 wonderland nut-server[707274]: Connected to UPS [apc-ups]: usbhid-ups-apc-ups
+Apr 06 17:23:47 wonderland nut-server[707274]: Running as foreground process, not saving a PID file
+Apr 06 17:23:47 wonderland upsd[707274]: Running as foreground process, not saving a PID file
+
+● nut-monitor.service - Network UPS Tools - power device monitor and shutdown controller
+     Loaded: loaded (/lib/systemd/system/nut-monitor.service; enabled; preset: enabled)
+     Active: active (running) since Sat 2024-04-06 17:23:47 CEST; 5s ago
+   Main PID: 707276 (upsmon)
+      Tasks: 2 (limit: 76930)
+     Memory: 836.0K
+        CPU: 2ms
+     CGroup: /system.slice/nut-monitor.service
+             ├─707276 /lib/nut/upsmon -F
+             └─707277 /lib/nut/upsmon -F
+
+Apr 06 17:23:47 wonderland systemd[1]: Started nut-monitor.service - Network UPS Tools - power device monitor and shutdown controller.
+Apr 06 17:23:47 wonderland nut-monitor[707276]: fopen /run/nut/upsmon.pid: No such file or directory
+Apr 06 17:23:47 wonderland nut-monitor[707276]: Could not find PID file to see if previous upsmon instance is already running!
+Apr 06 17:23:47 wonderland nut-monitor[707276]: UPS: apc-ups@localhost (primary) (power value 1)
+Apr 06 17:23:47 wonderland nut-monitor[707276]: Using power down flag file /etc/killpower
+Apr 06 17:23:47 wonderland nut-monitor[707277]: Init SSL without certificate database
+Apr 06 17:23:47 wonderland nut-monitor[707277]: Login on UPS [apc-ups@localhost] failed - got [ERR ACCESS-DENIED]
+
+● nut-monitor.service - Network UPS Tools - power device monitor and shutdown controller
+     Loaded: loaded (/lib/systemd/system/nut-monitor.service; enabled; preset: enabled)
+     Active: active (running) since Sat 2024-04-06 17:23:47 CEST; 5s ago
+   Main PID: 707276 (upsmon)
+      Tasks: 2 (limit: 76930)
+     Memory: 836.0K
+        CPU: 2ms
+     CGroup: /system.slice/nut-monitor.service
+             ├─707276 /lib/nut/upsmon -F
+             └─707277 /lib/nut/upsmon -F
+
+Apr 06 17:23:47 wonderland systemd[1]: Started nut-monitor.service - Network UPS Tools - power device monitor and shutdown controller.
+Apr 06 17:23:47 wonderland nut-monitor[707276]: fopen /run/nut/upsmon.pid: No such file or directory
+Apr 06 17:23:47 wonderland nut-monitor[707276]: Could not find PID file to see if previous upsmon instance is already running!
+Apr 06 17:23:47 wonderland nut-monitor[707276]: UPS: apc-ups@localhost (primary) (power value 1)
+Apr 06 17:23:47 wonderland nut-monitor[707276]: Using power down flag file /etc/killpower
+Apr 06 17:23:47 wonderland nut-monitor[707277]: Init SSL without certificate database
+Apr 06 17:23:47 wonderland nut-monitor[707277]: Login on UPS [apc-ups@localhost] failed - got [ERR ACCESS-DENIED]
+
+
+

We can check if the server can get all the

+

+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ upsc apc-ups@localhost
+Init SSL without certificate database
+battery.charge: 100
+battery.charge.low: 10
+battery.mfr.date: 2001/01/01
+battery.runtime: 3167
+battery.runtime.low: 120
+battery.type: PbAc
+battery.voltage: 27.2
+battery.voltage.nominal: 24.0
+device.mfr: American Power Conversion
+device.model: Back-UPS BX1600MI
+device.serial: DDWAWADWADADW
+device.type: ups
+driver.name: usbhid-ups
+driver.parameter.pollfreq: 30
+driver.parameter.pollinterval: 1
+driver.parameter.port: auto
+driver.parameter.productid: 0002
+driver.parameter.serial: DWDADWAWDDWAADWDAW
+driver.parameter.synchronous: auto
+driver.parameter.vendorid: 051D
+driver.version: 2.8.0
+driver.version.data: APC HID 0.98
+driver.version.internal: 0.47
+driver.version.usb: libusb-1.0.26 (API: 0x1000109)
+input.sensitivity: medium
+input.transfer.high: 295
+input.transfer.low: 145
+input.voltage: 234.0
+input.voltage.nominal: 230
+ups.beeper.status: enabled
+ups.delay.shutdown: 20
+ups.firmware: 378600G -302202G
+ups.load: 10
+ups.mfr: American Power Conversion
+ups.mfr.date: 2022/02/08
+ups.model: Back-UPS BX1600MI
+ups.productid: 0002
+ups.realpower.nominal: 900
+ups.serial: DAWDWDAWADWADWDAWAD
+ups.status: OL
+ups.test.result: Done and passed
+ups.timer.reboot: 0
+ups.timer.shutdown: -1
+ups.vendorid: 051d
+
+
+

Now that the UPS is detected, we can install an interface for the nut service:

+

+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ apt install nut-cgi -y
+	
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ vim /etc/nut/hosts.conf
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ cat /etc/nut/hosts.conf
+
+MONITOR apc-ups@localhost "APC UPS - 1600VA"
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ cat /etc/nut/upsset.conf
+I_HAVE_SECURED_MY_CGI_DIRECTORY
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ apt install apache2 -y 
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ a2enmod cgi
+Your MPM seems to be threaded. Selecting cgid instead of cgi.
+Enabling module cgid.
+To activate the new configuration, you need to run:
+  systemctl restart apache2
+
+[ Wonderland ] [ /dev/pts/3 ] [~]
+→ systemctl restart apache2
+
+
+

And now we can browse it from the web on port 80: the url is: http://192.168.0.100/cgi-bin/nut/upsstats.cgi?host=apc-ups@localhost&treemode

+ +

we can see the following graph to know the Battery Charge, Voltage, Input and Load:

+ +

And for more details you can see the data tree:

+ +

Now let's test if it works by unplugging the main electrical source:

+ +

First thing you'll notice is the UPS starting to do a loud beep every 3 seconds, but you can see it in action from the web interface:

+ +

Here as you can see the UPS is working on battery, and slowly the charge is being drained from 100% (now at 97% after 5 minutes) Of course it's being drained slowly due to being on a low load (18% currently), meaning it could last another 20 minutes of electrical outage easily.

+
+
+
+
+ + + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/finances/0.png b/servers/finances/0.png new file mode 100644 index 0000000..b7ce60e Binary files /dev/null and b/servers/finances/0.png differ diff --git a/servers/finances/1.png b/servers/finances/1.png new file mode 100644 index 0000000..91d5505 Binary files /dev/null and b/servers/finances/1.png differ diff --git a/servers/finances/2.png b/servers/finances/2.png new file mode 100644 index 0000000..c7b6d82 Binary files /dev/null and b/servers/finances/2.png differ diff --git a/servers/finances/3.png b/servers/finances/3.png new file mode 100644 index 0000000..fc13784 Binary files /dev/null and b/servers/finances/3.png differ diff --git a/servers/finances/4.png b/servers/finances/4.png new file mode 100644 index 0000000..2ce9fcb Binary files /dev/null and b/servers/finances/4.png differ diff --git a/servers/finances/index.html b/servers/finances/index.html new file mode 100644 index 0000000..9e53f1e --- /dev/null +++ b/servers/finances/index.html @@ -0,0 +1,183 @@ + + + + + + + + + + + Decentralized Finances + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

user@Whonix - 2024-04-26

+

Why Financial decentralisation ?

+ +
+
+
+
+ + +
+
+
+
+

Centralised Currencies

+

As we have discussed previously, governments love centralisation, because it allows them to keep control over what the masses can do, because they can directly affect the owner of said centralised service to further their agenda.

+ +

Nowadays, governments love to impose financial sanctions towards the other countries they don't like, by preventing everyone from having any business with said country (example: the EU imposing sanctions against russia), one way to achieve that goal is to block transactions at the banking level, since legitimate businesses require to have a bank account. That is of course intentional, as it allows the government to control any business' finances.

+

The banking system has deep roots in any modern country, with very close ties to the governments as it gives them very direct control over their population. As detailed in his book "the right to transact" by Zelinar XY he argues that the right to transact is an extension of one's innate right of expression.

+

For a government to have control over one's expenses, is to have control over one's ability to express himself, it is for a government to have the power to censor any individual they deem to be unfit to be in their society.

+

And in my opinion, to consider that someone else should be able to decide what YOU do with your money, is madness. You alone should decide what should happen with your money and governments definitely don't want that.

+ +
+
+
+
+ +
+
+
+
+

Decentralised Currencies, and Centralised Exchanges



+Bitcoin: Revolutionnary, but Flawed +

Bitcoin has been the first cryptocurrency to see the day. It has been a remarkable innovation at the time. It allows you to create a wallet from home, to be able to recieve money there, and to transact freely, tax free. All you need is to have a computer, with an internet connection. Of course that does not sit well with governments. They want to keep control over your money, to be able to keep control over your right to transact.

+

While Bitcoin has been revolutionary at the time, there are obvious cracks in the armor. While it provides decentralisation of the currency (meaning it is not controlled by a centralised entity, such as the dollar is controlled by the federal reserve), it has a completely transparent blockchain, meaning everyone knows which wallet transacted with whom, and the amount of Bitcoin on each wallet.

+

TLDR: noone can stop your bitcoin transaction, but you can be put in prison for it

+Centralised Exchanges and KYC: Governmental Proxies +

with Bitcoin everyone knows which wallet is the richest, all that's left is to put a name on those wallets, to be able to tax them! Governments are pushing hard to regulate centralised exchanges, to implement just that, they want their part of the cake at all costs.

+

KYC procedures (Know Your Customer procedures) are a direct threat to:

+
    +
  1. Your right to remain anonymous
  2. +
  3. Your right to privacy
  4. +
  5. And by extension, your right to transact
  6. +
  7. And by extension, your right of expression
  8. +
+

Centralised exchanges are the current target of choice for regulators. Most of them force their users to have custodial wallets (meaning the wallets with all the customer funds are on the server, not with the client) and so, their funds can be taken hostage to force their customers to comply and complete with all the KYC procedures when they get implemented. Feels like central banks isn't it ? The problem here is centralisation. Why are you using decentralised cryptocurrencies on Centralised platforms in the first place?

+ +

All public and popular Centralised Exchange are bound to fall to this fate. They will inevitably comply with the governments of their country, Their users will be forced to identify themselves to transact with other users, they will have to identify themselves so that the exchange (and by extension, the government) knows who's got the money, to be able to tax them later on, and of course if they don't comply, they will be forced out of business one way or the other.

+

That's where we are at currently, People have not completely moved away from Centralisation and KYC. But you'll see, as surveillance increases over time and governments try to have as much control as possible over the masses, the need for privacy and anonymity will keep on increasing manyfold.

+

In the meantime, to find KYC-free services (centralised or not), check out kycnot.me, as they put it: "KYC reveals fear."

+ +
+
+
+
+ +
+
+
+
+

The Privacy Cryptocurrency, and Decentralised Exchanges



+Monero: the Privacy Standard for transactions +

Out of that situation emerged privacy coins, with Monero still at the top to this day (also known as the only cryptocurrency that's used) is basically a cryptocurrency just like bitcoin, except that it does everything to obscure every info regarding transactions. Basically, it's a nightmare for financial regulators.

+ +

To make it short, it obscures the amount transacted, the ip addresses, who recieves the transaction and who sends the transaction, To this day not a single monero transaction has been successfully traced. For more details on Monero, check the infodump here.

+

Monero's goals differ from what bitcoin has become. It's not to get rich, the goal is to provide transactional privacy, anonymity, and ultimately to be USED as a currency. That is a fundamental difference to the whole bitcoin-fan ecosystem of pump and dump schemes, monero is not meant to be a speculative asset.

+

More to the point, given the alarming increase of surveillance worldwide, and incoming regulations forced onto everyone, do you seriously think that people will keep trying to use random coins just to get taxed ? No, eventually only the coins that take privacy and anonymity of it's users as their first priority will remain. Mark my words; hop on the orange boat, and watch every other currency lose value.

+

Governments so far have been unable to do anything to stop monero from being transacted. The only thing they can successfully do is to force centralised exchanges to delist it (example: Binance Delists monero), but decentralised currencies don't require centralised exchanges to exist.

+

TLDR: Noone can stop your monero transaction and put you in prison for it afterward, unlike bitcoin or any other coin out there.

+ +


+Decentralised Exchanges: the next step +

As we have discussed before, Centralisation will always lead to regulations imposed by the government. If on the other hand we have a Decentralised alternative to exchange freely, the government has to try and regulate the end user directly, multiplying the efforts!.

+ +

In short, Cut out the troublesome middle man, and transact with the end user directly. You can also use semi-centralised platforms such as https://localmonero.co that are platforms who incite crypto owners to exchange amongst themselves, a good alternative to use until Decentralised Exchanges (DEXs) are popularized. If you want to check out how to acquire monero on localmonero check out this tutorial. (edit: localmonero is no longer in business as of april 2024, moving to haveno DEX is your current only option for direct FIAT -> XMR transactions)

+ +

The next big Decentralized Exchange that's coming soon is Haveno DEX It will combine Monero and Tor to bring complete decentralisation of your finances. When it will be ready for public use, it will only be a matter of time until everyone shifts to a completely decentralised way of transacting. Check out this tutorial i made to find out how to use it for Fiat -> XMR transcations.

+
+
+
+
+ + + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/governments/1.png b/servers/governments/1.png new file mode 100644 index 0000000..c1c714f Binary files /dev/null and b/servers/governments/1.png differ diff --git a/servers/governments/2.png b/servers/governments/2.png new file mode 100644 index 0000000..8ab12de Binary files /dev/null and b/servers/governments/2.png differ diff --git a/servers/governments/3.png b/servers/governments/3.png new file mode 100644 index 0000000..0b3fe01 Binary files /dev/null and b/servers/governments/3.png differ diff --git a/servers/governments/index.html b/servers/governments/index.html new file mode 100644 index 0000000..c31fe2e --- /dev/null +++ b/servers/governments/index.html @@ -0,0 +1,185 @@ + + + + + + + + + + + Governments, Centralisation, and Law Enforcement + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-06-07

+

Governments, Centralisation, and Law Enforcement

+

In this tutorial we're going to cover and explain what are governments, and why they are trying to force us into mass surveillance and KYC procedures.

+ +
+
+
+
+ + +
+
+
+
+

Governments and their laws

+

+A government is the system or group of people governing an organized community, generally a state.
+
+
+

Their primary focus is to maintain their control over the country/state, no matter the cost, they will do everything possible to remain in power for as long as possible

+

They are the ones who write the rules, the laws by which everyone in the country must must follow for society to remain in order (whether the subjected people accept it or not), according to them.

+

Governments pass Laws and to make sure that their laws is respected, they need Law enforcement (LE) to be able to apply sanctions on whoever breaks their laws.

+ +

Governments nowadays almost always use bogus reasons to use to pass abusive laws (the typical "it's to fight the boogeymen!" type of reasons) , in order to either make more money, or to enforce surveillance better, or to straight up take away power from businesses and individuals.

+
+
+
+
+ +
+
+
+
+

Businesses and Centralisation



+

One thing that governments genuinely care about is how modern and economically mature their country is. Hence their close relationships with businesses that generate the most wealth in their country.

+ +

These same businesses are often a tool of Centralisation, to extend the government's reach of power, the most common trait there is surveillance, and identifying who did what (ex: with KYC procedures).

+ +

Each business is closely regulated, the bigger the business, the higher up the priority list it is to be audited for regulation compliance checks. The exception being with International Banks (ex: see the HSBC scandal) due to everyone's innate greed to get richer even if it means breaking the law.

+ + +

Businesses are centralised entities just like governments, they ALL can act as proxies to help law enforcement, whether they want to or not.

+ + +
+
+
+
+ + + +
+
+
+
+

Law enforcement



+

+Law enforcement is the activity of some members of government who act in an organized manner to enforce the law by discovering, deterring, rehabilitating, or punishing people who violate the rules and norms governing that society.
+
+
+

For the Law to be enforceable the authorities need to know 2 things:

+
    +
  1. What happened? (lack of privacy)
  2. +
  3. Who did it? (lack of anonymity)
  4. +
+ +

Of course, the law must not be ignored by anyone, and to make sure that everyone is kept in line, they need to show everyone that the law is effectively enforced onto those that behaved badly, very often they brag about catching criminals to let everyone know that they are the good guys protecting everyone from the bad guys.

+

That is the basis of this whole Privacy and Anonymity talk. In short, For the law to be enforceable, they need to know both what happened, and who perpretated the act to be able to apply sanctions on the individual / group of individuals that commited the crime.

+

Modern governments know this very well, and some go to extreme lengths to make sure that every citizen is under surveillance.

+
    +
  1. USA: Edward Snowden's Revelations

    +
  2. +
  3. China: the Surveillance State - See what it can lead to
  4. +
+ +

A very common practice for Law enforcement is also to either bribe or force legitimate businesses to give the data they possess of their users, to know if a crime has been commited or not. See the USA's recent FISA 702, good news is they're not lying about it anymore, the intention is clear and out in the open. The general idea is that this bill is meant for the government to be able to force anyone (individual or business) to conduct spying activities for the governments, with or without their consent, with a gag order.

+

In short, the US government grants itself the right to force you or your business to do anything to further their agenda. This world's biggest democracies are all turning into dictatorships in the name of national security.

+

Anyway you get the idea. Anonymity is more relevant than ever, we're headed for that surveillance dystopia China has currently established.

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/govfear/1.png b/servers/govfear/1.png new file mode 100644 index 0000000..4866e80 Binary files /dev/null and b/servers/govfear/1.png differ diff --git a/servers/govfear/2.png b/servers/govfear/2.png new file mode 100644 index 0000000..6eb560d Binary files /dev/null and b/servers/govfear/2.png differ diff --git a/servers/govfear/3.png b/servers/govfear/3.png new file mode 100644 index 0000000..6f0c65e Binary files /dev/null and b/servers/govfear/3.png differ diff --git a/servers/govfear/index.html b/servers/govfear/index.html new file mode 100644 index 0000000..ae29e00 --- /dev/null +++ b/servers/govfear/index.html @@ -0,0 +1,157 @@ + + + + + + + + + + + Governments fear Decentralisation and Anonymity + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-06-07

+

Governments fear Decentralisation and Anonymity

+

In this tutorial we're going to explain why Decentralisation and Anonymity are essential in reducing the power of the government over it's citizens.

+ +
+
+
+
+ + +
+
+
+
+

Governments and Decentralisation

+

As we have discussed previously, governments love centralisation. It's an easy way for them to extend their power to directly affect users of said centralised businesses. Take for example how the US government uses banks to impose financial sanctions onto whoever they consider as a threat to them.

+ +

They have largely succeeded in keeping their population hooked onto centralisation, for example you want to watch videos you think youtube, you want to browse the web you think google, social - facebook, twitter, and so on. It's become a natural reflex for most people, hence most people flock to these centralised platforms, and as we have explained previously; governments use them as proxies to spy or enforce censorship onto it's citizens.

+ + +

It's convenient for them; you own a large service, which attracts millions of people to use it, and so governments would love to have access to that data you own, to be able to know what's happening. (remember FISA 702)

+ +

If the masses were to completely change their habits and embrace decentralisation, like i am trying to promote on Datura Network for example using peertube to replace youtube, matrix to replace discord, mastodon to replace twitter, etc, it would seriously limit the reach of the power they try to have on the population. They wouldn't be able to censor and try to control the public opinion of the people like they did through twitter for example.

+ + +

The key difference here is that the INDIVIDUALS are the ones controlling the service, and they're making the overall decentralised ecosystem grow larger and larger as they keep federating together.

+ +

So in this case, you are taking out the first pillar that is required for law enforcement ; Surveillance, the government would have to knock on your door, and FORCE you to give them the data of your users.

+

I encourage everyone that's fed up with the arbitrary administration of centralised services to start using their decentralised alternatives, see what the Fediverse has to offer for more details.

+
+
+
+
+ +
+
+
+
+

Governments and Anonymity



+

That's an easy one. as we discussed in my previous blogpost, for the law to be respected, it needs to be feared by the population, to make sure it remains feared, it needs to be enforced by authorities (law enforcement or LE for short). To do so they need to know what happened, and they need to know who did what.

+ +

That's why they go to such extreme lengths to implement surveillance wherever they can. (see China's surveillance state, the USA's FISA 702, and the EU trying to pass anti encryption laws)

+ +

Anonymity is a great thing to look for if you care about privacy. It's the perfect way to know if a service intends to respect your privacy or not.

+ +

The reason being, that if you use a service anonymously, you are taking out the other pillar that is required for the law to be enforceable, making sure that they cannot know it was you who used the service

+

The Anonymity Test

+

If you want to know if a service intends to respect your privacy or not, access it, and use it anonymously. (use the Tor browser to access it, and see if it accepts monero as payments). Check out my tutorial on OPSEC (Operational Security) to understand the full reasoning.

+

You will see that you can already rule out Google, youtube, twitter, instagram, snapchat, Facebook, Baidu, Whatsapp, etc. All of those services sell the data they collect about you to each other, including to governments (see the cambridge analytica scandal)

+ +

Stop using services that treat you as a product to sell, regain your lost dignity and defend it.

+ +
+
+
+
+ + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/graphene/1.png b/servers/graphene/1.png new file mode 100644 index 0000000..c26a900 Binary files /dev/null and b/servers/graphene/1.png differ diff --git a/servers/graphene/10.png b/servers/graphene/10.png new file mode 100644 index 0000000..30e90e0 Binary files /dev/null and b/servers/graphene/10.png differ diff --git a/servers/graphene/11.png b/servers/graphene/11.png new file mode 100644 index 0000000..bd9fb40 Binary files /dev/null and b/servers/graphene/11.png differ diff --git a/servers/graphene/12.png b/servers/graphene/12.png new file mode 100644 index 0000000..bd3d729 Binary files /dev/null and b/servers/graphene/12.png differ diff --git a/servers/graphene/13.png b/servers/graphene/13.png new file mode 100644 index 0000000..56d7144 Binary files /dev/null and b/servers/graphene/13.png differ diff --git a/servers/graphene/14.png b/servers/graphene/14.png new file mode 100644 index 0000000..2bfc7e0 Binary files /dev/null and b/servers/graphene/14.png differ diff --git a/servers/graphene/15.png b/servers/graphene/15.png new file mode 100644 index 0000000..72ed1bc Binary files /dev/null and b/servers/graphene/15.png differ diff --git a/servers/graphene/16.png b/servers/graphene/16.png new file mode 100644 index 0000000..4688781 Binary files /dev/null and b/servers/graphene/16.png differ diff --git a/servers/graphene/17.png b/servers/graphene/17.png new file mode 100644 index 0000000..39a494e Binary files /dev/null and b/servers/graphene/17.png differ diff --git a/servers/graphene/18.png b/servers/graphene/18.png new file mode 100644 index 0000000..ca97428 Binary files /dev/null and b/servers/graphene/18.png differ diff --git a/servers/graphene/19.png b/servers/graphene/19.png new file mode 100644 index 0000000..2788123 Binary files /dev/null and b/servers/graphene/19.png differ diff --git a/servers/graphene/2.png b/servers/graphene/2.png new file mode 100644 index 0000000..cba0573 Binary files /dev/null and b/servers/graphene/2.png differ diff --git a/servers/graphene/20.png b/servers/graphene/20.png new file mode 100644 index 0000000..8a0e017 Binary files /dev/null and b/servers/graphene/20.png differ diff --git a/servers/graphene/21.png b/servers/graphene/21.png new file mode 100644 index 0000000..b71bde7 Binary files /dev/null and b/servers/graphene/21.png differ diff --git a/servers/graphene/22.png b/servers/graphene/22.png new file mode 100644 index 0000000..f878b07 Binary files /dev/null and b/servers/graphene/22.png differ diff --git a/servers/graphene/23.png b/servers/graphene/23.png new file mode 100644 index 0000000..5f20721 Binary files /dev/null and b/servers/graphene/23.png differ diff --git a/servers/graphene/24.png b/servers/graphene/24.png new file mode 100644 index 0000000..2979b5c Binary files /dev/null and b/servers/graphene/24.png differ diff --git a/servers/graphene/25.png b/servers/graphene/25.png new file mode 100644 index 0000000..51163d9 Binary files /dev/null and b/servers/graphene/25.png differ diff --git a/servers/graphene/26.png b/servers/graphene/26.png new file mode 100644 index 0000000..aa963a0 Binary files /dev/null and b/servers/graphene/26.png differ diff --git a/servers/graphene/27.png b/servers/graphene/27.png new file mode 100644 index 0000000..6609305 Binary files /dev/null and b/servers/graphene/27.png differ diff --git a/servers/graphene/28.png b/servers/graphene/28.png new file mode 100644 index 0000000..71d3987 Binary files /dev/null and b/servers/graphene/28.png differ diff --git a/servers/graphene/29.png b/servers/graphene/29.png new file mode 100644 index 0000000..a9a3d4b Binary files /dev/null and b/servers/graphene/29.png differ diff --git a/servers/graphene/3.png b/servers/graphene/3.png new file mode 100644 index 0000000..5310fe9 Binary files /dev/null and b/servers/graphene/3.png differ diff --git a/servers/graphene/30.png b/servers/graphene/30.png new file mode 100644 index 0000000..14d4d71 Binary files /dev/null and b/servers/graphene/30.png differ diff --git a/servers/graphene/31.png b/servers/graphene/31.png new file mode 100644 index 0000000..a96767f Binary files /dev/null and b/servers/graphene/31.png differ diff --git a/servers/graphene/32.png b/servers/graphene/32.png new file mode 100644 index 0000000..00b3608 Binary files /dev/null and b/servers/graphene/32.png differ diff --git a/servers/graphene/33.png b/servers/graphene/33.png new file mode 100644 index 0000000..8b2308c Binary files /dev/null and b/servers/graphene/33.png differ diff --git a/servers/graphene/34.png b/servers/graphene/34.png new file mode 100644 index 0000000..3676fd4 Binary files /dev/null and b/servers/graphene/34.png differ diff --git a/servers/graphene/4.png b/servers/graphene/4.png new file mode 100644 index 0000000..b365f25 Binary files /dev/null and b/servers/graphene/4.png differ diff --git a/servers/graphene/41.png b/servers/graphene/41.png new file mode 100644 index 0000000..3082aa7 Binary files /dev/null and b/servers/graphene/41.png differ diff --git a/servers/graphene/42.png b/servers/graphene/42.png new file mode 100644 index 0000000..e9cfa30 Binary files /dev/null and b/servers/graphene/42.png differ diff --git a/servers/graphene/5.png b/servers/graphene/5.png new file mode 100644 index 0000000..c5f1900 Binary files /dev/null and b/servers/graphene/5.png differ diff --git a/servers/graphene/6.png b/servers/graphene/6.png new file mode 100644 index 0000000..0aabae2 Binary files /dev/null and b/servers/graphene/6.png differ diff --git a/servers/graphene/7.png b/servers/graphene/7.png new file mode 100644 index 0000000..2d4d238 Binary files /dev/null and b/servers/graphene/7.png differ diff --git a/servers/graphene/8.png b/servers/graphene/8.png new file mode 100644 index 0000000..71320fa Binary files /dev/null and b/servers/graphene/8.png differ diff --git a/servers/graphene/9.png b/servers/graphene/9.png new file mode 100644 index 0000000..7b70fed Binary files /dev/null and b/servers/graphene/9.png differ diff --git a/servers/graphene/index.html b/servers/graphene/index.html new file mode 100644 index 0000000..ec8dcb9 --- /dev/null +++ b/servers/graphene/index.html @@ -0,0 +1,334 @@ + + + + + + + + + + + How to install GrapheneOS on a Pixel Phone + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-07-10

+

How to install GrapheneOS on a Pixel Phone

+ +

In this tutorial we're going to setup graphene OS, an open source android operating system for google pixel phones. (Yes google phones, if you don't like it then you'll have to wait for functionnal open hardware alternatives to arrive on the market.) Currently GrapheneOS is one of the most privacy-focused mobile operating systems given that it's fully open source. and that they refuse to implement google services by default, unlike their competitors like LineageOS.

+ +

DISCLAIMER: yes the quality of the photos taken are garbage :)

+
+
+
+
+ + +
+
+
+
+

Requirements

+

First step is go acquire a Google pixel phone, and a model that supports grapheneOS. In my case, i purchased a Pixel 6 model. Then on the host OS on your computer, install the required packages:

+

+
+[ nowhere ] [ /dev/pts/11 ] [~]
+→ sudo pacman -Syy android-tools
+[sudo] password for nihilist:
+resolving dependencies...
+looking for conflicting packages...
+
+Packages (4) android-udev-20240221-1  libmtp-1.1.21-1  protobuf-25.3-4
+             android-tools-35.0.1-1
+
+Total Download Size:    4.84 MiB
+Total Installed Size:  22.07 MiB
+
+:: Proceed with installation? [Y/n] y
+
+
+

Here on the phone, we need to enable developer settings, to be able to enable the "OEM Unlocking" option:

+ + + + + +

Then reboot the phone by holding the power and volume down to enter fastboot mode:

+ +

Then, connect the device via usb to your computer:

+

+[ nowhere ] [ /dev/pts/11 ] [~]
+→ lsusb | grep Google
+Bus 001 Device 098: ID 18d1:4ee0 Google Inc. Nexus/Pixel Device (fastboot)
+
+[ nowhere ] [ /dev/pts/11 ] [~]
+→ fastboot --version
+fastboot version 35.0.1-android-tools
+Installed as /usr/bin/fastboot
+
+[ nowhere ] [ /dev/pts/11 ] [~]
+→ fastboot devices
+no permissions; see [http://developer.android.com/tools/device.html]     fastboot
+
+[ nowhere ] [ /dev/pts/11 ] [~]
+→ sudo -i
+nowhere# fastboot devices
+1C21FGJH6993LC   fastboot
+
+nowhere# fastboot flashing unlock
+OKAY [  0.043s]
+Finished. Total time: 0.043s
+
+
+ + + + +

Next, as i have a google pixel 6 model, i need to download the correct graphene os image

+ +

+nowhere# mv /home/nihilist/Downloads/oriole-factory-2024070201.zip .
+nowhere# unzip oriole-factory-2024070201.zip
+Archive:  oriole-factory-2024070201.zip
+   creating: oriole-factory-2024070201/
+ extracting: oriole-factory-2024070201/image-oriole-2024070201.zip
+  inflating: oriole-factory-2024070201/bootloader-oriole-slider-14.5-11677881.img
+  inflating: oriole-factory-2024070201/radio-oriole-g5123b-135085-240517-b-11857288.img
+ extracting: oriole-factory-2024070201/avb_pkmd.bin
+  inflating: oriole-factory-2024070201/flash-all.sh
+  inflating: oriole-factory-2024070201/flash-all.bat
+
+nowhere# cd oriole-factory-2024070201
+
+nowhere# ls
+avb_pkmd.bin                                flash-all.sh
+bootloader-oriole-slider-14.5-11677881.img  image-oriole-2024070201.zip
+flash-all.bat                               radio-oriole-g5123b-135085-240517-b-11857288.img
+
+nowhere# chmod +x ./flash-all.sh
+nowhere# ./flash-all.sh
+
+
+

Then let the bashscript run, it can take a few minutes:

+

+nowhere# ./flash-all.sh
+Warning: skip copying bootloader_a image avb footer (bootloader_a partition size: 0, bootloader_a image size: 14125140).
+Sending 'bootloader_a' (13794 KB)                  OKAY [  0.364s]
+Writing 'bootloader_a'                             (bootloader) Flashing pack version slider-14.5-11677881
+(bootloader) flashing platform gs101
+(bootloader) Validating partition ufs
+(bootloader) Validating partition partition:0
+(bootloader) Validating partition partition:1
+(bootloader) Validating partition partition:2
+(bootloader) Validating partition partition:3
+(bootloader) Validating partition bl1_a
+(bootloader) Validating partition pbl_a
+(bootloader) Validating partition bl2_a
+(bootloader) Validating partition abl_a
+(bootloader) Validating partition bl31_a
+(bootloader) Validating partition tzsw_a
+(bootloader) Validating partition gsa_a
+(bootloader) Validating partition ldfw_a
+(bootloader) Flashing partition ufs
+(bootloader) Flashing partition partition:0
+(bootloader) Flashing partition partition:1
+(bootloader) Flashing partition partition:2
+(bootloader) Flashing partition partition:3
+(bootloader) Flashing partition bl1_a
+(bootloader) Flashing partition pbl_a
+(bootloader) Flashing partition bl2_a
+(bootloader) Flashing partition abl_a
+(bootloader) Flashing partition bl31_a
+(bootloader) Flashing partition tzsw_a
+(bootloader) Flashing partition gsa_a
+(bootloader) Flashing partition ldfw_a
+(bootloader) Loading sideload ufsfwupdate
+OKAY [  3.089s]
+Finished. Total time: 3.454s
+Setting current slot to 'a'                        OKAY [  0.058s]
+Finished. Total time: 0.059s
+Rebooting into bootloader                          OKAY [  0.000s]
+
+[...]
+
+Sending sparse 'super' 11/13 (254972 KB)           OKAY [  6.618s]
+Writing 'super'                                    OKAY [  0.950s]
+Sending sparse 'super' 12/13 (254972 KB)           OKAY [  6.621s]
+Writing 'super'                                    OKAY [  0.935s]
+Sending sparse 'super' 13/13 (46284 KB)            OKAY [  1.216s]
+Writing 'super'                                    OKAY [  0.204s]
+Erasing 'userdata'                                 OKAY [  0.390s]
+Erase successful, but not automatically formatting.
+File system type raw not supported.
+wipe task partition not found: cache
+Erasing 'metadata'                                 OKAY [  0.007s]
+Erase successful, but not automatically formatting.
+File system type raw not supported.
+Finished. Total time: 105.929s
+Rebooting into bootloader                          OKAY [  0.000s]
+Finished. Total time: 0.150s
+nowhere#
+
+
+
+ + + +

then lock the bootloader:

+

+nowhere# fastboot devices
+1C21FGJH6993LC   fastboot
+
+nowhere# fastboot flashing lock
+OKAY [  0.276s]
+Finished. Total time: 0.276s
+	
+
+ + + + + + + +

And that's it! we managed to flash grapheneOS on the pixel phone.

+
+
+
+
+ +
+
+
+
+

Setting up multiple Profiles (for Public, and for Private use)



+

As we have seen previously, it's always a good opsec practice to separate public use from private use. This can also apply on your phone, In this case we'll create a profile specifically for public usage, while we keep the main one for private usage.

+ + + +

Now in there, we can keep the closed-source applications in the public usage profile, while we keep the FOSS applications in the default private usage profile.

+ + +
+
+
+
+ + + +
+
+
+
+

Setting up package manageers



+

Now that's done, we use the private usage profile to install f-droid, in order to install FOSS applications

+ + + + + + +

And here we can go into our public usage profile to setup the Aurora store to install closed-source applications like so:

+ + + + + + + + + +

And from there, we can install all non-FOSS applications in the public usage profile.

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/haveno-arbitrator/0.png b/servers/haveno-arbitrator/0.png new file mode 100644 index 0000000..c031b77 Binary files /dev/null and b/servers/haveno-arbitrator/0.png differ diff --git a/servers/haveno-arbitrator/1.png b/servers/haveno-arbitrator/1.png new file mode 100644 index 0000000..ccdcd1d Binary files /dev/null and b/servers/haveno-arbitrator/1.png differ diff --git a/servers/haveno-arbitrator/10.png b/servers/haveno-arbitrator/10.png new file mode 100644 index 0000000..2753a34 Binary files /dev/null and b/servers/haveno-arbitrator/10.png differ diff --git a/servers/haveno-arbitrator/11.png b/servers/haveno-arbitrator/11.png new file mode 100644 index 0000000..fc3e280 Binary files /dev/null and b/servers/haveno-arbitrator/11.png differ diff --git a/servers/haveno-arbitrator/12.png b/servers/haveno-arbitrator/12.png new file mode 100644 index 0000000..956ad47 Binary files /dev/null and b/servers/haveno-arbitrator/12.png differ diff --git a/servers/haveno-arbitrator/13.png b/servers/haveno-arbitrator/13.png new file mode 100644 index 0000000..45dd1ce Binary files /dev/null and b/servers/haveno-arbitrator/13.png differ diff --git a/servers/haveno-arbitrator/14.png b/servers/haveno-arbitrator/14.png new file mode 100644 index 0000000..31e0534 Binary files /dev/null and b/servers/haveno-arbitrator/14.png differ diff --git a/servers/haveno-arbitrator/15.png b/servers/haveno-arbitrator/15.png new file mode 100644 index 0000000..3d432de Binary files /dev/null and b/servers/haveno-arbitrator/15.png differ diff --git a/servers/haveno-arbitrator/16.png b/servers/haveno-arbitrator/16.png new file mode 100644 index 0000000..e8b4596 Binary files /dev/null and b/servers/haveno-arbitrator/16.png differ diff --git a/servers/haveno-arbitrator/17.png b/servers/haveno-arbitrator/17.png new file mode 100644 index 0000000..01df0e8 Binary files /dev/null and b/servers/haveno-arbitrator/17.png differ diff --git a/servers/haveno-arbitrator/18.png b/servers/haveno-arbitrator/18.png new file mode 100644 index 0000000..93fa30e Binary files /dev/null and b/servers/haveno-arbitrator/18.png differ diff --git a/servers/haveno-arbitrator/19.png b/servers/haveno-arbitrator/19.png new file mode 100644 index 0000000..66ba0d4 Binary files /dev/null and b/servers/haveno-arbitrator/19.png differ diff --git a/servers/haveno-arbitrator/2.png b/servers/haveno-arbitrator/2.png new file mode 100644 index 0000000..c66c361 Binary files /dev/null and b/servers/haveno-arbitrator/2.png differ diff --git a/servers/haveno-arbitrator/20.png b/servers/haveno-arbitrator/20.png new file mode 100644 index 0000000..70b5006 Binary files /dev/null and b/servers/haveno-arbitrator/20.png differ diff --git a/servers/haveno-arbitrator/21.png b/servers/haveno-arbitrator/21.png new file mode 100644 index 0000000..d30b2c7 Binary files /dev/null and b/servers/haveno-arbitrator/21.png differ diff --git a/servers/haveno-arbitrator/22.png b/servers/haveno-arbitrator/22.png new file mode 100644 index 0000000..2fb5936 Binary files /dev/null and b/servers/haveno-arbitrator/22.png differ diff --git a/servers/haveno-arbitrator/23.png b/servers/haveno-arbitrator/23.png new file mode 100644 index 0000000..b7010f2 Binary files /dev/null and b/servers/haveno-arbitrator/23.png differ diff --git a/servers/haveno-arbitrator/24.png b/servers/haveno-arbitrator/24.png new file mode 100644 index 0000000..d7502f3 Binary files /dev/null and b/servers/haveno-arbitrator/24.png differ diff --git a/servers/haveno-arbitrator/25.png b/servers/haveno-arbitrator/25.png new file mode 100644 index 0000000..3d19a9f Binary files /dev/null and b/servers/haveno-arbitrator/25.png differ diff --git a/servers/haveno-arbitrator/26.png b/servers/haveno-arbitrator/26.png new file mode 100644 index 0000000..1a12103 Binary files /dev/null and b/servers/haveno-arbitrator/26.png differ diff --git a/servers/haveno-arbitrator/27.png b/servers/haveno-arbitrator/27.png new file mode 100644 index 0000000..a23350f Binary files /dev/null and b/servers/haveno-arbitrator/27.png differ diff --git a/servers/haveno-arbitrator/28.png b/servers/haveno-arbitrator/28.png new file mode 100644 index 0000000..4f74ed5 Binary files /dev/null and b/servers/haveno-arbitrator/28.png differ diff --git a/servers/haveno-arbitrator/29.png b/servers/haveno-arbitrator/29.png new file mode 100644 index 0000000..97f4c52 Binary files /dev/null and b/servers/haveno-arbitrator/29.png differ diff --git a/servers/haveno-arbitrator/3.png b/servers/haveno-arbitrator/3.png new file mode 100644 index 0000000..5928a2d Binary files /dev/null and b/servers/haveno-arbitrator/3.png differ diff --git a/servers/haveno-arbitrator/30.png b/servers/haveno-arbitrator/30.png new file mode 100644 index 0000000..8c58f25 Binary files /dev/null and b/servers/haveno-arbitrator/30.png differ diff --git a/servers/haveno-arbitrator/31.png b/servers/haveno-arbitrator/31.png new file mode 100644 index 0000000..44846a2 Binary files /dev/null and b/servers/haveno-arbitrator/31.png differ diff --git a/servers/haveno-arbitrator/32.png b/servers/haveno-arbitrator/32.png new file mode 100644 index 0000000..b9ee2a1 Binary files /dev/null and b/servers/haveno-arbitrator/32.png differ diff --git a/servers/haveno-arbitrator/33.png b/servers/haveno-arbitrator/33.png new file mode 100644 index 0000000..5d50d70 Binary files /dev/null and b/servers/haveno-arbitrator/33.png differ diff --git a/servers/haveno-arbitrator/34.png b/servers/haveno-arbitrator/34.png new file mode 100644 index 0000000..ecd8ac7 Binary files /dev/null and b/servers/haveno-arbitrator/34.png differ diff --git a/servers/haveno-arbitrator/35.png b/servers/haveno-arbitrator/35.png new file mode 100644 index 0000000..882b12b Binary files /dev/null and b/servers/haveno-arbitrator/35.png differ diff --git a/servers/haveno-arbitrator/36.png b/servers/haveno-arbitrator/36.png new file mode 100644 index 0000000..49d8482 Binary files /dev/null and b/servers/haveno-arbitrator/36.png differ diff --git a/servers/haveno-arbitrator/37.png b/servers/haveno-arbitrator/37.png new file mode 100644 index 0000000..abed165 Binary files /dev/null and b/servers/haveno-arbitrator/37.png differ diff --git a/servers/haveno-arbitrator/38.png b/servers/haveno-arbitrator/38.png new file mode 100644 index 0000000..4633aa2 Binary files /dev/null and b/servers/haveno-arbitrator/38.png differ diff --git a/servers/haveno-arbitrator/4.png b/servers/haveno-arbitrator/4.png new file mode 100644 index 0000000..a70383e Binary files /dev/null and b/servers/haveno-arbitrator/4.png differ diff --git a/servers/haveno-arbitrator/40.png b/servers/haveno-arbitrator/40.png new file mode 100644 index 0000000..9be64b6 Binary files /dev/null and b/servers/haveno-arbitrator/40.png differ diff --git a/servers/haveno-arbitrator/41.png b/servers/haveno-arbitrator/41.png new file mode 100644 index 0000000..d7d50cb Binary files /dev/null and b/servers/haveno-arbitrator/41.png differ diff --git a/servers/haveno-arbitrator/5.png b/servers/haveno-arbitrator/5.png new file mode 100644 index 0000000..04affee Binary files /dev/null and b/servers/haveno-arbitrator/5.png differ diff --git a/servers/haveno-arbitrator/6.png b/servers/haveno-arbitrator/6.png new file mode 100644 index 0000000..7f83338 Binary files /dev/null and b/servers/haveno-arbitrator/6.png differ diff --git a/servers/haveno-arbitrator/7.png b/servers/haveno-arbitrator/7.png new file mode 100644 index 0000000..853f609 Binary files /dev/null and b/servers/haveno-arbitrator/7.png differ diff --git a/servers/haveno-arbitrator/8.png b/servers/haveno-arbitrator/8.png new file mode 100644 index 0000000..dddf063 Binary files /dev/null and b/servers/haveno-arbitrator/8.png differ diff --git a/servers/haveno-arbitrator/9.png b/servers/haveno-arbitrator/9.png new file mode 100644 index 0000000..1128857 Binary files /dev/null and b/servers/haveno-arbitrator/9.png differ diff --git a/servers/haveno-arbitrator/alice.png b/servers/haveno-arbitrator/alice.png new file mode 100644 index 0000000..b506371 Binary files /dev/null and b/servers/haveno-arbitrator/alice.png differ diff --git a/servers/haveno-arbitrator/bob.png b/servers/haveno-arbitrator/bob.png new file mode 100644 index 0000000..7602a70 Binary files /dev/null and b/servers/haveno-arbitrator/bob.png differ diff --git a/servers/haveno-arbitrator/index.html b/servers/haveno-arbitrator/index.html new file mode 100644 index 0000000..90ae68f --- /dev/null +++ b/servers/haveno-arbitrator/index.html @@ -0,0 +1,235 @@ + + + + + + + + + + + Haveno Decentralised Exchange Dispute (Fiat -> XMR amazon giftcode transaction) + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-05-19

+

Haveno Decentralised Exchange Dispute resolution (Fiat -> XMR)

+ +

In this tutorial we're going to cover how the Haveno DEX handles trade disputes, which can happen as, after all it's decentralised, and anonymous by default.

+

Check out this tutorial if you want to know how to install Haveno DEX on your device.

+ +
+
+
+
+ + +
+
+
+
+

What protects the Buyer or the Seller ?

+

Back on localmonero, what was at stake was the reputation of the Buyer or the Seller, because if any of their trades go wrong, their reputation would not be a clean 100% successful trades anymore. Problem is, on the Haveno DEX, where there is no centralisation to keep everyone's reputation in check, it could be very easy to give yourself a ton of positive reputation points, by spinning up 2 haveno dex instances, to simulate trades with yourself.

+

So there was this need to have something else at stake to prevent people from scamming each other. That is the Security deposit system that we described in the previous tutorial.

+ +

In short, both Bob and Alice need to put some XMR into the trade initially, so that if they try to scam each other, they will loose something in the process.

+

In this example, The trade will go wrong as Bob will try to scam Alice with an invalid Amazon giftcard code.

+
+
+
+
+ +
+
+
+
+

What happens when there's a scammer?



+ +

Here, in this case we're Alice, and we want to sell our XMR for an amazon giftcard (which is typically just a code you need to redeem). So here Alice creates her amazon egift card haveno account to be able to trade just that, she needs to mention her email and the country (because a german amazon giftcard code doesnt work on the french amazon website!)

+ + + +

Read carefully what exchanging an Amazon egift card to XMR implies then click "I understand"

+ +

Then create a selling offer like so:

+ +

Mention the amount of XMR you want to sell, and the % above the market price you want to sell it for, currently 0.2018 XMR at market price will give you 25 euros. Then you need to fund your offer with the additional 0.101009 XMR security deposit. Meaning you need to put in 0.302809 XMR total

+ +

Once funded, wait for the funds to appear as available balance on your haveno client (can take 20 minutes)

+ + +

Then click Place offer to sell monero:

+ +

and then click confirm offer to sell monero.

+ + +

Here you can see that your offer is enabled from the portfolio tab, and people can see it appear on the Buy tab:

+ + +

Now let's switch sides. We're now Bob the scammer, we want to scam Alice. We see her offer on the buy tab, and we take the offer:

+ +

Then, just like Alice did, we also fund the offer with the monero security deposit:

+ + +

Wait for it to show up as available in your haveno balance:

+ + +

Then click confirm to take the offer to buy Monero:

+ + +

Back to Alice's perspective, the trade will intiate and can be viewed when going to the portfolio tab:

+ +

When opening the trade window, Alice sees that Bob not only does not respect the trade protocol of sending the gift card by mail by just sending the code over chat, but the code is also invalid!

+ + + +

Alice sees that she cannot redeem the code as it is invalid. In short, she didn't get paid!

+ +

Back to Bob's perspesctive as we are one kind of an asshole, we don't care that Alice didn't get paid and declare that we sent payment anyway.

+ + + + +

Back to Alice's perspective, Now the ball is in her park, what does she do ?

+ + +

Since she never recieved payment, she does not confirm that she recieved it, and waits until the trade expires

+ + +

In this case, the trade should not take more than 24 hours, so she waits until the next day, and when it expires, she'll be able to open up a dispute.

+ +
+
+
+
+ + + +
+
+
+
+

Arbitrator Resolution



+

Now that the trade time expired (24hrs), Alice can now open up a dispute, for the Arbitrator to step in:

+ +

Here, Alice clicks on "open support ticket", and she goes to the support tab to view her support ticket:

+ + + + +

Then the Arbitrator reviews the exchange from Alice's point of view:

+ +

Here the arbitrator sees that the trade protocol has not been respected, both parties need to make sure they follow the trade protocol for said payment option correctly for the trade to be considered as valid from the arbitrator's point of view.

+ +

Then the Arbitrator sees the exchange from Bob's point of view too:

+ +

Obviously, Bob explains that he got his very legit amazon giftcard code from his hat, and he naively thinks that the arbitrator will rule in his favor.

+ + +

And finally, back to Alice's POV: the Arbitrator decides that it is Alice who's in the Right, and therefore Bob does not get his Monero security deposit back, hence he's loosing 0.101009 XMR in the process.

+ + +

So here, Bob just lost some XMR, and Alice is getting her 0.2018 XMR back, she gets her security deposit back (0.101009 XMR) but also she gets Bob's security deposit (0.101009 XMR), so in total she gets 0.40011456 XMR back (0.101009 XMR more than when she started using Haveno). In the end, it is Bob that ended up giving her some monero against his will.

+ +

Now keep in mind that not all payment options are safe, some can come with easy chargebacks (ex: paypal), and some are just next to impossible for an arbitrator to decide who's in the right or wrong (face-to-face trades for instance). Be very careful to know the risks associated with each payment option, along with what precautions need to be taken.

+ +

Check out my other tutorials on Decentralised Finances below:

+
    +
  1. ✅ How to acquire and use Monero
  2. +
  3. ✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
  4. +
  5. ✅ Haveno DEX Dispute resolution (Fiat -> XMR)
  6. +
  7. ✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
  8. +
  9. ✅ Haveno DEX Cash By Mail -> XMR transaction ⭐

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/haveno-cashbymail/0.1.png b/servers/haveno-cashbymail/0.1.png new file mode 100644 index 0000000..071e53c Binary files /dev/null and b/servers/haveno-cashbymail/0.1.png differ diff --git a/servers/haveno-cashbymail/0.png b/servers/haveno-cashbymail/0.png new file mode 100644 index 0000000..c031b77 Binary files /dev/null and b/servers/haveno-cashbymail/0.png differ diff --git a/servers/haveno-cashbymail/1.png b/servers/haveno-cashbymail/1.png new file mode 100644 index 0000000..939dfd9 Binary files /dev/null and b/servers/haveno-cashbymail/1.png differ diff --git a/servers/haveno-cashbymail/10.png b/servers/haveno-cashbymail/10.png new file mode 100644 index 0000000..2eea285 Binary files /dev/null and b/servers/haveno-cashbymail/10.png differ diff --git a/servers/haveno-cashbymail/11.png b/servers/haveno-cashbymail/11.png new file mode 100644 index 0000000..4d64d2c Binary files /dev/null and b/servers/haveno-cashbymail/11.png differ diff --git a/servers/haveno-cashbymail/12.png b/servers/haveno-cashbymail/12.png new file mode 100644 index 0000000..5fb31fb Binary files /dev/null and b/servers/haveno-cashbymail/12.png differ diff --git a/servers/haveno-cashbymail/13.png b/servers/haveno-cashbymail/13.png new file mode 100644 index 0000000..2822466 Binary files /dev/null and b/servers/haveno-cashbymail/13.png differ diff --git a/servers/haveno-cashbymail/14.png b/servers/haveno-cashbymail/14.png new file mode 100644 index 0000000..b50115c Binary files /dev/null and b/servers/haveno-cashbymail/14.png differ diff --git a/servers/haveno-cashbymail/15.png b/servers/haveno-cashbymail/15.png new file mode 100644 index 0000000..b0aaf9d Binary files /dev/null and b/servers/haveno-cashbymail/15.png differ diff --git a/servers/haveno-cashbymail/16.png b/servers/haveno-cashbymail/16.png new file mode 100644 index 0000000..8b2bc7d Binary files /dev/null and b/servers/haveno-cashbymail/16.png differ diff --git a/servers/haveno-cashbymail/17.png b/servers/haveno-cashbymail/17.png new file mode 100644 index 0000000..74c6f5e Binary files /dev/null and b/servers/haveno-cashbymail/17.png differ diff --git a/servers/haveno-cashbymail/18.png b/servers/haveno-cashbymail/18.png new file mode 100644 index 0000000..cf60cf8 Binary files /dev/null and b/servers/haveno-cashbymail/18.png differ diff --git a/servers/haveno-cashbymail/19.png b/servers/haveno-cashbymail/19.png new file mode 100644 index 0000000..70fbe70 Binary files /dev/null and b/servers/haveno-cashbymail/19.png differ diff --git a/servers/haveno-cashbymail/2.png b/servers/haveno-cashbymail/2.png new file mode 100644 index 0000000..ab58717 Binary files /dev/null and b/servers/haveno-cashbymail/2.png differ diff --git a/servers/haveno-cashbymail/20.png b/servers/haveno-cashbymail/20.png new file mode 100644 index 0000000..f602d3a Binary files /dev/null and b/servers/haveno-cashbymail/20.png differ diff --git a/servers/haveno-cashbymail/21.png b/servers/haveno-cashbymail/21.png new file mode 100644 index 0000000..f0f5950 Binary files /dev/null and b/servers/haveno-cashbymail/21.png differ diff --git a/servers/haveno-cashbymail/22.png b/servers/haveno-cashbymail/22.png new file mode 100644 index 0000000..e698a8c Binary files /dev/null and b/servers/haveno-cashbymail/22.png differ diff --git a/servers/haveno-cashbymail/23.png b/servers/haveno-cashbymail/23.png new file mode 100644 index 0000000..9ca8731 Binary files /dev/null and b/servers/haveno-cashbymail/23.png differ diff --git a/servers/haveno-cashbymail/24.png b/servers/haveno-cashbymail/24.png new file mode 100644 index 0000000..1da465c Binary files /dev/null and b/servers/haveno-cashbymail/24.png differ diff --git a/servers/haveno-cashbymail/25.png b/servers/haveno-cashbymail/25.png new file mode 100644 index 0000000..3d652e1 Binary files /dev/null and b/servers/haveno-cashbymail/25.png differ diff --git a/servers/haveno-cashbymail/26.png b/servers/haveno-cashbymail/26.png new file mode 100644 index 0000000..71fde0c Binary files /dev/null and b/servers/haveno-cashbymail/26.png differ diff --git a/servers/haveno-cashbymail/3.png b/servers/haveno-cashbymail/3.png new file mode 100644 index 0000000..b3b7e26 Binary files /dev/null and b/servers/haveno-cashbymail/3.png differ diff --git a/servers/haveno-cashbymail/4.png b/servers/haveno-cashbymail/4.png new file mode 100644 index 0000000..81e6baf Binary files /dev/null and b/servers/haveno-cashbymail/4.png differ diff --git a/servers/haveno-cashbymail/5.png b/servers/haveno-cashbymail/5.png new file mode 100644 index 0000000..04baeec Binary files /dev/null and b/servers/haveno-cashbymail/5.png differ diff --git a/servers/haveno-cashbymail/6.png b/servers/haveno-cashbymail/6.png new file mode 100644 index 0000000..93e195a Binary files /dev/null and b/servers/haveno-cashbymail/6.png differ diff --git a/servers/haveno-cashbymail/7.png b/servers/haveno-cashbymail/7.png new file mode 100644 index 0000000..e5b5b22 Binary files /dev/null and b/servers/haveno-cashbymail/7.png differ diff --git a/servers/haveno-cashbymail/8.png b/servers/haveno-cashbymail/8.png new file mode 100644 index 0000000..dc55e91 Binary files /dev/null and b/servers/haveno-cashbymail/8.png differ diff --git a/servers/haveno-cashbymail/9.png b/servers/haveno-cashbymail/9.png new file mode 100644 index 0000000..2644acf Binary files /dev/null and b/servers/haveno-cashbymail/9.png differ diff --git a/servers/haveno-cashbymail/alice.png b/servers/haveno-cashbymail/alice.png new file mode 100644 index 0000000..b506371 Binary files /dev/null and b/servers/haveno-cashbymail/alice.png differ diff --git a/servers/haveno-cashbymail/bob.png b/servers/haveno-cashbymail/bob.png new file mode 100644 index 0000000..7602a70 Binary files /dev/null and b/servers/haveno-cashbymail/bob.png differ diff --git a/servers/haveno-cashbymail/index.html b/servers/haveno-cashbymail/index.html new file mode 100644 index 0000000..018b972 --- /dev/null +++ b/servers/haveno-cashbymail/index.html @@ -0,0 +1,255 @@ + + + + + + + + + + + Haveno DEX Cash by Mail -> XMR transaction + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-05-19

+

Haveno DEX Cash by Mail -> XMR transaction

+ +

In this tutorial we're going to cover how to buy Monero, for cash by mail on the Haveno Decentralised Exchange. This was the most popular payment method back on LocalMonero, due to being an improvement over bank transfers (like SEPA in the EU) when it comes to trading larger volumes in the long run, as Cash cannot easily be traced by adversaries unlike bank transfers, making Cash by Mail one of the most private ways to exchange real world money for Monero.

+ + +
+
+
+
+ + +
+
+
+
+

Initiating the trade

+ +

Here, we're Bob, we create our account on Haveno for Pay by Mail transactions, mentionning our real name, postal address, city and country.

+ +

Then we hit "save new account":

+ + +

Make sure you understand the risks that cash by mail transactions have, then click "I understand":

+ +

Then, we can create a buying offer by going into the Buy section:

+ +

Here we want to purchase 20 euros worth of Monero, at the current market price, for 0.1533 XMR:

+ +

THen we fund the offer, and when the funds show up in our Haveno client, we hit "Review: Place offer to buy Monero"

+ + +

Once the offer is confirmed, we can view it on the Portfolie page:

+ + +

Here we wait approx 20 minutes for the monero transaction to be validated by the network, then the offer will appear as enabled:

+ +

And from there, other peers will be able to see Bob's offer into the "Sell Monero" section.

+ +

Now let's switch over to Alice's side, we also create an account to be able to do Cash by mail transactions:

+ +

Then we go into the "Sell monero" section and we take Bob's offer:

+ +

Once the offer is taken we fund the offer:

+ +

There we send the monero to the address as shown for both the security deposit and the actual monero we want to sell:

+ + + + +

Now that the trade has been initiated, let's review the correct trade protocol for Cash By Mail transactions:

+ + +
+
+
+
+ +
+
+
+
+

Cash By Mail: the trade protocol



+

To remain safe with cash by mail transactions, there are a number of steps that Bob need to be take in order to ensure that there is no possibility of being scammed as explained by the following LocalMonero article:

+

+Staying Safe With Cash by Mail (originally from LocalMonero)
+
+If you're buying...
+
+If you stick to high reputation sellers it's very unlikely that you'll encounter any issues while buying with cash by mail, however the following tips will help you prove your payment in a dispute should it arise. The most important thing to do is to make a video recording of your payment. Here are the guidelines:
+Your video should be filmed within a single take, without cuts
+
+You can put the cash in the envelope at home or in the car, and you can put your phone with the video turned on in your front shirt pocket and it'll record the whole process without much extra work from you apart from making sure that you do everything in front of where the camera's pointing. If you have something like a GoPro or the latest iPhone which has a camera with a wider viewing angle it's going to be even easier. Keep the footage in case of a dispute for 180 days.
+
+Put custom markings inside the envelope
+Use some sort of a custom chop/stamp/seal, or a signature or just random movements with a sharpie inside the envelope, covering all surfaces. This will help establish whether the seller is actually opening the envelope you've sent or a fake one. Make sure the mark is visible on the video.
+
+Try to disguise the cash
+To mitigate a (potential, but very rare) case of postal theft en route, try to conceal the fact that the package contains cash. You may put the cash in a magazine, mylar bag or some other container. Vacuum sealing the cash also works.
+
+Place envelopes inside of envelopes
+Instead of simply placing the cash into the envelope, use multiple nested envelopes for your package. Place the cash into the smallest envelope (or simply fold a bigger envelope as necessary), seal it, and place it into another envelope. Repeat this process until you have at least 3 nested envelopes. This helps ensure that if the receiving party tries to tamper with your package they will have a much harder time resealing it all in a way that would be undetectable when inspected by the dispute mediator.
+
+Send with tracking
+Packages sent without tracking may get lost with and without tracking it could be all but impossible to locate it. Having tracking also allows the receiving end to have peace of mind that the package is en route in case it's taking longer than expected.
+
+Conclusion
+As we've mentioned before, with established traders the risk for a buyer is very low. Very low doesn't mean zero though, so make sure to follow these rules to be prepared for a dispute situation.
+
+
+

And there are also a few steps that the monero seller (Alice) has to follow in order to make sure the trade is conducted in a secure manner:

+

+If you're selling...
+
+Make a video of receiving and opening the package
+Record yourself receiving the package from the postal worker, the postal worker weighing it, record the label, all the outer sides of the package; open the package while filming with the camera pointed into it, run the cash through a counter and counterfeit scanner. Make sure everything is filmed in one take. Always keep the package in view of the camera. Keep the footage in case of a dispute for 180 days.
+
+Under no circumstances finalize a trade early
+The key thing to remember (and we put disclaimers about this on every step of the way) is to NEVER finalize a trade UNTIL you have the money and you are absolutely confident that everything is in order. A legitimate buyer won't pressure you into early finalize.
+
+Have a buyer put a note with their username and trade ID
+This will help you distinguish packages coming from different buyers and avoid confusion. This also will help in preventing man-in-the-middle attacks, where a scammer interposes themselves in-between the buyer and the seller, pretending to be the seller when talking to the buyer and pretending to be the buyer when talking to the seller.	
+
+
+ +

To recap the recommendations we have the following graph:

+ +

Here bob puts the cash into a mylar bag (to disguise the cash), which gets put into a tamper proof bag (that way, if alice tries to open it, it'll be easy to see), then bob puts it into at least 3 envelope layers with custom markings inside each layer (again, as anti tampering measures), and then putting it inside the tracking envelope.

+

Also very important, Bob needs to record himself from the moment he wraps the cash into the mylar bag, all the way to when he places the letter in the letterbox. and Alice needs to do the same from her letterbox, all the way to unpacking the cash from the mylar bag. That way in case if there is a dispute, the arbitrator will be able to see who's at fault if there are any steps along the way that have not been respected.

+

In total per cash by mail transaction (assuming the final envelope weighs less than 100grams), the cost involved for the seller should be around 2 euros in France (including tracking), assuming the seller sends the envelope within the same country, and that he buys enevlopes, mylar bags and tamper proof bags in bulk.

+ + +
+
+
+
+ + + +
+
+
+
+

Finishing the Transaction



+ +

Bob of course makes sure that the envelope is sent to Alice's address as it is showcased within the trade window:

+ +

And once he followed the trade protocol to send the envelope to Alice, he can declare that he has sent the payment:

+ +

And then, both Alice and Bob will have to wait for the postal service to take the letter to it's destination. Bob also sent Alice the tracking link so that she can pinpoint where the envelope is in case if there is an issue along the way.

+ +

Back to Alice's side, we get the following notification:

+ +

There, the delay depends on the postal service. But she recieves the envelope 5 days later, she records herself from the point of retrieving, to the unpacking of the cash inside. and then if all is ok on her side, she confirms that she has recieved payment to release the monero funds to Bob:

+ + + +

And lastly, Bob sees that the funds are arriving on his Haveno client, and now he closes the trade.

+ +

And there, Bob can withdraw his funds from his Haveno monero wallet to another wallet if he chooses so inside the "Funds" tab, as we detailed in our previous tutorial here.

+

Check out my other tutorials on Decentralised Finances below:

+
    +
  1. ✅ How to acquire and use Monero
  2. +
  3. ✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
  4. +
  5. ✅ Haveno DEX Dispute resolution (Fiat -> XMR)
  6. +
  7. ✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
  8. +
  9. ✅ Haveno DEX Cash By Mail -> XMR transaction ⭐

+ + +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/haveno-client-f2f/0.1.png b/servers/haveno-client-f2f/0.1.png new file mode 100644 index 0000000..35e075d Binary files /dev/null and b/servers/haveno-client-f2f/0.1.png differ diff --git a/servers/haveno-client-f2f/0.png b/servers/haveno-client-f2f/0.png new file mode 100644 index 0000000..c031b77 Binary files /dev/null and b/servers/haveno-client-f2f/0.png differ diff --git a/servers/haveno-client-f2f/1.png b/servers/haveno-client-f2f/1.png new file mode 100644 index 0000000..c5a453a Binary files /dev/null and b/servers/haveno-client-f2f/1.png differ diff --git a/servers/haveno-client-f2f/10.png b/servers/haveno-client-f2f/10.png new file mode 100644 index 0000000..d501c53 Binary files /dev/null and b/servers/haveno-client-f2f/10.png differ diff --git a/servers/haveno-client-f2f/11.png b/servers/haveno-client-f2f/11.png new file mode 100644 index 0000000..4769f42 Binary files /dev/null and b/servers/haveno-client-f2f/11.png differ diff --git a/servers/haveno-client-f2f/12.png b/servers/haveno-client-f2f/12.png new file mode 100644 index 0000000..faff291 Binary files /dev/null and b/servers/haveno-client-f2f/12.png differ diff --git a/servers/haveno-client-f2f/13.png b/servers/haveno-client-f2f/13.png new file mode 100644 index 0000000..78ded08 Binary files /dev/null and b/servers/haveno-client-f2f/13.png differ diff --git a/servers/haveno-client-f2f/14.1.png b/servers/haveno-client-f2f/14.1.png new file mode 100644 index 0000000..3787aec Binary files /dev/null and b/servers/haveno-client-f2f/14.1.png differ diff --git a/servers/haveno-client-f2f/14.png b/servers/haveno-client-f2f/14.png new file mode 100644 index 0000000..ef118c4 Binary files /dev/null and b/servers/haveno-client-f2f/14.png differ diff --git a/servers/haveno-client-f2f/15.1.png b/servers/haveno-client-f2f/15.1.png new file mode 100644 index 0000000..6d3fc8a Binary files /dev/null and b/servers/haveno-client-f2f/15.1.png differ diff --git a/servers/haveno-client-f2f/15.png b/servers/haveno-client-f2f/15.png new file mode 100644 index 0000000..bb1e7c4 Binary files /dev/null and b/servers/haveno-client-f2f/15.png differ diff --git a/servers/haveno-client-f2f/16.png b/servers/haveno-client-f2f/16.png new file mode 100644 index 0000000..940d718 Binary files /dev/null and b/servers/haveno-client-f2f/16.png differ diff --git a/servers/haveno-client-f2f/17.png b/servers/haveno-client-f2f/17.png new file mode 100644 index 0000000..055e142 Binary files /dev/null and b/servers/haveno-client-f2f/17.png differ diff --git a/servers/haveno-client-f2f/18.png b/servers/haveno-client-f2f/18.png new file mode 100644 index 0000000..661544a Binary files /dev/null and b/servers/haveno-client-f2f/18.png differ diff --git a/servers/haveno-client-f2f/19.png b/servers/haveno-client-f2f/19.png new file mode 100644 index 0000000..3e55cc4 Binary files /dev/null and b/servers/haveno-client-f2f/19.png differ diff --git a/servers/haveno-client-f2f/2.png b/servers/haveno-client-f2f/2.png new file mode 100644 index 0000000..348bce2 Binary files /dev/null and b/servers/haveno-client-f2f/2.png differ diff --git a/servers/haveno-client-f2f/20.png b/servers/haveno-client-f2f/20.png new file mode 100644 index 0000000..3e075fd Binary files /dev/null and b/servers/haveno-client-f2f/20.png differ diff --git a/servers/haveno-client-f2f/21.png b/servers/haveno-client-f2f/21.png new file mode 100644 index 0000000..6109438 Binary files /dev/null and b/servers/haveno-client-f2f/21.png differ diff --git a/servers/haveno-client-f2f/22.png b/servers/haveno-client-f2f/22.png new file mode 100644 index 0000000..4afafb1 Binary files /dev/null and b/servers/haveno-client-f2f/22.png differ diff --git a/servers/haveno-client-f2f/23.png b/servers/haveno-client-f2f/23.png new file mode 100644 index 0000000..5696ce2 Binary files /dev/null and b/servers/haveno-client-f2f/23.png differ diff --git a/servers/haveno-client-f2f/24.png b/servers/haveno-client-f2f/24.png new file mode 100644 index 0000000..f6e1209 Binary files /dev/null and b/servers/haveno-client-f2f/24.png differ diff --git a/servers/haveno-client-f2f/25.png b/servers/haveno-client-f2f/25.png new file mode 100644 index 0000000..c4715a2 Binary files /dev/null and b/servers/haveno-client-f2f/25.png differ diff --git a/servers/haveno-client-f2f/26.png b/servers/haveno-client-f2f/26.png new file mode 100644 index 0000000..107d9ac Binary files /dev/null and b/servers/haveno-client-f2f/26.png differ diff --git a/servers/haveno-client-f2f/27.png b/servers/haveno-client-f2f/27.png new file mode 100644 index 0000000..ff7345e Binary files /dev/null and b/servers/haveno-client-f2f/27.png differ diff --git a/servers/haveno-client-f2f/28.png b/servers/haveno-client-f2f/28.png new file mode 100644 index 0000000..8183cd6 Binary files /dev/null and b/servers/haveno-client-f2f/28.png differ diff --git a/servers/haveno-client-f2f/29.png b/servers/haveno-client-f2f/29.png new file mode 100644 index 0000000..5459ec6 Binary files /dev/null and b/servers/haveno-client-f2f/29.png differ diff --git a/servers/haveno-client-f2f/3.png b/servers/haveno-client-f2f/3.png new file mode 100644 index 0000000..0584b83 Binary files /dev/null and b/servers/haveno-client-f2f/3.png differ diff --git a/servers/haveno-client-f2f/30.png b/servers/haveno-client-f2f/30.png new file mode 100644 index 0000000..b0ea75c Binary files /dev/null and b/servers/haveno-client-f2f/30.png differ diff --git a/servers/haveno-client-f2f/4.png b/servers/haveno-client-f2f/4.png new file mode 100644 index 0000000..84c2600 Binary files /dev/null and b/servers/haveno-client-f2f/4.png differ diff --git a/servers/haveno-client-f2f/5.1.png b/servers/haveno-client-f2f/5.1.png new file mode 100644 index 0000000..3976e29 Binary files /dev/null and b/servers/haveno-client-f2f/5.1.png differ diff --git a/servers/haveno-client-f2f/5.2.png b/servers/haveno-client-f2f/5.2.png new file mode 100644 index 0000000..5c3d8da Binary files /dev/null and b/servers/haveno-client-f2f/5.2.png differ diff --git a/servers/haveno-client-f2f/6.png b/servers/haveno-client-f2f/6.png new file mode 100644 index 0000000..ca5056a Binary files /dev/null and b/servers/haveno-client-f2f/6.png differ diff --git a/servers/haveno-client-f2f/7.png b/servers/haveno-client-f2f/7.png new file mode 100644 index 0000000..4eff73e Binary files /dev/null and b/servers/haveno-client-f2f/7.png differ diff --git a/servers/haveno-client-f2f/8.png b/servers/haveno-client-f2f/8.png new file mode 100644 index 0000000..8937459 Binary files /dev/null and b/servers/haveno-client-f2f/8.png differ diff --git a/servers/haveno-client-f2f/9.png b/servers/haveno-client-f2f/9.png new file mode 100644 index 0000000..63dac1d Binary files /dev/null and b/servers/haveno-client-f2f/9.png differ diff --git a/servers/haveno-client-f2f/index.html b/servers/haveno-client-f2f/index.html new file mode 100644 index 0000000..180fe9f --- /dev/null +++ b/servers/haveno-client-f2f/index.html @@ -0,0 +1,435 @@ + + + + + + + + + + + Haveno DEX Direct Fiat to Monero transactions + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-05-14

+

Haveno DEX Direct Fiat to Monero transactions

+ +

In this tutorial we're going to cover how to do a Fiat to Monero trade from the brand new (and long awaited!) Haveno Decentralised Exchange, using the Face-to-Face (F2F) payment method.

+ +

Sidenote: i don't recommend face-to-face as a payment option of choice, this is just to try out how a basic trade Haveno DEX works!

+

Before reading through this tutorial, make sure you understand why Decentralised Exchanges are the next step in Decentralised Finances in this blogpost i previously made, so that you have all the context.

+

As we are covering a DEX (Decentralised Exchange), it means we are not covering how to use a website onto which you are purchasing monero (like the now defunct Localmonero (RIP)), we are covering a software that you install on your computer (hence the Decentralisation in "DEX"), to trade Peer to Peer (P2P) with the other users.

+ +

The resilliency of Haveno is on multiple levels: First of all the more Seed nodes there are, the harder to take down the Haveno network is. The anonymity provided by the Tor network of Haveno for all nodes (which is on by default), also adds up to the resiliency.

+

Clientside, the more peers (users) there are, the more diverse and bigger the exchange will be, and so will the decentralised market be at large. The sooner the Monero market moves to Decentralised Exchanges, the more unstoppable it will become.

+

Lastly if the Haveno network is completely taken down (let's say if all the seed nodes are taken down somehow), all that's left is for another administrator to spin up a new haveno network since the code is all open source, to repeat the cycle again.

+

You can check out my quick coverage of Haveno DEX on Monero Topia here. (Definitely check out MoneroTopia for the latest news in the Monero world, awesome show!)

+

DISCLAIMER: THERE ARE NO OFFICIAL HAVENO NETWORK INSTANCES, THERE ARE ONLY THIRD PARTY HAVENO NETWORKS LIKE HAVENO RETO.

+

IF YOU SEE A HAVENO CLAIM TO BE THE OFFICIAL NETWORK LIKE THIS ONE, DONT FALL FOR THEIR SCAM!

+ +
+
+
+
+ + +
+
+
+
+

How to install Haveno ?

+

First, we need to find a Haveno Network, Haveno Reto being one of the first ones to show up, we're going to try them out:

+

Let's get the Haveno binaries from Reto's github repository, (which was forked from the original Haveno repository, maintained by Woodser)

+ +

For Debian Users

+

Here, we are on a debian machine, so we download the ubuntu package (which contains the .deb and .rpm file)

+ +

For Arch Linux Users

+

You can either extract the .rpm (which is originally intended for Fedora users) package and run the haveno binary yourself, or use the AUR package maintained by duje

+

For Windows Users

+

If you are a windows user (know that it cant be trusted as it's not an open source operating system, check out my tutorial here on how to install linux instead), if you're too lazy you can check out darknetreporter's tutorial:

+ +

For Debian Users

+

Back on Debian (note: these instructions are the same if you are on Whonix!), the zip package is downloaded:

+ +

Then unpack the zipfile wherever you want:

+

+[ mainpc ] [ /dev/pts/5 ] [~]
+→ unzip ~/Downloads/HavenoInstaller-ubuntu-latest.zip -d ~/Documents/
+Archive:  /home/nihilist/Downloads/HavenoInstaller-ubuntu-latest.zip
+  inflating: /home/nihilist/Documents/desktop-1.0.3-SNAPSHOT-all.jar.SHA-256
+  inflating: /home/nihilist/Documents/haveno-1.0.3-1.x86_64.rpm
+  inflating: /home/nihilist/Documents/haveno_1.0.3-1_amd64.deb
+
+[ mainpc ] [ /dev/pts/5 ] [~]
+→ cd ~/Documents/haveno-reto
+
+[ mainpc ] [ /dev/pts/5 ] [~/Documents/haveno-reto]
+→ ls
+desktop-1.0.3-SNAPSHOT-all.jar.SHA-256  haveno_1.0.3-1_amd64.deb  haveno-1.0.3-1.x86_64.rpm
+
+
+

Here since we are currently on a debian machine, we're going to use the .deb file to install haveno, as follows:

+

+[ mainpc ] [ /dev/pts/1 ] [~/Documents/haveno-reto]
+→ sudo dpkg -i haveno_1.0.3-1_amd64.deb
+[sudo] password for nihilist:
+Selecting previously unselected package haveno.
+(Reading database ... 214512 files and directories currently installed.)
+Preparing to unpack haveno_1.0.3-1_amd64.deb ...
+Unpacking haveno (1.0.3-1) ...
+Setting up haveno (1.0.3-1) ...
+
+#if it fails, run "apt install -f" to install the missing dependencies and then dpkg -i haveno.deb again.
+
+
+

If you previously used haveno, make sure you delete the folder in ~/.local/share/Haveno-reto as follows, to clear up all the previous wallet infos

+

+[ mainpc ] [ /dev/pts/1 ] [~/Documents/haveno-reto]
+→ rm -rf ~/.local/share/Haveno-reto
+
+
+

if you want to see the haveno logs from the CLI as you use it, you can do as follows:

+

+[ mainpc ] [ /dev/pts/6 ] [~/Nextcloud/blog]
+→ cd ~/.local/share/Haveno-reto
+
+[ mainpc ] [ /dev/pts/6 ] [.local/share/Haveno-reto]
+→ ls
+haveno.log  haveno.properties  monerod  monero-wallet-rpc  monero-wallet-rpc.log  version  xmr_mainnet
+
+[ mainpc ] [ /dev/pts/6 ] [.local/share/Haveno-reto]
+→ tail -f haveno.log
+May-29 20:55:23.829 [pool-16-thread-5] INFO  h.c.t.TaskRunner: Run task: SendOfferAvailabilityRequest
+May-29 20:55:23.830 [pool-16-thread-5] INFO  h.c.o.a.t.SendOfferAvailabilityRequest: Send OfferAvailabilityRequest with offerId mqbtqDh-1ec9fa64-e5e7-4766-9936-519951bc5f36-106 and uid d85caa9c-840c-45eb-8642-4cb12828fc93 to peer rlrsc6nfqbvqhly3qjcb36qzvw44xnxqhcht3nqndy324ewg4dut4iqd.onion:9999
+May-29 20:55:23.930 [JavaFX Application Thread] INFO  h.c.o.a.t.SendOfferAvailabilityRequest: OfferAvailabilityRequest arrived at peer: offerId=mqbtqDh-1ec9fa64-e5e7-4766-9936-519951bc5f36-106; uid=d85caa9c-840c-45eb-8642-4cb12828fc93
+May-29 20:55:25.292 [JavaFX Application Thread] INFO  h.d.c.c.c.PopOver: hide:200.0 ms
+May-29 20:55:25.903 [pool-48-thread-1] INFO  h.c.o.a.OfferAvailabilityProtocol: Received OfferAvailabilityResponse from rlrsc6nfqbvqhly3qjcb36qzvw44xnxqhcht3nqndy324ewg4dut4iqd.onion:9999 with offerId mqbtqDh-1ec9fa64-e5e7-4766-9936-519951bc5f36-106 and uid 986ee04a-47d2-4303-a9fc-12d18cc158ce
+May-29 20:55:25.905 [pool-48-thread-1] INFO  h.c.t.TaskRunner: Run task: ProcessOfferAvailabilityResponse
+May-29 20:55:25.905 [pool-48-thread-1] INFO  h.c.o.a.OfferAvailabilityProtocol: Send AckMessage for OfferAvailabilityResponse to peer rlrsc6nfqbvqhly3qjcb36qzvw44xnxqhcht3nqndy324ewg4dut4iqd.onion:9999 with offerId mqbtqDh-1ec9fa64-e5e7-4766-9936-519951bc5f36-106 and sourceUid 986ee04a-47d2-4303-a9fc-12d18cc158ce
+May-29 20:55:25.907 [JavaFX Application Thread] INFO  h.c.o.a.OfferAvailabilityProtocol: AckMessage for OfferAvailabilityResponse arrived at makersNodeAddress rlrsc6nfqbvqhly3qjcb36qzvw44xnxqhcht3nqndy324ewg4dut4iqd.onion:9999. offerId=mqbtqDh-1ec9fa64-e5e7-4766-9936-519951bc5f36-106, sourceUid=986ee04a-47d2-4303-a9fc-12d18cc158ce
+May-29 20:55:26.108 [pool-48-thread-1] INFO  h.c.o.OpenOfferManager: Received AckMessage for OfferAvailabilityRequest with offerId mqbtqDh-1ec9fa64-e5e7-4766-9936-519951bc5f36-106 and uid d85caa9c-840c-45eb-8642-4cb12828fc93
+May-29 20:55:27.427 [JavaFX Application Thread] INFO  h.d.c.c.c.PopOver: hide:200.0 ms
+
+
+

next just launch Haveno as it should have been added to your system:

+ + +

For Whonix Users: use tor bridges to make Haveno connect!

+

Next, haveno is going to connect to Tor. WHONIX USERS: If it is facing issues connecting wait for the client to ask you to set the tor settings:

+ +

then just get a torbridge from torproject.org:

+ +

and add them inside haveno, and restart it:

+ +

Then it should connect just fine:

+ +

you may need to wait a bit for your haveno node to sync up initially: (probably 1-2 minutes)

+ +

and once it finishes synchronising, you're in Haveno!

+ +

For Tails OS Users: Use BrandyJson's Script!

+

If you want to have a TailsOS VM running, check out my latest tutorial on it here.

+

Download the latest haveno package just like on debian, then put it in the persistant storage:

+

+amnesia@amnesia:~$ mv ~/Tor\ Browser/haveno_1.0.7-1_amd64.zip ~/Persistent/
+amnesia@amnesia:~$ cd Persistent/
+amnesia@amnesia:~/Persistent$ ls -lash
+total 266M
+4.0K drwx------  3 amnesia amnesia 4.0K Jun 14 09:58  .
+   0 drwx------ 24 amnesia amnesia  600 Jun 14 09:19  ..
+266M -rw-r--r--  1 amnesia amnesia 266M Jun 14 09:57  haveno_1.0.7-1_amd64.zip
+
+amnesia@amnesia:~/Persistent$ sudo apt install unzip
+
+amnesia@amnesia:~/Persistent$ unzip haveno_1.0.7-1_amd64.zip 
+Archive:  haveno_1.0.7-1_amd64.zip
+  inflating: desktop-1.0.7-SNAPSHOT-all.jar.SHA-256  
+  inflating: haveno_1.0.7-1_amd64.deb  
+
+
+ +

Then we can use BrandyJson's script to install haveno on tails:

+

+amnesia@amnesia:~/Persistent$ wget https://raw.githubusercontent.com/BrandyJSon/haveno-install-tails/main/haveno-install.sh
+--2024-06-14 10:29:07--  https://raw.githubusercontent.com/BrandyJSon/haveno-install-tails/main/haveno-install.sh
+Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133
+Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 3393 (3.3K) [text/plain]
+Saving to: \u2018haveno-install.sh\u2019
+
+haveno-install.sh                                    100%[=====================================================================================================================>]   3.31K  14.3KB/s    in 0.2s    
+
+2024-06-14 10:29:09 (14.3 KB/s) - \u2018haveno-install.sh\u2019 saved [3393/3393]
+
+amnesia@amnesia:~/Persistent$ vim haveno-install.sh  #review the script, and change the dpkg -i line with the correct haveno version if it has changed
+
+
+

Be aware that this is not an official way of installing haveno on Tails, it's going barbaric on apparmor and the security model of tails, later on, there will be a better way to install haveno on Tails OS

+

+#if the bashscript contains '\r' characters , do the following:
+amnesia@amnesia:~/Persistent$ tr -d '\r' < haveno-install.sh  > haveno-install.sh
+
+#then install it:
+amnesia@amnesia:~/Persistent$ sudo bash haveno-install.sh 
+[sudo] password for amnesia:          
+
+Selecting previously unselected package haveno.
+(Reading database ... 148641 files and directories currently installed.)
+Preparing to unpack .../haveno_1.0.7-1_amd64.deb ...
+Unpacking haveno (1.0.7-1) ...
+Setting up haveno (1.0.7-1) ...
+Allowing amnesia to read tor control port cookie, only run this script when you actually want to use haveno
+
+!!! not secure !!!
+
+Updating apparmor-profile
+Adding rule to iptables to allow for monero-wallet-rpc to work
+Updating torsocks to allow for inbound connection
+Restarting onion-grater service
+Everything is set up just run
+
+source ~/.bashrc
+
+Then you can start haveno using haveno-tails
+
+amnesia@amnesia:~/Persistent$ source ~/.bashrc
+amnesia@amnesia:~/Persistent$ haveno-tails
+Jun-14 10:52:51.099 [main] INFO  haveno.common.util.Utilities: System info: os.name=Linux; os.version=6.1.0-21-amd64; os.arch=amd64; sun.arch.data.model=64; JRE=21.0.2+14-LTS (BellSoft); JVM=21.0.2+14-LTS (OpenJDK 64-Bit Server VM) 
+Jun-14 10:52:51.120 [main] INFO  haveno.common.app.AsciiLogo: 
+
+                                                                                                              
+                                                                                                              
+                                                                                                              
+                                                   0X                                                         
+                                              OOdolcck                                                        
+                                       KXKNN0occcccccck:   :Kxxk0d                                            
+                                     klccccccccccccccccck0xcccccccxK'                                         
+                                    xccccccccccccccclOKKOocccccccccclxK                                       
+                                  .xccccccccccccccclWMMMMMd:::::::::ccco                                      
+                                 'dccccccc:::cccccclWMMMMMo:::::::::::cc;                                     
+                                ,occccc:::::::::::::cxO0kl:::::::::::::cd                                     
+                               ;occccc:::::cddddddc;;;;;;;;:ddddddl:::::coldOK                                
+                              :occccc::::::xMMMMMMo,,,,,,,,cMMMMMMk::::::cccccoOc                             
+                             llccccc:::::;;dMMMMMMo,,,,,,,,cMMMMMMk:::::::cccccc,                             
+                             'cccccc::::;,,dMMMMMMl'''''',,cMMMMMMk::::::::ccccc.                             
+                             .cccccc::::,,,dMMMMMMo'''''',,cMMMMMMk::::::::ccccc                              
+                              :ccccc:::::;;dMMMMMM0xxxxxxxxOMMMMMMk::::::::ccc'                               
+                              ;ccccc:::::::xMMMMMMMMMMMMMMMMMMMMMMk::::::ccccco                               
+                              'ccccc:::::::xMMMMMMMMMMMMMMMMMMMMMMk:::::ccccccco                              
+                              .ccccccc:::::xMMMMMMd::::::::oMMMMMMk:::::ccccccc                               
+                               :cccccccc:::xMMMMMMo,,,,,,,,cMMMMMMk:::::cccccc                                
+                                cccccccccc:xMMMMMMo,,,,,,,,cMMMMMMk::::cccccc                                 
+                                :ccccccccccxMMMMMMo,,,,,,,,cMMMMMMO:cccccccc                                  
+                                 ccccccccccxMMMMMMd;;;;;;;:lMMMMMMOcccccccc                                   
+                                    ccccccclooooooc::::::::cddddddlcccccc:                                    
+                                      .ccccc::::::::::::::ccccccccccccccc                                     
+                                         :cccc:::::::::::ccccccccccccc                                        
+                                           .cccc:::::::ccccccccccc,                                           
+                                              'ccccccccccccc.                                                 
+                                                  ;ccccc:                                                     
+                                                                                                              
+                                                                                                              
+                                                                                                              
+                                                                                                              
+                 .XXX.   .XXX.    .XXXk  dXX0     ;XXX.KXXXXXX, xXX0     :XX0    ,XK000KK                     
+                 .ccc.   .ccc.    xccccc  ;cco   .occ. ccccccc. :cccdo   ;cc:  oxlccccccco0.                  
+                 .ccc.   .ccc.   dcc'ccl.  :ccl  dcc.  ccc'     :cccccO. ;cc: lccc      'ccd                  
+                 .ccclllllccc.  ccc: .ccx  .ccl,dcc'   cccllll. :cc, ccox;cc: :cc:      .ccc.                 
+                 .ccc     ccc. 'lccl0kcccd  .cclcc,    ccc.     :cc;  .ccocc: .ccco     kcc:                  
+                 .ccc.   .ccc. dcc.    :ccl  .ccc;     cccd000' :cc;    cccc:   cccxO0kocc,                   
+                                                                                   :ccc.        
+
+ + + +
+
+
+
+ +
+
+
+
+

Fiat for Monero, Face to Face Trade



+

First step is to setup your account for Face to Face Trades:

+ +

Here we specify that we want to do face to face trades in Berlin (Germany) as an example, we will use our FIAT currency, Euros (in cash), you can also specify alternative ways to get contacted if you don't like the built in chat in Haveno DEX, such as email or phone number, etc. Then hit the "save new account" button:

+ +

Make sure you read carefully what a face-to-face fiat->XMR trade is, and what are it's risks, if you're fine with it, click "i understand". Now that your account is created, head over to the "Buy" section, as you want to buy monero:

+ + +

Then you can publish a Fiat->XMR face to face trade offer like so:

+ +

So here we want to purchase 0.10 XMR, for the current market price, which amounts to 12 euros. then hit next step:

+

Now here is when we get introduced to the trade protocol's security deposit system as detailed in the Haveno FAQ. I'll make a simple diagram to explain the situation:

+

+Quote from Haveno's FAQ: (https://haveno.exchange/faq/#what-are-the-differences-in-the-trade-protocol) 
+
+[...]
+
+Bisq recently adopted a protocol based on 2/2 multisig, while Haveno will use their previous protocol: 2/3 multisignature. In a 2/3 multisignature trade, each trader owns one key; this key will be paired with the key of the other trader and will be used to unlock funds and deposits. It’s a 2 of 3 (2/3) protocol because you need only two out of three keys to move funds from the multisignature wallet.
+
+If everything goes fine, the two traders will use their keys to complete the transfer process. If something goes wrong, one of the two parties won’t use their key to complete the transaction, and this is where the arbitrator comes to action.
+
+Arbitrators are inherited from Bisq’s 2/3 protocol. They are a trusted role and have the duty of releasing the funds to one of the two parties in case of a conflict. To do so, they use the third key of the 2/3 multisig protocol.
+
+[...]
+
+
+ +

To make it short, you (Bob) in this case, want to trade Fiat, for Alice's XMR, in person. BOTH you and Alice need to put in some monero into the trade, as a security deposit. That is so in case if you try to scam Alice, you will loose something in the process, preventing you from trying to repeatedly scam people, and vice versa.

+

Due to the 2/3 multisig nature of the trade, there needs to be at least 2 agreeing parties to complete the trade. If all goes well, you and Alice agree on the trade, and the security deposit monero is released. If not, the Arbitrator will step in to punish the wrongdoer (by not giving him the security deposit back), and give the security deposit to the honest party.

+

The following example will cover a successful trade between you and Alice. If you want to see a trade dispute, check out this tutorial.

+ +

So here, you need to send the security deposit to be able to post your buying offer, just send it from your monero wallet like so:

+ +

Once you've sent the monero to your haveno trade for the security deposit, you need to wait approx 20 minutes for the transaction to be confirmed by the network

+ +

Approx 20 mins later, the trade shows up as enabled:

+Bob: puts 0.1005 XMR into the trade for the security deposit, + +

You (and the other haveno peers) can see it from the Sell tab:

+ +

Here you just need to wait for someone to accept the trade. Once they do, they will need to send their share of the security deposit too just like we previously did. Once they do it will show up on your end as an initiated trade:

+Alice puts 0.1005 XMR into the trade for the security deposit. Then the trade is secured + +

Same as before, you need to wait for the security deposit to be validated by the network (approx 20 mins again). In the meantime you can chat with the trader by clicking the "Open Trader Chat" button.

+ +

Once the security deposit has been validated by the network for the other party, you will get a notification that the trade can begin:

+ +

Next step is for you to go and give the 12 Euros to Alice, and once you do, you confirm that the Payment has been sent like so:

+ +

Then, you wait for Alice to confirm that she has recieved the 12 Euros (it will show up as "Peer confirmed message receipt"):

+ + Alice can then send the 0.10 XMR to Bob, after Bob Pays her in Euros. +

Then here, you just wait for the Monero to arrive in your Haveno monero wallet, it will first show up as Pending on the top right corner:

+ +

Wait another 20 minutes for the transaction to be validated by the network, and it will show up in your Haveno monero wallet as Available balance:

+ The trade is successful, the security deposit is now released, Bob gets his 0.1005 XMR back, and Alice too. (minus the transcation fees and arbitrator fees) + +

And that's it, you can now pop the Champagne as you completed your first Fiat -> XMR transaction on a Decentralised exchange! 🥂

+ +
+
+
+
+ + + +
+
+
+
+

Withdrawing your Monero from Haveno to another Wallet



+

Now all that's left is to withdraw your monero from your Haveno monero wallet to your other Monero Wallet:

+ +

Head over to Funds > send funds, tick the "Amounts includes mining fee" option, and select the amount of monero you want to withdraw, in this case i'm withdrawing all of it.

+ +

Then confirm that you want to withdraw the funds, and check your monero wallet for the incoming transaction:

+ +

And that's it! you just withdrew your funds to your other monero wallet!

+ +

Check out my other tutorials on Decentralised Finances below:

+
    +
  1. ✅ How to acquire and use Monero
  2. +
  3. ✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
  4. +
  5. ✅ Haveno DEX Dispute resolution (Fiat -> XMR)
  6. +
  7. ✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
  8. +
  9. ✅ Haveno DEX Cash By Mail -> XMR transaction ⭐

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/haveno-client/1.png b/servers/haveno-client/1.png new file mode 100644 index 0000000..49bf502 Binary files /dev/null and b/servers/haveno-client/1.png differ diff --git a/servers/haveno-client/10.png b/servers/haveno-client/10.png new file mode 100644 index 0000000..48d7dde Binary files /dev/null and b/servers/haveno-client/10.png differ diff --git a/servers/haveno-client/11.png b/servers/haveno-client/11.png new file mode 100644 index 0000000..77dad8e Binary files /dev/null and b/servers/haveno-client/11.png differ diff --git a/servers/haveno-client/12.png b/servers/haveno-client/12.png new file mode 100644 index 0000000..35d5b01 Binary files /dev/null and b/servers/haveno-client/12.png differ diff --git a/servers/haveno-client/2.png b/servers/haveno-client/2.png new file mode 100644 index 0000000..76b2b68 Binary files /dev/null and b/servers/haveno-client/2.png differ diff --git a/servers/haveno-client/3.png b/servers/haveno-client/3.png new file mode 100644 index 0000000..df460eb Binary files /dev/null and b/servers/haveno-client/3.png differ diff --git a/servers/haveno-client/4.png b/servers/haveno-client/4.png new file mode 100644 index 0000000..b44c551 Binary files /dev/null and b/servers/haveno-client/4.png differ diff --git a/servers/haveno-client/5.png b/servers/haveno-client/5.png new file mode 100644 index 0000000..3e65335 Binary files /dev/null and b/servers/haveno-client/5.png differ diff --git a/servers/haveno-client/6.png b/servers/haveno-client/6.png new file mode 100644 index 0000000..1a36ba3 Binary files /dev/null and b/servers/haveno-client/6.png differ diff --git a/servers/haveno-client/7.png b/servers/haveno-client/7.png new file mode 100644 index 0000000..ec5aee6 Binary files /dev/null and b/servers/haveno-client/7.png differ diff --git a/servers/haveno-client/8.png b/servers/haveno-client/8.png new file mode 100644 index 0000000..8a0a6b5 Binary files /dev/null and b/servers/haveno-client/8.png differ diff --git a/servers/haveno-client/9.png b/servers/haveno-client/9.png new file mode 100644 index 0000000..10c0091 Binary files /dev/null and b/servers/haveno-client/9.png differ diff --git a/servers/haveno-client/index.html b/servers/haveno-client/index.html new file mode 100644 index 0000000..edf3188 --- /dev/null +++ b/servers/haveno-client/index.html @@ -0,0 +1,345 @@ + + + + + + + + + + + Haveno Client Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-05-13

+

Haveno Client Setup

+

In this tutorial we're going to cover how to use Haveno from a client/user perspective.

+ +
+
+
+
+ + +
+
+
+
+

Initial Setup

+

let's follow the steps listed here to build haveno

+

+
+[ mainpc ] [ /dev/pts/2 ] [~/Documents]
+→ cd /tmp
+
+[ mainpc ] [ /dev/pts/2 ] [/tmp]
+→ wget https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.deb
+
+[ mainpc ] [ /dev/pts/2 ] [/tmp]
+→ sudo dpkg -i jdk-21_linux-x64_bin.deb
+
+[ mainpc ] [ /dev/pts/2 ] [/tmp]
+→ java --version
+java 21.0.3 2024-04-16 LTS
+Java(TM) SE Runtime Environment (build 21.0.3+7-LTS-152)
+Java HotSpot(TM) 64-Bit Server VM (build 21.0.3+7-LTS-152, mixed mode, sharing)
+
+
+[ mainpc ] [ /dev/pts/2 ] [/tmp]
+→ cd -
+
+[ mainpc ] [ /dev/pts/2 ] [~/Documents]
+→ git clone https://github.com/haveno-dex/haveno.git
+Cloning into 'haveno'...
+remote: Enumerating objects: 36625, done.
+remote: Counting objects: 100% (2187/2187), done.
+remote: Compressing objects: 100% (896/896), done.
+remote: Total 36625 (delta 994), reused 2031 (delta 931), pack-reused 34438
+Receiving objects: 100% (36625/36625), 28.79 MiB | 1.92 MiB/s, done.
+Resolving deltas: 100% (22579/22579), done.
+
+[ mainpc ] [ /dev/pts/2 ] [~/Documents]
+→ cd haveno
+
+[ mainpc ] [ /dev/pts/2 ] [~/Documents/haveno]
+→ git checkout master
+Already on 'master'
+Your branch is up to date with 'origin/master'.
+
+[ mainpc ] [ /dev/pts/2 ] [~/Documents/haveno]
+→ make skip-tests
+mkdir -p .localnet
+./gradlew build -x test -x checkstyleMain -x checkstyleTest
+Starting a Gradle Daemon, 1 incompatible Daemon could not be reused, use --status for details
+
+> Task :cli:compileJava
+Note: /home/nihilist/Documents/haveno/cli/src/main/java/haveno/cli/CliMain.java uses or overrides a deprecated API.
+Note: Recompile with -Xlint:deprecation for details.
+
+> Task :common:compileJava
+Note: Some input files use or override a deprecated API.
+Note: Recompile with -Xlint:deprecation for details.
+Note: Some input files use unchecked or unsafe operations.
+Note: Recompile with -Xlint:unchecked for details.
+
+> Task :p2p:compileJava
+Note: Some input files use or override a deprecated API.
+Note: Recompile with -Xlint:deprecation for details.
+
+[...]
+
+
+> Task :relay:compileJava
+Note: /home/nihilist/Documents/haveno/relay/src/main/java/haveno/relay/RelayMain.java uses or overrides a deprecated API.
+Note: Recompile with -Xlint:deprecation for details.
+
+Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.
+
+You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
+
+For more on this, please refer to https://docs.gradle.org/8.6/userguide/command_line_interface.html#sec:command_line_warnings in the Gradle documentation.
+
+BUILD SUCCESSFUL in 2m 20s
+81 actionable tasks: 78 executed, 3 up-to-date
+	
+
+ +

Now that's done, let's join the public test network:

+

+[ mainpc ] [ /dev/pts/2 ] [~/Documents/haveno]
+→ make user1-desktop-stagenet
+./haveno-desktop \
+        --baseCurrencyNetwork=XMR_STAGENET \
+        --useLocalhostForP2P=false \
+        --useDevPrivilegeKeys=false \
+        --nodePort=9999 \
+        --appName=haveno-XMR_STAGENET_user1 \
+        --apiPassword=apitest \
+        --apiPort=3201 \
+        --useNativeXmrWallet=false \
+
+WARNING: Unknown module: javafx.controls specified to --add-opens
+WARNING: Unknown module: javafx.controls specified to --add-opens
+WARNING: Unknown module: javafx.graphics specified to --add-opens
+May-13 19:39:41.967 [main] INFO  haveno.common.util.Utilities: System info: os.name=Linux; os.version=6.1.0-20-amd64; os.arch=amd64; sun.arch.data.model=64; JRE=21.0.3+7-LTS-152 (Oracle Corporation); JVM=21.0.3+7-LTS-152 (Java HotSpot(TM) 64-Bit Server VM)
+May-13 19:39:41.990 [main] INFO  haveno.common.app.AsciiLogo:
+
+
+
+
+                                                   0X
+                                              OOdolcck
+                                       KXKNN0occcccccck:   :Kxxk0d
+                                     klccccccccccccccccck0xcccccccxK'
+                                    xccccccccccccccclOKKOocccccccccclxK
+                                  .xccccccccccccccclWMMMMMd:::::::::ccco
+                                 'dccccccc:::cccccclWMMMMMo:::::::::::cc;
+                                ,occccc:::::::::::::cxO0kl:::::::::::::cd
+                               ;occccc:::::cddddddc;;;;;;;;:ddddddl:::::coldOK
+                              :occccc::::::xMMMMMMo,,,,,,,,cMMMMMMk::::::cccccoOc
+                             llccccc:::::;;dMMMMMMo,,,,,,,,cMMMMMMk:::::::cccccc,
+                             'cccccc::::;,,dMMMMMMl'''''',,cMMMMMMk::::::::ccccc.
+                             .cccccc::::,,,dMMMMMMo'''''',,cMMMMMMk::::::::ccccc
+                              :ccccc:::::;;dMMMMMM0xxxxxxxxOMMMMMMk::::::::ccc'
+                              ;ccccc:::::::xMMMMMMMMMMMMMMMMMMMMMMk::::::ccccco
+                              'ccccc:::::::xMMMMMMMMMMMMMMMMMMMMMMk:::::ccccccco
+                              .ccccccc:::::xMMMMMMd::::::::oMMMMMMk:::::ccccccc
+                               :cccccccc:::xMMMMMMo,,,,,,,,cMMMMMMk:::::cccccc
+                                cccccccccc:xMMMMMMo,,,,,,,,cMMMMMMk::::cccccc
+                                :ccccccccccxMMMMMMo,,,,,,,,cMMMMMMO:cccccccc
+                                 ccccccccccxMMMMMMd;;;;;;;:lMMMMMMOcccccccc
+                                    ccccccclooooooc::::::::cddddddlcccccc:
+                                      .ccccc::::::::::::::ccccccccccccccc
+                                         :cccc:::::::::::ccccccccccccc
+                                           .cccc:::::::ccccccccccc,
+                                              'ccccccccccccc.
+                                                  ;ccccc:
+
+
+
+
+                 .XXX.   .XXX.    .XXXk  dXX0     ;XXX.KXXXXXX, xXX0     :XX0    ,XK000KK
+                 .ccc.   .ccc.    xccccc  ;cco   .occ. ccccccc. :cccdo   ;cc:  oxlccccccco0.
+                 .ccc.   .ccc.   dcc'ccl.  :ccl  dcc.  ccc'     :cccccO. ;cc: lccc      'ccd
+                 .ccclllllccc.  ccc: .ccx  .ccl,dcc'   cccllll. :cc, ccox;cc: :cc:      .ccc.
+                 .ccc     ccc. 'lccl0kcccd  .cclcc,    ccc.     :cc;  .ccocc: .ccco     kcc:
+                 .ccc.   .ccc. dcc.    :ccl  .ccc;     cccd000' :cc;    cccc:   cccxO0kocc,
+                                                                                   :ccc.
+
+
+
+
+
+
+
+May-13 19:39:42.009 [main] INFO  haveno.common.app.Version: Version{VERSION=1.0.3, P2P_NETWORK_VERSION=A, LOCAL_DB_VERSION=1, TRADE_PROTOCOL_VERSION=1, BASE_CURRENCY_NETWORK=1, getP2PNetworkId()=1A}
+May-13 19:39:42.009 [main] INFO  haveno.common.setup.CommonSetup: Path to Haveno jar file: /home/nihilist/Documents/haveno/lib/common.jar
+May-13 19:39:42.010 [main] INFO  haveno.common.util.Profiler: Total memory: 66 MB; Used memory: 25.56 MB; Free memory: 40.44 MB; Max memory: 1 GB; No. of threads: 1
+May-13 19:39:42.029 [main] INFO  h.core.setup.CoreNetworkCapabilities: TRADE_STATISTICS [0], TRADE_STATISTICS_2 [1], ACCOUNT_AGE_WITNESS [2], PROPOSAL [5], BLIND_VOTE [6], ACK_MSG [7], BUNDLE_OF_ENVELOPES [10], SIGNED_ACCOUNT_AGE_WITNESS [11], MEDIATION [12], REFUND_AGENT [13], TRADE_STATISTICS_HASH_UPDATE [14], NO_ADDRESS_PRE_FIX [15], TRADE_STATISTICS_3 [16]
+May-13 19:39:42.031 [main] INFO  haveno.core.locale.GlobalSettings: Locale info: en_US
+May 13, 2024 7:39:42 PM com.sun.javafx.application.PlatformImpl startup
+WARNING: Unsupported JavaFX configuration: classes were loaded from 'unnamed module @1de5f259'
+May-13 19:39:42.809 [JavaFX Application Thread] INFO  haveno.core.app.AvoidStandbyModeService: Started -- disabled power management via /usr/bin/gnome-session-inhibit --app-id Haveno --inhibit suspend --reason Avoid Standby --inhibit-only
+May-13 19:39:42.812 [JavaFX Application Thread] INFO  haveno.core.app.HavenoExecutable: Creating Haveno account with null password
+May-13 19:39:43.058 [JavaFX Application Thread] INFO  h.c.n.p2p.seed.DefaultSeedNodeRepository: Seed nodes: [3cqlkowdu766sto5wrdqpntpsi7kezwkkakc532i6jeiyu7hha726ead.onion:3003, dl57jitswby4yhzpqpu7pwq6iyqg2x6vkio73araparbftlqoqxhvqad.onion:2002]
+May-13 19:39:43.620 [JavaFX Application Thread] INFO  haveno.core.provider.ProvidersRepository: Selected price provider: http://elaxlgigphpicy5q7pi5wkz2ko2vgjbq4576vic7febmx4xcxvk6deqd.onion/
+May-13 19:39:43.760 [JavaFX Application Thread] INFO  haveno.desktop.app.HavenoApp: Starting application
+May-13 19:39:43.895 [JavaFX Application Thread] INFO  haveno.core.app.AppStartupState: Combined initialized state = false = updatedDataReceived=false && isBlockDownloadComplete=false && isWalletSynced=false && hasSufficientPeersForBroadcast=false && allDomainServicesInitialized=false
+May-13 19:39:44.867 [JavaFX Application Thread] INFO  haveno.desktop.app.HavenoAppMain: Using JavaFX 21.0.2
+
+	
+
+ +

+ +

+	
+
+
+
+
+
+ +
+
+
+
+

Setup



+

+ +

+	
+
+ +

+ +

+	
+
+ +

+ +

+	
+
+ +
+
+
+
+ + + +
+
+
+
+

Setup



+

+

+	
+
+ +

+

+	
+
+ +

+

+	
+
+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/haveno-sepa/0.1.png b/servers/haveno-sepa/0.1.png new file mode 100644 index 0000000..e4ada3e Binary files /dev/null and b/servers/haveno-sepa/0.1.png differ diff --git a/servers/haveno-sepa/0.png b/servers/haveno-sepa/0.png new file mode 100644 index 0000000..c031b77 Binary files /dev/null and b/servers/haveno-sepa/0.png differ diff --git a/servers/haveno-sepa/1.png b/servers/haveno-sepa/1.png new file mode 100644 index 0000000..3a38426 Binary files /dev/null and b/servers/haveno-sepa/1.png differ diff --git a/servers/haveno-sepa/10.png b/servers/haveno-sepa/10.png new file mode 100644 index 0000000..a7e6f57 Binary files /dev/null and b/servers/haveno-sepa/10.png differ diff --git a/servers/haveno-sepa/11.png b/servers/haveno-sepa/11.png new file mode 100644 index 0000000..f59f6e1 Binary files /dev/null and b/servers/haveno-sepa/11.png differ diff --git a/servers/haveno-sepa/12.png b/servers/haveno-sepa/12.png new file mode 100644 index 0000000..4aa6e23 Binary files /dev/null and b/servers/haveno-sepa/12.png differ diff --git a/servers/haveno-sepa/13.png b/servers/haveno-sepa/13.png new file mode 100644 index 0000000..c5d8c77 Binary files /dev/null and b/servers/haveno-sepa/13.png differ diff --git a/servers/haveno-sepa/14.1.png b/servers/haveno-sepa/14.1.png new file mode 100644 index 0000000..7163442 Binary files /dev/null and b/servers/haveno-sepa/14.1.png differ diff --git a/servers/haveno-sepa/14.png b/servers/haveno-sepa/14.png new file mode 100644 index 0000000..58cec6d Binary files /dev/null and b/servers/haveno-sepa/14.png differ diff --git a/servers/haveno-sepa/15.png b/servers/haveno-sepa/15.png new file mode 100644 index 0000000..cd5e2cf Binary files /dev/null and b/servers/haveno-sepa/15.png differ diff --git a/servers/haveno-sepa/16.png b/servers/haveno-sepa/16.png new file mode 100644 index 0000000..c0e9285 Binary files /dev/null and b/servers/haveno-sepa/16.png differ diff --git a/servers/haveno-sepa/17.png b/servers/haveno-sepa/17.png new file mode 100644 index 0000000..d21b1f0 Binary files /dev/null and b/servers/haveno-sepa/17.png differ diff --git a/servers/haveno-sepa/18.png b/servers/haveno-sepa/18.png new file mode 100644 index 0000000..340c990 Binary files /dev/null and b/servers/haveno-sepa/18.png differ diff --git a/servers/haveno-sepa/19.png b/servers/haveno-sepa/19.png new file mode 100644 index 0000000..b2ef9e5 Binary files /dev/null and b/servers/haveno-sepa/19.png differ diff --git a/servers/haveno-sepa/2.png b/servers/haveno-sepa/2.png new file mode 100644 index 0000000..fbcf48d Binary files /dev/null and b/servers/haveno-sepa/2.png differ diff --git a/servers/haveno-sepa/20.png b/servers/haveno-sepa/20.png new file mode 100644 index 0000000..4ed2e44 Binary files /dev/null and b/servers/haveno-sepa/20.png differ diff --git a/servers/haveno-sepa/3.png b/servers/haveno-sepa/3.png new file mode 100644 index 0000000..045e69b Binary files /dev/null and b/servers/haveno-sepa/3.png differ diff --git a/servers/haveno-sepa/4.png b/servers/haveno-sepa/4.png new file mode 100644 index 0000000..b68ec19 Binary files /dev/null and b/servers/haveno-sepa/4.png differ diff --git a/servers/haveno-sepa/5.png b/servers/haveno-sepa/5.png new file mode 100644 index 0000000..b63d682 Binary files /dev/null and b/servers/haveno-sepa/5.png differ diff --git a/servers/haveno-sepa/6.1.png b/servers/haveno-sepa/6.1.png new file mode 100644 index 0000000..b63d682 Binary files /dev/null and b/servers/haveno-sepa/6.1.png differ diff --git a/servers/haveno-sepa/6.2.png b/servers/haveno-sepa/6.2.png new file mode 100644 index 0000000..dc8874b Binary files /dev/null and b/servers/haveno-sepa/6.2.png differ diff --git a/servers/haveno-sepa/6.png b/servers/haveno-sepa/6.png new file mode 100644 index 0000000..dc8874b Binary files /dev/null and b/servers/haveno-sepa/6.png differ diff --git a/servers/haveno-sepa/7.png b/servers/haveno-sepa/7.png new file mode 100644 index 0000000..f66ebb9 Binary files /dev/null and b/servers/haveno-sepa/7.png differ diff --git a/servers/haveno-sepa/8.1.png b/servers/haveno-sepa/8.1.png new file mode 100644 index 0000000..f03360a Binary files /dev/null and b/servers/haveno-sepa/8.1.png differ diff --git a/servers/haveno-sepa/8.2.png b/servers/haveno-sepa/8.2.png new file mode 100644 index 0000000..46e5547 Binary files /dev/null and b/servers/haveno-sepa/8.2.png differ diff --git a/servers/haveno-sepa/8.3.png b/servers/haveno-sepa/8.3.png new file mode 100644 index 0000000..62e4096 Binary files /dev/null and b/servers/haveno-sepa/8.3.png differ diff --git a/servers/haveno-sepa/8.4.png b/servers/haveno-sepa/8.4.png new file mode 100644 index 0000000..36fc389 Binary files /dev/null and b/servers/haveno-sepa/8.4.png differ diff --git a/servers/haveno-sepa/8.5.png b/servers/haveno-sepa/8.5.png new file mode 100644 index 0000000..6d142be Binary files /dev/null and b/servers/haveno-sepa/8.5.png differ diff --git a/servers/haveno-sepa/8.png b/servers/haveno-sepa/8.png new file mode 100644 index 0000000..1820dc5 Binary files /dev/null and b/servers/haveno-sepa/8.png differ diff --git a/servers/haveno-sepa/9.png b/servers/haveno-sepa/9.png new file mode 100644 index 0000000..6d142be Binary files /dev/null and b/servers/haveno-sepa/9.png differ diff --git a/servers/haveno-sepa/alice.png b/servers/haveno-sepa/alice.png new file mode 100644 index 0000000..b506371 Binary files /dev/null and b/servers/haveno-sepa/alice.png differ diff --git a/servers/haveno-sepa/bob.png b/servers/haveno-sepa/bob.png new file mode 100644 index 0000000..7602a70 Binary files /dev/null and b/servers/haveno-sepa/bob.png differ diff --git a/servers/haveno-sepa/index.html b/servers/haveno-sepa/index.html new file mode 100644 index 0000000..c8ceaae --- /dev/null +++ b/servers/haveno-sepa/index.html @@ -0,0 +1,220 @@ + + + + + + + + + + + Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-05-20

+

Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction

+ +

In this tutorial we're going to cover an instant SEPA transfer (which is a bank transfer) transaction for monero, this is one of the most popular payment options in the EU region. (for more details on how SEPA works, check out this, video). Instant SEPA was a personal favorite of mine back on the now defunct Localmonero, due to the speed of the transanction, the only requirement being that the other peer has a bank account that supports instant SEPA transfers.

+ +

If you want to install Haveno DEX (on the Haveno Reto network) check out this tutorial i previously made.

+

WARNING: SEPA transactions become risky when it starts to become large transactions and volumes over time:

+

+For SEPA, if you do big volume, also expect interrogation from KYC/Compliance department
+From request for SoF/PoI to full on phonecall interrogation, asking about specific groups of transactions
+Varies according to bank: some will ban, others will let you continue
+Once again, with EMIs and online banks they are less lenient, whereas with physical banks you have wiggle-room
+If you do get banned from an EMI/online bank, it is not uncommon to have IBANs associated with your name to be blacklisted (cannot receive from those EMIs/online banks)
+If you get banned from a physical bank, they may put your name on a fraud registry
+
+
+

In short, keep in mind that this may not be a reliable way to purchase monero in the long run especially if you do large transactions each time. (thanks xmrfamily for the infos)

+ + +
+
+
+
+ + +
+
+
+
+

Bob and Alice create their accounts

+ +

First step, you need to create your account in the application, in the account:

+ +

Then hit "Save account", and make sure you read carefully the trade protocol for SEPA bank transfers:

+ +

Currently we're limited to 3 XMR, but gradually over time we're going to be able to do up to 12 XMR trades at once after 60 days signing. This is to reduce chargebacks risks. One thing to note here is that we are able to create multiple sepa for xmr trades, unlike in our previous examples.

+

+ +

Here, Alice creates her account for sepa instant payments on her Haveno DEX, but in contrast to Bob, she wants to only allow payments from her own country (France), as for her, that reduces risks of having to transact to a bank that can't do Instant SEPA transfers:

+ + +
+
+
+
+ +
+
+
+
+

Instant SEPA bank transfer -> XMR Trade



+

Then Alice creates the new Offer to sell her XMR:

+ +

Here Alice wants to sell 0.1014 XMR at current market price (which amounts to 13 euros), and to fund her offer in total she needs to put in 0.201907 XMR as it includes her side of the security deposit.

+ +

Alice uses her monero wallet to fund the offer, and then it shows as pending on her Haveno DEX as Pending:

+ + +

Then once the offer is funded, the offer is enabled, and other peers can see Alice's offer on the Buy section:

+ +

+ +

Now from Bob's point of view, we see Alice's offer here, and we take the offer:

+ +

Bob also funds the offer as we explained here:

+ +

Bob confirms he want to buy monero:

+ + + +

Next, Bob has to pay 13 Euros to the Alice, via a bank transfer (SEPA instant) as he can now see her bank information:

+ +

Sidenote: Tying back to my explanation on why Decentralised exchanges are going to be very costly to an adversary that wants to deanonymize users, the adversary would have to massively fund offers in monero, and loose their side of the security deposit each time, in an attempt to try and regulate the end user directly, that's way harder than just knocking on a centralised exchange owner's door to ask him to / force him to deanonymize his entire userbase for the adversary. This is where the Haveno DEX multiplies potential adversaries' efforts manyfold compared to centralised exchanges.

+

So here Bob can follow this procedure to do the sepa instant transfer; he goes on his banking application to add Alice Liddell as a third-party account using her IBAN (see example IBANs per country in the EU here), and then he sends her the 13 euros as a transaction between private individuals, using the instant transaction feature provided by his Bank.

+ +

Once completed, Bob declares that he has sent payment. and in case if Alice tries to deny that she recieved payment, Bob can take a screenshot to prove that he has sent the payment, from his bank account by clicking on viewing more details on his transaction (checking the receipt). That way, in case if there is a dispute, (meaning if Alice tries to scam Bob), he will be on the right side of arbitration, and the Arbitrator will favor him.

+ +

Back to Alice's side, we see that the trade has been initiated:

+ +

So here Alice checks if she recieved payment on her account from the bank account of Bob (whose name just got revealed as "Bob Marley" with a specific IBAN) As a Buyer (like Bob), don't try to use a fake IBAN and name because the infos you use are going to be required by the XMR seller (Alice) to verify from whom the payment came from. The Arbitrators are likely to favor Alice if you use false banking information.

+ +

Alice just checked her banking application, she recieved payment from Bob Marley, and she clicks "Confirm payment Receipt" to complete the trade.

+ + +

And lastly, Bob gets his Monero without any issue (he needs to wait 20 minutes for the monero to be spendable from his haveno monero wallet):

+ + + +
+
+
+
+ + + +
+
+
+
+

Withdrawing your funds



+

And then he can also withdraw his monero from his Haveno DEX to his other monero wallet like so:

+ + + +

And that's it! We now covered one of the fastest and easiest way people can purchase and sell Monero in the EU region. Coming up next we'll cover how to do the most popular option there was on LocalMonero: Cash by Mail, it is the best option if you intend to exchange in large quantities.

+ +

Check out my other tutorials on Decentralised Finances below:

+
    +
  1. ✅ How to acquire and use Monero
  2. +
  3. ✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
  4. +
  5. ✅ Haveno DEX Dispute resolution (Fiat -> XMR)
  6. +
  7. ✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
  8. +
  9. ✅ Haveno DEX Cash By Mail -> XMR transaction ⭐

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/hypervisorsetup/0.png b/servers/hypervisorsetup/0.png new file mode 100644 index 0000000..c4e135b Binary files /dev/null and b/servers/hypervisorsetup/0.png differ diff --git a/servers/hypervisorsetup/1.png b/servers/hypervisorsetup/1.png new file mode 100644 index 0000000..126bc8e Binary files /dev/null and b/servers/hypervisorsetup/1.png differ diff --git a/servers/hypervisorsetup/10.png b/servers/hypervisorsetup/10.png new file mode 100644 index 0000000..7181fa8 Binary files /dev/null and b/servers/hypervisorsetup/10.png differ diff --git a/servers/hypervisorsetup/11.png b/servers/hypervisorsetup/11.png new file mode 100644 index 0000000..650378d Binary files /dev/null and b/servers/hypervisorsetup/11.png differ diff --git a/servers/hypervisorsetup/12.png b/servers/hypervisorsetup/12.png new file mode 100644 index 0000000..0018773 Binary files /dev/null and b/servers/hypervisorsetup/12.png differ diff --git a/servers/hypervisorsetup/13.png b/servers/hypervisorsetup/13.png new file mode 100644 index 0000000..65737a5 Binary files /dev/null and b/servers/hypervisorsetup/13.png differ diff --git a/servers/hypervisorsetup/2.png b/servers/hypervisorsetup/2.png new file mode 100644 index 0000000..5cba1c7 Binary files /dev/null and b/servers/hypervisorsetup/2.png differ diff --git a/servers/hypervisorsetup/21.png b/servers/hypervisorsetup/21.png new file mode 100644 index 0000000..bcb6fa2 Binary files /dev/null and b/servers/hypervisorsetup/21.png differ diff --git a/servers/hypervisorsetup/22.png b/servers/hypervisorsetup/22.png new file mode 100644 index 0000000..d26cc5c Binary files /dev/null and b/servers/hypervisorsetup/22.png differ diff --git a/servers/hypervisorsetup/23.png b/servers/hypervisorsetup/23.png new file mode 100644 index 0000000..b460c44 Binary files /dev/null and b/servers/hypervisorsetup/23.png differ diff --git a/servers/hypervisorsetup/24.png b/servers/hypervisorsetup/24.png new file mode 100644 index 0000000..dfade64 Binary files /dev/null and b/servers/hypervisorsetup/24.png differ diff --git a/servers/hypervisorsetup/25.png b/servers/hypervisorsetup/25.png new file mode 100644 index 0000000..b74a9ba Binary files /dev/null and b/servers/hypervisorsetup/25.png differ diff --git a/servers/hypervisorsetup/26.png b/servers/hypervisorsetup/26.png new file mode 100644 index 0000000..9c8fb78 Binary files /dev/null and b/servers/hypervisorsetup/26.png differ diff --git a/servers/hypervisorsetup/27.png b/servers/hypervisorsetup/27.png new file mode 100644 index 0000000..1819a47 Binary files /dev/null and b/servers/hypervisorsetup/27.png differ diff --git a/servers/hypervisorsetup/28.png b/servers/hypervisorsetup/28.png new file mode 100644 index 0000000..cd0758f Binary files /dev/null and b/servers/hypervisorsetup/28.png differ diff --git a/servers/hypervisorsetup/29.png b/servers/hypervisorsetup/29.png new file mode 100644 index 0000000..9892e40 Binary files /dev/null and b/servers/hypervisorsetup/29.png differ diff --git a/servers/hypervisorsetup/3.png b/servers/hypervisorsetup/3.png new file mode 100644 index 0000000..076c18c Binary files /dev/null and b/servers/hypervisorsetup/3.png differ diff --git a/servers/hypervisorsetup/30.png b/servers/hypervisorsetup/30.png new file mode 100644 index 0000000..33acbc9 Binary files /dev/null and b/servers/hypervisorsetup/30.png differ diff --git a/servers/hypervisorsetup/31.png b/servers/hypervisorsetup/31.png new file mode 100644 index 0000000..a84adaf Binary files /dev/null and b/servers/hypervisorsetup/31.png differ diff --git a/servers/hypervisorsetup/32.png b/servers/hypervisorsetup/32.png new file mode 100644 index 0000000..84d3ebb Binary files /dev/null and b/servers/hypervisorsetup/32.png differ diff --git a/servers/hypervisorsetup/33.png b/servers/hypervisorsetup/33.png new file mode 100644 index 0000000..869c0e0 Binary files /dev/null and b/servers/hypervisorsetup/33.png differ diff --git a/servers/hypervisorsetup/34.png b/servers/hypervisorsetup/34.png new file mode 100644 index 0000000..72e41af Binary files /dev/null and b/servers/hypervisorsetup/34.png differ diff --git a/servers/hypervisorsetup/35.png b/servers/hypervisorsetup/35.png new file mode 100644 index 0000000..4571c30 Binary files /dev/null and b/servers/hypervisorsetup/35.png differ diff --git a/servers/hypervisorsetup/36.png b/servers/hypervisorsetup/36.png new file mode 100644 index 0000000..b8f71ec Binary files /dev/null and b/servers/hypervisorsetup/36.png differ diff --git a/servers/hypervisorsetup/37.png b/servers/hypervisorsetup/37.png new file mode 100644 index 0000000..1349a85 Binary files /dev/null and b/servers/hypervisorsetup/37.png differ diff --git a/servers/hypervisorsetup/38.png b/servers/hypervisorsetup/38.png new file mode 100644 index 0000000..d305ba4 Binary files /dev/null and b/servers/hypervisorsetup/38.png differ diff --git a/servers/hypervisorsetup/39.png b/servers/hypervisorsetup/39.png new file mode 100644 index 0000000..9bfca86 Binary files /dev/null and b/servers/hypervisorsetup/39.png differ diff --git a/servers/hypervisorsetup/4.png b/servers/hypervisorsetup/4.png new file mode 100644 index 0000000..b9ee7f1 Binary files /dev/null and b/servers/hypervisorsetup/4.png differ diff --git a/servers/hypervisorsetup/5.png b/servers/hypervisorsetup/5.png new file mode 100644 index 0000000..b44e392 Binary files /dev/null and b/servers/hypervisorsetup/5.png differ diff --git a/servers/hypervisorsetup/6.png b/servers/hypervisorsetup/6.png new file mode 100644 index 0000000..bada8d1 Binary files /dev/null and b/servers/hypervisorsetup/6.png differ diff --git a/servers/hypervisorsetup/7.png b/servers/hypervisorsetup/7.png new file mode 100644 index 0000000..926d7c9 Binary files /dev/null and b/servers/hypervisorsetup/7.png differ diff --git a/servers/hypervisorsetup/8.png b/servers/hypervisorsetup/8.png new file mode 100644 index 0000000..42b87db Binary files /dev/null and b/servers/hypervisorsetup/8.png differ diff --git a/servers/hypervisorsetup/9.png b/servers/hypervisorsetup/9.png new file mode 100644 index 0000000..550754f Binary files /dev/null and b/servers/hypervisorsetup/9.png differ diff --git a/servers/hypervisorsetup/999.png b/servers/hypervisorsetup/999.png new file mode 100644 index 0000000..908fb8a Binary files /dev/null and b/servers/hypervisorsetup/999.png differ diff --git a/servers/hypervisorsetup/index.html b/servers/hypervisorsetup/index.html new file mode 100644 index 0000000..fbb3b9f --- /dev/null +++ b/servers/hypervisorsetup/index.html @@ -0,0 +1,261 @@ + + + + + + + + + + + Linux Hypervisor Setup (QEMU/KVM virtualisation) + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-01-29

+

Linux Hypervisor Setup (QEMU/KVM virtualisation)

+ +

In this tutorial we're going to cover how to setup the open source hypervisor QEMU/KVM in Linux host OS, using the libvirt technology.

+ +
+
+
+
+ + +
+
+
+
+

Why should Bob use an open-source hypervisor ?

+

Bob has a problem, he wants to use his laptop for 4 different internet uses:

+ +

But currently, he has only one laptop with linux as the host OS.

+ +

So the idea basically is that Bob does not need to purchase 4 laptops each for a different usage, he just needs to virtualise those machines using a Hypervisor:

+ +

Bob is going to use a QEMU/KVM hypervisor to virtualize 4 VMs, each for a specific use. The windows VM will be for public use, the debian VM will be for the private use, the Whonix VM will be for Anonymous use, and the other whonix VMs in the veracrypt hidden volume be used for sensitive uses.

+ + + +
+
+
+
+ +
+
+
+
+ +

Virtualisation setup



+

Next we do not virtualize anything using closed-source software like VMWare Workstation or else. We use QEMU/KVM with virt-manager, which is an open source hypervisor:

+

+nihilist@debian:~# sudo apt install libvirt0 virt-manager dnsmasq bridge-utils
+
+sudo systemctl enable --now libvirtd
+
+nihilist@debian:~# sudo usermod -a -G libvirt nihilist
+nihilist@debian:~# sudo usermod -a -G kvm nihilist
+
+nihilist@debian:~# sudo vim /etc/libvirt/libvirtd.conf 
+nihilist@debian:~# cat /etc/libvirt/libvirtd.conf  | grep sock_group
+unix_sock_group = "libvirt"
+unix_sock_rw_perms = "0770"
+
+nihilist@debian:~#  sudo chmod 770 -R VMs 
+nihilist@debian:~#  sudo chown nihilist:libvirt -R VMs 
+
+nihilist@debian:~#  cat /etc/libvirt/qemu.conf
+group = "libvirt"
+user = "nihilist"
+
+nihilist@debian:~# systemctl restart libvirtd.service
+
+ virt-manager
+	
+
+

Next just make sure that the NAT network is created, and that the ISOs and VMs folders are with the correct permissions:

+ +

+nihilist@debian:~$ mkdir ISOs
+nihilist@debian:~$ mkdir VMs
+
+nihilist@debian:~$ sudo chmod 770 -R VMs  
+nihilist@debian:~$ sudo chmod 770 -R ISOs  
+	
+nihilist@debian:~$ sudo chown nihilist:libvirt -R VMs
+nihilist@debian:~$ sudo chown nihilist:libvirt -R ISOs
+
+ +

Then you can add the file directories in virt-manager like so:

+ + +

And now you're all set to start making VMs while maintaining the open-source requirement. If you still want to use a closed-source OS, you can do so in a QEMU VM from virt-manager. always remember that closed-source OSes like Windows belong in a VM, never out of one.

+ +

Additional notes: you can prevent an adversary to tamper with your laptop, by using glitter polish as shown in mullvad's tutorial, and also make sure that your phone does not have a closed-source host OS by using Graphene OS.

+ +
+
+
+
+ + + +
+
+
+
+

How to setup Vms for Public and Private use



+

Next, Bob needs to use VMs for 2 basic needs: Public internet usage, and Private internet usage. He first needs to download the Windows ISO file, and the debian iso file too:

+

First he creates the windows VM like so:

+ + + + + + + + + + + +

Then he creates the debian VM like so:

+ + +

Then in both VMs he installs the OS on the virtual disk:

+ + +

Then Bob can launch both VMs (make sure that the VM boots onto the disk instead of the iso in the boot settings):

+ + +

Then Bob can use the windows VM for his public usage (such as KYC services, and closed-source software), and use the debian VM for his private usage (any personal matter, with only open source software)

+

Next, Bob can setup a VPN by default into his debian VM.

+ + +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/hypervisorsetup/old.html b/servers/hypervisorsetup/old.html new file mode 100644 index 0000000..cc64b63 --- /dev/null +++ b/servers/hypervisorsetup/old.html @@ -0,0 +1,485 @@ + + + + + + + + + + + antiforensics Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-01-29

+

Linux Host OS Hardening, Virtualisation and Anti Forensics Setup

+ +

In this tutorial we're going to cover why it's important to have an Opensource host-OS and virtualisation software for privacy purposes and we're going to go through all the steps we need to set it up. We'll also cover how to harden the OS using kickstart (which was made by the whonix developers), and we'll look at how to virtualize VMs while still using opensource software.

+ +
+
+
+
+ + +
+
+
+
+

Initial Setup

+

Most people talk about opsec, but they don't realize how bad their opsec is. You would'nt barricade your bedroom door before barricading the frontdoor right ? In this case, the hardware and the host OS are the front door, and the rest is inside your house. You are leaving your front door opened when you're using a closed source Host OS (for example Windows, or MacOS, or similar). Hence you need a Linux host OS. for example we're going to setup the latest Debian in this case.

+

+[ mainpc ] [ /dev/pts/4 ] [~/Downloads]
+→ wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.4.0-amd64-netinst.iso
+--2024-01-30 14:53:15--  https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.4.0-amd64-netinst.iso
+Resolving cdimage.debian.org (cdimage.debian.org)... 194.71.11.165, 194.71.11.173, 194.71.11.163, ...
+Connecting to cdimage.debian.org (cdimage.debian.org)|194.71.11.165|:443... connected.
+HTTP request sent, awaiting response... 302 Found
+Location: https://gemmei.ftp.acc.umu.se/debian-cd/current/amd64/iso-cd/debian-12.4.0-amd64-netinst.iso [following]
+--2024-01-30 14:53:15--  https://gemmei.ftp.acc.umu.se/debian-cd/current/amd64/iso-cd/debian-12.4.0-amd64-netinst.iso
+Resolving gemmei.ftp.acc.umu.se (gemmei.ftp.acc.umu.se)... 194.71.11.137, 2001:6b0:19::137
+Connecting to gemmei.ftp.acc.umu.se (gemmei.ftp.acc.umu.se)|194.71.11.137|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 658505728 (628M) [application/x-iso9660-image]
+Saving to: ‘debian-12.4.0-amd64-netinst.iso’
+
+debian-12.4.0-amd64-netinst.i 100%[=================================================>] 628.00M  6.85MB/s    in 83s
+
+2024-01-30 14:54:39 (7.55 MB/s) - ‘debian-12.4.0-amd64-netinst.iso’ saved [658505728/658505728]
+
+
+
+ +

Then flash it onto an usb stick (heres how you do it from linux below):

+

+[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
+→ lsblk
+NAME                     MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINTS
+sda                        8:0    0  3.6T  0 disk
+sdb                        8:16   1 14.6G  0 disk
+└─sdb1                     8:17   1 14.6G  0 part  /media/nihilist/022E-0C69
+
+
+[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
+→ sudo umount /media/nihilist/022E-0C69
+umount: /media/nihilist/022E-0C69: not mounted.
+
+[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
+→ lsblk
+NAME                     MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINTS
+sda                        8:0    0  3.6T  0 disk
+sdb                        8:16   1 14.6G  0 disk
+└─sdb1                     8:17   1 14.6G  0 part
+
+→ sudo dd if=debian-12.4.0-amd64-netinst.iso of=/dev/sdb1 bs=8M status=progress
+[sudo] password for nihilist:
+78+1 records in
+78+1 records out
+658505728 bytes (659 MB, 628 MiB) copied, 45.6007 s, 14.4 MB/s
+
+
+

You can use tools like balenaetcher to do the same from other OSes like Windows.

+

Now that's done, we need to reboot the host OS and get into the BIOS:

+ +

In this case we need to spam the F2 key upon booting to arrive into the BIOS. Then navigate to the Boot selection in order to boot to the USB key. for example it can be :

+ + + + +

Here instead you just choose the usb key you flashed the linux image on, and boot onto it. Then do as follows:

+ + +

Now that's done, follow the installation of the host OS on the harddrive you prefer. Make sure its' not LUKS encrypted, as Kicksecure still didn't fix the ram-wipe feature for LUKS systems (as of 30/01/2024). Besides, a simple LUKS encryption would not be enough in a situation where you are forced to give out your password. (see veracrypt's details on Plausible Deniability.)

+ + + + + +

Then make sure it has a desktop environment (i recommend cinnamon).

+ +

Then let the install finish and then reboot the computer and remove the usb key, it should then boot into a clean host OS.

+ + + + +
+
+
+
+ +
+
+
+
+

Host OS Hardening (Debian -> Kicksecure)



+

Now that we're in our host OS, let's harden it by turning it into a Kicksecure distro:

+

+su -
+apt update ; apt full-upgrade ; apt install --no-install-recommends sudo adduser curl apt-transport-tor tor torsocks
+
+/usr/sbin/addgroup --system console
+
+/usr/sbin/adduser nothing console	#replace nothing with your username
+/usr/sbin/adduser nothing sudo		#replace nothing with your username
+
+reboot now
+
+
+

After rebooting, install kicksecure like so: (beware it must be done as the user mentionned above. in this case user is nothing:

+

+nothing@debian:~$ sudo apt update -y ; sudo apt full-upgrade -y 
+	
+
+

Then we download the kicksecure keyring via tor:

+

+nothing@debian:~$ sudo torsocks curl --output /usr/share/keyrings/derivative.asc --url http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/keys/derivative.asc
+nothing@debian:~$ echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list
+	
+nothing@debian:~$ sudo apt update -y
+Hit:1 http://security.debian.org/debian-security bookworm-security InRelease
+Hit:2 http://deb.debian.org/debian bookworm InRelease                            
+Hit:3 http://deb.debian.org/debian bookworm-updates InRelease                    
+Get:4 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm InRelease [39.6 kB]
+Get:5 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm/main amd64 Packages [34.3 kB]
+Get:6 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm/contrib amd64 Packages [506 B]                
+Get:7 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm/non-free amd64 Packages [896 B]               
+Fetched 75.3 kB in 31s (2,419 B/s)                                                                                                         
+Reading package lists... Done
+Building dependency tree... Done
+Reading state information... Done
+All packages are up to date.
+
+nothing@debian:~$ sudo apt full-upgrade -y
+Reading package lists... Done
+Building dependency tree... Done
+Reading state information... Done
+Calculating upgrade... Done
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+
+sudo apt install --no-install-recommends kicksecure-cli-host -y
+#tor connection may crash sometimes, so just relaunch that command again if it fails
+
+
+

Then we do the Post-upgrade steps:

+

+sudo mv /etc/apt/sources.list ~/
+sudo touch /etc/apt/sources.list
+	
+sudo reboot now
+
+

Then as you reboot you'll see that grub shows that it's now kicksecure instead of debian:

+ + +

Next, we make sure that unattended upgrades are activated so that minor package updates are automatically carried out by the system.

+

+nothing@debian:~$ sudo apt install unattended-upgrades apt-listchanges -y
+nothing@debian:~$ sudo dpkg-reconfigure -plow unattended-upgrades
+	
+
+ +

Next we're going to make sure that the ram gets overwritten upon shutdowns to prevent cold boot attacks.

+

+nothing@debian:~$ sudo apt install --no-install-recommends ram-wipe 
+	
+
+ +

If you are testing from a VM, you need to do the following:

+

+nothing@debian:~$ echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=force"' | sudo tee -a /etc/default/grub.d/50_user.cfg
+GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=force"
+
+nothing@debian:~$ sudo update-grub
+Generating grub configuration file ...
+Found background image: .background_cache.png
+Found linux image: /boot/vmlinuz-6.1.0-17-amd64
+Found initrd image: /boot/initrd.img-6.1.0-17-amd64
+Found linux image: /boot/vmlinuz-6.1.0-15-amd64
+Found initrd image: /boot/initrd.img-6.1.0-15-amd64
+Warning: os-prober will not be executed to detect other bootable partitions.
+Systems on them will not be added to the GRUB boot configuration.
+Check GRUB_DISABLE_OS_PROBER documentation entry.
+done
+	
+
+ +

Then you can test if it's working by rebooting and checking the shutdown output logs.Next, we're going to trim out what we don't need from our Host OS. First and foremost, let's get rid of all the logs (both system and kernel logs) on the system. We first make sure that logs are cleared upon startup like so:

+

+root@debian:~# cat startup.sh
+#!/bin/bash
+sudo rm -rf /var/log
+sudo rm -rf /dev/shm/*
+
+sudo ln -s /dev/shm /var/log
+
+sudo dmesg -c
+sudo dmesg -n 1
+sudo dmesg -c
+
+#also uncomment the kernel.printk line in /etc/sysctl.conf to avoid the kernel from printing out errors
+
+root@debian:~# chmod +x startup.sh
+
+root@debian:~# vim /etc/sysctl.conf
+
+root@debian:~# cat /etc/sysctl.conf | grep printk
+kernel.printk = 3 4 1 3
+	
+
+root@debian:~# vim /etc/systemd/system/startup.service
+
+root@debian:~# cat /etc/systemd/system/startup.service
+[Unit]
+Description=Clearing logs at startup
+Wants=network.target
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/root/startup.sh
+TimeoutStartSec=0
+
+[Install]
+WantedBy=shutdown.target
+
+root@debian:~# systemctl daemon-reload 
+
+root@debian:~# systemctl enable startup
+Created symlink /etc/systemd/system/shutdown.target.wants/startup.service → /etc/systemd/system/startup.service.
+	
+
+ +

Then we make sure that logs are being cleared out minutely:

+

+root@debian:~# cat removelogs.sh
+#!/bin/bash
+
+rm -rf /dev/shm/*
+rm -rf /var/log/*
+dmesg -c
+
+root@debian:~# chmod +x removelogs.sh
+
+root@debian:~# crontab -e
+	
+
+ +

Then we make sure that logs are cleared out upon shutdown, along with VMs shutdowns if there are any, veracrypt volumes closing, and log cleanups:

+

+root@debian:~# vim shutdown.sh
+root@debian:~# cat shutdown.sh
+#!/bin/bash
+
+#remove VMs
+
+sudo virsh -c qemu:///system destroy Whonix-Gateway
+sudo virsh -c qemu:///system destroy Whonix-Workstation
+sudo virsh -c qemu:///system undefine Whonix-Gateway
+sudo virsh -c qemu:///system undefine Whonix-Workstation
+sudo virsh -c qemu:///system net-destroy Whonix-External
+sudo virsh -c qemu:///system net-destroy Whonix-Internal
+sudo virsh -c qemu:///system net-undefine Whonix-External
+sudo virsh -c qemu:///system net-undefine Whonix-External
+
+#then unmount veracrypt volumes
+
+sudo veracrypt -d  -f
+
+# then cleanup logs
+
+sudo rm -rf /dev/shm/*
+sudo rm -rf /var/log/*
+sudo dmesg -c
+
+root@debian:~# chmod +x shutdown.sh
+
+root@debian:~# vim /etc/systemd/system/shutdown.service
+root@debian:~# cat /etc/systemd/system/shutdown.service
+[Unit]
+Description=Shutdown Anti forensics
+DefaultDependencies=no
+Before=shutdown.target reboot.target halt.target
+
+[Service]
+Type=oneshot
+ExecStart=/root/shutdown.sh
+TimeoutStartSec=0
+
+[Install]
+WantedBy=shutdown.target reboot.target halt.target
+root@debian:~# systemctl daemon-reload
+root@debian:~# systemctl enable shutdown
+Created symlink /etc/systemd/system/shutdown.target.wants/shutdown.service → /etc/systemd/system/shutdown.service.
+Created symlink /etc/systemd/system/reboot.target.wants/shutdown.service → /etc/systemd/system/shutdown.service.
+Created symlink /etc/systemd/system/halt.target.wants/shutdown.service → /etc/systemd/system/shutdown.service.
+	
+
+

Then you can reboot to see that all logs are removed as intended:

+

+sudo reboot now
+
+root@debian:~# ls -lash /var | grep log
+   0 lrwxrwxrwx  1 root root     8 Jan 30 14:13 log -> /dev/shm
+
+root@debian:~# tail -f /var/log/*.log 
+tail: cannot open '/var/log/*.log' for reading: No such file or directory
+tail: no files remaining
+
+root@debian:~# tail -f /dev/shm/*.log 
+tail: cannot open '/dev/shm/*.log' for reading: No such file or directory
+tail: no files remaining
+
+root@debian:~# dmesg
+root@debian:~# 
+
+
+

+ +
+
+
+
+ + + +
+
+
+
+

Virtualisation setup



+

Next step, we do not virtualize anything using closed-source software like vmware or else. We use QEMU/KVM with virt-manager:

+

+nothing@debian:~# sudo apt install libvirt0 virt-manager dnsmasq bridge-utils
+
+sudo systemctl enable --now libvirtd
+
+nothing@debian:~# sudo usermod -a -G libvirt nothing
+nothing@debian:~# sudo usermod -a -G kvm nothing
+
+nothing@debian:~# sudo vim /etc/libvirt/libvirtd.conf 
+nothing@debian:~# cat /etc/libvirt/libvirtd.conf  | grep sock_group
+unix_sock_group = "libvirt"
+unix_sock_rw_perms = "0770"
+
+nothing@debian:~#  sudo chmod 770 -R VMs 
+nothing@debian:~#  sudo chown nothing:libvirt -R VMs 
+
+nothing@debian:~#  cat /etc/libvirt/qemu.conf
+group = "libvirt"
+user = "nothing"
+
+nothing@debian:~# systemctl restart libvirtd.service
+
+ virt-manager
+	
+
+

Next just make sure that the NAT network is created, and that the ISOs and VMs folders are with the correct permissions:

+ +

+nothing@debian:~$ mkdir ISOs
+nothing@debian:~$ mkdir VMs
+
+nothing@debian:~$ sudo chmod 770 -R VMs  
+nothing@debian:~$ sudo chmod 770 -R ISOs  
+	
+nothing@debian:~$ sudo chown nothing:libvirt -R VMs
+nothing@debian:~$ sudo chown nothing:libvirt -R ISOs
+
+ +

Then you can add the file directories in virt-manager like so:

+ + +

And now you're all set to start making VMs while maintaining the open-source requirement.

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/index.html b/servers/index.html new file mode 100644 index 0000000..c3a3f38 --- /dev/null +++ b/servers/index.html @@ -0,0 +1,511 @@ + + + + + + + + + + Server Installations + + + + + + +
+
+
+
+ Previous Page

Server Installations

+

Just a bunch of scripts and tutorials that i personally use, to setup servers in an automated or quickest possible way. + For servers that can't be setup using scripts, i create step-by-step tutorials to set them up properly. + I have a certain quality standard as to how i do these tutorials, if there are any improvements i can do on them please let me know. +


+

+ CONTRIBUTORS : +

    +
  1. Nihilist
  2. +
  3. Notorious
  4. +
+ +

+

+LEGAL DISCLAIMER:
+Across the entirety of my blog, in all articles that I made, I advocate for the legal use of technologies, even when I am talking about Privacy-enhancing and Anonymity-enabling technologies. In no way am I advocating for any illegal use of any technology showcased in any article on my blog, as the goal of this blog is to remain stricly informative and educative.
+
+I decline any and all responsibility for any mis-use of any of the technology i showcase in the entirety of my blog. I also decline any and all responsibility for any physical, digital and psychological damage caused by the mis-use of any showcased technology, as the responsibility of such acts remains with the perpretating third-party. By reading this blog, you permanently, irrevocably and world-widely agree that I am in no way am responsible for any illegal action done by you or anyone that uses any of the showcased technology in my blog articles.
+
+
+ + +
+
+
+
+
+
+
+
+

Setting up Servers

+
+ +

📝 Security

+
    +
  1. ✅ Physical Surveillance (rpi + webcams)
  2. +
+ +

📝 Privacy Front-ends

+
    +
  1. ✅ SearxNG: privacy front-end for web-browsing
  2. +
  3. ✅ 4get: privacy front-end for web-browsing
  4. +
  5. ✅ Whoogle: privacy front-end for Google
  6. +
  7. ✅ Invidious: privacy front-end for Youtube
  8. +
  9. ✅ Nitter: privacy front-end for Twitter
  10. +
  11. ✅ AnonymousOverflow: privacy front-end for StackOverflow
  12. +
  13. ✅ Teddit: (DISCONTINUED) privacy front-end for Reddit
  14. +
  15. ✅ SafeTwitch: privacy front-end for Twitch
  16. +
  17. ✅ Wikiless: privacy front-end for wikipedia
  18. +
  19. ✅ Proxitok: privacy front-end for tiktok
  20. +
  21. ✅ Librex: privacy front-end for google
  22. +
+ +

📝 Productivity

+
    +
  1. ✅ RSS Feeds
  2. +
  3. ✅ RustDesk (open source teamviewer alternative)
  4. + +
  5. ✅ Perlite (Obsidian Notes)
  6. +
  7. ✅ Gitea
  8. +
  9. ✅ Nginx Nextcloud Server
  10. +
  11. ✅ Nginx Kanboard
  12. +
  13. ✅ Privatebin
  14. +
  15. ✅ Jitsi
  16. +
  17. ✅ CyberChef
  18. +
  19. ✅ GLPI
  20. +
  21. ✅ FreshRSS
  22. +
  23. ✅ PlainPad
  24. +
  25. ✅ MyMind+Mindmaps
  26. +
  27. ✅ hat.sh file encryption
  28. + +


+

💻 Collaborative Work

+
    +
  1. ✅ Matrix chat with VoIP support
  2. +
  3. ✅ Etherpad
  4. +
  5. ✅ Cryptpad
  6. +
  7. ✅ CodiMD
  8. +
  9. ✅ ShareLateX
  10. + +


+
+
+ +

⭐ Personal Favorites

+
    +
  1. ✅ Anonymity Management (Whonix, Veracrypt Plausible Deniability)⭐
  2. +
  3. ✅ Public Mail service over VPN over Tor ⭐
  4. +
  5. ✅ GTX 1050 PCI Passthrough to QEMU VM
  6. +
  7. ✅ Lainon Radio (mpd, icecast, nginx)
  8. +
  9. ✅ NGINX - RTMP HLS + HTTPS
  10. +
  11. ✅ Perlite (Obsidian Notes)
  12. +
    +
  13. ✅ Openvpn Over Tor Server Setup
  14. +
  15. ✅ HTTP Service over VPN over Tor
  16. +
  17. ✅ Nginx Zabbix Server, with SNMPv3 Hosts
  18. +
  19. ✅ Nginx Nextcloud Server
  20. +
  21. ✅ Leela Chess Zero
  22. +


+ + + +

🪟 Windows Server

+
    +
  1. ✅ WS2019 QEMU setup
  2. +
  3. ✅ DNS setup
  4. +
  5. ✅ Active Directory (AD) setup
  6. +
  7. ✅ AD + Users and Groups setup
  8. + + +
  9. ✅ WS2019 DNS + AD Proxmox setup
  10. +
  11. ✅ LDAP + SSL setup
  12. +
  13. ✅ WS2019 Triple DFS Share replication
  14. + +


+ + + + + + + + +

🎦 Media

+
    +
  1. ✅ Stable Diffusion (Easy Diffusion) AI text to image generation
  2. +
  3. ✅ NGINX - RTMP HLS + HTTPS
  4. +
  5. ✅ Lainon Radio (mpd, icecast, nginx)
  6. +
  7. ✅ Neko (rabb.it replacement)
  8. +
  9. ✅ Hydrus Network Client
  10. +
  11. ✅ Asciinema Server
  12. + +


+ + +

+

🟦 pfSense Administration

+
    +
  1. ✅ pfsense on virt-manager
  2. +
  3. ✅ pfsense on proxmox
  4. + + + +
  5. ✅ pfsense Site to Site VPN
  6. + + +


+

🐐 Debian Server Administration

+
    +
  1. ✅ Debian 12 Bookworm Upgrade
  2. +
  3. ✅ Mdadm raid 1 setup
  4. +
  5. ✅ External Drives with LUKS encryption
  6. +
  7. ✅ Simple NGINX setup with HTTPS
  8. +
  9. ✅ NGINX + fail2ban
  10. +
  11. ✅ Protect SSH with fail2ban
  12. +
  13. ✅ Haproxy Load Balancing
  14. +
  15. ✅ NGINX Load Balancing
  16. +
  17. ✅ XRDP
  18. +
  19. ✅ Apt-Cacher Linux Proxy
  20. + +


+

🔁 Automation

+
    +
  1. ✅ Automatic Debian updates (via unattended upgrades)
  2. +
  3. ✅ Automatic Debian / Arch Updates
  4. +
  5. ✅ Updating Debian10 Clusters with Ansible
  6. + + +


+ + +

🖥️ Monitoring

+
    +
  1. ✅ Uptime Kuma
  2. +
  3. ✅ SNMP (Debian, Windows, PfSense)
  4. +
  5. ✅ Nginx Zabbix Server
  6. +
  7. ✅ Nginx LibreNMS Server
  8. + + +
  9. ✅ Nginx Observium Server
  10. +
  11. ✅ Prometheus Grafana Server
  12. +
  13. ✅ CheckMK Server
  14. + + + +
  15. ✅ T-Pot Honeypot
  16. +
  17. +


+ +

📧 Mail

+
    + +
  1. ✅ VPS PUBLIC Mailserver (postfix, dovecot, spamassassin, OpenDKIM)
  2. +
  3. ✅ Rainloop
  4. +
  5. ✅ Local hMailServer + Thunderbird with self-signed SSL
  6. +


+










+
+

📜 Scripted Setups:

+
    +
  1. ✅ Openvpn Server
  2. +
  3. ✅ Wireguard Server
  4. +
  5. ✅ Simple SSH Server
  6. +
  7. ✅ RDP Connections
  8. +
  9. ✅ Simple FTP server
  10. +
  11. ✅ Simple WebDav server
  12. +
  13. ✅ Snapd Nextcloud Server
  14. + +


+

🚧Complete Professionnal Projects

+
    +
  1. ✅ E4 Network Monitoring (SNMP + GLPI)
  2. +
  3. ✅ E4 - SP1 Nextcloud 🇫🇷
  4. +
  5. ✅ E4 - SP2 pfSense VPN 🇫🇷
  6. +


+ + +

🗄️ Databases

+
    +
  1. ✅ PostgreSQL Master-Slave Replication
  2. +
  3. ✅ PostgreSQL Master-Master (Bucardo)
  4. + + + +
  5. ✅ PostgreSQL Front-End: PgAdmin4
  6. +
  7. ✅ MySQL Master-Slave Replication
  8. +
  9. ✅ MySQL Master-Master Replication
  10. + +
  11. ✅ MySQL Front-End: PHPMyAdmin
  12. + +


+ +

🚢 Docker - Management

+
    +
  1. ✅ Docker automatic image updates setup
  2. +
  3. ✅ Docker setup
  4. +
  5. ✅ Dozzle (Docker Logs)
  6. +
  7. ✅ Portainer.io
  8. +
  9. ✅ Nginx Proxy Manager
  10. + +


+

🚢 Docker - Containers

+
    +
  1. ✅ Dillinger
  2. +
  3. ✅ Kutt URL Shortener
  4. +
  5. ✅ Searx
  6. + +


+ + +

📦 Backups

+
    +
  1. ✅ Rsync Automation with SSH Keys (PUSH backups)
  2. +
  3. ✅ Borg Backup Usage (PUSH backups)
  4. +
  5. ✅ Borg Backup Automation (PUSH backups)
  6. + + + + +


+ +

🔍 Search Engines

+
    +
  1. ✅ Gomez (Torrents)
  2. +


+

⚠️ Minimal / Experimental / Games

+
    +
  1. ✅ KVM/QEMU : Multiple displays per VM + clipboard copy paste
  2. +
  3. ✅ Port forward from local services to VPSes
  4. +
  5. ✅ Bedrock Linux: kali tools on arch linux
  6. +
  7. ✅ GTX 1050 PCI Passthrough to QEMU VM
  8. +
  9. ✅ PHP LainSafe
  10. +
  11. ✅ CGI LainSafe
  12. +
  13. ✅ Colored MOTDs
  14. +
  15. ✅ Leela Chess Zero
  16. +
  17. ✅ TF2 Server (ubuntu)
  18. +
  19. ✅ Modded Minecraft Server
  20. + + + +


+ + +

+
+
+ +

📡 DNS

+
    +
  1. ✅ Bind9 dyndns + dnssec + slave master
  2. + +
  3. ✅ Tor Anonymous DNS
  4. +
  5. ✅ pihole DNS
  6. +


+ +
+
+ +

📑 Blogging

+
    +
  1. ✅ Ghost
  2. +


+ +

💬 Chat

+
    +
  1. ✅ rocket.chat
  2. +
  3. ✅ TheLounge (with inspircd)
  4. +
  5. ✅ inspIRCd (no ssl, with password)
  6. + + +


+

🧊 General Virtualisation

+
    +
  1. ✅ virt-manager with NAT setup
  2. +
  3. ✅ VMWare Workstation Pro
  4. + +


+ + + +












































+ +
+ +
+ +
+
+ +
+
+ +
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/internetsegmentation/1.png b/servers/internetsegmentation/1.png new file mode 100644 index 0000000..336bd28 Binary files /dev/null and b/servers/internetsegmentation/1.png differ diff --git a/servers/internetsegmentation/2.png b/servers/internetsegmentation/2.png new file mode 100644 index 0000000..4cb6d2e Binary files /dev/null and b/servers/internetsegmentation/2.png differ diff --git a/servers/internetsegmentation/3.png b/servers/internetsegmentation/3.png new file mode 100644 index 0000000..dcd3013 Binary files /dev/null and b/servers/internetsegmentation/3.png differ diff --git a/servers/internetsegmentation/4.png b/servers/internetsegmentation/4.png new file mode 100644 index 0000000..d3045ea Binary files /dev/null and b/servers/internetsegmentation/4.png differ diff --git a/servers/internetsegmentation/5.png b/servers/internetsegmentation/5.png new file mode 100644 index 0000000..9d7ae45 Binary files /dev/null and b/servers/internetsegmentation/5.png differ diff --git a/servers/internetsegmentation/6.png b/servers/internetsegmentation/6.png new file mode 100644 index 0000000..2e0f3b8 Binary files /dev/null and b/servers/internetsegmentation/6.png differ diff --git a/servers/internetsegmentation/index.html b/servers/internetsegmentation/index.html new file mode 100644 index 0000000..d00c0dc --- /dev/null +++ b/servers/internetsegmentation/index.html @@ -0,0 +1,205 @@ + + + + + + + + + + + Internet Usage Segmentation Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-04-26

+

Internet Usage Segmentation Setup

+

In this tutorial we're going to cover how to properly segment your internet usage. This is the most common opsec practice that you should always use. We're going to base ourselves off from the pyramid of internet use that we have seen previously, to be able to replicate each of the 4 OPSEC levels into our current setup:

+ + +
+
+
+
+ + +
+
+
+
+

Different Internet Usage

+

The most common OPSEC mistake out there is the lack of internet usage segmentation. Most people don't have this reflex when they first discover Anonymity and Privacy online. Thing is, it is not possible to be fully anonymous for everything that you do online, there will always be some service that is vital to you, which you will need to access with your real world identity (for example, to access your bank account, or some insurance website, etc). However it is definitely possible to implement proper internet usage segmentation:

+ +

In this case we're going to differentiate 4 types of Internet usage:

+ +

Internet Uses:

+
    +
  1. Public use: What you do is public knowledge

  2. +
  3. Private use: What you do is not meant to be known (private)

  4. +
  5. Anonymous use: What you do is meant to be done without revealing your identity

  6. +
  7. Sensitive use: What you do is meant to remain secret at all cost, only to be known by you

  8. +
+

With each different Internet usage, we have different requirements:

+ +

Requirements:

+
    +
  1. Public use: No requirement ; you can use closed source software (meaning it's all public)

  2. +
  3. Private use: only open source software, + you use a pseudonym, to practice privacy

  4. +
  5. Anonymous use: open source, using a false identity to practice anonymity, not sensitive

  6. +
  7. Sensitive use: open source, using an other false identity and must be plausibly deniable

  8. +
+

Now with this we identified the 4 most typical internet use cases, and their requirements.

+
+
+
+
+ +
+
+
+
+

Identity Management



+

As we said previously, segmentation is required for each internet use. This extends to the Identity you use online. For example you cannot use your real name when trying to use the internet anonymously. So you need a different identity for each use case:

+ +

Different Identities:

+
    +
  1. Public Identity: Linus Torvalds (used on websites that ask for your identity)

  2. +
  3. Private Identity: Nihilist (used on websites that may KYC, but pseudonym is preferred)

  4. +
  5. Anonymous Identity: ZacharyJr (used on anonymous websites, non-sensitive use)

  6. +
  7. Sensitive Identity: Dread Pirate Roberts (used on anonymous websites, sensitive use)

  8. +
+

The important thing here is that you must make sure that each identity have nothing in common, it must always remain impossible for and adversary to be able to link those identities together.

+ + +
+
+
+
+ + + +
+
+
+
+

Multiple Virtual Machines (VMs)



+

To help you implement your internet usage segmentation, you can use VMs to make sure the segmentation is present inside the system:

+ +

Virtual Machines:

+
    +
  1. Public use: No requirement ; you can use a windows VM for all closed source software and KYC use

  2. +
  3. Private use: you can use a Debian VM, with only open source software (ex:matrix and element)

  4. +
  5. Anonymous use: you can use Whonix VMs, (can also have a with a Tor -> VPN setup)

  6. +
  7. Sensitive use: You can use Whonix VMs, but they need to be inside a veracrypt hidden volume

  8. +
+ +
+
+
+
+ + + + +
+
+
+
+

Internet Usage Segmentation Recap



+

Now with this setup, one can segment their Internet use with a system implementation (VMs) along with the associated Identities for each usecase.

+ +

For further details on how to dissect your OPSEC, check out this tutorial here, because using the right technologies is only the first half of the work, you also need to have the correct behavior while using them.

+ +
+
+
+
+ + + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/linux/0.png b/servers/linux/0.png new file mode 100644 index 0000000..645ee61 Binary files /dev/null and b/servers/linux/0.png differ diff --git a/servers/linux/1.5.png b/servers/linux/1.5.png new file mode 100644 index 0000000..be01331 Binary files /dev/null and b/servers/linux/1.5.png differ diff --git a/servers/linux/1.png b/servers/linux/1.png new file mode 100644 index 0000000..e9ded0f Binary files /dev/null and b/servers/linux/1.png differ diff --git a/servers/linux/10.png b/servers/linux/10.png new file mode 100644 index 0000000..7d53c1a Binary files /dev/null and b/servers/linux/10.png differ diff --git a/servers/linux/11.png b/servers/linux/11.png new file mode 100644 index 0000000..028e7d3 Binary files /dev/null and b/servers/linux/11.png differ diff --git a/servers/linux/12.png b/servers/linux/12.png new file mode 100644 index 0000000..16685a2 Binary files /dev/null and b/servers/linux/12.png differ diff --git a/servers/linux/13.png b/servers/linux/13.png new file mode 100644 index 0000000..41e24e6 Binary files /dev/null and b/servers/linux/13.png differ diff --git a/servers/linux/14.png b/servers/linux/14.png new file mode 100644 index 0000000..bf76385 Binary files /dev/null and b/servers/linux/14.png differ diff --git a/servers/linux/15.png b/servers/linux/15.png new file mode 100644 index 0000000..c6e64e0 Binary files /dev/null and b/servers/linux/15.png differ diff --git a/servers/linux/16.png b/servers/linux/16.png new file mode 100644 index 0000000..aed2a58 Binary files /dev/null and b/servers/linux/16.png differ diff --git a/servers/linux/17.png b/servers/linux/17.png new file mode 100644 index 0000000..2a5c615 Binary files /dev/null and b/servers/linux/17.png differ diff --git a/servers/linux/18.png b/servers/linux/18.png new file mode 100644 index 0000000..9ad998c Binary files /dev/null and b/servers/linux/18.png differ diff --git a/servers/linux/19.png b/servers/linux/19.png new file mode 100644 index 0000000..11d36a8 Binary files /dev/null and b/servers/linux/19.png differ diff --git a/servers/linux/2.png b/servers/linux/2.png new file mode 100644 index 0000000..8c3a6eb Binary files /dev/null and b/servers/linux/2.png differ diff --git a/servers/linux/20.png b/servers/linux/20.png new file mode 100644 index 0000000..a14cab7 Binary files /dev/null and b/servers/linux/20.png differ diff --git a/servers/linux/21.png b/servers/linux/21.png new file mode 100644 index 0000000..cfad5a0 Binary files /dev/null and b/servers/linux/21.png differ diff --git a/servers/linux/22.png b/servers/linux/22.png new file mode 100644 index 0000000..a02b530 Binary files /dev/null and b/servers/linux/22.png differ diff --git a/servers/linux/23.png b/servers/linux/23.png new file mode 100644 index 0000000..a410311 Binary files /dev/null and b/servers/linux/23.png differ diff --git a/servers/linux/24.png b/servers/linux/24.png new file mode 100644 index 0000000..8877f1e Binary files /dev/null and b/servers/linux/24.png differ diff --git a/servers/linux/25.png b/servers/linux/25.png new file mode 100644 index 0000000..4ad4302 Binary files /dev/null and b/servers/linux/25.png differ diff --git a/servers/linux/26.png b/servers/linux/26.png new file mode 100644 index 0000000..5939dad Binary files /dev/null and b/servers/linux/26.png differ diff --git a/servers/linux/27.png b/servers/linux/27.png new file mode 100644 index 0000000..4958bc8 Binary files /dev/null and b/servers/linux/27.png differ diff --git a/servers/linux/28.png b/servers/linux/28.png new file mode 100644 index 0000000..54077f3 Binary files /dev/null and b/servers/linux/28.png differ diff --git a/servers/linux/29.png b/servers/linux/29.png new file mode 100644 index 0000000..03e8d7f Binary files /dev/null and b/servers/linux/29.png differ diff --git a/servers/linux/3.png b/servers/linux/3.png new file mode 100644 index 0000000..bc323fb Binary files /dev/null and b/servers/linux/3.png differ diff --git a/servers/linux/30.png b/servers/linux/30.png new file mode 100644 index 0000000..e191743 Binary files /dev/null and b/servers/linux/30.png differ diff --git a/servers/linux/31.png b/servers/linux/31.png new file mode 100644 index 0000000..2a29314 Binary files /dev/null and b/servers/linux/31.png differ diff --git a/servers/linux/32.png b/servers/linux/32.png new file mode 100644 index 0000000..dec499b Binary files /dev/null and b/servers/linux/32.png differ diff --git a/servers/linux/33.png b/servers/linux/33.png new file mode 100644 index 0000000..ffc29eb Binary files /dev/null and b/servers/linux/33.png differ diff --git a/servers/linux/34.png b/servers/linux/34.png new file mode 100644 index 0000000..d1db5b9 Binary files /dev/null and b/servers/linux/34.png differ diff --git a/servers/linux/35.png b/servers/linux/35.png new file mode 100644 index 0000000..feeb28a Binary files /dev/null and b/servers/linux/35.png differ diff --git a/servers/linux/36.png b/servers/linux/36.png new file mode 100644 index 0000000..9650f95 Binary files /dev/null and b/servers/linux/36.png differ diff --git a/servers/linux/37.png b/servers/linux/37.png new file mode 100644 index 0000000..26f477b Binary files /dev/null and b/servers/linux/37.png differ diff --git a/servers/linux/38.png b/servers/linux/38.png new file mode 100644 index 0000000..58af6fb Binary files /dev/null and b/servers/linux/38.png differ diff --git a/servers/linux/39.png b/servers/linux/39.png new file mode 100644 index 0000000..9d71808 Binary files /dev/null and b/servers/linux/39.png differ diff --git a/servers/linux/4.png b/servers/linux/4.png new file mode 100644 index 0000000..2e089c0 Binary files /dev/null and b/servers/linux/4.png differ diff --git a/servers/linux/40.png b/servers/linux/40.png new file mode 100644 index 0000000..d348f97 Binary files /dev/null and b/servers/linux/40.png differ diff --git a/servers/linux/41.png b/servers/linux/41.png new file mode 100644 index 0000000..8f400ea Binary files /dev/null and b/servers/linux/41.png differ diff --git a/servers/linux/42.png b/servers/linux/42.png new file mode 100644 index 0000000..bd876c5 Binary files /dev/null and b/servers/linux/42.png differ diff --git a/servers/linux/43.png b/servers/linux/43.png new file mode 100644 index 0000000..0f4c257 Binary files /dev/null and b/servers/linux/43.png differ diff --git a/servers/linux/44.png b/servers/linux/44.png new file mode 100644 index 0000000..abb2675 Binary files /dev/null and b/servers/linux/44.png differ diff --git a/servers/linux/45.png b/servers/linux/45.png new file mode 100644 index 0000000..628f5c7 Binary files /dev/null and b/servers/linux/45.png differ diff --git a/servers/linux/46.png b/servers/linux/46.png new file mode 100644 index 0000000..4b2e3f2 Binary files /dev/null and b/servers/linux/46.png differ diff --git a/servers/linux/47.png b/servers/linux/47.png new file mode 100644 index 0000000..5721e9a Binary files /dev/null and b/servers/linux/47.png differ diff --git a/servers/linux/48.png b/servers/linux/48.png new file mode 100644 index 0000000..091a401 Binary files /dev/null and b/servers/linux/48.png differ diff --git a/servers/linux/49.png b/servers/linux/49.png new file mode 100644 index 0000000..156bef8 Binary files /dev/null and b/servers/linux/49.png differ diff --git a/servers/linux/5.png b/servers/linux/5.png new file mode 100644 index 0000000..b7596ce Binary files /dev/null and b/servers/linux/5.png differ diff --git a/servers/linux/50.png b/servers/linux/50.png new file mode 100644 index 0000000..70b5d2a Binary files /dev/null and b/servers/linux/50.png differ diff --git a/servers/linux/51.png b/servers/linux/51.png new file mode 100644 index 0000000..d7e60c8 Binary files /dev/null and b/servers/linux/51.png differ diff --git a/servers/linux/52.png b/servers/linux/52.png new file mode 100644 index 0000000..783817e Binary files /dev/null and b/servers/linux/52.png differ diff --git a/servers/linux/53.png b/servers/linux/53.png new file mode 100644 index 0000000..78e54da Binary files /dev/null and b/servers/linux/53.png differ diff --git a/servers/linux/54.png b/servers/linux/54.png new file mode 100644 index 0000000..180e1bb Binary files /dev/null and b/servers/linux/54.png differ diff --git a/servers/linux/55.png b/servers/linux/55.png new file mode 100644 index 0000000..da48d9a Binary files /dev/null and b/servers/linux/55.png differ diff --git a/servers/linux/56.png b/servers/linux/56.png new file mode 100644 index 0000000..0b11e86 Binary files /dev/null and b/servers/linux/56.png differ diff --git a/servers/linux/6.png b/servers/linux/6.png new file mode 100644 index 0000000..2d86f7d Binary files /dev/null and b/servers/linux/6.png differ diff --git a/servers/linux/7.png b/servers/linux/7.png new file mode 100644 index 0000000..f33db2d Binary files /dev/null and b/servers/linux/7.png differ diff --git a/servers/linux/8.png b/servers/linux/8.png new file mode 100644 index 0000000..58c866b Binary files /dev/null and b/servers/linux/8.png differ diff --git a/servers/linux/9.png b/servers/linux/9.png new file mode 100644 index 0000000..67e8740 Binary files /dev/null and b/servers/linux/9.png differ diff --git a/servers/linux/index.html b/servers/linux/index.html new file mode 100644 index 0000000..6b43dd6 --- /dev/null +++ b/servers/linux/index.html @@ -0,0 +1,250 @@ + + + + + + + + + + + How to install Linux from a Windows PC + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-06-16

+

How to install Linux from a Windows PC

+ +

In this tutorial, we're going to look at the first and foremost thing anyone can do to remove surveillance from their digital lives, by installing a free and open source software (FOSS) host operating system: Linux, in this case we're going to setup the latest Debian.

+ +
+
+
+
+ + +
+
+
+
+

Why should Bob install Linux?

+

So here we are Bob, and we have decided that having an entire crowd watching what we were doing with out computer was no longer acceptable. What can we do from here ?

+ +

Bob, after searching for a while on the web, Bob realized that Windows was the problem here. Because it is closed-source (meaning the source code is not available) he couldn't know what Windows was doing in the background. Because that is so, Bob is now certain that his Operating System could be used for surveillance, without him being aware of it.

+

"What the hell can I do on Windows privately then ?", Bob thought for a while.

+ +

"... Nothing!", He realized. While he was using windows, he would never have any privacy with his digital life.

+

Allegory: You have a house, and you have an annoying neighbor (Jack) that wants to know everything you do in your House. If you have windows installed on your computer as a host OS, it is the same as leaving the front door wide open for Jack to enter and watch what you're doing in your house, no matter how much you try to barricade the windows, or the doors. It makes more sense to try and barricade the front door first, before trying to barricade the windows and other rooms in your house, isn't it ?

+ +

So Bob looked for an open source operating system to replace Windows, and he found the Linux sourcecode, he read the entire code and found no spyware in it. Then he decided that he would use that instead of using Windows.

+ +

Because it is through Windows, that Microsoft employees are able to spy on what Bob was doing so far! By removing windows from the equation, he is also removing Microsoft's surveillance from his digital life!

+

Bob has decided that he would use Linux from now on, because he is no longer tolerating being watched by an entire crowd, without his consent.

+
+
+
+
+ +
+
+
+
+

How to create a Debian USB installer from Windows?



+

First Bob, goes on the web to find a Linux distribution he likes, that is Open Source:

+ +

He sees there are many options like Linux Mint, Ubuntu, etc

+ +

But he settles on Debian. (Disclaimer: if you use closed-source hardware, like 99.9999999999% of people out there, you will invariably have to use non-free firmware too [1] [2] [3]). If you want a purely FOSS host OS, and you are willing to not have firmware for your CPU, GPU, Motherboard, Ethernet/wifi, check out the OSes recommended by the Free Software Foundation [4] (but it will be at the expense of having your peripherals not working [5]). The status of Open source Hardware is not even competitive in this closed-source hardware domination of the market., hopefully this will change in the future, but for now that's how it is. TLDR: If you don't want to install proprietary firmware, check out PureOS instead of debian.

+ +

Now Bob has the Debian ISO image.

+ +

But now he needs to put that ISO image on a USB stick. To do so he can use Rufus or Balena Etcher:

+ + +

So Bob installs BalenaEtcher:

+ + +

Once installed, he selects the ISO image in balenaetcher:

+ +

Then, Bob plugs in his USB stick in his computer, to be able to put the ISO image into it:

+ +

Then, Bob selects his USB stick from balenaetcher:

+ +

Then he clicks "Flash", that way Balenaetecher will put the ISO image on the USB stick.

+ + +

Bob waits a few minutes, and now he has a USB stick with the latest Debian OS on it.

+ +

Bob will now be able to use it to install Linux and replace Windows with it.

+ +
+
+
+
+ + + +
+
+
+
+

How to use the Debian USB stick to overwrite Windows ?



+

This is where it gets a bit technical for Bob. But here are the steps he needs to do:

+
    +
  1. He needs to plug his USB stick in his computer

  2. +
  3. He needs to restart his computer

  4. +
  5. As his computer restarts, he needs to repeatedly press the F1 or F2 or DEL or F10 key in order to enter his computer's BIOS (depending on which brand his computer is)

  6. +
  7. once he is in the BIOS, he then needs to boot on his USB stick that has the Debian image

  8. +
  9. Then once he boots on his USB stick, he can install debian on his computer

  10. +
+

The key that Bob needs to press to enter his computer's BIOS depends on what brand his computer is (see this blogpost for examples).

+

Now Bob restarts his computer:

+ +

And now, as he has an ASUS motherboard, he repeatedly presses the F2 key to enter his computer's BIOS:

+ +

and from there, Bob needs to navigate the BIOS to boot on his USB key. Be aware that the Steps may vary, feel free to research how to change the boot options of your computer's BIOS settings. In Bob's example below, he is on an ASUS computer/motherboard, so he has these specific BIOS steps to do:

+

Boot > OS Type > Other OS

+ +

Boot > CSM settings > Launch CSM Auto

+ +

Boot device Selection > his USB stick

+ +

Once he selects his USB Stick, Bob can now boot from it, and he is greeted by Debian's welcome screen:

+ +

And from there, Bob installs linux as per his needs:

+ + + + + + + + + +

Here Bob decides that he wants to encrypt his whole harddrive too. That way, if someone were to steal his computer, without knowing his password, they would have no way to access Bob's local data.

+ + + + + + + + + + + + + + + +

Here Bob can select his window manager. Gnome is the default option, but he chooses Cinnamon to keep the feel similar to how it was on windows.

+ + + + + +

And there, Bob finished the Debian installation, he can unplug his USB stick, and click Continue to reboot his computer:

+ +

As he reboots his computer, he is greeted by the Debian boot screen, and he then types his password to unlock his harddrive encryption:

+ + +

Then he logs in using the password he set earlier:

+ +

And now that Bob is logged in, he is greeted by the Cinnamon window manager, the feel of his OS remains similar to what he previously had on Windows, but now it's all open source!

+ +

And that's it! Bob has managed to get privacy from Microsoft's constant surveillance by replacing Windows with a Linux distribution.

+ +

From there, Bob can update his linux distribution and install new packages, following this tutorial here.

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/linuxprograms/0.png b/servers/linuxprograms/0.png new file mode 100644 index 0000000..645ee61 Binary files /dev/null and b/servers/linuxprograms/0.png differ diff --git a/servers/linuxprograms/1.png b/servers/linuxprograms/1.png new file mode 100644 index 0000000..5bcad3f Binary files /dev/null and b/servers/linuxprograms/1.png differ diff --git a/servers/linuxprograms/2.png b/servers/linuxprograms/2.png new file mode 100644 index 0000000..49ef057 Binary files /dev/null and b/servers/linuxprograms/2.png differ diff --git a/servers/linuxprograms/3.png b/servers/linuxprograms/3.png new file mode 100644 index 0000000..f761f07 Binary files /dev/null and b/servers/linuxprograms/3.png differ diff --git a/servers/linuxprograms/index.html b/servers/linuxprograms/index.html new file mode 100644 index 0000000..37430d8 --- /dev/null +++ b/servers/linuxprograms/index.html @@ -0,0 +1,331 @@ + + + + + + + + + + + How to install and update programs on Linux + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-06-16

+

How to install and update programs on Linux

+ +

In this tutorial, we're going to take a look at how you can install and update your programs on linux:

+ +
+
+
+
+ + +
+
+
+
+

Apt: Updating the repositories and packages

+

First we need to open up a terminal:

+ +

and then we can run the following command sudo apt update to make sure that our linux OS has the data regarding which are latest package versions:

+

+nihilist@mainpc:~$ sudo apt update
+[sudo] password for nihilist:
+Hit:1 http://deb.debian.org/debian bookworm InRelease
+Get:2 http://security.debian.org/debian-security bookworm-security InRelease [48.0 kB]
+Get:3 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
+Hit:4 https://repository.mullvad.net/deb/stable bookworm InRelease
+Get:5 http://security.debian.org/debian-security bookworm-security/main Sources [99.0 kB]
+Get:6 http://security.debian.org/debian-security bookworm-security/main amd64 Packages [160 kB]
+Get:7 http://security.debian.org/debian-security bookworm-security/main Translation-en [96.4 kB]
+Get:8 https://packages.element.io/debian default InRelease [3,618 B]
+Get:9 https://packages.element.io/debian default/main amd64 Packages [1,030 B]
+Get:10 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm InRelease [62.0 kB]
+Get:11 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm/main amd64 Packages [36.1 kB]
+Fetched 561 kB in 20s (28.5 kB/s)
+Reading package lists... Done
+Building dependency tree... Done
+Reading state information... Done
+24 packages can be upgraded. Run 'apt list --upgradable' to see them.
+	
+
+ +

And at the bottom you see that there are 24 packages that can be upgraded, so we run sudo apt upgrade to make sure that those packages are on the latest available versions:

+

+nihilist@mainpc:~$ sudo apt upgrade
+Reading package lists... Done
+Building dependency tree... Done
+Reading state information... Done
+Calculating upgrade... Done
+The following packages were automatically installed and are no longer required:
+  default-jdk-headless libice-dev libpthread-stubs0-dev libsm-dev libwpe-1.0-1 libwpebackend-fdo-1.0-1 libx11-dev libxau-dev libxcb1-dev libxdmcp-dev libxt-dev linux-image-6.1.0-17-amd64 openjdk-17-jdk openjdk-17-jdk-headless x11proto-dev
+  xorg-sgml-doctools xtrans-dev
+Use 'sudo apt autoremove' to remove them.
+The following packages will be upgraded:
+  element-desktop ffmpeg firefox-esr gir1.2-gst-plugins-base-1.0 gstreamer1.0-alsa gstreamer1.0-gl gstreamer1.0-plugins-base gstreamer1.0-x libarchive-tools libarchive13 libavcodec59 libavdevice59 libavfilter8 libavformat59 libavutil57
+  libgstreamer-gl1.0-0 libgstreamer-plugins-base1.0-0 libpostproc56 libswresample4 libswscale6 python3-pil python3-pil.imagetk tb-updater thunderbird
+24 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Need to get 134 MB/234 MB of archives.
+After this operation, 5,378 kB of additional disk space will be used.
+Do you want to continue? [Y/n] y
+	
+
+ +

Here we press y and enter to continue, then let it run:

+

+Do you want to continue? [Y/n] y
+Get:1 http://security.debian.org/debian-security bookworm-security/main amd64 libswscale6 amd64 7:5.1.5-0+deb12u1 [215 kB]
+Get:2 http://security.debian.org/debian-security bookworm-security/main amd64 libavdevice59 amd64 7:5.1.5-0+deb12u1 [114 kB]
+Get:3 http://security.debian.org/debian-security bookworm-security/main amd64 libavformat59 amd64 7:5.1.5-0+deb12u1 [1,102 kB]
+Get:4 http://security.debian.org/debian-security bookworm-security/main amd64 libavfilter8 amd64 7:5.1.5-0+deb12u1 [3,703 kB]
+Get:5 http://security.debian.org/debian-security bookworm-security/main amd64 libavcodec59 amd64 7:5.1.5-0+deb12u1 [5,216 kB]
+Get:6 http://security.debian.org/debian-security bookworm-security/main amd64 libavutil57 amd64 7:5.1.5-0+deb12u1 [363 kB]
+Get:7 http://security.debian.org/debian-security bookworm-security/main amd64 libpostproc56 amd64 7:5.1.5-0+deb12u1 [94.0 kB]
+Get:8 http://security.debian.org/debian-security bookworm-security/main amd64 libswresample4 amd64 7:5.1.5-0+deb12u1 [97.3 kB]
+Get:9 http://security.debian.org/debian-security bookworm-security/main amd64 ffmpeg amd64 7:5.1.5-0+deb12u1 [1,814 kB]
+Get:10 http://security.debian.org/debian-security bookworm-security/main amd64 firefox-esr amd64 115.12.0esr-1~deb12u1 [63.1 MB]
+Get:11 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm/main amd64 tb-updater all 3:33.4-1 [245 kB]
+Get:12 http://security.debian.org/debian-security bookworm-security/main amd64 thunderbird amd64 1:115.12.0-1~deb12u1 [58.3 MB]
+Fetched 134 MB in 20s (6,658 kB/s)
+Reading changelogs... Done
+(Reading database ... 219964 files and directories currently installed.)
+Preparing to unpack .../00-element-desktop_1.11.68_amd64.deb ...
+Unpacking element-desktop (1.11.68) over (1.11.67) ...
+Preparing to unpack .../01-libswscale6_7%3a5.1.5-0+deb12u1_amd64.deb ...
+Unpacking libswscale6:amd64 (7:5.1.5-0+deb12u1) over (7:5.1.4-0+deb12u1) ...
+Preparing to unpack .../02-libavdevice59_7%3a5.1.5-0+deb12u1_amd64.deb ...
+Unpacking libavdevice59:amd64 (7:5.1.5-0+deb12u1) over (7:5.1.4-0+deb12u1) ...
+Preparing to unpack .../03-libavformat59_7%3a5.1.5-0+deb12u1_amd64.deb ...
+Unpacking libavformat59:amd64 (7:5.1.5-0+deb12u1) over (7:5.1.4-0+deb12u1) ...
+Preparing to unpack .../04-libavfilter8_7%3a5.1.5-0+deb12u1_amd64.deb ...
+Unpacking libavfilter8:amd64 (7:5.1.5-0+deb12u1) over (7:5.1.4-0+deb12u1) ...
+Preparing to unpack .../05-libavcodec59_7%3a5.1.5-0+deb12u1_amd64.deb ...
+Unpacking libavcodec59:amd64 (7:5.1.5-0+deb12u1) over (7:5.1.4-0+deb12u1) ...
+Preparing to unpack .../06-libavutil57_7%3a5.1.5-0+deb12u1_amd64.deb ...
+Unpacking libavutil57:amd64 (7:5.1.5-0+deb12u1) over (7:5.1.4-0+deb12u1) ...
+Preparing to unpack .../07-libpostproc56_7%3a5.1.5-0+deb12u1_amd64.deb ...
+Unpacking libpostproc56:amd64 (7:5.1.5-0+deb12u1) over (7:5.1.4-0+deb12u1) ...
+Preparing to unpack .../08-libswresample4_7%3a5.1.5-0+deb12u1_amd64.deb ...
+Unpacking libswresample4:amd64 (7:5.1.5-0+deb12u1) over (7:5.1.4-0+deb12u1) ...
+Preparing to unpack .../09-ffmpeg_7%3a5.1.5-0+deb12u1_amd64.deb ...
+Unpacking ffmpeg (7:5.1.5-0+deb12u1) over (7:5.1.4-0+deb12u1) ...
+Preparing to unpack .../10-firefox-esr_115.12.0esr-1~deb12u1_amd64.deb ...
+Leaving 'diversion of /usr/bin/firefox to /usr/bin/firefox.real by firefox-esr'
+Unpacking firefox-esr (115.12.0esr-1~deb12u1) over (115.11.0esr-1~deb12u1) ...
+Preparing to unpack .../11-libgstreamer-plugins-base1.0-0_1.22.0-3+deb12u2_amd64.deb ...
+Unpacking libgstreamer-plugins-base1.0-0:amd64 (1.22.0-3+deb12u2) over (1.22.0-3+deb12u1) ...
+Preparing to unpack .../12-libgstreamer-gl1.0-0_1.22.0-3+deb12u2_amd64.deb ...
+Unpacking libgstreamer-gl1.0-0:amd64 (1.22.0-3+deb12u2) over (1.22.0-3+deb12u1) ...
+Preparing to unpack .../13-gir1.2-gst-plugins-base-1.0_1.22.0-3+deb12u2_amd64.deb ...
+Unpacking gir1.2-gst-plugins-base-1.0:amd64 (1.22.0-3+deb12u2) over (1.22.0-3+deb12u1) ...
+Preparing to unpack .../14-gstreamer1.0-alsa_1.22.0-3+deb12u2_amd64.deb ...
+Unpacking gstreamer1.0-alsa:amd64 (1.22.0-3+deb12u2) over (1.22.0-3+deb12u1) ...
+Preparing to unpack .../15-gstreamer1.0-gl_1.22.0-3+deb12u2_amd64.deb ...
+Unpacking gstreamer1.0-gl:amd64 (1.22.0-3+deb12u2) over (1.22.0-3+deb12u1) ...
+Preparing to unpack .../16-gstreamer1.0-plugins-base_1.22.0-3+deb12u2_amd64.deb ...
+Unpacking gstreamer1.0-plugins-base:amd64 (1.22.0-3+deb12u2) over (1.22.0-3+deb12u1) ...
+Preparing to unpack .../17-gstreamer1.0-x_1.22.0-3+deb12u2_amd64.deb ...
+Unpacking gstreamer1.0-x:amd64 (1.22.0-3+deb12u2) over (1.22.0-3+deb12u1) ...
+Preparing to unpack .../18-libarchive-tools_3.6.2-1+deb12u1_amd64.deb ...
+Unpacking libarchive-tools (3.6.2-1+deb12u1) over (3.6.2-1) ...
+Preparing to unpack .../19-libarchive13_3.6.2-1+deb12u1_amd64.deb ...
+Unpacking libarchive13:amd64 (3.6.2-1+deb12u1) over (3.6.2-1) ...
+Preparing to unpack .../20-python3-pil.imagetk_9.4.0-1.1+deb12u1_amd64.deb ...
+Unpacking python3-pil.imagetk:amd64 (9.4.0-1.1+deb12u1) over (9.4.0-1.1+b1) ...
+Preparing to unpack .../21-python3-pil_9.4.0-1.1+deb12u1_amd64.deb ...
+Unpacking python3-pil:amd64 (9.4.0-1.1+deb12u1) over (9.4.0-1.1+b1) ...
+Preparing to unpack .../22-tb-updater_3%3a33.4-1_all.deb ...
+Unpacking tb-updater (3:33.4-1) over (3:33.0-1) ...
+Preparing to unpack .../23-thunderbird_1%3a115.12.0-1~deb12u1_amd64.deb ...
+Unpacking thunderbird (1:115.12.0-1~deb12u1) over (1:115.11.0-1~deb12u1) ...
+Setting up libarchive13:amd64 (3.6.2-1+deb12u1) ...
+Setting up element-desktop (1.11.68) ...
+update-alternatives is /usr/bin/update-alternatives
+Setting up libgstreamer-plugins-base1.0-0:amd64 (1.22.0-3+deb12u2) ...
+Setting up python3-pil:amd64 (9.4.0-1.1+deb12u1) ...
+Setting up libavutil57:amd64 (7:5.1.5-0+deb12u1) ...
+Setting up libgstreamer-gl1.0-0:amd64 (1.22.0-3+deb12u2) ...
+Setting up gstreamer1.0-plugins-base:amd64 (1.22.0-3+deb12u2) ...
+Setting up python3-pil.imagetk:amd64 (9.4.0-1.1+deb12u1) ...
+Setting up libswresample4:amd64 (7:5.1.5-0+deb12u1) ...
+Setting up thunderbird (1:115.12.0-1~deb12u1) ...
+Skipping profile in /etc/apparmor.d/disable: usr.bin.thunderbird
+Setting up libpostproc56:amd64 (7:5.1.5-0+deb12u1) ...
+Setting up libavcodec59:amd64 (7:5.1.5-0+deb12u1) ...
+Setting up libswscale6:amd64 (7:5.1.5-0+deb12u1) ...
+Setting up firefox-esr (115.12.0esr-1~deb12u1) ...
+Setting up gstreamer1.0-gl:amd64 (1.22.0-3+deb12u2) ...
+Setting up libarchive-tools (3.6.2-1+deb12u1) ...
+Setting up gstreamer1.0-x:amd64 (1.22.0-3+deb12u2) ...
+Setting up gstreamer1.0-alsa:amd64 (1.22.0-3+deb12u2) ...
+Setting up libavformat59:amd64 (7:5.1.5-0+deb12u1) ...
+Setting up gir1.2-gst-plugins-base-1.0:amd64 (1.22.0-3+deb12u2) ...
+Setting up libavfilter8:amd64 (7:5.1.5-0+deb12u1) ...
+Setting up tb-updater (3:33.4-1) ...
+INFO: Using '--postinst' option but outside of Qubes Template, skipping, ok.
+Setting up libavdevice59:amd64 (7:5.1.5-0+deb12u1) ...
+Setting up ffmpeg (7:5.1.5-0+deb12u1) ...
+Processing triggers for desktop-file-utils (0.26-1) ...
+Processing triggers for hicolor-icon-theme (0.17-2) ...
+Processing triggers for libc-bin (2.36-9+deb12u7) ...
+Processing triggers for man-db (2.11.2-2) ...
+Processing triggers for mailcap (3.70+nmu1) ...
+Scanning processes...
+Scanning candidates...
+Scanning linux images...
+
+Running kernel seems to be up-to-date.
+
+Restarting services...
+ systemctl restart fwupd.service
+
+No containers need to be restarted.
+
+User sessions running outdated binaries:
+ nihilist @ session #2: cinnamon[1513], element-desktop[103821,103826,103827,103829], firefox-esr[1238857]
+ nihilist @ user manager service: systemd[1229]
+
+No VM guests are running outdated hypervisor (qemu) binaries on this host.
+	
+
+

during the package upgrade it can prompt you if you want to restart processes:

+ +

Just press enter to allow the process to be restarted, and for the package upgrade to finish.

+
+
+
+
+ +
+
+
+
+

Installing new packages on Linux



+

First we can use the apt search pkgname command to look for available packages:

+

+nihilist@mainpc:~$ apt search firefox-esr
+Sorting... Done
+Full Text Search... Done
+
+firefox-esr/stable-security,now 115.12.0esr-1~deb12u1 amd64
+  Mozilla Firefox web browser - Extended Support Release (ESR)
+	
+
+ +

Here we see that the firefox package is available, so let's install it with the apt install pgkname command:

+

+nihilist@mainpc:~$ sudo apt install firefox-esr -y
+Reading package lists... Done
+Building dependency tree... Done
+Reading state information... Done
+firefox-esr is already the newest version (115.12.0esr-1~deb12u1).
+	
+
+ +

And then you can launch it:

+

+nihilist@mainpc:~$ which firefox
+/usr/bin/firefox
+nihilist@mainpc:~$ firefox
+
+
+ +

and if you want to remove the package you can use the command apt purge firefox-esr

+

Next, Bob can setup an open-source hypervisor on his linux laptop to properly segment his internet usage.

+ +
+
+
+
+ + + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/mail/0.png b/servers/mail/0.png new file mode 100644 index 0000000..169bfae Binary files /dev/null and b/servers/mail/0.png differ diff --git a/servers/mail/1.png b/servers/mail/1.png new file mode 100644 index 0000000..1f63d70 Binary files /dev/null and b/servers/mail/1.png differ diff --git a/servers/mail/10.png b/servers/mail/10.png new file mode 100644 index 0000000..85c24c3 Binary files /dev/null and b/servers/mail/10.png differ diff --git a/servers/mail/11.png b/servers/mail/11.png new file mode 100644 index 0000000..bbcdbc7 Binary files /dev/null and b/servers/mail/11.png differ diff --git a/servers/mail/12.png b/servers/mail/12.png new file mode 100644 index 0000000..3a2e68e Binary files /dev/null and b/servers/mail/12.png differ diff --git a/servers/mail/13.png b/servers/mail/13.png new file mode 100644 index 0000000..8d86107 Binary files /dev/null and b/servers/mail/13.png differ diff --git a/servers/mail/14png.png b/servers/mail/14png.png new file mode 100644 index 0000000..d0260b7 Binary files /dev/null and b/servers/mail/14png.png differ diff --git a/servers/mail/15.png b/servers/mail/15.png new file mode 100644 index 0000000..1064f76 Binary files /dev/null and b/servers/mail/15.png differ diff --git a/servers/mail/16.png b/servers/mail/16.png new file mode 100644 index 0000000..8b90c5c Binary files /dev/null and b/servers/mail/16.png differ diff --git a/servers/mail/17.png b/servers/mail/17.png new file mode 100644 index 0000000..3421972 Binary files /dev/null and b/servers/mail/17.png differ diff --git a/servers/mail/18.png b/servers/mail/18.png new file mode 100644 index 0000000..f8d8452 Binary files /dev/null and b/servers/mail/18.png differ diff --git a/servers/mail/19.png b/servers/mail/19.png new file mode 100644 index 0000000..089a61a Binary files /dev/null and b/servers/mail/19.png differ diff --git a/servers/mail/2.png b/servers/mail/2.png new file mode 100644 index 0000000..1db4497 Binary files /dev/null and b/servers/mail/2.png differ diff --git a/servers/mail/20.png b/servers/mail/20.png new file mode 100644 index 0000000..7051985 Binary files /dev/null and b/servers/mail/20.png differ diff --git a/servers/mail/21.png b/servers/mail/21.png new file mode 100644 index 0000000..23a1c55 Binary files /dev/null and b/servers/mail/21.png differ diff --git a/servers/mail/3.png b/servers/mail/3.png new file mode 100644 index 0000000..35a3e50 Binary files /dev/null and b/servers/mail/3.png differ diff --git a/servers/mail/4.png b/servers/mail/4.png new file mode 100644 index 0000000..b3a9d47 Binary files /dev/null and b/servers/mail/4.png differ diff --git a/servers/mail/5.png b/servers/mail/5.png new file mode 100644 index 0000000..1f5977a Binary files /dev/null and b/servers/mail/5.png differ diff --git a/servers/mail/6.png b/servers/mail/6.png new file mode 100644 index 0000000..00f5c20 Binary files /dev/null and b/servers/mail/6.png differ diff --git a/servers/mail/7.png b/servers/mail/7.png new file mode 100644 index 0000000..ad2d732 Binary files /dev/null and b/servers/mail/7.png differ diff --git a/servers/mail/8.png b/servers/mail/8.png new file mode 100644 index 0000000..c2f752e Binary files /dev/null and b/servers/mail/8.png differ diff --git a/servers/mail/9.png b/servers/mail/9.png new file mode 100644 index 0000000..0631d57 Binary files /dev/null and b/servers/mail/9.png differ diff --git a/servers/mail/index.html b/servers/mail/index.html new file mode 100644 index 0000000..1729351 --- /dev/null +++ b/servers/mail/index.html @@ -0,0 +1,258 @@ + + + + + + + + + + + VPS Mailserver + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist - 00 / 00 / 00

+

VPS Mailserver

+

Before we start, you will need a Debian 10+ VPS (you can get one on digitalocean for example), if you prefer to use your own self hosted server, make sure that port 80, 443, 587 and 993 are correctly port forwarded so that the public ip points to the server and not the router. Once that's done, go and ssh into your debian 10 server.

+

You cannot use DuckDNS for this one because you will need to add specific DNS records, most importantly the MX and DKIM records which are crucial for this tutorial. + Therefore go get an actual paid domain name, i got mine on Infomaniak :

+ +

So let's add a subdomain to point at our mail server, to do so you need to go to the DNS Zone settings to add a few entries starting with the MX record:

+ +

Here make sure you do not forget the trailing dot (.) at the end of the Target. Next you want to setup that mail subdomain aswell, and to do so you will do + add a CNAME record, that is if your mail server is the SAME as your main server (mail.domain.com == domain.com): +

+ +

In the other case where your mailserver is NOT the same as the main server (mail.domain.com != domain.com) you will need an A record which is going to tell + Which IP to goto in order to reach that mail server: +

+ +

In this case we're going to make it point to our DigitalOcean VPS as usual and once it's done we can simply ssh into it:

+

EDIT: DIGITALOCEAN IS BLOCKING PORT 25 (SMTP) i have to redo this tutorial on another VPS.

+ + + + + + + +

+[ 192.168.100.1/24 ] [ /dev/pts/8 ] [~]
+→ ssh root@mail.void.yt
+The authenticity of host 'mail.void.yt (161.35.41.22)' can't be established.
+ECDSA key fingerprint is SHA256:AMDSjSs4f3CDvivmjFRjGDjmuz079vsS/A+9hdYi9a0.
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added 'mail.void.yt,161.35.41.22' (ECDSA) to the list of known hosts.
+Linux debian-s-1vcpu-1gb-lon1-01 4.19.0-10-cloud-amd64 #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64
+
+The programs included with the Debian GNU/Linux system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+permitted by applicable law.
+root@debian-s-1vcpu-1gb-lon1-01:~#
+
+
+ +
+
+
+
+ + +
+
+
+
+

Initial Configuration

+

Once you've logged in via SSH, install the following dependencies:

+

+apt install nginx socat curl -y
+
+
+

Once that's done, download the nginx config and edit it:

+

+wget https://blog.nihilism.network/servers/mail/mail.conf -O /etc/nginx/sites-available/mail.conf
+nano /etc/nginx/sites-available/mail.conf
+
+

Make sure you put your own domain name in there:

+ +

Next we're going to get our free TLS certificate by using acme.sh:

+

+wget -O -  https://get.acme.sh | sh
+source ~/.bashrc
+
+systemctl stop nginx 
+acme.sh --issue --standalone -d mail.void.yt -k 4096
+
+ +

Once you're done, hit CTRL+S to save, and CTRL+X to exit nano.

+

+ln -s /etc/nginx/sites-available/mail.conf /etc/nginx/sites-enabled/mail.conf
+nginx -t
+systemctl start nginx
+
+
+

Once you're here, nginx should tell you the configuration is successful, if not, make sure you followed the syntax of the original file. Next we're going to see that our configuration works by browsing to it:

+ +

Here the 404 error is intended, you also see that the website redirects to https (tls 1.3). Now from here we'll simply need to use Luke Smith's script:

+ + +
+
+
+
+ +
+
+
+
+

The Script



+

+

+cd ~
+wget https://raw.githubusercontent.com/LukeSmithxyz/emailwiz/master/emailwiz.sh
+chmod +x emailwiz.sh
+sh emailwiz.sh
+
+
+

When postfix asks you something, hit "internet site":

+ +

Next postfix is going to ask you the FQDN, make sure you type the domain name, NOT the subdomain:

+ +

Then hit enter, and wait for the script to install postfix and dovecot. + Luke intended this script to be run and to configure postfix and dovecot together. The main feature here is that once you create an user + added to the mail group, it's going make them able to recieve and send mail. + +

+ + +

Once the script finished running, we need to go back to our DNS settings to configure DKIM:

+ +

First things first we add the following TXT record:

+ + +

If it doesnt work try out the DKIM option and hit save:

+ + +

Next we're going to add DMARC:

+ + + +

And lastly the @ TXT record:

+ + + +

Once that's done, save your DNS settings, Create the user ON THE SERVER, and install thunderbird locally:

+

+useradd -m -G mail -s /bin/bash someone
+passwd someone
+
+
+ +

Then run thunderbird with the user's credentials, make sure you use the manual config tab:

+ +

And welcome to DigitalOcean, where you can't run mail servers lol. I did some research on DO's forums, and i found out that basically + they are blocking port 25 (SMTP) which, in general indicates that they do not allow any mail hosting on their VPS, so for once i am not going to recommend DO +

+ +

TLDR i am incredibly suprised at how difficult it is to setup your own email server. In france, most ISPs simply do not allow port 25 apart from OVH. + Online, both DigitalOcean and Vultr block port 25 to avoid mail spam which makes me wonder where exactly do you even host your mail server. +If anyone knows a particular hosting service that ALLOWS port 25 and other mail-specific ports (993 587 etc) please let me know.

+ + + +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/mail/mail.conf b/servers/mail/mail.conf new file mode 100644 index 0000000..94bb2aa --- /dev/null +++ b/servers/mail/mail.conf @@ -0,0 +1,41 @@ +server { + listen 80; + listen [::]:80; + server_name mail.void.yt; + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name mail.void.yt; + + ssl_certificate /root/.acme.sh/mail.void.yt/fullchain.cer; + ssl_trusted_certificate /root/.acme.sh/mail.void.yt/mail.void.yt.cer; + ssl_certificate_key /root/.acme.sh/mail.void.yt/mail.void.yt.key; + + ssl_protocols TLSv1.3 TLSv1.2; + ssl_ciphers 'TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + ssl_session_tickets off; + ssl_ecdh_curve auto; + ssl_stapling on; + ssl_stapling_verify on; + resolver 80.67.188.188 80.67.169.40 valid=300s; + resolver_timeout 10s; + + add_header X-XSS-Protection "1; mode=block"; #Cross-site scripting + add_header X-Frame-Options "SAMEORIGIN" always; #clickjacking + add_header X-Content-Type-Options nosniff; #MIME-type sniffing + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; + + location / { + try_files $uri $uri/ = 404; + } + + root /var/www/mail; + index index.html; + +} diff --git a/servers/mailinabox/0.png b/servers/mailinabox/0.png new file mode 100644 index 0000000..89777f5 Binary files /dev/null and b/servers/mailinabox/0.png differ diff --git a/servers/mailinabox/1.png b/servers/mailinabox/1.png new file mode 100644 index 0000000..2b7deca Binary files /dev/null and b/servers/mailinabox/1.png differ diff --git a/servers/mailinabox/10.png b/servers/mailinabox/10.png new file mode 100644 index 0000000..69466ec Binary files /dev/null and b/servers/mailinabox/10.png differ diff --git a/servers/mailinabox/11.png b/servers/mailinabox/11.png new file mode 100644 index 0000000..1b0c01d Binary files /dev/null and b/servers/mailinabox/11.png differ diff --git a/servers/mailinabox/12.png b/servers/mailinabox/12.png new file mode 100644 index 0000000..41177f7 Binary files /dev/null and b/servers/mailinabox/12.png differ diff --git a/servers/mailinabox/13.png b/servers/mailinabox/13.png new file mode 100644 index 0000000..4c8afa7 Binary files /dev/null and b/servers/mailinabox/13.png differ diff --git a/servers/mailinabox/14.png b/servers/mailinabox/14.png new file mode 100644 index 0000000..ae6cf08 Binary files /dev/null and b/servers/mailinabox/14.png differ diff --git a/servers/mailinabox/15.png b/servers/mailinabox/15.png new file mode 100644 index 0000000..c21be7b Binary files /dev/null and b/servers/mailinabox/15.png differ diff --git a/servers/mailinabox/16.png b/servers/mailinabox/16.png new file mode 100644 index 0000000..8145268 Binary files /dev/null and b/servers/mailinabox/16.png differ diff --git a/servers/mailinabox/17.png b/servers/mailinabox/17.png new file mode 100644 index 0000000..07ac932 Binary files /dev/null and b/servers/mailinabox/17.png differ diff --git a/servers/mailinabox/18.png b/servers/mailinabox/18.png new file mode 100644 index 0000000..6ef3f36 Binary files /dev/null and b/servers/mailinabox/18.png differ diff --git a/servers/mailinabox/19.png b/servers/mailinabox/19.png new file mode 100644 index 0000000..ba978e4 Binary files /dev/null and b/servers/mailinabox/19.png differ diff --git a/servers/mailinabox/2.png b/servers/mailinabox/2.png new file mode 100644 index 0000000..460a7d8 Binary files /dev/null and b/servers/mailinabox/2.png differ diff --git a/servers/mailinabox/20.png b/servers/mailinabox/20.png new file mode 100644 index 0000000..24582ee Binary files /dev/null and b/servers/mailinabox/20.png differ diff --git a/servers/mailinabox/21.png b/servers/mailinabox/21.png new file mode 100644 index 0000000..10897ee Binary files /dev/null and b/servers/mailinabox/21.png differ diff --git a/servers/mailinabox/22.png b/servers/mailinabox/22.png new file mode 100644 index 0000000..eca528e Binary files /dev/null and b/servers/mailinabox/22.png differ diff --git a/servers/mailinabox/23.png b/servers/mailinabox/23.png new file mode 100644 index 0000000..6b04cf2 Binary files /dev/null and b/servers/mailinabox/23.png differ diff --git a/servers/mailinabox/3.png b/servers/mailinabox/3.png new file mode 100644 index 0000000..c9c7dd2 Binary files /dev/null and b/servers/mailinabox/3.png differ diff --git a/servers/mailinabox/4.png b/servers/mailinabox/4.png new file mode 100644 index 0000000..899fcbd Binary files /dev/null and b/servers/mailinabox/4.png differ diff --git a/servers/mailinabox/5.png b/servers/mailinabox/5.png new file mode 100644 index 0000000..e83f173 Binary files /dev/null and b/servers/mailinabox/5.png differ diff --git a/servers/mailinabox/6.png b/servers/mailinabox/6.png new file mode 100644 index 0000000..6ba38ef Binary files /dev/null and b/servers/mailinabox/6.png differ diff --git a/servers/mailinabox/7.png b/servers/mailinabox/7.png new file mode 100644 index 0000000..e505e65 Binary files /dev/null and b/servers/mailinabox/7.png differ diff --git a/servers/mailinabox/8.png b/servers/mailinabox/8.png new file mode 100644 index 0000000..c3301a2 Binary files /dev/null and b/servers/mailinabox/8.png differ diff --git a/servers/mailinabox/9.png b/servers/mailinabox/9.png new file mode 100644 index 0000000..028a6af Binary files /dev/null and b/servers/mailinabox/9.png differ diff --git a/servers/mailinabox/index.html b/servers/mailinabox/index.html new file mode 100644 index 0000000..6b83fc1 --- /dev/null +++ b/servers/mailinabox/index.html @@ -0,0 +1,158 @@ + + + + + + + + + + + mailinabox Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nothing@nowhere - 2021-08-17

+

mailinabox Setup

+ +

In this tutorial we're going to cover how to setup mailinabox on an ubuntu 18.04 VPS:

+

yes i was lazy to add comments in this tutorial, it's very straightforward as you'll see:

+ +
+
+
+
+ + +
+
+
+
+

Initial Setup

+

+

+root@mail:~# curl -s https://mailinabox.email/setup.sh | sudo bash
+	
+
+ + + + + + + + + +

Out of the box you will need to fix things on your mailbox, so let's do them one by one:

+

+root@mail:~# vim /etc/ssh/sshd_config
+root@mail:~# cat /etc/ssh/sshd_config | grep 'PasswordAuthentication'
+PasswordAuthentication no
+root@mail:~# systemctl restart sshd
+root@mail:~# reboot now
+	
+
+ + + + + + + + + + +

Now that's done, most of the DNS related issues should be dealt with (give it a few hours once you made the modifications because DNS can be slow to update records) After a few hours we check again:

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/mailprivate/0.png b/servers/mailprivate/0.png new file mode 100644 index 0000000..04f825d Binary files /dev/null and b/servers/mailprivate/0.png differ diff --git a/servers/mailprivate/1.png b/servers/mailprivate/1.png new file mode 100644 index 0000000..4cb03b7 Binary files /dev/null and b/servers/mailprivate/1.png differ diff --git a/servers/mailprivate/10.png b/servers/mailprivate/10.png new file mode 100644 index 0000000..941285f Binary files /dev/null and b/servers/mailprivate/10.png differ diff --git a/servers/mailprivate/11.png b/servers/mailprivate/11.png new file mode 100644 index 0000000..393691e Binary files /dev/null and b/servers/mailprivate/11.png differ diff --git a/servers/mailprivate/12.png b/servers/mailprivate/12.png new file mode 100644 index 0000000..e841966 Binary files /dev/null and b/servers/mailprivate/12.png differ diff --git a/servers/mailprivate/13.png b/servers/mailprivate/13.png new file mode 100644 index 0000000..32d63cd Binary files /dev/null and b/servers/mailprivate/13.png differ diff --git a/servers/mailprivate/14.png b/servers/mailprivate/14.png new file mode 100644 index 0000000..d58fa57 Binary files /dev/null and b/servers/mailprivate/14.png differ diff --git a/servers/mailprivate/15.png b/servers/mailprivate/15.png new file mode 100644 index 0000000..34100cd Binary files /dev/null and b/servers/mailprivate/15.png differ diff --git a/servers/mailprivate/16.png b/servers/mailprivate/16.png new file mode 100644 index 0000000..58bfd9b Binary files /dev/null and b/servers/mailprivate/16.png differ diff --git a/servers/mailprivate/17.png b/servers/mailprivate/17.png new file mode 100644 index 0000000..4325b68 Binary files /dev/null and b/servers/mailprivate/17.png differ diff --git a/servers/mailprivate/18.png b/servers/mailprivate/18.png new file mode 100644 index 0000000..086cc18 Binary files /dev/null and b/servers/mailprivate/18.png differ diff --git a/servers/mailprivate/19.png b/servers/mailprivate/19.png new file mode 100644 index 0000000..6ec04bd Binary files /dev/null and b/servers/mailprivate/19.png differ diff --git a/servers/mailprivate/2.png b/servers/mailprivate/2.png new file mode 100644 index 0000000..a665fac Binary files /dev/null and b/servers/mailprivate/2.png differ diff --git a/servers/mailprivate/20.png b/servers/mailprivate/20.png new file mode 100644 index 0000000..9820098 Binary files /dev/null and b/servers/mailprivate/20.png differ diff --git a/servers/mailprivate/3.png b/servers/mailprivate/3.png new file mode 100644 index 0000000..7914148 Binary files /dev/null and b/servers/mailprivate/3.png differ diff --git a/servers/mailprivate/30.png b/servers/mailprivate/30.png new file mode 100644 index 0000000..ce2b70c Binary files /dev/null and b/servers/mailprivate/30.png differ diff --git a/servers/mailprivate/31.png b/servers/mailprivate/31.png new file mode 100644 index 0000000..35de177 Binary files /dev/null and b/servers/mailprivate/31.png differ diff --git a/servers/mailprivate/32.png b/servers/mailprivate/32.png new file mode 100644 index 0000000..ad32342 Binary files /dev/null and b/servers/mailprivate/32.png differ diff --git a/servers/mailprivate/33.png b/servers/mailprivate/33.png new file mode 100644 index 0000000..83bcbe2 Binary files /dev/null and b/servers/mailprivate/33.png differ diff --git a/servers/mailprivate/34.png b/servers/mailprivate/34.png new file mode 100644 index 0000000..2758f8f Binary files /dev/null and b/servers/mailprivate/34.png differ diff --git a/servers/mailprivate/35.png b/servers/mailprivate/35.png new file mode 100644 index 0000000..a0a2187 Binary files /dev/null and b/servers/mailprivate/35.png differ diff --git a/servers/mailprivate/36.png b/servers/mailprivate/36.png new file mode 100644 index 0000000..3a3c5df Binary files /dev/null and b/servers/mailprivate/36.png differ diff --git a/servers/mailprivate/37.png b/servers/mailprivate/37.png new file mode 100644 index 0000000..738b6fb Binary files /dev/null and b/servers/mailprivate/37.png differ diff --git a/servers/mailprivate/38.png b/servers/mailprivate/38.png new file mode 100644 index 0000000..3b0f9d4 Binary files /dev/null and b/servers/mailprivate/38.png differ diff --git a/servers/mailprivate/39.png b/servers/mailprivate/39.png new file mode 100644 index 0000000..1ac7a23 Binary files /dev/null and b/servers/mailprivate/39.png differ diff --git a/servers/mailprivate/4.png b/servers/mailprivate/4.png new file mode 100644 index 0000000..3f65c6a Binary files /dev/null and b/servers/mailprivate/4.png differ diff --git a/servers/mailprivate/40.png b/servers/mailprivate/40.png new file mode 100644 index 0000000..8bc67b6 Binary files /dev/null and b/servers/mailprivate/40.png differ diff --git a/servers/mailprivate/41.png b/servers/mailprivate/41.png new file mode 100644 index 0000000..1b88aaa Binary files /dev/null and b/servers/mailprivate/41.png differ diff --git a/servers/mailprivate/42.png b/servers/mailprivate/42.png new file mode 100644 index 0000000..6eb5e1d Binary files /dev/null and b/servers/mailprivate/42.png differ diff --git a/servers/mailprivate/5.png b/servers/mailprivate/5.png new file mode 100644 index 0000000..13209d6 Binary files /dev/null and b/servers/mailprivate/5.png differ diff --git a/servers/mailprivate/6.png b/servers/mailprivate/6.png new file mode 100644 index 0000000..dbf869e Binary files /dev/null and b/servers/mailprivate/6.png differ diff --git a/servers/mailprivate/7.png b/servers/mailprivate/7.png new file mode 100644 index 0000000..0ddf59c Binary files /dev/null and b/servers/mailprivate/7.png differ diff --git a/servers/mailprivate/8.png b/servers/mailprivate/8.png new file mode 100644 index 0000000..bb09c45 Binary files /dev/null and b/servers/mailprivate/8.png differ diff --git a/servers/mailprivate/9.png b/servers/mailprivate/9.png new file mode 100644 index 0000000..7bf93c3 Binary files /dev/null and b/servers/mailprivate/9.png differ diff --git a/servers/mailprivate/index.html b/servers/mailprivate/index.html new file mode 100644 index 0000000..baa87bb --- /dev/null +++ b/servers/mailprivate/index.html @@ -0,0 +1,942 @@ + + + + + + + + + + + Anonymous self-hosted clearnet mail server Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist - 19 / 05 / 2022

+

Anonymous self-hosted clearnet mail server Setup

+ +

In this tutorial we will setup a local mail server (to be able to keep control of our data), we will make it available publicly (so that it can communicate with other mail servers), but we'll make it go through TOR to guarantee Anonymity.

+

Note that this setup involves self-hosting, which I do not recommend if the service is supposed to be sensitive. If this is an issue for you, just install it on a non-KYC remote VPS and skip the port-forwarding part if you don't want to host it at your house.

+ + +
+
+
+
+ + +
+
+
+
+

Initial VPN over Tor Setup

+

First let's make it use an external VPS as a VPN server (make sure that you get it from a non-KYC cloud provider, where you create your account with an email that you also registered through TOR.), see this tutorial i made for the full reasoning.

+

+root@mail:~# apt update -y ; apt upgrade -y ; apt autoremove -y ; apt install vim tor obfs4proxy -y
+	
+
+ +

Then we need to have the systemd services:

+

+root@mail:~# vim /etc/systemd/system/tortables.service                                                                                                                                                                                      
+root@mail:~# vim /etc/systemd/system/torwatch.service
+root@mail:~# vim /etc/systemd/system/vpn.service                                                                                                                                                                                            
+root@mail:~# vim /etc/systemd/system/sshtunnel.service
+	
+
+

The tortables systemd service will run iptables to make sure our server only communicates locally:

+

+root@mail:~# cat /etc/systemd/system/tortables.service
+[Unit]
+Description=Tor IP Tables
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+ExecStart=/root/iptables_vpn_tor.sh
+
+[Install]
+WantedBy=multi-user.target
+	
+root@mail:~# vim iptables_vpn_tor.sh
+root@mail:~# cat iptables_vpn_tor.sh
+#!/bin/bash
+
+
+#default private networks
+sudo iptables -F
+
+sudo iptables -A INPUT -m iprange --src-range 192.168.0.0-192.168.255.255 -j ACCEPT
+sudo iptables -A INPUT -m iprange --src-range 172.16.0.0-172.31.255.255 -j ACCEPT
+sudo iptables -A INPUT -m iprange --src-range 10.0.0.0-10.255.255.255 -j ACCEPT
+sudo iptables -A INPUT -m iprange --src-range 127.0.0.0-127.255.255.255 -j ACCEPT
+
+sudo iptables -A OUTPUT -m iprange --dst-range 192.168.0.0-192.168.255.255 -j ACCEPT
+sudo iptables -A OUTPUT -m iprange --dst-range 172.16.0.0-172.31.255.255 -j ACCEPT
+sudo iptables -A OUTPUT -m iprange --dst-range 10.0.0.0-10.255.255.255 -j ACCEPT
+sudo iptables -A OUTPUT -m iprange --dst-range 127.0.0.0-127.255.255.255 -j ACCEPT
+
+#ip range of tor VPN:
+
+sudo iptables -A OUTPUT -o tun0 -j ACCEPT
+sudo iptables -A INPUT -i tun0 -j ACCEPT
+
+sudo iptables -A INPUT -j DROP
+sudo iptables -A OUTPUT -j DROP
+
+
+

The torwatch systemd service will make sure the tor connection is still up:

+

+root@mail:~# cat /etc/systemd/system/torwatch.service
+[Unit]
+Description=torwatcher
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+ExecStart=/root/monitor_tor.sh
+ExecStop=kill -9 $(pidof /root/monitor_tor.sh)
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+root@mail:~# vim monitor_tor.sh
+root@mail:~# cat monitor_tor.sh
+#!/bin/bash
+
+counter=0
+while true; do
+        echo TESTING
+        timeout 10 ping -c1 10.8.0.1 &>/dev/null
+        if [ $? -eq 0 ]; then
+                echo OK;
+                sleep 3
+        else
+                if [ $counter -gt 0 ];
+                then
+                        echo 'RESTARTING TOR...'
+                        systemctl restart tor@default
+                        counter=0
+                        sleep 10
+                else
+                        counter=$((counter+1))
+                        echo "FAIL ( $counter / 2)";
+                        sleep 3
+                fi
+        fi
+done
+	
+
+

But as you can see it checks it by pinging 10.8.0.1, the OpenVPN server IP, meaning we need the vpn systemd service:

+

+root@mail:~# cat /etc/systemd/system/vpn.service
+[Unit]
+Description=VPN
+After=network-online.target
+Wants=network-online.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/openvpn /root/mail.ovpn
+ExecStop=kill -9 $(pidof openvpn)
+Restart=always
+
+root@mail:~# apt install openvpn -y
+	
+
+

Then we get the .ovpn file and modify it (if you want to see how to make a openvpn server, see it here) the only requirement here is that you will need to setup the openvpn server to work on TCP, and not UDP as it is set by default. Why? because it will need to go through tor:

+

+root@mail:~# vim mail.ovpn
+root@mail:~# cat mail.ovpn
+client
+proto tcp-client
+remote x.x.x.x 1194
+dev tun
+resolv-retry infinite
+nobind
+persist-key
+persist-tun
+remote-cert-tls server
+verify-x509-name server_6SQ8FnOk0eJa3n0F name
+auth SHA256
+auth-nocache
+cipher AES-128-GCM
+tls-client
+tls-version-min 1.2
+tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
+ignore-unknown-option block-outside-dns
+setenv opt block-outside-dns # Prevent Windows 10 DNS leak
+verb 3
+
+### TOR SETTINGS ###
+socks-proxy 127.0.0.1 9050
+socks-proxy-retry
+up-delay
+route 10.0.0.195 255.255.255.255 net_gateway
+###################
+
+
+

This will essentially force the openvpn connection to go through TOR, then we also edit our /etc/tor/torrc file, note that i intentionally route the traffic through a local bridge node, if you want to know how to set it up, please check this tutorial:

+

+root@mail-nihilism:~# cat /etc/tor/torrc
+UseBridges 1
+ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
+Bridge obfs4 10.0.1.195:8042 6E9324EC8317DE331DE1EA7969BD868136785748 cert=tyhAPcDxgIcuqcUXXxtkYVPKrWMH7bYf7RJcLa8d+oGbQjoYSK10g4Pz7a/dbJkMXLVvAA iat-mode=0
+DataDirectory /var/lib/tor
+TransPort 9040
+SocksPort 9050
+DNSPort 53
+User debian-tor
+	
+root@mail:~# systemctl stop tor
+root@mail:~# tor
+May 15 12:00:17.068 [notice] Tor 0.3.5.16 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
+May 15 12:00:17.068 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
+May 15 12:00:17.068 [notice] Read configuration file "/etc/tor/torrc".
+May 15 12:00:17.076 [notice] Opening Socks listener on 127.0.0.1:9050
+May 15 12:00:17.076 [notice] Opened Socks listener on 127.0.0.1:9050
+May 15 12:00:17.076 [notice] Opening DNS listener on 127.0.0.1:53
+May 15 12:00:17.076 [notice] Opened DNS listener on 127.0.0.1:53
+May 15 12:00:17.076 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
+May 15 12:00:17.076 [notice] Opened Transparent pf/netfilter listener on 127.0.0.1:9040
+May 15 12:00:17.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
+May 15 12:00:17.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
+May 15 12:00:17.000 [notice] Bootstrapped 0%: Starting
+May 15 12:00:18.000 [notice] Starting with guard context "bridges"
+May 15 12:00:18.000 [notice] new bridge descriptor 'voidyt' (cached): $2E73653A148DFFF3CA28D53F0C366936FE554335~voidyt at 10.0.0.195
+May 15 12:00:18.000 [notice] Delaying directory fetches: Pluggable transport proxies still configuring
+May 15 12:00:19.000 [notice] Bootstrapped 5%: Connecting to directory server
+May 15 12:00:19.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
+May 15 12:00:19.000 [notice] Bootstrapped 80%: Connecting to the Tor network
+May 15 12:00:19.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
+May 15 12:00:19.000 [notice] Bootstrapped 100%: Done
+
+root@mail-nihilism:~# systemctl restart tor@default.service
+root@mail-nihilism:~# systemctl status tor@default.service
+● tor@default.service - Anonymizing overlay network for TCP
+     Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; vendor preset: enabled)
+     Active: active (running) since Thu 2022-12-08 12:14:21 CST; 29s ago
+    Process: 3515 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor (code=exited, status=0/SUCCESS)
+    Process: 3516 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config (code=exited, status=0/SUCCESS)
+   Main PID: 3517 (tor)
+      Tasks: 8 (limit: 4673)
+     Memory: 25.7M
+        CPU: 1.180s
+     CGroup: /system.slice/system-tor.slice/tor@default.service
+             ├─3517 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0
+             └─3518 /usr/bin/obfs4proxy
+
+Dec 08 12:14:22 mail-nihilism Tor[3517]: Bootstrapped 1% (conn_pt): Connecting to pluggable transport
+Dec 08 12:14:23 mail-nihilism Tor[3517]: Opening Control listener on /run/tor/control
+Dec 08 12:14:23 mail-nihilism Tor[3517]: Opened Control listener connection (ready) on /run/tor/control
+Dec 08 12:14:23 mail-nihilism Tor[3517]: Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
+Dec 08 12:14:23 mail-nihilism Tor[3517]: Bootstrapped 10% (conn_done): Connected to a relay
+Dec 08 12:14:23 mail-nihilism Tor[3517]: Bootstrapped 14% (handshake): Handshaking with a relay
+Dec 08 12:14:23 mail-nihilism Tor[3517]: Bootstrapped 15% (handshake_done): Handshake with a relay done
+Dec 08 12:14:23 mail-nihilism Tor[3517]: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
+Dec 08 12:14:23 mail-nihilism Tor[3517]: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
+Dec 08 12:14:23 mail-nihilism Tor[3517]: Bootstrapped 100% (done): Done
+
+
+

Now that tor has been setup to use the local TOR relay, we apply iptable rules:

+

+root@mail:~# ls
+iptables_vpn_tor.sh  mail.ovpn  monitor_tor.sh
+root@mail:~# chmod +x *.sh
+
+root@mail:~# systemctl daemon-reload
+root@mail-nihilism:~# systemctl enable --now tor@default.service tortables
+Synchronizing state of tor.service with SysV service script with /lib/systemd/systemd-sysv-install.
+Executing: /lib/systemd/systemd-sysv-install enable tor
+Created symlink /etc/systemd/system/multi-user.target.wants/tortables.service → /etc/systemd/system/tortables.service.
+root@mail:~# iptables -L
+
+Chain INPUT (policy ACCEPT)
+target     prot opt source               destination
+ACCEPT     all  --  anywhere             anywhere             source IP range 192.168.0.0-192.168.255.255
+ACCEPT     all  --  anywhere             anywhere             source IP range 172.16.0.0-172.31.255.255
+ACCEPT     all  --  anywhere             anywhere             source IP range 10.0.0.0-10.255.255.255
+ACCEPT     all  --  anywhere             anywhere             source IP range 127.0.0.0-127.255.255.255
+ACCEPT     all  --  anywhere             anywhere
+DROP       all  --  anywhere             anywhere
+
+Chain FORWARD (policy ACCEPT)
+target     prot opt source               destination
+
+Chain OUTPUT (policy ACCEPT)
+target     prot opt source               destination
+ACCEPT     all  --  anywhere             anywhere             destination IP range 192.168.0.0-192.168.255.255
+ACCEPT     all  --  anywhere             anywhere             destination IP range 172.16.0.0-172.31.255.255
+ACCEPT     all  --  anywhere             anywhere             destination IP range 10.0.0.0-10.255.255.255
+ACCEPT     all  --  anywhere             anywhere             destination IP range 127.0.0.0-127.255.255.255
+ACCEPT     all  --  anywhere             anywhere
+DROP       all  --  anywhere             anywhere
+	
+
+

And from there we can connect to the VPN server:

+

+root@mail:~# systemctl enable --now vpn torwatch
+Created symlink /etc/systemd/system/multi-user.target.wants/torwatch.service → /etc/systemd/system/torwatch.service.
+root@mail:~# systemctl status vpn torwatch
+
+root@mail:~# systemctl status vpn torwatch
+● vpn.service - VPN
+   Loaded: loaded (/etc/systemd/system/vpn.service; static; vendor preset: enabled)
+   Active: active (running) since Sun 2022-05-15 12:03:26 CEST; 18s ago
+ Main PID: 3144 (openvpn)
+    Tasks: 1 (limit: 2359)
+   Memory: 1.5M
+   CGroup: /system.slice/vpn.service
+           └─3144 /usr/sbin/openvpn /root/mail.ovpn
+
+May 15 12:03:28 mail openvpn[3144]: Sun May 15 12:03:28 2022 ROUTE_GATEWAY 10.0.0.1/255.255.0.0 IFACE=ens18 HWADDR=ee:b5:c9:3a:c3:fe
+May 15 12:03:28 mail openvpn[3144]: Sun May 15 12:03:28 2022 TUN/TAP device tun0 opened
+May 15 12:03:28 mail openvpn[3144]: Sun May 15 12:03:28 2022 TUN/TAP TX queue length set to 100
+May 15 12:03:28 mail openvpn[3144]: Sun May 15 12:03:28 2022 /sbin/ip link set dev tun0 up mtu 1500
+May 15 12:03:28 mail openvpn[3144]: Sun May 15 12:03:28 2022 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
+May 15 12:03:28 mail openvpn[3144]: Sun May 15 12:03:28 2022 /sbin/ip route add 127.0.0.1/32 via 10.0.0.1
+May 15 12:03:28 mail openvpn[3144]: Sun May 15 12:03:28 2022 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
+May 15 12:03:28 mail openvpn[3144]: Sun May 15 12:03:28 2022 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
+May 15 12:03:28 mail openvpn[3144]: Sun May 15 12:03:28 2022 /sbin/ip route add 10.0.0.195/32 dev ens18
+May 15 12:03:28 mail openvpn[3144]: Sun May 15 12:03:28 2022 Initialization Sequence Completed
+
+● torwatch.service - torwatcher
+   Loaded: loaded (/etc/systemd/system/torwatch.service; enabled; vendor preset: enabled)
+   Active: active (running) since Sun 2022-05-15 12:03:26 CEST; 18s ago
+ Main PID: 3145 (monitor_tor.sh)
+    Tasks: 2 (limit: 2359)
+   Memory: 1.1M
+   CGroup: /system.slice/torwatch.service
+           ├─3145 /bin/bash /root/monitor_tor.sh
+           └─3172 sleep 3
+
+May 15 12:03:26 mail systemd[1]: Started torwatcher.
+May 15 12:03:26 mail monitor_tor.sh[3145]: TESTING
+May 15 12:03:36 mail monitor_tor.sh[3145]: FAIL ( 1 / 2)
+May 15 12:03:39 mail monitor_tor.sh[3145]: TESTING
+May 15 12:03:39 mail monitor_tor.sh[3145]: OK
+May 15 12:03:42 mail monitor_tor.sh[3145]: TESTING
+May 15 12:03:42 mail monitor_tor.sh[3145]: OK
+	
+
+

And now our mail server uses the remote server as a VPN server, but only through TOR, meaning even if the VPS provider were to check the server logs, or the networking traffic, he would see that it all came from tor exit nodes, never from public ips.

+
+
+
+
+ +
+
+
+
+

Mail Server Setup



+

Then we setup the mail itself on the local mail VM which is now connected to the VPN:

+

+root@mail:~# apt update -y ; apt upgrade -y ; apt install vim tmux curl certbot python3-certbot-nginx nginx  -y
+	
+
+

Then we make sure that the ports are forwarded through the vpn connection:

+

+#on the VPN server we forward the ports to the local VM via iptables:
+
+root@mail-gw:~# cat iptables_forwardrules.sh
+#!/bin/bash
+iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 25 -j DNAT --to-destination 10.8.0.2:25
+iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 80 -j DNAT --to-destination 10.8.0.2:80
+iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 443 -j DNAT --to-destination 10.8.0.2:443
+iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 143 -j DNAT --to-destination 10.8.0.2:143
+iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 465 -j DNAT --to-destination 10.8.0.2:465
+iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 587 -j DNAT --to-destination 10.8.0.2:587
+iptables -A PREROUTING -t nat -i ens3 -p tcp -d 23.137.250.140 --dport 993 -j DNAT --to-destination 10.8.0.2:993
+
+root@mail:~# chmod +x iptables_forwardrules.sh
+root@mail:~# ./iptables_forwardrules.sh
+
+#from the VM we allow the packets to be forwarded to us:
+
+root@mail-nihilism:~# cat iptables_forwardrules.sh
+#!/bin/bash
+iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 25 -j ACCEPT
+iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 143 -j ACCEPT
+iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 465 -j ACCEPT
+iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 587 -j ACCEPT
+iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 993 -j ACCEPT
+iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 443 -j ACCEPT
+iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 80 -j ACCEPT
+
+root@mail-nihilism:~# chmod +x iptables_forwardrules.sh
+root@mail-nihilism:~# ./iptables_forwardrules.sh
+
+
+

Dont forget to allow ip forwarding on the vpn server:

+

+root@mail-gw:~# sysctl net.ipv4.conf.ens3.forwarding=1
+net.ipv4.conf.ens3.forwarding = 1
+root@mail-gw:~# sysctl net.ipv6.conf.ens3.forwarding=1
+net.ipv6.conf.ens3.forwarding = 1
+root@mail-gw:~# echo " net.ipv6.conf.ens3.forwarding=1" >>/etc/sysctl.conf
+root@mail-gw:~# echo " net.ipv4.conf.ens3.forwarding=1" >>/etc/sysctl.conf
+root@mail-gw:~# sysctl -p
+net.ipv6.conf.ens3.forwarding = 1
+net.ipv4.conf.ens3.forwarding = 1
+
+#for arch users, install libvirt:
+sudo pacman -S libvirt
+vim /etc/sysctl.d/30-ipforward.conf
+cat /etc/sysctl.d/30-ipforward.conf
+net.ipv4.ip_forward=1
+net.ipv6.conf.default.forwarding=1
+net.ipv6.conf.all.forwarding=1
+
+[ nihilism ] [ /dev/pts/1 ] [~]
+→ sysctl net.ipv4.ip_forward=1
+net.ipv4.ip_forward = 1
+
+
+

Then you make sure that your DNS records are set properly:

+ +

example of the record on a bind9 server:

+

+root@mail-gw:~# cat /var/cache/bind/db.nihilism.network 
+
+mail.nihilism.network.                  IN A       23.137.250.140
+
+
+ +

Then wait for it to propagate:

+

+root@mail-nihilism:~# curl ifconfig.me
+23.137.250.140root@mail-nihilism:~#
+root@mail-nihilism:~# curl ifconfig.me ; echo
+23.137.250.140
+root@mail-nihilism:~# ping mail.nihilism.network
+PING mail.nihilism.network (23.137.250.140) 56(84) bytes of data.
+64 bytes from 23.137.250.140 (23.137.250.140): icmp_seq=1 ttl=64 time=160 ms
+
+--- mail.nihilism.network ping statistics ---
+2 packets transmitted, 1 received, 50% packet loss, time 1001ms
+rtt min/avg/max/mdev = 160.031/160.031/160.031/0.000 ms
+root@mail-nihilism:~# ping nihilism.network
+PING nihilism.network (23.137.250.141) 56(84) bytes of data.
+64 bytes from 23.137.250.141 (23.137.250.141): icmp_seq=1 ttl=63 time=204 ms
+
+
+ +

Once that's done we prepare nginx on the local VM still:

+

+root@mail-nihilism:~# rm /etc/nginx/sites-*/default
+
+root@mail-nihilism:~# cat /etc/nginx/sites-available/mail.nihilism.network.conf
+server {
+        listen 80;
+        listen [::]:80;
+        root /var/www/mail;
+
+        index index.html;
+
+        server_name mail.nihilism.network;
+
+        location / {
+                try_files $uri $uri/ =404;
+        }
+}
+
+root@mail-nihilism:~# ln -s /etc/nginx/sites-available/mail.nihilism.network.conf /etc/nginx/sites-enabled/
+
+root@mail-nihilism:~# systemctl restart nginx
+root@mail-nihilism:~# systemctl status nginx
+● nginx.service - A high performance web server and a reverse proxy server
+     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
+     Active: active (running) since Thu 2022-12-08 13:18:14 CST; 19s ago
+       Docs: man:nginx(8)
+    Process: 5903 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
+    Process: 5904 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
+   Main PID: 5905 (nginx)
+      Tasks: 3 (limit: 4673)
+     Memory: 3.2M
+        CPU: 49ms
+     CGroup: /system.slice/nginx.service
+             ├─5905 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
+             ├─5906 nginx: worker process
+             └─5907 nginx: worker process
+
+Dec 08 13:18:14 mail-nihilism systemd[1]: Starting A high performance web server and a reverse proxy server...
+Dec 08 13:18:14 mail-nihilism systemd[1]: Started A high performance web server and a reverse proxy server.
+
+root@mail-nihilism:~# mkdir -p /var/www/mail/
+root@mail-nihilism:~# echo 'Nihilism Network' > /var/www/mail/index.html
+root@mail-nihilism:~# curl 127.0.0.1
+Nihilism Network
+root@mail-nihilism:~# ip a | grep inet
+    inet 127.0.0.1/8 scope host lo
+    inet6 ::1/128 scope host
+    inet 10.0.0.203/16 brd 10.0.255.255 scope global dynamic ens18
+    inet6 fe80::e4e7:41ff:fe70:e9a6/64 scope link
+    inet 10.8.0.2/24 scope global tun0
+    inet6 fe80::18b1:efc9:1ae0:d93f/64 scope link stable-privacy
+
+#from the vpn server:
+root@mail-gw:~# curl 10.8.0.2
+Nihilism Network
+
+
+

Now that's done we use certbot to get certificate from the local mail server:

+ +

+root@mail-nihilism:~# certbot --nginx
+Saving debug log to /var/log/letsencrypt/letsencrypt.log
+Plugins selected: Authenticator nginx, Installer nginx
+Enter email address (used for urgent renewal and security notices)
+ (Enter 'c' to cancel): nihilist@nihilism.network
+
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Please read the Terms of Service at
+https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
+agree in order to register with the ACME server. Do you agree?
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+(Y)es/(N)o: Y
+
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Would you be willing, once your first certificate is successfully issued, to
+share your email address with the Electronic Frontier Foundation, a founding
+partner of the Let's Encrypt project and the non-profit organization that
+develops Certbot? We'd like to send you email about our work encrypting the web,
+EFF news, campaigns, and ways to support digital freedom.
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+(Y)es/(N)o: N
+Account registered.
+
+Which names would you like to activate HTTPS for?
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+1: mail.nihilism.network
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Select the appropriate numbers separated by commas and/or spaces, or leave input
+blank to select all options shown (Enter 'c' to cancel):
+Requesting a certificate for mail.nihilism.network
+Performing the following challenges:
+http-01 challenge for mail.nihilism.network
+Waiting for verification...
+Cleaning up challenges
+Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/mail.nihilism.network.conf
+Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/mail.nihilism.network.conf
+
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Congratulations! You have successfully enabled https://mail.nihilism.network
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+IMPORTANT NOTES:
+ - Congratulations! Your certificate and chain have been saved at:
+   /etc/letsencrypt/live/mail.nihilism.network/fullchain.pem
+   Your key file has been saved at:
+   /etc/letsencrypt/live/mail.nihilism.network/privkey.pem
+   Your certificate will expire on 2023-03-08. To obtain a new or
+   tweaked version of this certificate in the future, simply run
+   certbot again with the "certonly" option. To non-interactively
+   renew *all* of your certificates, run "certbot renew"
+ - If you like Certbot, please consider supporting our work by:
+
+   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
+   Donating to EFF:                    https://eff.org/donate-le
+
+root@mail-nihilism:~# cat /etc/nginx/sites-available/mail.nihilism.network.conf
+server {
+        root /var/www/mail;
+
+        index index.html;
+
+        server_name mail.nihilism.network;
+
+        location / {
+                try_files $uri $uri/ =404;
+        }
+
+    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/mail.nihilism.network/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/mail.nihilism.network/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+
+server {
+    if ($host = mail.nihilism.network) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+        listen 80;
+        listen [::]:80;
+
+        server_name mail.nihilism.network;
+    return 404; # managed by Certbot
+
+
+ +

And that's it! Now we can proceed with creating the mail server locally:

+

+root@mail-nihilism:~# wget https://raw.githubusercontent.com/LukeSmithxyz/emailwiz/master/emailwiz.sh -O emailwiz.sh
+--2022-12-08 13:27:42--  https://raw.githubusercontent.com/LukeSmithxyz/emailwiz/master/emailwiz.sh
+Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.109.133, 185.199.110.133, 185.199.111.133, ...
+Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.109.133|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 13320 (13K) [text/plain]
+Saving to: ‘emailwiz.sh’
+
+emailwiz.sh                                                 100%[==========================================================================================================================================>]  13.01K  --.-KB/s    in 0.06s
+
+2022-12-08 13:27:44 (225 KB/s) - ‘emailwiz.sh’ saved [13320/13320]
+
+root@mail-nihilism:~# chmod +x emailwiz.sh
+root@mail-nihilism:~# sh emailwiz.sh
+	
+
+ +

(putting the TLD instead of mail.nihilism.network here is intentional)

+ +

if it complains with the error "Please point your domain (nihilism.network) to your server's ipv4 address, do the following:

+

+#add it into your /etc/hosts
+
+vim /etc/hosts
+cat /etc/hosts | grep nihilism.network
+23.137.250.140 nihilism.network
+
+#add it into your DNS zone too (ex in bind9 below):
+
+
+ +

Then we change edit the DNS records as described above:

+ + + + +

Here's how you can set it up on a bind9 DNS server:

+

+$TTL    604800
+@       IN      SOA     ns1.nihilism.network. nihilist.nihilism.network. (
+                 33     ; Serial
+             604800     ; Refresh
+              86400     ; Retry
+            2419200     ; Expire
+             604800 )   ; Negative Cache TTL
+;
+; name servers - NS records
+                3600     IN      NS      ns1.nihilism.network.
+                3600     IN      NS      ns2.nihilism.network.
+                3600     IN      A      23.137.250.141
+                3600     IN      AAAA      fe80::216:3eff:fe6c:c335
+
+; mail-gw services
+@                                       IN MX      0 mail.nihilism.network.
+nihilism.network.                       IN TXT     "v=spf1 mx a:mail.nihilism.network -all"
+mail.nihilism.network.                  IN A       23.137.250.140
+mail._domainkey.nihilism.network.       IN TXT     (
+                                                "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu94n6zyhzWLZZrgvRq5HrSAh29TRi"
+                                                "jw6AXzFoJeahRPoAnJ3njOfOgbCzxUsVNO1L2+NX2P5iZMkdiVtB7rE71wUutegAb0wCDY5k5RNLUlAThxdlou0ro37H"
+                                                "SWK5GRAcEFKm1iab63uTtAXtIvZDPLYMxZMIUq4osxYEgAXY4BCzFBCyfohvr+eGd/kPbfOC9f7jrBnFiOVllnB+yPQKe"
+                                                "XwPeVlPrw68muFiVg4vWfMMzayINQgC12d73hKVZIwD8T6V9Kznv0dPi929CDWns2alU2dZypVSHxWm3BZyb4SCobdrFNW"
+                                                "xfzb1dz7n6/ms5u0EVAKU9ufGOgS4A70oQIDAQAB")
+_dmarc.nihilism.network.                IN TXT     "v=DMARC1; p=reject; rua=mailto:dmarc@nihilism.network; fo=1"
+
+[...]
+
+

Please note that on average the DNS records need 1-2 days to propagate fully throughout the world. So be patient once you've made the changes. Also note the DKIM record is on multiple lines, that's because there is a length limit that bind9 has for some reason, so above is how i managed to get around that restriction.

+

Then we add our first user:

+

+root@mail-nihilism:~#  useradd -G mail -m nihilist
+useradd: user 'nihilist' already exists
+root@mail-nihilism:~# id nihilist
+uid=1000(nihilist) gid=1000(nihilist) groups=1000(nihilist),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev)
+root@mail-nihilism:~# passwd nihilist
+New password:
+Retype new password:
+passwd: password updated successfully
+
+root@mail:~# apt install nmap -y
+
+root@mail-nihilism:~# nmap 127.0.0.1
+Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-08 13:49 CST
+Nmap scan report for localhost (127.0.0.1)
+Host is up (0.000026s latency).
+Not shown: 989 closed ports
+PORT     STATE SERVICE
+22/tcp   open  ssh
+25/tcp   open  smtp
+80/tcp   open  http
+143/tcp  open  imap
+443/tcp  open  https
+465/tcp  open  smtps
+587/tcp  open  submission
+783/tcp  open  spamassassin
+993/tcp  open  imaps
+9040/tcp open  tor-trans
+9050/tcp open  tor-socks
+
+Nmap done: 1 IP address (1 host up) scanned in 0.27 seconds
+root@mail-nihilism:~# nmap 10.0.0.202
+Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-08 13:49 CST
+Nmap scan report for 10.0.0.202
+Host is up (0.000097s latency).
+Not shown: 992 closed ports
+PORT    STATE SERVICE
+22/tcp  open  ssh
+25/tcp  open  smtp
+80/tcp  open  http
+143/tcp open  imap
+443/tcp open  https
+465/tcp open  smtps
+587/tcp open  submission
+993/tcp open  imaps
+MAC Address: EE:B5:C9:3A:C3:FE (Unknown)
+
+
+

The ports we need are ready to be used locally, so let's login:

+

+[ 10.66.66.2/32 ] [ /dev/pts/38 ] [~]
+→ sudo pacman -S thunderbird
+
+[ 10.66.66.2/32 ] [ /dev/pts/38 ] [~]
+→ thunderbird
+	
+
+

Then test it on thunderbird:

+ + +

And that's it! We managed to connect! now we test if the mail works:

+ +

(You probably guessed it, i accessed protonmail via tor to make sure i don't leak any personal info) And sending a mail to the VPS gets properly routed through the openvpn connection which is being sent through tor.

+ +
+
+
+
+ +
+
+
+
+

Miscellaneous



+

If you want to use PGP encryption, you can manually do it in your terminal, please see this tutorial to know how to do it.

+

However there's a way to do it in thunderbird:

+ +

If you don't have one, you can click create a new OpenPGP key, but i have one so i'll just import it:

+

+[ 10.8.0.3/24 ] [ nowhere ] [~]
+→ gpg --output ~/.nihilist.privkey --export-secret-keys nihilist@nihilism.network
+
+
+ + + +

So from here you can copy your public key and paste it wherever you want, for example on your website, so that the users who want to message you will be able to encrypt their messages. Also add the following settings in thunderbird to automatically encrypt messages you wish to send out:

+ +

Now let's test it:

+ +

As you can see, by default you don't have the destination's PGP key, so for this first mail we won't encrypt it and see how it looks like on the receiver's end:

+ + +

Now we see that the receiver got the unencrypted message, with our PGP signature as an attachement. The recipient can now save it, and use it to encrypt his messages with us.

+

+[ 10.8.0.3/24 ] [ nowhere ] [~]
+→ gpg --gen-key
+gpg (GnuPG) 2.2.40; Copyright (C) 2022 g10 Code GmbH
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: nothing
+Email address: nothing@void.yt
+You selected this USER-ID:
+    "nothing <nothing@void.yt>"
+
+Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+We need to generate a lot of random bytes. It is a good idea to perform
+some other action (type on the keyboard, move the mouse, utilize the
+disks) during the prime generation; this gives the random number
+generator a better chance to gain enough entropy.
+gpg: revocation certificate stored as '/home/nothing/.gnupg/openpgp-revocs.d/95FC37D748FA891A9C33B821CF39FCDC8049F9FE.rev'
+public and secret key created and signed.
+
+pub   rsa3072 2022-12-10 [SC] [expires: 2024-12-09]
+      95FC37D748FA891A9C33B821CF39FCDC8049F9FE
+uid                      nothing <nothing@void.yt>
+sub   rsa3072 2022-12-10 [E] [expires: 2024-12-09]
+
+[ 10.8.0.3/24 ] [ nowhere ] [~]
+→ gpg --output ~/.nothing.privkey --export-secret-keys nothing@void.yt
+
+
+

Now the user nothing can use his PGP key and import it into thunderbird aswell:

+ + + +

Same as before, now the user nothing also has E2E encryption setup, so let's now send a reply to nihilist but this time encrypted:

+ +

And that's it! We managed to setup a mail service, whose origin is unknown from the cloud provider's perspective, and who's able to send and recieve E2EE mails to prevent any unauthorized third-party from seeing the mails content.

+ + +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/mailprivate/network.graphml b/servers/mailprivate/network.graphml new file mode 100644 index 0000000..a300b60 --- /dev/null +++ b/servers/mailprivate/network.graphml @@ -0,0 +1,1771 @@ + + + + + + + + + + + + + + + + + + + + + + + + local mail +server VM + + + + + + + + + + + + + + + Home +hypervisor + + + + + + + + + + + + + + + local tor +bridge VM + + + + + + + + + + + + + + + ports 25, 80, 443, 143, 587, 993 + + + + + + + + + + + + OpenVPN TCP Tunnel + + + + + + + + + + + + Home +WAN + + + + + + + + + + + + + + + TOR local SOCKS5 Proxy + + + + + + + + + + + + local tor bridge node + + + + + + + + + + + + non-KYC cloud +provider's WAN + + + + + + + + + + + + + + + mail gateway +server + + + + + + + + + + + + + + + OpenVPN TCP Server + + + + + + + + + + + + ports 25, 80, 443, 143, 587, 993 + + + + + + + + + + + + mails to be sent + + + + + + + + + + + + mails to be recieved + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + non-KYC cloud +provider staff + + + + + + + + + + + + + + + authorities + + + + + + + + + + + + + + + Who owns this server ? +> a user who signed up via tor, and paid via Monero + +What is his account email address ? +> a protonmail address which he also created via tor + +What is on this server ? +>nothing except iptables and an openvpn TCP server + +What traffic did you capture ? +>mails in and out, they are PGP encrypted, cannot be decrypted + +From what domain does the mail originate from ? +>from a domain which the user also bought using Monero. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + forwarded via iptables + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + force OpenVPN to +go through TOR + + + + + + + + + + + + + + + + + + + + + + + connecting to a +local bridge +to prevent any +network sniffing + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + iptables port +forwarding + + + + + + + + + + + + + + + + + + + <?xml version="1.0" encoding="utf-8"?> +<svg version="1.1" + xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" + x="0px" y="0px" width="36px" height="57px" viewBox="0 -0.741 36 57" enable-background="new 0 -0.741 36 57" + xml:space="preserve"> +<defs> +</defs> +<linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="230.1768" y1="798.6021" x2="180.3346" y2="798.6021" gradientTransform="matrix(1 0 0 1 -195.2002 -770.8008)"> + <stop offset="0" style="stop-color:#4D4D4D"/> + <stop offset="1" style="stop-color:#8D8D8D"/> +</linearGradient> +<rect y="0.943" fill="url(#SVGID_1_)" width="34.977" height="53.716"/> +<linearGradient id="SVGID_2_" gradientUnits="userSpaceOnUse" x1="224.6807" y1="798.6021" x2="200.6973" y2="798.6021" gradientTransform="matrix(1 0 0 1 -195.2002 -770.8008)"> + <stop offset="0.0319" style="stop-color:#848484"/> + <stop offset="0.1202" style="stop-color:#8C8C8C"/> + <stop offset="0.308" style="stop-color:#969696"/> + <stop offset="0.5394" style="stop-color:#999999"/> + <stop offset="0.5501" style="stop-color:#9C9C9C"/> + <stop offset="0.6256" style="stop-color:#B0B0B0"/> + <stop offset="0.7118" style="stop-color:#BEBEBE"/> + <stop offset="0.8178" style="stop-color:#C7C7C7"/> + <stop offset="1" style="stop-color:#C9C9C9"/> +</linearGradient> +<path fill="url(#SVGID_2_)" d="M5.497,0.943c7.945-1.258,16.04-1.258,23.983,0c0,17.905,0,35.811,0,53.716 + c-7.943,1.258-16.039,1.258-23.983,0C5.497,36.753,5.497,18.848,5.497,0.943z"/> +<path fill="#515151" d="M5.497,14.621c7.995,0,15.989,0,23.983,0c0,13.346,0,26.693,0,40.037c-7.943,1.258-16.039,1.258-23.983,0 + C5.497,41.314,5.497,27.967,5.497,14.621z"/> +<path opacity="0.43" fill="#565656" d="M5.497,4.745c7.982-0.628,16.001-0.628,23.983,0c0,2.707,0,5.413,0,8.12 + c-7.994,0-15.989,0-23.983,0C5.497,10.158,5.497,7.452,5.497,4.745z"/> +<path opacity="0.43" fill="none" stroke="#4D4D4D" stroke-width="0.0999" stroke-miterlimit="10" d="M5.497,4.745 + c7.982-0.628,16.001-0.628,23.983,0c0,2.707,0,5.413,0,8.12c-7.994,0-15.989,0-23.983,0C5.497,10.158,5.497,7.452,5.497,4.745z"/> +<polygon opacity="0.43" fill="#565656" stroke="#4D4D4D" stroke-width="0.0135" stroke-miterlimit="10" enable-background="new " points=" + 6.496,5.746 9.869,5.606 9.869,6.661 6.496,6.799 "/> +<rect x="31.307" y="2.517" fill="#E7ED00" stroke="#717171" stroke-width="0.1926" stroke-miterlimit="10" width="3.692" height="1.505"/> +<rect x="31.307" y="5.8" fill="#C8FF00" stroke="#717171" stroke-width="0.1926" stroke-miterlimit="10" width="3.692" height="1.507"/> +<linearGradient id="SVGID_3_" gradientUnits="userSpaceOnUse" x1="29.4414" y1="35.1235" x2="5.4995" y2="35.1235"> + <stop offset="0" style="stop-color:#808080"/> + <stop offset="0.1907" style="stop-color:#828282"/> + <stop offset="0.2955" style="stop-color:#8A8A8A"/> + <stop offset="0.3795" style="stop-color:#989898"/> + <stop offset="0.4524" style="stop-color:#ACACAC"/> + <stop offset="0.5175" style="stop-color:#C5C5C5"/> + <stop offset="0.5273" style="stop-color:#C9C9C9"/> + <stop offset="0.5914" style="stop-color:#C9C9C9"/> + <stop offset="0.9681" style="stop-color:#C9C9C9"/> +</linearGradient> +<path fill="url(#SVGID_3_)" d="M5.5,14.822c0,13.22,0,26.438,0,39.66c7.931,1.256,16.012,1.256,23.941,0c0-13.222,0-26.439,0-39.66 + C21.461,14.822,13.48,14.822,5.5,14.822z M28.396,18.703c-0.74,0.01-1.482,0.02-2.225,0.029c0-0.951,0-1.901-0.001-2.85 + c0.742-0.003,1.483-0.005,2.224-0.008C28.396,16.817,28.396,17.76,28.396,18.703z M16.354,42.496c0-0.961,0-1.924,0-2.885 + c0.744,0.006,1.489,0.006,2.233,0c0,0.961,0,1.924,0,2.885C17.843,42.503,17.098,42.503,16.354,42.496z M18.587,43.568 + c0,0.955,0,1.91,0,2.866c-0.744,0.009-1.489,0.009-2.234,0c0-0.956,0-1.911,0-2.866C17.098,43.574,17.843,43.574,18.587,43.568z + M18.586,27.742c0,0.961,0,1.922,0,2.886c-0.744,0.004-1.488,0.004-2.231,0c0-0.964,0-1.925,0-2.886 + C17.099,27.746,17.842,27.746,18.586,27.742z M16.354,26.671c0-0.955,0-1.91,0-2.865c0.743,0.002,1.487,0.002,2.23,0 + c0,0.955,0,1.91,0,2.865C17.842,26.675,17.099,26.675,16.354,26.671z M16.354,34.583c0-0.961,0-1.924,0-2.885 + c0.744,0.004,1.488,0.004,2.231,0c0,0.961,0,1.924,0,2.885C17.842,34.588,17.099,34.588,16.354,34.583z M18.586,35.656 + c0,0.961,0,1.924,0.001,2.885c-0.745,0.008-1.489,0.008-2.233,0c0-0.961,0-1.924,0-2.885C17.099,35.66,17.842,35.66,18.586,35.656z + M15.307,30.619c-0.742-0.01-1.484-0.021-2.227-0.039c0-0.957,0-1.916,0-2.875c0.742,0.014,1.485,0.023,2.226,0.029 + C15.307,28.695,15.307,29.656,15.307,30.619z M15.307,31.689c0,0.961,0,1.924,0,2.885c-0.742-0.012-1.485-0.025-2.227-0.047 + c0-0.959,0.001-1.92,0.001-2.877C13.822,31.667,14.565,31.68,15.307,31.689z M15.307,35.644c0,0.959,0,1.922-0.001,2.883 + c-0.742-0.012-1.485-0.031-2.228-0.056c0-0.959,0.001-1.918,0.001-2.877C13.821,35.617,14.564,35.633,15.307,35.644z M15.306,39.597 + c0,0.96,0,1.922,0,2.883c-0.742-0.016-1.486-0.037-2.228-0.064c0-0.959,0-1.916,0.001-2.877 + C13.82,39.564,14.563,39.585,15.306,39.597z M19.637,39.597c0.742-0.012,1.484-0.033,2.227-0.059c0,0.959,0,1.918,0,2.875 + c-0.741,0.029-1.483,0.052-2.227,0.064C19.637,41.519,19.637,40.559,19.637,39.597z M19.637,38.527c0-0.961,0-1.924,0-2.883 + c0.74-0.012,1.482-0.027,2.225-0.05c0,0.959,0,1.918,0.002,2.876C21.121,38.496,20.377,38.515,19.637,38.527z M19.637,34.572 + c0-0.961,0-1.922-0.002-2.883c0.741-0.01,1.483-0.021,2.225-0.039c0.002,0.957,0.002,1.916,0.002,2.875 + C21.119,34.547,20.376,34.564,19.637,34.572z M19.635,30.619c0-0.963,0-1.924,0-2.885c0.74-0.006,1.483-0.017,2.225-0.029 + c0,0.959,0,1.916,0,2.875C21.118,30.599,20.376,30.609,19.635,30.619z M19.633,26.666c0-0.955,0-1.909,0-2.864 + c0.741-0.005,1.483-0.013,2.227-0.021c0,0.951,0,1.903,0,2.856C21.118,26.65,20.375,26.66,19.633,26.666z M19.633,22.732 + c-0.001-0.963-0.001-1.924-0.001-2.885c0.741-0.002,1.483-0.006,2.226-0.012c0,0.959,0.002,1.918,0.002,2.877 + C21.116,22.72,20.374,22.728,19.633,22.732z M18.586,22.736c-0.744,0.002-1.487,0.002-2.23,0c0-0.963,0-1.924,0-2.887 + c0.743,0.002,1.487,0.002,2.23,0C18.586,20.813,18.586,21.773,18.586,22.736z M15.309,22.732c-0.742-0.004-1.483-0.012-2.226-0.02 + c0-0.959,0.001-1.918,0.001-2.877c0.742,0.006,1.484,0.01,2.226,0.012C15.31,20.808,15.309,21.769,15.309,22.732z M15.309,23.801 + c0,0.955,0,1.91,0,2.864c-0.742-0.006-1.483-0.016-2.227-0.027c0-0.953,0-1.906,0-2.859C13.825,23.789,14.566,23.796,15.309,23.801z + M12.036,26.617c-0.742-0.017-1.483-0.033-2.225-0.055c0-0.947,0-1.895,0.001-2.841c0.741,0.019,1.483,0.031,2.225,0.042 + C12.037,24.716,12.036,25.666,12.036,26.617z M12.035,27.683c0,0.957,0,1.916,0,2.873c-0.742-0.021-1.483-0.047-2.225-0.076 + c0-0.953,0-1.904,0-2.857C10.552,27.646,11.293,27.667,12.035,27.683z M12.035,31.621c0,0.957-0.001,1.914-0.001,2.871 + c-0.742-0.023-1.483-0.055-2.224-0.092c0-0.953,0-1.906,0-2.859C10.551,31.572,11.292,31.6,12.035,31.621z M12.033,35.56 + c0,0.956-0.001,1.914-0.001,2.871c-0.742-0.031-1.484-0.066-2.225-0.111c0-0.953,0.001-1.906,0.001-2.858 + C10.549,35.5,11.291,35.533,12.033,35.56z M12.031,39.498c0,0.955,0,1.914-0.001,2.869c-0.742-0.035-1.484-0.078-2.225-0.129 + c0-0.953,0-1.904,0.001-2.857C10.547,39.426,11.289,39.465,12.031,39.498z M12.03,43.435c0,0.951-0.001,1.901-0.001,2.854 + c-0.742-0.041-1.484-0.09-2.225-0.149c0-0.944,0.001-1.892,0.001-2.838C10.546,43.353,11.288,43.4,12.03,43.435z M13.077,43.482 + c0.743,0.031,1.486,0.053,2.228,0.067c0,0.956,0,1.91,0,2.864c-0.742-0.016-1.486-0.041-2.229-0.074 + C13.077,45.389,13.077,44.435,13.077,43.482z M15.305,47.486c0,0.961,0,1.922,0,2.883c-0.743-0.019-1.487-0.047-2.23-0.084 + c0-0.959,0-1.918,0.001-2.875C13.818,47.443,14.562,47.468,15.305,47.486z M16.353,47.504c0.745,0.009,1.49,0.009,2.234,0 + c0.001,0.96,0.001,1.924,0.001,2.883c-0.745,0.011-1.49,0.011-2.235,0C16.353,49.427,16.353,48.464,16.353,47.504z M19.639,47.486 + c0.741-0.018,1.483-0.043,2.227-0.076c0,0.957,0.002,1.916,0.002,2.875c-0.742,0.037-1.486,0.065-2.229,0.084 + C19.639,49.406,19.639,48.447,19.639,47.486z M19.637,46.414c0-0.954,0-1.908,0-2.864c0.742-0.015,1.484-0.036,2.229-0.067 + c0,0.953,0,1.905,0,2.857C21.122,46.373,20.379,46.398,19.637,46.414z M22.911,43.435c0.741-0.035,1.483-0.082,2.224-0.135 + c0,0.945,0,1.895,0.002,2.838c-0.74,0.059-1.482,0.107-2.226,0.15C22.911,45.336,22.911,44.386,22.911,43.435z M22.911,42.369 + c-0.001-0.957-0.001-1.914-0.002-2.871c0.741-0.032,1.483-0.069,2.225-0.117c0,0.954,0.001,1.906,0.001,2.857 + C24.395,42.289,23.652,42.333,22.911,42.369z M22.909,38.431c0-0.957-0.001-1.915-0.001-2.871c0.742-0.027,1.482-0.061,2.224-0.098 + c0.001,0.951,0.001,1.904,0.001,2.857C24.393,38.363,23.65,38.4,22.909,38.431z M22.908,34.494c0-0.957-0.002-1.916-0.002-2.871 + c0.742-0.021,1.482-0.051,2.225-0.079c0,0.952,0,1.903,0.001,2.856C24.391,34.437,23.648,34.468,22.908,34.494z M22.906,30.556 + c0-0.957,0-1.916-0.002-2.873c0.742-0.016,1.484-0.037,2.226-0.061c0,0.953,0.001,1.904,0.001,2.857 + C24.391,30.509,23.648,30.535,22.906,30.556z M22.904,26.617c0-0.951,0-1.901,0-2.854c0.74-0.011,1.482-0.025,2.224-0.042 + c0,0.946,0.001,1.894,0.001,2.841C24.389,26.583,23.646,26.601,22.904,26.617z M22.902,22.699c0-0.957,0-1.916,0-2.874 + c0.742-0.007,1.482-0.014,2.225-0.023c0.001,0.953,0.001,1.906,0.001,2.859C24.387,22.676,23.646,22.689,22.902,22.699z + M22.902,18.76C22.9,17.802,22.9,16.845,22.9,15.887c0.742,0,1.481-0.003,2.225-0.004c0.001,0.953,0.001,1.906,0.002,2.858 + C24.385,18.75,23.643,18.756,22.902,18.76z M21.855,18.767c-0.742,0.004-1.482,0.007-2.225,0.009c0-0.961,0-1.922,0-2.884 + c0.741,0,1.482-0.001,2.225-0.002C21.855,16.849,21.855,17.808,21.855,18.767z M18.585,18.779c-0.743,0.001-1.486,0.001-2.229,0 + c0-0.961,0-1.923,0-2.885c0.742,0,1.486,0,2.229,0C18.585,16.855,18.585,17.817,18.585,18.779z M15.31,18.777 + c-0.742-0.002-1.483-0.005-2.225-0.009c0-0.959,0-1.918,0-2.877c0.742,0,1.483,0.001,2.225,0.002 + C15.31,16.854,15.31,17.815,15.31,18.777z M12.039,18.76c-0.742-0.005-1.483-0.011-2.225-0.019c0-0.953,0-1.905,0.001-2.858 + c0.742,0.001,1.483,0.004,2.224,0.004C12.039,16.845,12.039,17.803,12.039,18.76z M12.039,19.827c0,0.957-0.001,1.915-0.001,2.872 + c-0.741-0.01-1.483-0.021-2.224-0.035c0-0.953,0-1.906,0-2.859C10.555,19.813,11.296,19.819,12.039,19.827z M8.768,22.64 + c-0.741-0.018-1.482-0.035-2.223-0.057c0-0.943,0-1.887,0-2.831c0.741,0.013,1.482,0.025,2.223,0.036 + C8.768,20.739,8.768,21.689,8.768,22.64z M8.767,23.697c0,0.944,0,1.89,0,2.832c-0.741-0.024-1.482-0.053-2.223-0.084 + c0-0.938,0-1.873,0-2.811C7.284,23.658,8.026,23.679,8.767,23.697z M8.766,27.587c0,0.949-0.001,1.898-0.001,2.85 + c-0.74-0.033-1.481-0.068-2.222-0.111c0-0.942,0-1.887,0-2.83C7.284,27.529,8.025,27.56,8.766,27.587z M8.765,31.494 + c0,0.951-0.001,1.9-0.001,2.852c-0.74-0.04-1.481-0.087-2.221-0.139c0-0.943,0-1.887,0-2.831C7.283,31.42,8.023,31.459,8.765,31.494 + z M8.763,35.404c0,0.949,0,1.899,0,2.851c-0.741-0.052-1.481-0.104-2.22-0.168c0-0.942,0-1.886,0-2.829 + C7.282,35.31,8.022,35.361,8.763,35.404z M8.762,39.312c0,0.949,0,1.899-0.001,2.852c-0.741-0.059-1.48-0.123-2.219-0.195 + c0-0.943,0-1.889,0-2.83C7.281,39.203,8.021,39.26,8.762,39.312z M8.76,43.219c0,0.944,0,1.888-0.001,2.832 + c-0.74-0.065-1.479-0.14-2.218-0.224c0-0.938,0-1.875,0-2.812C7.281,43.092,8.02,43.16,8.76,43.219z M8.759,47.109 + c0,0.951,0,1.9,0,2.851c-0.741-0.073-1.48-0.158-2.219-0.253c0-0.942,0-1.887,0-2.828C7.279,46.964,8.019,47.039,8.759,47.109z + M9.804,47.201c0.741,0.06,1.483,0.111,2.224,0.154c0,0.955,0,1.912,0,2.868c-0.742-0.045-1.484-0.103-2.225-0.166 + C9.804,49.107,9.804,48.154,9.804,47.201z M12.027,51.291c0,0.957,0,1.916,0,2.873c-0.742-0.053-1.484-0.114-2.225-0.188 + c0-0.951,0.001-1.904,0.001-2.857C10.544,51.187,11.285,51.244,12.027,51.291z M13.075,51.353c0.743,0.039,1.486,0.067,2.229,0.086 + c0,0.961,0,1.922,0,2.885c-0.743-0.021-1.487-0.053-2.229-0.094C13.075,53.269,13.075,52.312,13.075,51.353z M16.353,51.459 + c0.745,0.009,1.49,0.009,2.235,0c0,0.961,0,1.924,0,2.885c-0.745,0.013-1.491,0.013-2.235,0 + C16.353,53.382,16.353,52.42,16.353,51.459z M19.639,51.439c0.741-0.019,1.485-0.049,2.229-0.086c0,0.959,0,1.92,0.001,2.877 + c-0.743,0.041-1.485,0.072-2.229,0.094C19.639,53.361,19.639,52.4,19.639,51.439z M22.913,51.291 + c0.743-0.047,1.483-0.104,2.226-0.172c0,0.953,0,1.906,0,2.857c-0.74,0.073-1.481,0.135-2.224,0.188 + C22.914,53.205,22.914,52.248,22.913,51.291z M22.913,50.224c-0.001-0.956-0.001-1.912-0.001-2.869 + c0.742-0.043,1.484-0.095,2.225-0.154c0,0.953,0,1.906,0.002,2.857C24.396,50.123,23.654,50.179,22.913,50.224z M26.184,47.109 + c0.739-0.066,1.479-0.145,2.217-0.229c0,0.942,0,1.887,0,2.83c-0.736,0.092-1.478,0.177-2.217,0.252 + C26.184,49.009,26.184,48.06,26.184,47.109z M26.184,46.051c-0.002-0.944-0.002-1.888-0.002-2.832 + c0.739-0.06,1.48-0.127,2.219-0.202c0,0.938,0,1.873,0,2.811C27.662,45.912,26.923,45.986,26.184,46.051z M26.182,42.162 + c0-0.95-0.002-1.9-0.002-2.85c0.74-0.052,1.48-0.109,2.219-0.176c0.002,0.943,0.002,1.887,0.002,2.83 + C27.662,42.039,26.921,42.105,26.182,42.162z M26.18,38.253c0-0.95,0-1.9-0.002-2.852c0.742-0.041,1.482-0.093,2.221-0.146 + c0,0.942,0,1.887,0,2.829C27.66,38.15,26.92,38.203,26.18,38.253z M26.178,34.345c0-0.949,0-1.898,0-2.852 + c0.74-0.034,1.481-0.073,2.221-0.117c0,0.943,0,1.887,0,2.83C27.659,34.258,26.918,34.305,26.178,34.345z M26.177,30.437 + c0-0.949,0-1.9-0.001-2.85c0.741-0.027,1.481-0.059,2.221-0.092c0,0.943,0.002,1.888,0.002,2.83 + C27.659,30.367,26.918,30.404,26.177,30.437z M26.176,26.529c-0.001-0.942-0.001-1.888-0.001-2.832 + c0.742-0.018,1.482-0.039,2.222-0.063c0,0.938,0,1.873,0,2.811C27.657,26.476,26.917,26.503,26.176,26.529z M26.174,22.64 + c0-0.951-0.001-1.901-0.001-2.851c0.741-0.01,1.483-0.022,2.224-0.035c0,0.943,0,1.886,0,2.831 + C27.657,22.605,26.915,22.623,26.174,22.64z M8.769,15.881c0,0.95,0,1.9-0.001,2.85c-0.741-0.008-1.482-0.018-2.223-0.028 + c0-0.943,0-1.887,0-2.83C7.286,15.876,8.028,15.878,8.769,15.881z M6.54,50.758c0.738,0.097,1.478,0.183,2.218,0.258 + c0,0.95,0,1.901,0,2.853c-0.741-0.084-1.48-0.178-2.218-0.28C6.54,52.646,6.54,51.701,6.54,50.758z M26.184,53.869 + c0-0.95,0-1.899,0-2.853c0.739-0.075,1.479-0.163,2.217-0.259c0.002,0.941,0.002,1.889,0.002,2.83 + C27.663,53.693,26.925,53.785,26.184,53.869z"/> +<path id="highlight_2_" opacity="0.17" fill="#FFFFFF" enable-background="new " d="M0,0.943h5.497c0,0,6.847-0.943,11.974-0.943 + C22.6,0,29.48,0.943,29.48,0.943h5.496v41.951c0,0-12.076-0.521-18.623-2.548C9.807,38.32,0,30.557,0,30.557V0.943z"/> +</svg> + + <?xml version="1.0" encoding="utf-8"?> +<svg version="1.1" + xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" + x="0px" y="0px" width="43px" height="43px" viewBox="-0.751 -0.597 43 43" enable-background="new -0.751 -0.597 43 43" + xml:space="preserve"> +<defs> +</defs> +<radialGradient id="SVGID_1_" cx="216.2563" cy="775.959" r="29.184" gradientTransform="matrix(1 0 0 1 -195.2002 -770.8008)" gradientUnits="userSpaceOnUse"> + <stop offset="0" style="stop-color:#D9F1FF"/> + <stop offset="1" style="stop-color:#3C89C9"/> +</radialGradient> +<circle fill="url(#SVGID_1_)" cx="20.86" cy="20.86" r="19.593"/> +<path fill="#3C89C9" d="M38.507,16.634C38.525,16.57,38.364,16.662,38.507,16.634L38.507,16.634z"/> +<path fill="#3C89C9" d="M38.466,21.362C38.209,21.355,38.466,21.42,38.466,21.362L38.466,21.362z"/> +<path fill="#3C89C9" d="M36.857,22.39C36.86,22.637,37.057,22.428,36.857,22.39L36.857,22.39z"/> +<path fill="#3C89C9" d="M38.532,22.418C38.281,22.42,38.547,22.477,38.532,22.418L38.532,22.418z"/> +<path fill="#3C89C9" d="M37.04,22.552C37.179,22.552,37.117,22.351,37.04,22.552L37.04,22.552z"/> +<path fill="#3C89C9" d="M36.619,22.174C36.93,22.26,36.62,22.031,36.619,22.174L36.619,22.174z"/> +<path fill="#3C89C9" d="M37.475,17.291c0.146,0.041,0.333-0.183,0.185-0.461C37.503,16.822,37.458,17.181,37.475,17.291z"/> +<path fill="#3C89C9" d="M38.587,22.519c-0.186,0.027-0.663,0.254-0.667,0.385C37.996,22.947,38.585,22.616,38.587,22.519z"/> +<path fill="#3C89C9" d="M37.983,19.059C37.96,19.217,38.281,19.116,37.983,19.059L37.983,19.059z"/> +<path fill="#3C89C9" d="M35.4,20.837C35.4,20.886,35.476,20.837,35.4,20.837L35.4,20.837z"/> +<path fill="#3C89C9" d="M35.104,20.764c0.009,0.016,0.014,0.031,0.022,0.047C35.158,20.82,35.189,20.78,35.104,20.764z"/> +<path fill="#3C89C9" d="M25.319,21.403C25.344,21.473,25.464,21.428,25.319,21.403L25.319,21.403z"/> +<path fill="#3C89C9" d="M9.57,4.919C9.548,4.922,9.371,4.981,9.409,4.962C9.39,5.075,9.682,4.93,9.737,4.928 + C9.731,4.949,9.575,5.02,9.543,5.025c-0.019,0.07-0.005,0.205-0.005,0.224c0.242-0.014,0.913-0.323,0.974-0.583 + c0.016,0,0.135,0.18,0.143,0.146c-0.102,0.05-0.121,0.044-0.12,0.035c-0.002,0.003,0,0.003-0.007,0.012 + c0.061-0.024,0.112-0.029,0.161-0.027c-0.191,0.034-0.607,0.277-0.596,0.274c-0.021,0.168,0.354-0.094,0.41-0.101 + c-0.047,0.197-0.105,0.218,0.145,0.189c-0.059,0.05-0.074,0.072-0.042,0.066c-0.023,0.097-0.432-0.044-0.573-0.013 + c0.001,0.075,0.069,0.069,0.061,0.155C9.934,5.447,9.88,5.506,9.745,5.568C9.74,5.632,9.766,5.625,9.76,5.689 + c0.207-0.025,0.48-0.019,0.7-0.237c-0.03,0.134,0.19,0.126,0.229-0.048c0.073-0.007,0.118,0.117,0.107,0.217 + c0.103-0.023,0.322-0.142,0.41-0.251c-0.056-0.038-0.152-0.108-0.252-0.099c0.081-0.078,0.633-0.297,0.523-0.286 + c-0.003,0.016,0.242-0.141,0.275-0.154c-0.002-0.216-0.331,0.016-0.438,0.027c0.033-0.062,0.113-0.108,0.088-0.121 + c-0.067,0.005-0.126,0.009-0.124,0c0.082-0.009,0.113-0.007,0.125,0c0.081-0.007,0.174-0.017,0.195-0.024 + c0.001-0.03-0.01-0.046-0.027-0.057c0.05,0.003,0.102,0,0.118-0.035c-0.084-0.01-0.156-0.02-0.222-0.027 + c-0.152,0.01-0.854-0.096,0,0c0.032-0.001,0.042-0.008,0.01-0.022c0.242,0.03,0.637-0.005,0.68-0.221 + c0.015,0.002,0.027-0.01,0.034-0.035c0.022,0.005,0.947-0.321,0.975-0.477c-0.01,0.004-0.012,0-0.007-0.01 + c-0.124,0.049-0.191,0.092-0.304,0.104c0.022-0.115,0.643-0.165,0.684-0.396c-0.437,0.042-0.484-0.047-0.947,0.118 + c-0.005,0.03-0.025-0.003-0.024-0.008c0.051-0.005,0.289-0.131,0.325-0.223c-0.037-0.008-0.251-0.05-0.268,0.029 + c-0.013-0.004-0.986,0.199-1,0.229c0.039,0.011,0.159,0.06,0.1,0.133c-0.021,0.007-0.023-0.011-0.005-0.05 + c-0.226,0.026-0.243-0.071-0.444,0.034c-0.016,0.1,0.146,0.045,0.133,0.096c-0.019-0.007-0.027-0.003-0.029,0.013 + c-0.056,0.027-0.146-0.065-0.23-0.095c-0.018,0.01-0.036,0.02-0.054,0.029c0.005,0.045,0.016,0.091,0.002,0.152 + c-0.022-0.026-0.065-0.057-0.116-0.085c-0.09,0.052-0.183,0.103-0.272,0.156c-0.01,0.017-0.021,0.032-0.026,0.054 + c-0.027,0.004-0.043,0-0.053-0.007c-0.008,0.004-0.015,0.009-0.022,0.014c-0.002,0.01-0.001,0.014-0.005,0.035 + c-0.008,0-0.015-0.01-0.022-0.018c-0.181,0.112-0.359,0.228-0.535,0.342c0.319,0.066,1.335-0.34,1.671-0.431 + c-0.026,0.027-0.404,0.144-0.076,0.102c0.001-0.005-0.292,0.117-0.319,0.12c0.005,0.041,0.026,0.06,0.061,0.057 + c-0.176,0.034-0.438,0.044-0.457,0.125c-0.041,0.005,0.067,0.119,0.134,0.146c-0.005,0.006-0.011,0.008-0.015,0.025 + c-0.18-0.022-0.416-0.498-0.694,0.044c0.023,0.005-0.128-0.086-0.318-0.179c-0.196,0.129-0.388,0.262-0.58,0.399 + C9.516,4.896,9.58,4.888,9.57,4.919z M10.568,5.502C10.443,5.479,10.604,5.349,10.568,5.502L10.568,5.502z M12.911,3.832 + C12.975,3.853,12.859,3.887,12.911,3.832L12.911,3.832z M11.537,4.263c-0.007,0.035-0.069,0.056-0.148,0.071 + C11.425,4.331,11.474,4.309,11.537,4.263z M10.835,5.203C10.819,5.276,10.826,5.201,10.835,5.203L10.835,5.203z M10.788,4.857 + c-0.004,0.006-0.008,0.013-0.012,0.019c0-0.009-0.002-0.017-0.006-0.022C10.776,4.855,10.783,4.854,10.788,4.857z M10.681,5.087 + C10.709,5.083,10.659,5.182,10.681,5.087L10.681,5.087z M9.824,5.109C9.845,5.107,9.805,5.186,9.824,5.109L9.824,5.109z"/> +<path fill="#3C89C9" d="M22.877,13.599c-0.002,0.004,0,0.021-0.002,0.029c0.021,0.008,0.046,0.008,0.069,0.014 + C22.923,13.623,22.898,13.599,22.877,13.599z"/> +<path fill="#3C89C9" d="M38.163,15.469C38.018,15.492,38.151,15.559,38.163,15.469L38.163,15.469z"/> +<path fill="#3C89C9" d="M23.071,13.667c-0.049-0.002-0.085-0.017-0.126-0.025c0.041,0.035,0.082,0.079,0.105,0.079 + C23.045,13.698,23.052,13.681,23.071,13.667z"/> +<path fill="#3C89C9" d="M38.328,19.411c-0.005-0.083-0.022-0.19-0.141-0.206C38.189,19.229,38.276,19.411,38.328,19.411z"/> +<path fill="#3C89C9" d="M38.1,19.458C38.352,19.487,38.105,19.348,38.1,19.458L38.1,19.458z"/> +<path fill="#3C89C9" d="M32.675,5.392c0.043,0.005,0.083,0,0.122-0.011c-0.049-0.039-0.1-0.079-0.148-0.117 + c-0.023,0.055-0.043,0.102-0.043,0.108C32.647,5.354,32.668,5.36,32.675,5.392z"/> +<path fill="#3C89C9" d="M33.923,19.841C33.863,19.84,33.925,19.907,33.923,19.841L33.923,19.841z"/> +<path fill="#3C89C9" d="M33.796,18.986C33.765,18.904,33.762,18.986,33.796,18.986L33.796,18.986z"/> +<path fill="#3C89C9" d="M35.792,33.473c-0.732-0.174-2.688,0.27-3.082,0.358c-0.462-0.809-2.413,1.048-2.82,1.086 + c0.2-0.318-0.476-0.212-0.422-0.609c-0.585,0.04-1.163-0.022-1.713,0.006c0.363-0.542-0.656-0.427-0.901,0.196 + c-0.521,0.024-1.257,0.736-1.423,0.741c0.051-0.705-1.72,0.104-2.083,0.192c-0.215-0.503-3.248,0.069-3.243-0.117 + c-0.965-0.005-2.046,1.027-2.925,0.992c0.005,0.064,0.275,0.136,0.329,0.166c-0.005,0.047-0.005,0.092,0,0.143 + c0.039,0.036-2.074,1.139-2.086,0.885c-0.713-0.035-2.41-0.384-2.775-1.193c0.029,0.005,0.032-0.021,0.008-0.074 + c0.01,0.005,0.013,0.001,0.008-0.009c0.176,0.04,0.09-0.013,0.257-0.066c-0.032-0.221-0.046-0.104,0.017-0.411 + c-0.01,0-0.013-0.003-0.013-0.014c-0.03-0.005-0.064,0.038-0.099,0.047c0.009-0.223-0.124-0.259-0.134-0.331 + c0.215,0.013-0.251-0.668-0.293-0.977c-0.68,0.207-0.108-0.348-0.131-0.541c0.066,0.005,0.089,0.143,0.148,0.146 + c-0.03-0.067,0.009-0.207,0.083-0.346c-0.325,0.19-0.681,0.394-0.652,0.597c-0.347-0.025,0.169,1.254,0.092,1.247 + c0.092,0.563-1.257-0.149-1.343-0.155c0.026,0.064-0.029,0.104-0.006,0.229c-0.654-0.216-1.712-0.505-2.4-0.579 + c-0.054-0.22-0.437-0.093-0.815,0.047c2.657,2.501,6.011,4.269,9.741,4.978c2.446,0.125,4.89,0.126,7.336,0.007 + C28.972,39.259,32.942,36.854,35.792,33.473z"/> +<path fill="#3C89C9" d="M9.213,16.624c0.006-0.081-0.001-0.156-0.016-0.229C9.16,16.555,9.156,16.652,9.213,16.624z"/> +<path fill="#3C89C9" d="M33.774,18.734C33.738,18.838,33.814,18.735,33.774,18.734L33.774,18.734z"/> +<path fill="#3C89C9" d="M13.362,21.16c0.061,0.003,0.154,0.031,0.264,0.072C13.688,20.874,13.424,21.025,13.362,21.16z"/> +<path fill="#3C89C9" d="M13.027,33.633c0.05-0.102-0.064-0.098-0.102-0.188c-0.007,0-0.006,0.007-0.012,0.007 + c0.048-0.049,0.082-0.098,0.078-0.141c-0.15-0.049-0.37,0.195-0.493,0.432c0.15-0.091,0.288-0.178,0.38-0.256 + C12.892,33.531,12.981,33.606,13.027,33.633z"/> +<path fill="#3C89C9" d="M31.865,19.384C31.684,20.603,32.432,19.389,31.865,19.384L31.865,19.384z"/> +<path fill="#3C89C9" d="M28.391,24.749C28.24,24.758,28.445,24.963,28.391,24.749L28.391,24.749z"/> +<path fill="#3C89C9" d="M28.705,24.551C28.541,24.592,28.711,24.82,28.705,24.551L28.705,24.551z"/> +<path fill="#3C89C9" d="M29.854,6.451c-0.051-0.005-0.034,0.042,0.017,0.111c-0.009-0.034-0.014-0.069-0.022-0.101 + C29.855,6.466,29.859,6.462,29.854,6.451z"/> +<path fill="#3C89C9" d="M34.813,21.535C34.787,21.461,34.763,21.523,34.813,21.535L34.813,21.535z"/> +<path fill="#3C89C9" d="M34.423,20.78C34.426,21.062,34.449,20.78,34.423,20.78L34.423,20.78z"/> +<path fill="#3C89C9" d="M21.765,10.061c0,0.001-0.002,0.003-0.004,0.003C21.765,10.145,21.818,10.05,21.765,10.061z"/> +<path fill="#3C89C9" d="M34.658,21.243C34.596,21.243,34.689,21.583,34.658,21.243L34.658,21.243z"/> +<path fill="#3C89C9" d="M21.849,13.405c0.01-0.033,0.055-0.198,0.04-0.291c-0.018-0.012-0.04-0.019-0.062-0.03 + C21.781,13.188,21.6,13.332,21.849,13.405z"/> +<path fill="#3C89C9" d="M34.179,20.558C34.237,20.662,34.267,20.579,34.179,20.558L34.179,20.558z"/> +<path fill="#3C89C9" d="M23.202,10.672c-0.028,0-0.051,0.005-0.022,0.019c0.009,0,0.012,0,0.019-0.001 + C23.2,10.687,23.2,10.683,23.202,10.672z"/> +<path fill="#3C89C9" d="M11.086,31.362c0.108,0.042,0.24,0.061,0.217-0.073c-0.022-0.002-0.042-0.004-0.063-0.005 + C11.165,31.295,11.066,31.318,11.086,31.362z"/> +<path fill="#3C89C9" d="M10.205,29.578c0.014-0.014,0.014-0.026,0.022-0.038c-0.006,0-0.01-0.006-0.016-0.006 + C10.238,29.572,10.235,29.586,10.205,29.578z"/> +<path fill="#3C89C9" d="M28.144,18.871C28.18,18.92,28.375,18.911,28.144,18.871L28.144,18.871z"/> +<path fill="#3C89C9" d="M37.663,21.013c-0.012,0.104,0.002,0.161,0.024,0.198c0.081-0.09,0.164-0.171,0.244-0.242 + C37.837,20.997,37.742,21.019,37.663,21.013z"/> +<path fill="#3C89C9" d="M38.016,22.536c-0.322-0.191-0.343,0.067-0.343,0.063c0.126-0.014,0.223-0.012,0.32-0.014 + C37.985,22.563,37.994,22.547,38.016,22.536z"/> +<path fill="#3C89C9" d="M38.351,16.566C38.361,16.65,38.402,16.568,38.351,16.566L38.351,16.566z"/> +<path fill="#3C89C9" d="M37.823,19.911c0.174,0.002,0.458-0.098,0.469,0.241c0.011-0.003,0.014,0,0.011,0.01 + c0.113-0.025,0.042-0.118,0.029-0.172c0.084,0,0.031,0.051,0.077,0.052c-0.012-0.269,0.065-0.163-0.009-0.498 + c0.023,0.102-0.041-0.008,0,0C38.345,19.534,37.76,19.749,37.823,19.911z"/> +<path fill="#3C89C9" d="M38.298,19.217c0.153,0.086-0.125-0.194-0.035-0.193C38.265,19.045,38.183,19.021,38.298,19.217z"/> +<path fill="#3C89C9" d="M37.465,19.2c-0.035,0.011-0.331,0.417-0.329,0.476C37.334,19.679,37.498,19.334,37.465,19.2z"/> +<path fill="#3C89C9" d="M38.086,18.97c-0.016-0.031-0.013-0.046,0.01-0.04c0.002,0.044-0.261-0.34-0.381-0.636 + c0.02,0.268,0.162,0.426,0.165,0.488C37.969,18.783,37.985,18.943,38.086,18.97z"/> +<path fill="#3C89C9" d="M37.715,18.293c-0.011-0.095,0-0.2,0.033-0.321C37.621,17.968,37.642,18.115,37.715,18.293z"/> +<path fill="#3C89C9" d="M39.622,22.269c0.002-0.044,0.061-0.151,0.06-0.151C39.698,21.87,39.491,22.27,39.622,22.269z"/> +<path fill="#3C89C9" d="M39.155,23.009C39.124,23.085,39.255,23.03,39.155,23.009L39.155,23.009z"/> +<path fill="#3C89C9" d="M38.772,21.577c0,0.019-0.04,0.015-0.056,0.051c0.035-0.014,0.048-0.011,0.045,0.008 + c0.051,0.034,0.339,0.047,0.317-0.029C38.958,21.6,38.881,21.587,38.772,21.577z"/> +<path fill="#3C89C9" d="M39.195,22.332C39.016,22.375,39.19,22.557,39.195,22.332L39.195,22.332z"/> +<path fill="#3C89C9" d="M39.167,21.282c-0.068,0,0.24,0.206,0.346,0.226c-0.008,0.002-0.029-0.004-0.025,0.008 + c-0.07-0.015-0.117,0.042-0.211,0.008c0.005,0.011,0,0.013-0.013,0.011c0.105,0.296,1.003,0.173,0.991,0.86 + c-0.064-0.047-0.157-0.024-0.188,0.071c0.091-0.014,0.173-0.015,0.254-0.015c0.02-0.256,0.039-0.512,0.048-0.77 + c-0.486-0.253-0.896-0.429-0.896-0.448C39.383,21.214,39.203,21.18,39.167,21.282z"/> +<path fill="#3C89C9" d="M9.458,12.874C9.449,12.946,9.527,12.894,9.458,12.874L9.458,12.874z"/> +<path fill="#3C89C9" d="M35.872,17.875c0.03,0.501,0.385-0.059,0.388-0.06C36.208,17.613,35.945,17.848,35.872,17.875z"/> +<path fill="#3C89C9" d="M40.204,22.265C40.135,22.283,40.202,22.347,40.204,22.265L40.204,22.265z"/> +<path fill="#3C89C9" d="M38.046,14.887C38.034,14.804,37.997,14.885,38.046,14.887L38.046,14.887z"/> +<path fill="#3C89C9" d="M33.053,5.581c-0.102,0.018-0.14,0.064-0.085,0.273c-0.103-0.02-0.215-0.093-0.314-0.061 + c0.008,0.016,0.23,0.231,0.091,0.214c-0.064-0.246-0.266-0.035-0.365-0.046c-0.011-0.038,0.06-0.05,0.045-0.106 + c-0.399-0.22-0.721,0.084-1.114,0.042c0.02,0.087,0.133,0.203-0.083,0.126c-0.018,0.109,0.209,0.218,0.185,0.412 + c-1.408-0.312-0.102,0.526,0.02,1.112c-0.103-0.009-0.412-0.195-0.556-0.208c0.04-0.11,0.022-0.347,0.112-0.407 + c-0.067-0.227-0.586-0.213-0.684-0.221c0-0.006,0.089,0.045,0.104,0.052c-0.011,0.165-0.153-0.003-0.247-0.012 + c0.009,0.04,0.005,0.079-0.008,0.115c0,0,0,0,0.001,0c0.066,0.014,0.273,0.155,0.287,0.225c-0.033-0.019-0.044-0.015-0.038,0.007 + c0.008,0.006-0.115-0.103-0.249-0.231c-0.001,0-0.001-0.001-0.001-0.001l0,0c-0.109-0.104-0.222-0.221-0.283-0.304 + c0.08,0.304,0.063,0.628,0.109,0.901c0.321,0.025,0.756,0.272,0.807,0.55c-0.071,0.006-0.258-0.139-0.235-0.009 + c0.013-0.003,0.018,0.005,0.015,0.022c-1.013-0.796,0.219,0.163-0.735,0.09c-0.001-0.014,0.133,0.155,0.143,0.222 + c-0.02,0-0.45-0.222-0.477-0.31c0.766-0.027,0.171-0.873,0.158-1.521c-0.848-0.071-0.482,0.516-0.39,1.134 + c-0.017-0.005-0.026,0.004-0.023,0.029C29,7.653,28.047,6.642,28.173,7.587c-0.069-0.05-0.091-0.115-0.085-0.198 + c-0.309-0.006-0.465,0.096-0.739,0.139c0-0.075,0.008-0.104,0.005-0.214c-0.271,0.06-0.653,0.6-0.902,0.589 + c-0.018-0.193-0.115-0.297,0.12-0.285c-0.063-0.157-0.276-0.349-0.443-0.357C26.163,7.536,26.141,7.679,26.167,8 + c-0.315-0.014-0.353-0.208-0.312,0.302c-0.291-0.064-0.171-0.117-0.41-0.212c-0.017,0.069,0.026,0.11-0.031,0.107 + c0.028,0.115,0.14,0.167,0.15,0.299c-0.534-0.018-0.244-0.533-0.716-0.622c-0.007-0.09-0.125-0.1-0.138-0.289 + c0.016-0.007,0.956,0.131,1.127,0.14c-0.064-0.403-0.878-0.732-1.156-0.74c-0.004-0.029,0.054-0.064,0.08-0.063 + c-0.12-0.149-0.387,0.083-0.438-0.09c0.073,0.002,0.106-0.051,0.198-0.049c-0.024-0.099-0.146-0.191-0.244-0.226 + c-0.019,0.057,0,0.174-0.061,0.15C24.215,6.57,24.213,6.641,24.204,6.5c-0.034,0.011-0.052-0.023-0.096-0.025 + c0.008,0.126-0.114,0.139-0.118,0.292c-0.027-0.001,0.014-0.186,0.009-0.208c-0.045-0.002-0.164,0.236-0.177,0.312 + c-0.007-0.009-0.017-0.012-0.03-0.011c0.038-0.118,0.058-0.129,0.087-0.226c-0.011,0.002-0.014,0-0.012-0.012 + c-0.142,0.077-0.258,0.133-0.528,0.051c0.002,0.039-0.015,0.05-0.057,0.032c0.021,0.139,0.05-0.091,0.104,0.145 + c-0.104-0.033-0.195-0.059-0.19,0.05c-0.085-0.106-0.16-0.109-0.15,0.128c0.017,0-0.326,0.075-0.319,0.313 + c0.043-0.036,0.089-0.042,0.138-0.021c-0.052,0.121-0.095-0.055-0.083,0.141c0.001,0-0.102-0.188-0.129-0.045 + c0.257-0.094-0.723,0.902-0.727,0.999c0.045,0,0.014,0.008,0.014,0.027c0.042-0.007,0.089-0.024,0.139-0.052 + c-0.043,0.021-0.114,0.059-0.142,0.059c-0.002-0.003,0.003-0.004,0.003-0.007c-0.106,0.017-0.183,0.014-0.179,0.181 + c-0.108-0.034-0.047-0.012-0.211-0.013c0.037,0.102,0.085,0.117-0.089,0.12c0.014,0.034,0.012,0.048-0.01,0.043 + c0,0.036,0.109-0.013,0.11,0.067c-0.018,0-0.02,0.015-0.02,0.032c-0.021,0.004-0.026-0.014-0.012-0.053 + c-0.099,0.004-0.124,0.032-0.229,0.031c0.002,0.117,0.071,0.022,0.132,0.087c-0.061-0.002-0.121,0.001-0.181,0.011 + c0,0.078,0.011,0.021,0,0.076c0.007,0.027,0.225,0.055,0.26,0.056c0.018-0.009,0.032-0.018,0.032-0.032 + c-0.021-0.008-0.032,0.003-0.03,0.032h-0.002c-0.063,0.037-0.225,0.034-0.26,0.021c0,0.019,0.138,0.121-0.007,0.121 + c0.079,0.173,0.147,0,0.292,0.001c-0.021,0.084-0.143,0.218-0.221,0.23c0,0.03-0.02,0.008-0.02,0.055 + c0.043-0.009,0.061,0.006,0.051,0.044c0.021,0,0.062-0.077,0.101-0.077c-0.16,0.702,0.364,0.126,0.647,0.092 + c0.007,0.338,0.24,0.488,0.198,0.835c0.011-0.003,0.016,0,0.014,0.011c0.021-0.011,0.033-0.007,0.03,0.012 + c0.216,0.002,0.189-0.31,0.454-0.215c0.029-0.038,0.043-0.083,0.036-0.13c-0.189,0.121,0.169-0.425-0.061-0.429 + c0-0.043,0.637-0.323,0.091-0.623c-0.079-0.216,0.334-0.793,0.481-0.79c0.231-1.268,0.322,0.951,0.34,0.947 + c0.004,0.073-0.059,0.065-0.097,0.064c0.019,0.057,0,0.006,0,0.065c0.012-0.003,0.014,0,0.012,0.01 + c0.157-0.032,0.412-0.139,0.715-0.203c0.004,0.056,0.199,0.235,0.305,0.237c-0.186,0.446-0.616-0.031-0.839,0.692 + c-0.111,0.023-0.224-0.044-0.209-0.158c-0.156,0.055-0.327,0.652-0.363,0.778c0.039,0,0.082,0.01-0.006,0.017 + c0,0.002-0.005,0.01-0.005,0.01c-0.009-0.003-0.01-0.005-0.013-0.008c-0.032,0.002-0.073,0.004-0.13,0.006 + c-0.027-0.134,0.04,0.003,0.038-0.065c-0.136-0.068-0.938,0.188-0.941,0.176c-0.48-0.076-0.011-0.779-0.237-0.78 + c0-0.023,0.103-0.076,0.1-0.198c-0.1,0.06-0.291,0.132-0.333,0.262c0.026,0.011,0.056-0.007,0.084-0.028 + c-0.002-0.002-0.002-0.001-0.002-0.004c0.004-0.001,0.004,0.001,0.005,0c0.057-0.044,0.106-0.097,0.11,0.077 + c0.118,0-0.428,1.146-0.434,0.776c-0.38,0.015-0.725,0.683-1.118,0.735c0.015,0.064,0.096,0.171,0.063,0.242 + c-0.078,0-0.435-0.042-0.459,0.055c0.111,0.026,0.029,0.087-0.012,0.1c0.077,0.173,1.219,0.896-0.04,0.9 + c0.005-0.563-0.431,0.343-0.497,0.49c0.002,0,0.004-0.006,0.006-0.006c-0.021,0.043-0.019,0.033-0.006,0.006 + c-0.101,0.027-0.059,0.717-0.068,0.784c0.155-0.029,1.15,0.357,1.151-0.168c0.063,0,0.489-1.053,0.658-1.053 + c0-0.184,0.342-0.115,0.709,0.087c0.006-0.011,0.016-0.022,0.016-0.031c0.03,0,0.041,0.025,0.046,0.061 + c0.396,0.232,0.808,0.62,0.816,1.02c0.24,0.044,0.146-0.387,0.169-0.507c-0.375-0.13-0.453-0.611-0.465-0.891 + c0.007,0.016,0.019,0.029,0.038,0.036c-0.002-0.011,0-0.014,0.013-0.01c0-0.068,0.039-0.031,0.063-0.142 + c0.392,0.189,0.849,1.486,1.225,1.491c-0.038,0.079-0.177-0.133-0.224,0.02c0.047,0,0.009,0.158,0.08,0.176 + c0-0.045,0.27-0.129,0.306-0.118c-0.002-0.13-0.111-0.1-0.111-0.199c-0.015,0.005-0.017-0.002-0.012-0.021 + c0.092,0.057,0.149,0.1,0.228,0.168c-0.003-0.012,0-0.016,0.01-0.012c0.015-0.18-0.265-0.156-0.279-0.156 + c0.003-0.015-0.005-0.019-0.022-0.011c0-0.034,0.183-0.261-0.027-0.263c0.022-0.066,0.031-0.037,0.029-0.098 + c0.014,0.002,0.022-0.003,0.021-0.022c0.011,0.044,0.06,0.131,0.099,0.132c0.008,0.012,0.019-0.116,0.017-0.186 + c0.198,0.001,0.336-0.042,0.343,0.147c0.122-0.041,0.22-0.16,0.354-0.159c-0.003-0.014,0.005-0.021,0.022-0.021 + c-0.011-0.318,0.27-0.793,0.322-1.024c0-0.004-0.005-0.004-0.005-0.008c0.005,0,0.003-0.001,0.008-0.001 + c0.007-0.024,0.021-0.057,0.018-0.076c0.07,0.07,0.078,0.077-0.018,0.076c0,0.002,0,0.005-0.003,0.009 + c0.024,0.138,0.294-0.052,0.316,0.129c-0.054-0.013-0.169,0.017-0.186,0.094c0.127,0.003,0.149,0.029,0.136,0.189 + c0.149-0.038,0.248-0.137,0.401-0.133c0-0.019,0.014-0.025,0.019-0.066c-0.01,0.003-0.015,0-0.01-0.011 + c-0.123,0.019-0.35-0.013-0.356-0.192c0.276,0.055,0.43-0.199,0.724-0.191c-0.005,0.014,0.004,0.02,0.02,0.012 + c0.005,0.064-0.238,0.147-0.261,0.156c0.181,0.242-0.111,0.104-0.104,0.281c0.341-0.111,0.579,0.649,0.586,0.765 + c-0.366-0.009-1.502-0.317-1.491,0.047c-0.209,0.038-0.396,0.218-0.456,0.342c0-0.01,0.005-0.013,0.001-0.032 + c-0.048,0.01-0.036,0.05-0.019,0.06c-0.016,0.048-0.015,0.083,0.025,0.093c0.173,0.669,0.731,0.316,1.307,0.326 + c0.121,0.57-0.042,1.127-0.608,1.039c-0.061-0.602-3.05,0.836-2.803-1.088c-0.443,0.063-1.353,0.293-1.844,0.294 + c0.006-0.668-1.23,0.815-1.122,0.815c-0.006,0.609-0.829,0.848-0.837,1.386c-0.213,0.002-0.131,1.342-0.181,1.557 + c-0.814,0.243,2.428,3.111,2.432,1.575c0.15,0.057,0.122-0.007,0.122,0.088c1.028-0.129,0.973,0.24,1.194,0.999 + c0.021,0,0.654,1.646,0.613,2.149c-0.566,0,0.195,3.079,0.488,3.387c0.511,0.34,0.002,1.001,1.266,0.56 + c0.005-0.288,1.141-1.609,1.271-1.708c0.09-0.465-0.266-1.297,0.536-1.301c0.01-0.658,0.107-1.17,0.008-1.984 + c0.325-0.004,1.642-2.644,1.741-3.105c-0.291-0.143-0.696,0.373-1.056,0.133c-0.033-0.125-0.521-1.115-0.654-1.116 + c0.113-0.65-0.854-1.5-0.977-2.235c0.013,0.003,0.018-0.004,0.009-0.022c0.102,0.001,0.198,0.144,0.297,0.146 + c0.002-0.032,0.164,0.253,0.169,0.253c0.004,0.16,0.665,1.48,0.767,1.48c0.018,0.914,0.403,1.04,1.01,0.946 + c0.35,0.044,0.898-0.622,1.19-0.766c-0.005-0.163,0.389-0.419,0.378-0.664c0.094-0.19-0.494-0.434-0.507-0.753 + c-0.409,0.106-0.438,0.696-0.692,0.008c-0.024,0-0.104,0.102-0.103,0.14c-0.231-0.069-0.38-0.934-0.384-0.962 + c0.451,0.01,1.052,0.917,1.63,0.996c0.794,0.017,1.154,0.401,1.644,0.411c-0.071,0.161-0.145,0.161-0.264,0.198 + c0.188,0.613,0.431,0.16,0.453-0.033c0.216,0.054,0.23,2.487,0.836,2.491c-0.009-0.781,1.272-2.552,1.72-2.533 + c0.004,0.044,0.576,1.16,0.625,1.237c0.15-0.004,0.242,0.002,0.284-0.183c0.479,0.011,0.359,1.584,0.707,2.311 + c-0.197-0.24-0.462-0.422-0.841-0.425c0.012,0.558,1.058,1.425,1.307,1.909c0.021,0.017,0.013-0.574-0.231-1.104 + c0.011,0.026-0.033,0.055-0.034-0.022c0.02,0.004,0.029,0.013,0.034,0.021c-0.01-0.014-0.014-0.031-0.021-0.045 + c-0.013-0.005-0.023-0.017-0.023-0.048c0,0,0,0,0.002,0c-0.01-0.019-0.017-0.039-0.026-0.059c0.061,0.057,0.129,0.102,0.212,0.121 + c0.013-0.054,0.049-0.072,0.11-0.051c-0.039-0.649-0.478-1.309-0.64-1.938c0.024,0.007,0.031,0,0.021-0.021 + c0.256,0.004,0.627,0.572,0.654,0.783c0.045,0.003,0.051,0.023,0.014,0.063c0.225-0.039,0.106-0.132,0.103-0.247 + c-0.017,0.003-0.02-0.004-0.014-0.022c0.061,0.034,0.044,0.104,0.125,0.106c0.02-0.095-0.112-0.066-0.116-0.158 + c0.884,0.113,0.237-0.651,0.212-1.054c-0.698-0.342,0.215-1.186,0.297-0.603c-0.026,0.002,0.534-0.4,0.527-0.456 + c0.792,0.025,1.004-0.899,0.852-1.262c0.176-0.068,0.073-0.22-0.06-0.228c0.007,0.065-0.073-0.027-0.066-0.023 + c0.047-0.051,0.111,0.005,0.159,0.007c-0.013-0.12-0.255-0.648-0.288-0.746c0.063-0.15,0.347-0.104,0.354-0.273 + c-1.095-0.159-0.562-0.756-0.136-0.604c-0.025,0.202-0.104,0.205-0.082,0.358c0.574-0.075,0.843,0.152,0.789,0.856 + c0.672,0.205-0.369-1.703,0.523-1.634c0.035,0.157,0.182,0.08,0.354-0.107c-0.995-2.479-2.477-4.711-4.335-6.569 + c-0.006,0.029-0.013,0.058-0.018,0.095c0.006,0.016,0.012,0.037,0.013,0.037c0.002-0.017-0.005-0.024-0.014-0.022 + c0-0.008,0.003-0.008,0.003-0.014c-0.01-0.032-0.025-0.091-0.042-0.152C34.51,6.871,34.432,6.8,34.357,6.728 + c-0.03-0.001-0.056-0.007-0.138-0.039c-0.094,0.064-0.195,0.126-0.305,0.175c-0.146,0.103-0.306,0.191-0.331,0.093 + c0.121-0.009,0.229-0.046,0.331-0.093c0.143-0.098,0.271-0.211,0.267-0.191c0.016,0.009,0.024,0.011,0.038,0.016 + c0.02-0.012,0.04-0.022,0.06-0.036C33.888,6.281,33.478,5.923,33.053,5.581z M31.25,6.407C31.323,6.416,31.214,6.534,31.25,6.407 + L31.25,6.407z M21.661,8.688c0.02,0.007,0.012,0,0.02,0.013C21.661,8.692,21.674,8.7,21.661,8.688z M22.392,7.937 + C22.357,7.937,22.39,7.864,22.392,7.937L22.392,7.937z M22.375,9.67c-0.071-0.026,0.014,0.024-0.123,0.021 + C22.248,9.57,22.361,9.55,22.357,9.44C22.524,9.442,22.371,9.61,22.375,9.67z M22.537,9.694C22.595,9.694,22.523,9.789,22.537,9.694 + L22.537,9.694z M22.678,7.614c0.02,0.006,0.01-0.001,0.02,0.011C22.678,7.618,22.69,7.626,22.678,7.614z M22.873,9.435 + C23.062,9.488,22.895,9.522,22.873,9.435L22.873,9.435z M22.812,9.435C22.879,9.435,22.812,9.473,22.812,9.435L22.812,9.435z + M21.06,11.242C21.199,11.266,21.08,11.32,21.06,11.242L21.06,11.242z M21.841,10.829c0.02,0.007,0.008-0.002,0.02,0.011 + C21.841,10.833,21.854,10.84,21.841,10.829z M22.408,12.624c0-0.04,0-0.07,0-0.082c0.001,0.018,0.007,0.025,0.021,0.022 + C22.419,12.577,22.412,12.598,22.408,12.624z M24.253,9.799C24.187,9.392,24.341,9.801,24.253,9.799L24.253,9.799z M24.613,8.967 + c-0.007-0.127,0.279,0.145,0.304,0.274C24.837,9.195,24.326,8.949,24.613,8.967z M25.031,8.478 + C25.295,8.55,25.097,8.698,25.031,8.478L25.031,8.478z M25.119,8.928c0.236-0.007,0.023-0.131,0.021-0.175 + c-0.013,0.004-0.014,0-0.013-0.01c0.227,0.059,0.188,0.259,0.199,0.431C25.32,9.174,25.122,8.957,25.119,8.928z M25.444,9.265 + C25.66,9.271,25.45,9.377,25.444,9.265L25.444,9.265z M25.731,9.786c-0.043-0.028-0.055-0.017-0.04,0.031 + c-0.063,0.001-0.205-0.064-0.211-0.159c0.202,0.036,0.018-0.098,0.064-0.097c0.005-0.027,0.202,0.157,0.2,0.148 + C25.707,9.712,25.698,9.737,25.731,9.786z M21.798,20.317C21.772,20.469,21.68,20.317,21.798,20.317L21.798,20.317z M22.633,24.561 + C22.592,24.561,22.635,24.486,22.633,24.561L22.633,24.561z M22.723,18.607c-0.012-0.02-0.021-0.029-0.033-0.041 + c-0.04-0.025-0.091-0.051-0.121-0.059c0,0.012,0.063-0.007,0.121,0.059C22.745,18.599,22.781,18.627,22.723,18.607z M24.549,22.683 + C24.479,22.443,24.79,22.683,24.549,22.683L24.549,22.683z M25.807,19.003C26.031,18.981,25.812,19.187,25.807,19.003L25.807,19.003 + z M25.7,20.269c0.064,0.021,0.122,0.283,0.122,0.35C25.653,20.57,25.7,20.352,25.7,20.269z M25.126,15.669 + C25.152,15.669,25.132,15.805,25.126,15.669L25.126,15.669z M25.011,20.704C24.946,20.988,24.904,20.704,25.011,20.704 + L25.011,20.704z M24.716,21.163C24.716,21.068,24.721,21.162,24.716,21.163L24.716,21.163z M24.652,21.468 + C24.644,21.18,24.823,21.439,24.652,21.468L24.652,21.468z M25.088,22.572c-0.047,0-0.096,0.002-0.143,0.002 + c-0.018,0.006-0.278-0.795-0.263-0.788c0.033-0.157,0.3,0.51,0.416,0.776C25.088,22.559,25.083,22.563,25.088,22.572z M25.242,22.42 + C25.242,22.363,25.39,22.418,25.242,22.42L25.242,22.42z M25.531,23.511c-0.024-0.035-0.051-0.04-0.078-0.021 + c0.003-0.276-0.024-0.486-0.06-0.774C25.538,22.749,25.533,23.354,25.531,23.511z M25.583,21.731 + C25.549,21.862,25.473,21.731,25.583,21.731L25.583,21.731z M25.144,20.802C25.162,20.728,25.331,20.824,25.144,20.802 + L25.144,20.802z M25.331,20.988c0,0,0.219,0.224,0.219,0.153c-0.112,0.038-0.19,0.326-0.041,0.328 + c-0.03,0.116-0.091,0.017-0.091,0.153c-0.011-0.004-0.014,0-0.011,0.012c-0.033,0-0.229-0.213-0.229-0.022 + C24.801,21.611,25.352,20.884,25.331,20.988z M25.549,15.381C25.544,15.208,25.607,15.381,25.549,15.381L25.549,15.381z + M26.517,13.96C26.53,14.203,26.358,13.958,26.517,13.96L26.517,13.96z M27.902,7.41C27.964,7.415,27.905,7.446,27.902,7.41 + L27.902,7.41z M26.723,13.66C26.897,13.681,26.784,13.762,26.723,13.66L26.723,13.66z M26.93,14.394 + c-0.092-0.001-0.198-0.266-0.207-0.318c0.089,0.01,0.245,0.217,0.251,0.266C26.948,14.337,26.932,14.354,26.93,14.394z + M28.036,13.653c-0.12,0-0.15-0.092-0.207-0.093c0,0.001,0.002,0.189-0.029,0.206c0.024,0.003,0.036,0.014,0.033,0.032 + c0.047,0.001,0.083-0.041,0.156-0.038c0.004,0.039,0.094,0.479,0.02,0.637c-0.916-0.022-0.507-0.315-0.535-0.75 + c-0.551-0.013-0.584-1.176-0.283-1.167c0.209-0.933,1.076,0.798,0.557,0.462c0.002-0.018-0.009-0.022-0.035-0.012 + c0.006-0.01,0-0.015-0.01-0.011c-0.002-0.013,0.184-0.061,0.179-0.134c-0.292-0.122-0.154,0.092-0.344,0 + c0.003,0.011,0,0.015-0.013,0.011c0.014,0.05,0.03,0.076,0.044,0.089c-0.021-0.003-0.057-0.001-0.131,0.039 + c0.109,0.31,0.338,0.166,0.362,0.54c0.17,0.005,0.027-0.139,0.291,0.074C28.098,13.922,28.013,13.435,28.036,13.653z M28.743,13.061 + c-0.063-0.002-0.022,0.139-0.063,0.138c-0.082-0.147-0.282-0.753,0.205-0.69C28.952,12.681,28.751,13.167,28.743,13.061z + M31.058,13.368C31.105,13.137,31.521,13.5,31.058,13.368L31.058,13.368z M30.788,12.624c-0.09,0.076-0.154,0.169-0.143,0.279 + C30.355,12.825,30.541,12.708,30.788,12.624c0.193-0.166,0.511-0.231,0.495-0.104C31.196,12.513,30.974,12.559,30.788,12.624z + M35.015,20.699C35.066,20.7,35.017,20.785,35.015,20.699L35.015,20.699z M37.291,15.826C37.284,15.731,37.46,15.834,37.291,15.826 + L37.291,15.826z M38.519,13.325C38.634,13.339,38.701,13.672,38.519,13.325L38.519,13.325z M36.948,16.116 + C36.934,16.205,36.748,16.127,36.948,16.116L36.948,16.116z M36.312,16.168C36.341,16.159,36.284,16.276,36.312,16.168 + L36.312,16.168z M35.538,19.34C35.391,19.385,35.531,19.194,35.538,19.34L35.538,19.34z M34.66,17.915 + C34.568,17.942,34.655,17.829,34.66,17.915L34.66,17.915z M35.108,11.012c0.094,0.008-0.093,0.92-0.56,0.887 + c0-0.025-0.019-0.033-0.055-0.025C34.507,11.891,35.106,11.153,35.108,11.012z M34.444,14.623 + C34.584,14.63,34.459,14.76,34.444,14.623L34.444,14.623z M34.25,6.785C34.27,6.788,34.249,6.859,34.25,6.785L34.25,6.785z + M34.079,11.833C34.148,11.838,34.077,12.034,34.079,11.833L34.079,11.833z M33.114,11.963 + C32.973,11.99,33.128,11.817,33.114,11.963L33.114,11.963z M33.109,6.245c0-0.01-0.004-0.012-0.014-0.011 + c0.003-0.054-0.011-0.042-0.066-0.049c-0.002-0.012-0.007-0.023-0.016-0.033c0.033-0.017,0.002-0.062-0.007-0.091 + c0.119,0.016,0.274,0.076,0.234-0.07c0.032,0.006,0.032,0.009,0.023,0.009C33.395,6.05,33.152,6.235,33.109,6.245z M33.44,6.963 + C33.685,6.947,33.46,7.044,33.44,6.963L33.44,6.963z"/> +<path fill="#3C89C9" d="M27.862,13.907C27.93,13.892,27.875,13.8,27.862,13.907L27.862,13.907z"/> +<path fill="#3C89C9" d="M36.572,25.586c0.003-0.032-0.015-0.065-0.028-0.103c-0.018-0.027-0.04-0.049-0.058-0.049 + C36.484,25.492,36.507,25.583,36.572,25.586z"/> +<path fill="#3C89C9" d="M36.788,21.607c0.583,0.182,0.247-0.67,0.654-0.686c-0.195-0.356-0.303-0.515,0.04-0.696 + c-0.04-0.106-0.26-0.26-0.303-0.261c0.021,0.128-0.887,0.678-0.825,0.848C35.311,20.643,36.791,21.896,36.788,21.607z + M36.387,20.822c-0.022-0.006-0.009,0.001-0.022-0.012C36.387,20.818,36.375,20.81,36.387,20.822z"/> +<path fill="#3C89C9" d="M9.104,5.205c0-0.014-0.012-0.028-0.029-0.041C9,5.22,8.929,5.281,8.854,5.338 + C8.921,5.492,9.335,5.126,9.104,5.205z"/> +<path fill="#3C89C9" d="M3.835,12.353c0-0.008-0.003-0.008-0.004-0.014c-0.013-0.01-0.024-0.026-0.04-0.035 + C3.787,12.325,3.793,12.352,3.835,12.353z"/> +<path fill="#3C89C9" d="M3.382,12.197c0.001,0,0.001,0.001,0.003,0.001c-0.03-0.002-0.059-0.004-0.086,0.007 + c-0.034,0.136,0.431,0.404,0.661,0.385c0.005-0.026-0.008-0.042-0.016-0.061c0.011,0.034,0.023,0.057,0.035,0.104 + C3.987,12.637,4,12.64,4,12.646c-0.013,0.001-0.009,0.012-0.014,0.019c0.005,0.025,0.011,0.043,0.016,0.071 + c-0.027,0.002-0.039-0.046-0.016-0.071c-0.003-0.011-0.006-0.021-0.008-0.031c-0.051-0.024-0.228-0.013-0.289-0.02 + c-0.034,0.225-0.379,1.93-0.042,1.962c0.012-0.073-0.007-0.04,0.06-0.044c-0.083,0.09,0.897,1.763,0.723,1.771 + c0.054,0.288,0.631,0.44,0.596,0.835c0.062-0.002,0.008-0.023,0.068-0.043c0.121-0.463-0.635-1.013-0.576-1.478 + c0.619-0.025,0.979,2.242,1.331,2.237c0.175,0.377,1.95,0.87,2.337,0.865c0.046,0.212,0.247,0.416,0.238,0.662 + C8.6,19.379,8.73,19.659,8.949,19.73c-0.003-0.002-0.008-0.003-0.021-0.008c0.008,0.03,0.002,0.025,0.032,0.033 + c-0.004-0.014-0.004-0.021-0.008-0.024c0.05,0.015,0.102,0.023,0.162,0.011c-0.003-0.025,0.017-0.04,0.056-0.042 + c-0.002-0.152,0.09-0.095,0.094-0.235c0.565,0.294,0.003,1.677-0.271,2.038c0.23,0.049,0.031,0,0.176,0 + c0,0.445-0.345,0.505,0.191,0.957c0.004,0.366,0.381,1.012,0.595,1.283c0.902,0.009,0.623,1.492,0.622,1.972 + c-0.079,1.125,0.152,3.233-0.141,3.766c-0.108-0.005-0.067-0.119-0.228-0.063c0.05,0.031,0.046,0.074,0.017,0.121 + c0.313,0.032,0.09,0.487,0.256,0.494c-0.088,0.196,0.162,0.548-0.035,0.539c0.031,0.011,0.047,0.023,0.047,0.047 + c0.098,0.018,0.1-0.067,0.159-0.064c-0.003,0.034,0.019,0.041,0.064,0.023c0.011,0.096-0.118,0.08-0.167,0.087 + c0.086,0.282,0.18,0.154,0.33,0.348c0.06-0.007,0.07-0.09,0.101-0.169c0.023,0.021,0.103,0.044,0.109,0.112 + c-0.116,0.038-0.09,0.147,0.073,0.188c-0.019,0.015-0.17-0.096-0.122,0.015c-0.012-0.003-0.022,0-0.03,0.007 + c-0.004-0.03-0.02-0.16-0.081-0.164c0.009,0.085-0.005,0.042-0.065,0.062c0.008-0.05-0.014-0.063-0.065-0.033 + c0.025,0.159,0.081,0.059,0.141,0.061c0.012,0.106-0.059,0.038-0.136,0.075c0.012,0.057,0.219,0.101,0.435,0.118 + c0.025-0.004,0.048-0.006,0.063-0.006c0.001,0.006-0.001,0.006,0,0.011c0.218,0.016,0.425,0.002,0.419-0.056 + c-0.219-0.053-0.555-0.347-0.58-0.472c-0.071,0.019-0.111,0.037-0.137,0.049c0.037-0.069,0.097-0.127,0.244-0.109 + c-0.086-0.26-0.052-0.206-0.083-0.503c0.083,0.003,0.28-0.131,0.383-0.371c-0.526-0.324-0.004-0.622,0.104-1.043 + c-0.034-0.013-0.08-0.013-0.097-0.014c-0.002-0.035,0.182,0.007,0.202,0.008c-0.004-0.069,0.012,0.009,0.005-0.074 + c-0.017,0.002-0.024-0.011-0.024-0.035c-0.133-0.005-0.168-0.136-0.245-0.139c0.028-0.064,0.025-0.086,0.053-0.146 + c0.467,0.016,0.135-0.027,0.304-0.387c0.542,0.018,0.656-0.47,0.632-0.808c-0.062-0.054-0.108-0.143-0.118-0.307 + c0.055,0,0.104,0.136,0.118,0.307c0.174,0.161,0.502-0.066,0.687-0.344c-0.004,0.004-0.007,0.008-0.018,0.012 + c-0.001-0.033,0.022-0.031,0.025-0.021c0.08-0.12,0.134-0.252,0.13-0.364c0.034,0.055,0.066,0.058,0.098,0.013 + c-0.003,0.011,0.001,0.013,0.011,0.011c-0.006,0.136-0.04,0.124-0.066,0.215c0.041,0.002,0.019-0.041,0.053-0.041 + c-0.004-0.107,0.105-0.427,0.241-0.472c-0.001-0.096,1.733-2.791,1.35-2.798c-0.003-0.314,0.518-0.862,0.516-1.426 + c-0.326,0-0.858-0.782-1.218-0.424c0.019,0.001-0.371-0.201-0.668-0.314c-0.001,0.009,0,0.012-0.001,0.021 + c-0.259,0.067-0.302-0.009-0.262-0.093c-0.038-0.001-0.066,0.004-0.066,0.028c-0.146,0-0.036,0.227-0.133,0.227 + c0.03-0.114,0.038,0.059,0.013-0.194c-0.268,0.013-0.299,0.208-0.604,0.208c0-0.046,0.943-0.436,0.856-0.423 + c-0.002-0.011,0-0.015,0.011-0.011c0.001-0.182-0.024,0.032,0.023-0.174c-0.147,0.006-0.003,0.065-0.11,0.065 + c0.417-0.783-0.935-0.969-1.153-0.967c0.001-0.076-0.012-0.012-0.044-0.01c-0.066-0.442-0.031-0.324-0.497-0.319 + c0.032-0.053,0.16-0.145,0.219-0.193c-0.038-0.022-0.143-0.178-0.171-0.227c-0.173-0.006-1.139-0.2-1.137-0.2 + c0.001,0.152-0.162,0.276-0.167,0.515c-0.206,0.002,0.047-0.519,0.047-0.534c-0.033,0-0.046-0.011-0.043-0.032 + c-0.018,0.008-0.026,0.003-0.021-0.01c-0.31,0.005-0.654,0.775-0.755,0.775c0.011-0.388-1.209-0.058-0.965-0.633 + c0.025-0.689,0.151-0.722-0.702-0.706c0.009-0.176,0.127-0.342,0.138-0.53c-0.014,0,0.016,0.095,0.059,0.093 + c-0.095-1.071,0.012-0.283-0.659-0.057c-0.046,0.698-0.997-0.961-0.724-0.835c-0.387-1.162,1.034-1.04,1.346-1.052 + c0.114-0.135-0.096-0.147-0.142-0.214c0.49-0.164,1.108,0.105,1.217,0.646c0.127-0.546,0.696-1.87,0.678-1.659 + c0.103,0.028,0.078-0.002,0.171-0.006c0.018-0.218-0.328-0.518,0.087-0.821c0,0-0.116,0.325-0.119,0.355 + c0.053-0.001,0.081-0.078,0.07,0.04c0.177-0.097,0.067-0.161,0.095-0.333c-0.002-0.001,0.614-0.515,0.777-0.521 + c-0.187-0.278,0.509-0.629,0.648-0.753c0.088,0.131-0.031-0.05,0.198-0.094c-0.017,0.169-0.23,0.118,0.146,0.111 + c-0.008,0.087-0.26,0.323-0.27,0.418c0.011,0.005,0.413-0.403,0.54-0.407c-0.024-0.103-0.07,0.069-0.03-0.116 + c-0.157,0.024-0.174,0.038-0.297,0.044c0.001-0.017-0.177-0.388-0.055-0.394c-0.009-0.016-0.014-0.034-0.016-0.053 + c-0.058,0.006-0.116,0.05-0.173,0.062c0.003-0.036,0.055-0.071-0.012-0.084c0.021-0.013,0.037-0.033,0.047-0.056 + c0.058,0.196,0.224-0.155,0.243-0.15c0.022-0.492-1.027,0.497-0.996,0.495c0.496-0.604,0.687-0.748,1.397-0.781 + c1.021-0.212,0.604-0.658,0.342-0.735c-0.066,0.024-0.128,0.045-0.159,0.051c0.006-0.066,0.076-0.076,0.159-0.051 + c0.128-0.048,0.279-0.117,0.285-0.185c0.007,0.008-0.578-0.368-0.602-0.367c0.006,0.016-0.005-0.131-0.008-0.106 + c0.068,0.005,0.098,0.005,0.131,0.004c0.105-0.352-0.426-0.389-0.284-0.891c-0.147,0.036-1.038,1.066-0.605-0.09 + c-0.196,0.013-0.639-0.552-1.112-0.185c-0.033,0.521-0.044,0.853,0,1.38c-0.42,0.108-0.429,0.66-0.464,0.926 + c-0.13,0.007-0.46-0.413-0.4-0.416c0.063-0.201-0.902-0.685-1.198-0.591c-0.009-0.04-0.166-0.462-0.183-0.367 + c-0.38,0.033,0.291-0.711,0.291-0.696c-0.05,0.005,0.885-0.672,0.907-0.795c-0.14-0.015-0.275-0.006-0.439,0.01 + C9.045,8.472,9.108,8.608,9.14,8.453c0.089-0.047,0.256,0.11,0.319,0.104c0.059-0.093,0.047-0.144,0.063-0.233 + C9.683,8.251,9.703,8.37,9.85,8.335c0-0.009,0.004-0.016,0.014-0.022C9.808,8.293,9.796,8.2,9.737,8.22 + c0.023-0.01,0.036-0.024,0.037-0.044c0.425-0.184,0.961-0.912,0.118-0.83c0.123,0.313-0.177,0.357-0.244,0.687 + c-0.525,0.051,0.043-0.47-0.18-0.52C9.352,7.638,9.265,7.709,9.232,7.866C9.294,7.871,8.979,7.475,8.978,7.46 + c0.237-0.153,0.031-0.043,0.109-0.196C9.126,7.286,9.188,7.322,9.21,7.221C9.2,7.226,9.198,7.222,9.203,7.212 + C9.062,7.26,8.921,6.938,8.817,6.978c0.05-0.202,0.901-0.654,0.487-0.648C9.264,6.413,8.924,6.266,8.81,6.734 + C8.648,6.863,8.551,7.378,8.513,7.552c0.029-0.011,0.065-0.077,0.049-0.005C8.57,7.546,8.858,7.445,8.946,7.475 + C8.918,7.601,8.763,7.605,8.678,7.657C8.655,7.808,8.634,7.775,8.731,7.756c-0.08,0.076-0.293,0.497-0.29,0.487 + c-0.206,0.074-0.14-0.145-0.11-0.273C8.25,8.032,8.297,7.991,8.313,7.92c-0.102,0.011-0.037,0.044-0.18-0.04 + c-0.391,0.75-1.09-0.359-1.382,0.26c0.037,0.01,0.044-0.012,0.085-0.001c0.039-0.069,0.261-0.168,0.326-0.158 + C7.01,8.273,6.807,8.15,6.723,8.514C6.66,8.461,6.68,8.371,6.698,8.277c0.077-0.073-0.505,0.082-0.738,0.071 + c0.05-0.185,0.119-0.071,0.181-0.181C6.071,8.153,6,8.136,5.926,8.119c-0.161,0.188-0.319,0.38-0.474,0.574 + c0.053-0.009,0.104-0.019,0.138-0.002C5.507,8.755,5.481,8.815,5.514,8.868c-0.058,0.007-0.15,0.009-0.22,0.027 + C5.288,8.903,5.282,8.91,5.276,8.918C5.268,8.99,5.381,8.933,5.359,9.015C5.298,8.987,5.23,9.02,5.165,9.059 + c-0.667,0.88-1.256,1.82-1.769,2.807C3.412,11.949,3.417,12.041,3.382,12.197z M3.885,12.865C3.91,12.736,4.033,12.817,3.885,12.865 + L3.885,12.865z M11.391,31.242C11.507,31.245,11.397,31.289,11.391,31.242L11.391,31.242z M10.955,24.225 + C11.074,24.225,10.975,24.438,10.955,24.225L10.955,24.225z M10.815,30.891C10.79,30.668,10.974,30.899,10.815,30.891L10.815,30.891 + z M10.842,30.767c-0.022,0.021-0.07-0.005-0.085-0.025C10.78,30.749,10.817,30.76,10.842,30.767z M10.696,30.854 + C10.705,30.742,10.825,30.837,10.696,30.854L10.696,30.854z M10.578,23.662C10.839,23.602,10.606,24.051,10.578,23.662 + L10.578,23.662z M8.36,19.022C8.362,19.004,8.689,19.017,8.36,19.022L8.36,19.022z M8.277,18.896 + C8.252,18.807,8.457,18.935,8.277,18.896L8.277,18.896z M11.98,10.99C12.145,11.006,11.977,11.182,11.98,10.99L11.98,10.99z + M11.773,10.671C11.814,10.681,11.803,10.752,11.773,10.671L11.773,10.671z M11.469,10.997C11.407,11,11.494,10.72,11.469,10.997 + L11.469,10.997z M11.319,11.143C11.406,11.203,11.123,11.438,11.319,11.143L11.319,11.143z M10.898,11.569 + C11.028,11.536,10.86,11.675,10.898,11.569L10.898,11.569z M10.885,10.553C10.869,10.674,10.794,10.581,10.885,10.553L10.885,10.553 + z M10.713,11.643C10.704,11.646,10.741,11.572,10.713,11.643C10.793,11.433,10.855,11.59,10.713,11.643z M10.768,10.518 + C10.591,10.529,10.784,10.391,10.768,10.518L10.768,10.518z M10.571,12.997C10.625,12.734,10.602,12.996,10.571,12.997 + L10.571,12.997z M10.501,12.777C10.468,12.865,10.483,12.776,10.501,12.777L10.501,12.777z M8.843,6.717 + C8.973,6.669,8.827,6.809,8.843,6.717L8.843,6.717z M10.241,12.96c-0.053,0.216-0.795,0.652-1.08,0.666c0,0,0.049-0.094-0.058-0.049 + c0.023-0.08,0.121-0.138,0.13-0.218c0.071-0.003-0.03,0.079-0.037,0.139c0.239-0.012,0.659-0.384,0.772-0.425 + C9.9,13.051,10.26,12.959,10.241,12.96z M9.747,12.985C9.821,12.982,9.627,13.166,9.747,12.985L9.747,12.985z M9.778,11.277 + C9.772,11.317,9.524,11.215,9.778,11.277L9.778,11.277z M9.624,12.612C9.875,12.598,9.613,12.704,9.624,12.612L9.624,12.612z + M8.606,12.011C8.599,11.826,8.831,11.997,8.606,12.011L8.606,12.011z M8.671,12.144c0.233,0.053,1.04,0.757,0.986,0.888 + c-0.276,0.001-0.137-0.064-0.366,0.282c-0.138-0.154,0.034-0.245-0.176-0.117c0.017,0.023-0.027-0.363-0.053-0.417 + c-0.322,0.056-0.255,0.602-0.443,0.811c-0.262-0.001,0.053-0.543,0.068-0.643c-0.028,0.079-0.07,0.117-0.129,0.112 + c0.051-0.291,0.372-0.335,0.533-0.345c-0.011,0.03,0.006,0.04,0.048,0.028c0-0.153-0.481-0.2-0.593-0.153 + c0.005-0.011,0.002-0.014-0.01-0.01c0.012-0.018,0.024-0.037,0.037-0.052c-0.145,0.044-0.418,0.087-0.446,0.099 + c0.006-0.021-0.008-0.024-0.041-0.007C8.286,12.384,8.654,12.268,8.671,12.144z M7.956,15.896C8.1,15.891,7.872,16.037,7.956,15.896 + L7.956,15.896z M7.76,15.81C7.816,15.807,7.772,15.929,7.76,15.81L7.76,15.81z M7.458,11.162c-0.002-0.052,0.21,0.537,0.191,0.676 + c-0.044-0.005-0.064,0.011-0.059,0.046C7.613,11.881,7.117,11.173,7.458,11.162z M7.269,11.784 + C7.281,11.521,7.519,11.854,7.269,11.784L7.269,11.784z M7.217,11.325c-0.014,0.045-0.013,0.238-0.013,0.299 + c0-0.05-0.025-0.024-0.02-0.007c-0.072-0.021-0.07-0.177-0.101-0.228C7.167,11.351,7.167,11.309,7.217,11.325z M7.127,10.513 + c-0.254,0.096-0.093,0.167-0.028-0.161C7.195,10.232,7.13,10.495,7.127,10.513z M7.035,10.226 + C7.116,10.282,6.892,10.41,7.035,10.226L7.035,10.226z M6.87,10.751C6.891,10.649,6.959,10.742,6.87,10.751L6.87,10.751z + M5.078,13.742C5.352,13.723,4.966,14.072,5.078,13.742L5.078,13.742z M6.52,10.042c-0.001,0.003,0.003,0.002,0.003,0.006 + c0.022-0.003,0.042-0.007,0.076-0.003c-0.056,0.029-0.079,0.027-0.076,0.003c-0.012,0.002-0.028,0.001-0.04,0.002 + c-0.151,0.045-0.56,0.41-0.531,0.28c0.291-0.089,0.303-0.26,0.531-0.28C6.496,10.046,6.511,10.041,6.52,10.042z M5.716,9.574 + C5.845,9.305,5.464,9.458,5.8,9.355C5.798,9.753,6.251,9.186,6.467,9.241C6.436,9.388,5.196,10.148,5.304,9.71 + C5.455,9.725,5.55,9.571,5.716,9.574z M5.107,9.347c0.011-0.019,0.203,0,0.264-0.011C5.292,9.482,4.849,9.384,5.107,9.347z + M3.791,12.304c0.005-0.029,0.03-0.041,0.04,0.035c0.039,0.03,0.072,0.083,0.099,0.152c-0.07-0.074-0.227-0.093-0.209-0.179 + c-0.063-0.008-0.154-0.062-0.245-0.094C3.617,12.251,3.722,12.271,3.791,12.304z"/> +<path fill="#3C89C9" d="M28.827,12.569C28.832,12.605,28.898,12.596,28.827,12.569L28.827,12.569z"/> +<path fill="#3C89C9" d="M9.284,12.757C9.364,12.754,9.275,12.808,9.284,12.757C9.255,12.915,9.726,12.745,9.284,12.757z"/> +<path fill="#3C89C9" d="M35.885,20.362C35.889,20.49,35.976,20.363,35.885,20.362L35.885,20.362z"/> +<path fill="#3C89C9" d="M35.856,21.629C36.056,21.629,35.856,21.414,35.856,21.629L35.856,21.629z"/> +<path fill="#3C89C9" d="M39.982,23.137c-0.071,0.022-0.031-0.031-0.031-0.06c-0.265,0.137-0.521-0.145-0.698-0.082 + c0.089,0.021,0.139,0.07,0.148,0.149c-0.033,0.006-0.048,0.02-0.046,0.039c-0.04,0.022-0.274-0.02-0.293-0.024 + c-0.008,0.2-0.105,0.207-0.119,0.445c-0.178-0.015-0.136,0.023-0.265,0.055c0.047-0.521-0.615,0.099-0.627,0.319 + c-0.063,0.002-0.038-0.137-0.091-0.152c-0.031,0.61-1.219,0.717-1.298,0.963c-0.011,0.005-0.013,0.002-0.01-0.01 + c-0.169,0.003-0.029,0.629-0.04,0.722c-0.085-0.019-0.038-0.071-0.081-0.07c-0.002,0.02,0.005,0.035,0.012,0.051 + c0.167,0.231,0.328,1.302,0.06,1.312c0.09,0.799,2.969-1.344,2.808,0.007c0.021-0.006,0.035,0,0.042,0.018 + c0-0.003,0.015-0.015,0.024-0.024c0.318-1.008,0.558-2.052,0.714-3.126C40.078,23.52,39.964,23.542,39.982,23.137z M39.496,26.29 + C39.423,26.293,39.5,26.253,39.496,26.29L39.496,26.29z M39.55,26.376C39.584,26.1,39.631,26.38,39.55,26.376L39.55,26.376z + M39.962,23.378C39.929,23.575,39.834,23.361,39.962,23.378L39.962,23.378z"/> +<path fill="#3C89C9" d="M35.56,21.431C35.554,21.46,35.883,21.431,35.56,21.431L35.56,21.431z"/> +<path fill="#3C89C9" d="M36.855,22.503c-0.028-0.15-0.559-0.54-0.586-0.389c-0.425,0.002-0.371-0.172-0.768,0.045 + C35.551,22.26,36.613,22.506,36.855,22.503z"/> +<path fill="#3C89C9" d="M8.574,12.528c0.055-0.018,0.095-0.034,0.092-0.05C8.62,12.48,8.595,12.502,8.574,12.528z"/> +<path fill="#3C89C9" d="M37.74,19.033c-0.005-0.049-0.009-0.044-0.009-0.031c0-0.127-0.059-0.189-0.188-0.168 + C37.544,18.875,37.751,19.03,37.74,19.033z"/> +<path fill="#3C89C9" d="M38.129,19.367C38.086,19.187,37.9,19.416,38.129,19.367L38.129,19.367z"/> +<path fill="#3C89C9" d="M39.064,23.09C39.054,22.968,38.961,23.092,39.064,23.09L39.064,23.09z"/> +<path fill="#3C89C9" d="M38.109,18.776C38.112,18.876,38.175,18.778,38.109,18.776L38.109,18.776z"/> +<path fill="#3C89C9" d="M37.548,19.079C37.399,19.04,37.548,19.097,37.548,19.079L37.548,19.079z"/> +<path fill="#3C89C9" d="M37.753,21.607c0,0.147,0.076,0.165,0.074,0.305c0.026-0.01,0.038-0.007,0.033,0.012 + c0.105-0.005,0.028-0.103,0.177-0.103c0-0.139-0.284-0.265-0.284-0.378c0.063-0.034,0.151-0.055,0.225-0.099 + c-0.036,0.019,0.114,0.09,0.114,0.008c-0.065-0.013-0.099-0.013-0.114-0.008c0.04-0.024,0.075-0.055,0.091-0.104 + c-0.203,0.013-0.331,0.056-0.382-0.029c-0.321,0.353-0.579,0.789-0.134,0.787C37.555,22.012,37.725,21.607,37.753,21.607z"/> +<path fill="#3C89C9" d="M37.174,22.521c0,0.014-0.042,0.064-0.048,0.104c0.279-0.046,0.269,0.063,0.2-0.136 + C37.268,22.479,37.337,22.519,37.174,22.521z"/> +<path fill="#3C89C9" d="M37.783,19.002C37.802,19.071,37.877,19.026,37.783,19.002L37.783,19.002z"/> +<path fill="#3C89C9" d="M38.013,22.015C38.189,22.008,37.956,21.672,38.013,22.015L38.013,22.015z"/> +<path fill="#3C89C9" d="M37.691,22.834C37.72,22.614,37.21,22.841,37.691,22.834L37.691,22.834z"/> +<path fill="#3C89C9" d="M37.811,19.156C37.796,19.525,38.032,19.178,37.811,19.156L37.811,19.156z"/> +<path fill="#3C89C9" d="M38.281,22.513C38.121,22.525,38.278,22.546,38.281,22.513L38.281,22.513z"/> +<path fill="#3C89C9" d="M38.192,21.382C38.164,21.46,38.492,21.408,38.192,21.382L38.192,21.382z"/> +<path fill="#3C89C9" d="M38.263,20.813c0.028-0.115-0.134-0.021-0.332,0.155C38.129,20.909,38.309,20.813,38.263,20.813z"/> +<path fill="#3C89C9" d="M37.846,19.402C37.853,19.55,38.298,19.357,37.846,19.402L37.846,19.402z"/> +<path fill="#3C89C9" d="M38.8,16.037C38.881,16.015,38.809,15.971,38.8,16.037L38.8,16.037z"/> +<path fill="#3C89C9" d="M39.188,21.133C38.855,21.072,39.188,21.2,39.188,21.133L39.188,21.133z"/> +<path fill="#3C89C9" d="M39.047,21.403C39.047,21.314,38.957,21.386,39.047,21.403L39.047,21.403z"/> +<path fill="#3C89C9" d="M39.177,15.369c-0.082,0.005-0.243,0.067-0.252,0.165c0.054,0.002,0.047,0.039,0.052,0.073 + c0.039,0,0.064,0.023,0.085,0.074C39.125,15.471,39.261,15.602,39.177,15.369z"/> +<path fill="#3C89C9" d="M38.705,21.13c-0.017-0.059,0.205-0.366-0.017-0.437c-0.031,0.117-0.132,0.398,0.051,0.476 + C38.739,21.207,38.758,21.13,38.705,21.13z"/> +<path fill="#3C89C9" d="M38.609,21.585C38.243,21.625,38.609,21.756,38.609,21.585L38.609,21.585z"/> +<path fill="#3C89C9" d="M38.683,21.201C38.565,21.169,38.685,21.237,38.683,21.201L38.683,21.201z"/> +<path fill="#3C89C9" d="M38.763,20.634C38.767,20.847,38.917,20.676,38.763,20.634L38.763,20.634z"/> +<path fill="#3C89C9" d="M39.062,15.173C38.986,15.167,39.05,15.224,39.062,15.173L39.062,15.173z"/> +<path fill="#3C89C9" d="M39.31,15.347c-0.016,0.113-0.055,0.073,0.029,0.19c0.12,0.003,0.207-0.044,0.284-0.102 + c-0.042-0.15-0.085-0.302-0.131-0.451c-0.005,0.001-0.009,0.004-0.016,0.007c-0.009-0.016-0.021-0.024-0.036-0.022 + c-0.01-0.055,0.007-0.053,0.021-0.074c-0.005-0.016-0.012-0.031-0.015-0.046c-0.167,0.058-0.247,0.267-0.406,0.4 + c0.007,0.006,0.014,0.017,0.018,0.042c-0.026-0.001-0.036-0.013-0.038-0.025c-0.082,0.061-0.174,0.101-0.315,0.093 + C38.741,15.425,39.221,15.342,39.31,15.347z"/> +<path fill="#3C89C9" d="M38.634,15.676c0.084-0.016,0.047-0.107,0.071-0.106c0.051,0.133-0.087,0.176-0.034,0.289 + c0.057,0.014,0.069-0.018,0.073-0.039c0,0.014,0,0.04,0.008,0.093c0.271,0.014,0.007-0.52,0.007-0.5 + c-0.125-0.01-0.125,0.083-0.214,0.078C38.655,15.646,38.59,15.558,38.634,15.676z"/> +<path fill="#3C89C9" d="M39.09,21.243C39.09,21.265,39.2,21.243,39.09,21.243L39.09,21.243z"/> +<path fill="#3C89C9" d="M39.13,23.07C39.164,22.982,39.041,23.07,39.13,23.07L39.13,23.07z"/> +<path fill="#3C89C9" d="M39.09,21.293C39.092,21.384,39.209,21.268,39.09,21.293L39.09,21.293z"/> +<path fill="#3C89C9" d="M23.898,14.594c-0.014,0.019-0.03,0.025-0.052,0.022c0.001,0.109,0.357,0.161,0.353,0.014 + C24.154,14.638,23.901,14.664,23.898,14.594z"/> +<path fill="#3C89C9" d="M8.016,7.312C7.954,7.318,7.973,7.486,8.016,7.312L8.016,7.312z"/> +<path fill="#3C89C9" d="M7.97,7.73C7.818,7.749,7.92,7.849,7.97,7.73L7.97,7.73z"/> +<path fill="#3C89C9" d="M7.927,6.159C7.898,6.168,7.902,6.369,7.927,6.159L7.927,6.159z"/> +<path fill="#3C89C9" d="M7.949,7.936C7.945,8.064,7.997,7.932,7.949,7.936L7.949,7.936z"/> +<path fill="#3C89C9" d="M7.927,6.159C7.86,6.184,7.923,6.19,7.927,6.159L7.927,6.159z"/> +<path fill="#3C89C9" d="M8.526,6.359c-0.059,0.11-0.149,0.108-0.18,0.164c-0.102-0.01-0.154-0.095-0.26,0.115 + c0.026,0.023,0.096,0.047,0.136,0.042c-0.03,0.076-0.035,0.048-0.037,0.104C8.052,6.783,7.996,6.789,7.889,6.763 + c0,0.011-0.004,0.014-0.013,0.012c-0.075,0.28,0.416,0.3,0.566,0.282c0.291-0.434,0.043-0.21,0.191-0.579 + C8.338,6.461,8.57,6.354,8.526,6.359z"/> +<path fill="#3C89C9" d="M7.891,7.67c0,0.027-0.003,0.023,0.022,0.027C7.911,7.67,7.916,7.673,7.891,7.67z"/> +<path fill="#3C89C9" d="M8.071,7.781c0.14-0.053,0.182,0.057,0.459-0.021c0.028-0.125-0.207-0.25-0.203-0.263 + C8.266,7.508,8.072,7.703,8.071,7.781z"/> +<path fill="#3C89C9" d="M19.85,10.422C19.852,10.293,19.816,10.422,19.85,10.422L19.85,10.422z"/> +<path fill="#3C89C9" d="M20.45,9.181C20.384,9.454,20.495,9.18,20.45,9.181L20.45,9.181z"/> +<path fill="#3C89C9" d="M19.801,10.235C19.786,10.372,19.813,10.245,19.801,10.235L19.801,10.235z"/> +<path fill="#3C89C9" d="M8.92,5.966C8.963,5.868,8.71,5.993,8.92,5.966L8.92,5.966z"/> +<path fill="#3C89C9" d="M8.282,6.02C8.187,6.096,8.132,6.003,8.09,6.155c0.021-0.009,0.025-0.003,0.014,0.018 + C8.229,6.129,8.31,6.082,8.438,6.039C8.421,6.103,8.332,6.116,8.297,6.228c0.678-0.03,0.424-0.477,0.25-0.455 + C8.541,5.5,8.471,5.852,8.434,5.988c-0.049-0.023-0.042-0.236-0.15-0.197C8.28,5.794,8.275,5.797,8.271,5.801 + C8.237,5.888,8.27,5.935,8.282,6.02z"/> +<path fill="#3C89C9" d="M10.293,4.948C10.386,4.915,10.326,4.873,10.293,4.948L10.293,4.948z"/> +<path fill="#3C89C9" d="M9.835,9.082c-0.06,0.021-0.159,0.057-0.218,0.102C9.578,9.272,9.796,9.155,9.835,9.082z"/> +<path fill="#3C89C9" d="M10.025,8.879c-0.011-0.049,0-0.07,0.032-0.065c-0.003,0.007-0.411-0.31-0.394-0.31 + c0.079-0.162-0.273,0.417-0.275,0.43C9.646,8.912,9.524,8.788,9.819,8.72C9.803,8.83,9.848,8.99,10.025,8.879z"/> +<path fill="#3C89C9" d="M10.095,10.415C10.044,10.785,10.128,10.421,10.095,10.415L10.095,10.415z"/> +<path fill="#3C89C9" d="M20.647,11.012c-0.045-0.185-0.143-0.226-0.009-0.209c0-0.548-0.504-0.283-0.303-0.921 + c-0.101-0.058-0.153-0.012-0.294,0.023c-0.004-0.118,0.175-0.17,0.114-0.296c-0.35-0.125-0.312,0.542-0.313,0.715 + c0.083-0.001,0.012-0.087,0.103-0.055c-0.011,0.089-0.054,0.182-0.055,0.263c0.011-0.004,0.013,0,0.011,0.011 + c0.044-0.017,0.18-0.051,0.277-0.013c0,0.122,0.019,0.112,0.018,0.307c-0.085,0-0.109,0.026-0.175-0.043 + c-0.013,0.023-0.03,0.035-0.051,0.033c0.05,0.229-0.056,0.14-0.097,0.396c0.08,0,0.02-0.002,0.019,0.032 + c0.147-0.005,0.204-0.035,0.343-0.057c-0.024,0.167-0.457,0.095-0.46,0.375c0.056-0.017,0.08-0.007,0.073,0.032 + c0.316-0.088,0.565-0.182,0.904-0.255c0.007-0.084-0.077-0.019-0.104-0.11c0.104,0,0.188-0.084,0.186-0.229 + C20.714,10.905,20.718,10.988,20.647,11.012z M20.367,11.429C20.434,11.428,20.367,11.465,20.367,11.429L20.367,11.429z"/> +<path fill="#3C89C9" d="M10.3,9.12C10.176,9.161,10.228,9.374,10.3,9.12L10.3,9.12z"/> +<path fill="#3C89C9" d="M10.045,10.554c-0.03,0.01-0.024,0.004-0.036,0.035C10.038,10.579,10.033,10.584,10.045,10.554z"/> +<path fill="#3C89C9" d="M9.647,8.391C9.651,8.49,9.781,8.403,9.647,8.391L9.647,8.391z"/> +<path fill="#3C89C9" d="M9.835,9.082c0.05-0.018,0.074-0.024,0.009-0.01C9.844,9.075,9.837,9.079,9.835,9.082z"/> +<path fill="#3C89C9" d="M7.956,6.084C7.917,6.23,8.218,5.968,8.177,5.973c0.036-0.077,0.017-0.081-0.003-0.088 + c-0.05,0.042-0.097,0.085-0.147,0.128C8.072,6.02,8.032,6.073,7.956,6.084z"/> +<path fill="#3C89C9" d="M8.668,6.24C8.59,6.269,8.647,6.319,8.668,6.24L8.668,6.24z"/> +<path fill="#3C89C9" d="M7.376,7.913C7.206,7.954,7.351,8.017,7.376,7.913L7.376,7.913z"/> +<path fill="#3C89C9" d="M7.485,6.965c0.025-0.099-0.038-0.284-0.136-0.271C7.31,6.833,7.291,7.06,7.485,6.965z"/> +<path fill="#3C89C9" d="M8.679,6.594C8.701,6.507,8.582,6.606,8.679,6.594L8.679,6.594z"/> +<path fill="#3C89C9" d="M7.709,7.832C7.692,7.898,7.859,7.797,7.709,7.832L7.709,7.832z"/> +<path fill="#3C89C9" d="M6.477,7.5c0.107-0.014,0.187-0.014,0.182,0.011c-0.05,0.007-0.051,0.007-0.054,0.057 + C6.528,7.605,6.43,7.634,6.328,7.657C6.254,7.737,6.185,7.82,6.113,7.901C6.208,7.975,6.27,8.079,6.5,8.018 + c0.3,0.025,0.48-0.33,0.812-0.371C7.264,7.83,7.756,7.91,7.807,7.699c-0.035,0.014-0.041,0-0.019-0.039 + C7.75,7.665,7.521,7.762,7.615,7.6C7.657,7.598,7.79,7.73,7.82,7.606C7.713,7.619,7.803,7.598,7.765,7.603 + C7.796,7.475,7.904,7.647,7.96,7.61c0.042-0.36-0.528-0.612-0.862-0.415c0.02-0.04,0.018-0.056-0.005-0.05 + c0.01-0.104,0.014-0.201-0.01-0.268C6.876,7.08,6.675,7.289,6.477,7.5z"/> +<path fill="#3C89C9" d="M27.432,3.613C27.423,3.677,27.51,3.62,27.432,3.613L27.432,3.613z"/> +<path fill="#3C89C9" d="M27.341,3.882C27.09,3.862,27.373,3.986,27.341,3.882L27.341,3.882z"/> +<path fill="#3C89C9" d="M27.415,3.729C27.451,3.815,27.459,3.733,27.415,3.729L27.415,3.729z"/> +<path fill="#3C89C9" d="M27.394,3.888c-0.006-0.012-0.004-0.015,0.008-0.011c-0.008-0.05-0.201-0.132-0.234-0.126 + C27.194,3.829,27.319,3.88,27.394,3.888z"/> +<path fill="#3C89C9" d="M27.134,4.134C27.148,4.22,27.217,4.14,27.134,4.134L27.134,4.134z"/> +<path fill="#3C89C9" d="M27.416,3.462C27.619,3.48,27.417,3.417,27.416,3.462L27.416,3.462z"/> +<path fill="#3C89C9" d="M27.379,4.131C27.215,4.373,27.568,4.146,27.379,4.131L27.379,4.131z"/> +<path fill="#3C89C9" d="M27.294,3.591C26.977,3.559,27.317,3.728,27.294,3.591L27.294,3.591z"/> +<path fill="#3C89C9" d="M27.311,3.646C27.292,3.72,27.388,3.652,27.311,3.646L27.311,3.646z"/> +<path fill="#3C89C9" d="M27.399,3.578C27.373,3.415,27.233,3.598,27.399,3.578L27.399,3.578z"/> +<path fill="#3C89C9" d="M27.252,3.727C27.319,3.906,27.595,3.754,27.252,3.727L27.252,3.727z"/> +<path fill="#3C89C9" d="M27.125,3.888C27.219,3.864,27.073,3.759,27.125,3.888L27.125,3.888z"/> +<path fill="#3C89C9" d="M10.035,10.481c-0.029,0.01-0.024,0.004-0.035,0.034C10.029,10.505,10.023,10.512,10.035,10.481z"/> +<path fill="#3C89C9" d="M27.479,3.799C27.371,3.825,27.5,3.931,27.479,3.799L27.479,3.799z"/> +<path fill="#3C89C9" d="M27.613,4.129C27.239,4.034,27.647,4.348,27.613,4.129L27.613,4.129z"/> +<path fill="#3C89C9" d="M29.404,6.18C29.201,6.103,29.432,6.509,29.404,6.18L29.404,6.18z"/> +<path fill="#3C89C9" d="M30.468,6.476C30.483,6.235,30.271,6.456,30.468,6.476L30.468,6.476z"/> +<path fill="#3C89C9" d="M30.295,6.501C30.202,6.782,30.461,6.552,30.295,6.501L30.295,6.501z"/> +<path fill="#3C89C9" d="M31.667,4.669c0.066,0.008,0.139,0.022,0.216,0.039c-0.052-0.037-0.103-0.074-0.158-0.109 + C31.69,4.629,31.665,4.656,31.667,4.669z"/> +<path fill="#3C89C9" d="M29.765,6.369C29.78,6.456,29.846,6.384,29.765,6.369L29.765,6.369z"/> +<path fill="#3C89C9" d="M31.859,4.909c0.009,0.01,0.006,0.012-0.004,0.008c0.031,0.116,0.291,0.133,0.491,0.123 + c-0.104-0.077-0.21-0.152-0.318-0.226C31.955,4.854,31.863,4.909,31.859,4.909z"/> +<path fill="#3C89C9" d="M31.828,4.884c-0.031-0.104-0.22-0.174-0.275-0.179c0.051,0.202,0.008,0.164,0.236,0.193 + C31.781,4.875,31.792,4.869,31.828,4.884z"/> +<path fill="#3C89C9" d="M32.425,5.743C32.134,5.705,32.459,5.887,32.425,5.743L32.425,5.743z"/> +<path fill="#3C89C9" d="M27.764,6.877C27.69,6.846,27.773,6.931,27.764,6.877L27.764,6.877z"/> +<path fill="#3C89C9" d="M27.697,4.263C27.503,4.264,27.788,4.505,27.697,4.263L27.697,4.263z"/> +<path fill="#3C89C9" d="M27.073,3.711C27.09,3.833,27.259,3.724,27.073,3.711L27.073,3.711z"/> +<path fill="#3C89C9" d="M27.89,4.014c-0.033-0.155-0.217,0.037-0.199,0.153C27.884,4.184,27.976,3.995,27.89,4.014z"/> +<path fill="#3C89C9" d="M27.046,6.629c0.093,0.005,0.251,0.055,0.321,0.04c0.012,0.093-0.093,0.104-0.082,0.199 + c0.009-0.003,0.012,0.001,0.011,0.013c0.292,0.022,0.354-0.044,0.551-0.031c-0.003-0.012,0-0.015,0.008-0.01 + c-0.003-0.026-0.029-0.007-0.031-0.033c-0.405-0.026-0.22-0.818-0.472-0.696c-0.003-0.029-0.02-0.01-0.024-0.055 + c-0.056-0.032,1.572-0.583,1.466-0.827c-0.458-0.095-1.621,0.383-1.681,0.695c0.069,0.037,0.103,0.014,0.173,0.032 + c0.002,0.027-0.193,0.094-0.026,0.105c0.026,0.183-0.266,0.307-0.225,0.556C27.045,6.614,27.05,6.618,27.046,6.629z M27.261,5.782 + C27.328,5.81,27.268,5.817,27.261,5.782L27.261,5.782z"/> +<path fill="#3C89C9" d="M27.968,6.953c0.024,0.063,0.156,0.182,0.16,0.204c0.268,0.019-0.055-0.206-0.152-0.212 + C27.98,6.954,27.976,6.958,27.968,6.953z"/> +<path fill="#3C89C9" d="M28.137,4.1c0.019,0.001,0.046,0.01,0.051,0.037c0.034,0.015,0.177-0.166,0.174-0.175 + c-0.124-0.047-0.146,0.029-0.265,0.018c0.021,0.045,0.055,0.047-0.012,0.041C28.097,4.076,28.128,4.054,28.137,4.1z"/> +<path fill="#3C89C9" d="M11.907,18.457C11.933,18.614,12.008,18.456,11.907,18.457L11.907,18.457z"/> +<path fill="#3C89C9" d="M10.877,34.785c-0.051,0.077-0.162,0.074-0.074,0.245C10.993,35.021,11.246,34.813,10.877,34.785z"/> +<path fill="#3C89C9" d="M11.921,33.813C11.731,33.737,11.91,33.951,11.921,33.813L11.921,33.813z"/> +<path fill="#3C89C9" d="M11.769,34.281C11.679,34.274,11.792,34.442,11.769,34.281L11.769,34.281z"/> +<path fill="#3C89C9" d="M10.615,30.859c-0.019,0.12,0.04,0.214,0.169,0.223c-0.004-0.012-0.001-0.016,0.009-0.012 + C10.762,30.995,10.749,30.899,10.615,30.859z"/> +<path fill="#3C89C9" d="M10.895,31.224C10.897,31.254,10.964,31.251,10.895,31.224L10.895,31.224z"/> +<path fill="#3C89C9" d="M11.284,31.385C11.34,31.54,11.388,31.404,11.284,31.385L11.284,31.385z"/> +<path fill="#3C89C9" d="M11.413,31.431C11.438,31.489,11.523,31.46,11.413,31.431L11.413,31.431z"/> +<path fill="#3C89C9" d="M11.659,35.646c0.457,0.038-0.057-0.872-0.143-1.087c-0.095-0.007-0.167,0.733-0.173,0.695 + C10.168,35.063,11.678,35.746,11.659,35.646z"/> +<path fill="#3C89C9" d="M12.597,33.14C12.354,33.093,12.603,33.184,12.597,33.14L12.597,33.14z"/> +<path fill="#3C89C9" d="M12.268,30.555C12.32,30.916,12.427,30.595,12.268,30.555L12.268,30.555z"/> +<path fill="#3C89C9" d="M12.572,30.575c-0.099-0.014-0.193,0.14-0.137,0.218C12.734,30.809,12.572,30.577,12.572,30.575z"/> +<path fill="#3C89C9" d="M12.326,33.551C12.502,33.56,12.292,33.284,12.326,33.551L12.326,33.551z"/> +<path fill="#3C89C9" d="M11.948,31.224C11.723,31.214,11.929,31.31,11.948,31.224L11.948,31.224z"/> +<path fill="#3C89C9" d="M12.258,33.493C12,33.413,12.344,33.845,12.258,33.493L12.258,33.493z"/> +<path fill="#3C89C9" d="M12.852,32.981C12.526,32.957,12.872,33.159,12.852,32.981L12.852,32.981z"/> +<path fill="#3C89C9" d="M10.299,29.371c0.01-0.006,0.014,0,0.012,0.01c0.116,0.058,0.094-0.162,0.087-0.196 + C10.313,29.2,10.293,29.314,10.299,29.371z"/> +<path fill="#3C89C9" d="M10.359,29.118C10.352,29.036,10.301,29.1,10.359,29.118L10.359,29.118z"/> +<path fill="#3C89C9" d="M10.328,29.01C10.299,29.126,10.383,29.014,10.328,29.01L10.328,29.01z"/> +<path fill="#3C89C9" d="M10.421,28.64c-0.022-0.253-0.21,0.198-0.032,0.234C10.386,28.833,10.456,28.642,10.421,28.64z"/> +<path fill="#3C89C9" d="M12.603,34.9C12.619,34.578,12.489,34.895,12.603,34.9L12.603,34.9z"/> +<path fill="#3C89C9" d="M3.359,11.939c-0.003,0.006-0.007,0.012-0.01,0.019C3.354,11.97,3.367,11.948,3.359,11.939z"/> +<path fill="#3C89C9" d="M7.338,21.032C7.336,21.431,7.514,21.031,7.338,21.032L7.338,21.032z"/> +<path fill="#3C89C9" d="M10.396,30.308C10.433,30.463,10.555,30.353,10.396,30.308L10.396,30.308z"/> +<path fill="#3C89C9" d="M10.349,30.539c0.076,0.003,0.134-0.12,0.08-0.126C10.346,30.191,10.347,30.521,10.349,30.539z"/> +<path fill="#3C89C9" d="M10.309,30.366C10.28,30.295,10.241,30.389,10.309,30.366L10.309,30.366z"/> +<path fill="#3C89C9" d="M10.271,30.301C10.452,30.358,10.27,30.125,10.271,30.301L10.271,30.301z"/> +<path fill="#3C89C9" d="M10.293,30.22c0.076-0.038,0.022,0.011,0.085,0.013c0.046-0.156-0.02-0.241-0.046-0.427 + C10.121,29.798,10.276,30.065,10.293,30.22z"/> +<path fill="#3C89C9" d="M10.594,30.856c-0.123-0.037-0.048-0.362-0.269-0.267C10.335,30.626,10.561,31.011,10.594,30.856z"/> +<path fill="#3C89C9" d="M11.634,34.103c-0.016-0.229-0.128,0.073-0.069,0.205C11.642,34.313,11.67,34.114,11.634,34.103z"/> +<path fill="#3C89C9" d="M10.111,17.823c0.091,0.026,0.353,0.058,0.389,0.057c0.009-0.204,0.362-0.064,0.364-0.115 + c0.21-0.004-0.068-0.129-0.135-0.136c-0.028-0.116-0.353-0.088-0.463-0.086c0.031,0.051,0.111,0.161,0.108,0.221 + c-0.064,0.04-0.204-0.039-0.27-0.037c0.002,0.02-0.013,0.028-0.044,0.022C10.06,17.829,10.113,17.784,10.111,17.823z"/> +<path fill="#3C89C9" d="M11.845,18.307C11.867,18.437,11.888,18.307,11.845,18.307L11.845,18.307z"/> +<path fill="#3C89C9" d="M12.083,18.713C12.081,18.802,12.116,18.734,12.083,18.713L12.083,18.713z"/> +<path fill="#3C89C9" d="M11.882,18.167C11.744,18.169,11.88,18.237,11.882,18.167L11.882,18.167z"/> +<path fill="#3C89C9" d="M11.851,19.243C11.976,19.258,11.858,18.982,11.851,19.243L11.851,19.243z"/> +<path fill="#3C89C9" d="M27.032,4.04C26.944,4.022,27.023,4.104,27.032,4.04L27.032,4.04z"/> +<path fill="#3C89C9" d="M11.506,19.107C11.504,19.142,11.575,19.106,11.506,19.107L11.506,19.107z"/> +<path fill="#3C89C9" d="M11.945,19.467C11.943,19.517,12.046,19.476,11.945,19.467L11.945,19.467z"/> +<path fill="#3C89C9" d="M11.917,12.382c-0.203,0.068,0.204,0.203,0.223,0.172c-0.051-0.04-0.055-0.057-0.016-0.052 + C12.134,12.403,11.88,12.608,11.917,12.382z"/> +<path fill="#3C89C9" d="M12.244,12.679c0.033-0.002,0.007,0.011,0.052,0.009c0.016-0.18,0.146-0.219,0.187-0.341 + C12.489,12.348,12.069,12.529,12.244,12.679z"/> +<path fill="#3C89C9" d="M9.806,8.22C9.796,8.27,9.875,8.214,9.806,8.22L9.806,8.22z"/> +<path fill="#3C89C9" d="M12.478,12.52C12.31,12.527,12.519,12.718,12.478,12.52L12.478,12.52z"/> +<path fill="#3C89C9" d="M11.32,17.768C10.962,17.774,11.314,17.917,11.32,17.768L11.32,17.768z"/> +<path fill="#3C89C9" d="M12.268,12.195C12.112,12.245,12.26,12.275,12.268,12.195L12.268,12.195z"/> +<path fill="#3C89C9" d="M11.924,11.756c-0.004,0.003-0.026,0.006-0.026-0.004c-0.01,0.092,0.234,0.214,0.33,0.209 + C12.24,11.857,12.039,11.766,11.924,11.756z"/> +<path fill="#3C89C9" d="M9.635,17.759C9.558,17.736,9.621,18.048,9.635,17.759L9.635,17.759z"/> +<path fill="#3C89C9" d="M13.343,26.738c-0.041,0-0.045,0-0.052,0.033C13.332,26.771,13.336,26.774,13.343,26.738z"/> +<path fill="#3C89C9" d="M13.219,26.846C13.418,26.85,13.214,26.745,13.219,26.846L13.219,26.846z"/> +<path fill="#3C89C9" d="M27.608,23.781c0.041-0.015,0.058,0.017,0.058,0.081c0,0,0.001,0.005,0.007,0.005 + c0.007-0.038,0.034-0.456-0.026-0.454c-0.021-0.657-1.45,1.846-0.965,1.843c-0.029,1.099,0.971-0.946,0.984-1.394 + C27.635,23.854,27.608,23.788,27.608,23.781z"/> +<path fill="#3C89C9" d="M13.184,33.342C13.191,33.251,13.139,33.345,13.184,33.342L13.184,33.342z"/> +<path fill="#3C89C9" d="M10.128,14.291C10.065,14.427,10.175,14.289,10.128,14.291L10.128,14.291z"/> +<path fill="#3C89C9" d="M13.119,32.834C13.257,32.811,13.118,32.821,13.119,32.834L13.119,32.834z"/> +<path fill="#3C89C9" d="M9.555,16.688C9.521,16.889,9.725,16.683,9.555,16.688L9.555,16.688z"/> +<path fill="#3C89C9" d="M9.084,16.965c-0.106,0.002-0.384,0.03-0.359,0.201c-0.019-0.007-0.034-0.002-0.044,0.012 + c0.004,0.007,0.094,0.008,0.214,0.018c0.011-0.018,0.035-0.032,0.08-0.026c-0.004,0.019-0.009,0.019-0.014,0.032 + c0.251,0.026,0.59,0.102,0.665,0.356c0.152-0.02,0.349-0.083,0.471-0.085C9.999,17.264,9.108,17.097,9.084,16.965z"/> +<path fill="#3C89C9" d="M10.009,10.452C10.12,10.444,10.024,10.353,10.009,10.452L10.009,10.452z"/> +<path fill="#3C89C9" d="M13.014,33.429C12.991,33.378,12.914,33.425,13.014,33.429L13.014,33.429z"/> +<path fill="#3C89C9" d="M8.959,17.2c-0.024-0.001-0.043-0.003-0.065-0.004C8.863,17.246,8.921,17.318,8.959,17.2z"/> +<path fill="#3C89C9" d="M9.905,14.884C9.879,14.928,9.985,14.88,9.905,14.884L9.905,14.884z"/> +<path fill="#3C89C9" d="M11.022,13.424C10.922,13.453,11.018,13.474,11.022,13.424L11.022,13.424z"/> +<path fill="#3C89C9" d="M10.695,13.65C10.348,13.768,10.69,13.665,10.695,13.65L10.695,13.65z"/> +<path fill="#3C89C9" d="M8.988,6.2C9.007,6.2,9.102,5.752,8.988,6.2L8.988,6.2z"/> +<path fill="#3C89C9" d="M9.736,5.243C9.624,5.577,9.846,5.274,9.736,5.243L9.736,5.243z"/> +<path fill="#3C89C9" d="M9.42,5.325C9.305,5.365,9.193,5.41,9.076,5.411c-0.004,0.022-0.02,0.038-0.048,0.046 + C9.067,5.666,9.414,5.354,9.42,5.325z"/> +<path fill="#3C89C9" d="M10.567,7.548C10.542,7.682,10.754,7.538,10.567,7.548L10.567,7.548z"/> +<path fill="#3C89C9" d="M10.999,5.579C10.77,5.621,10.946,5.749,10.999,5.579L10.999,5.579z"/> +<path fill="#3C89C9" d="M10.822,5.929C10.807,6.011,10.915,5.923,10.822,5.929L10.822,5.929z"/> +<path fill="#3C89C9" d="M11.085,6.142c-0.311,0.03-0.283,0.146-0.534,0.293C10.521,6.632,11.039,6.437,11.085,6.142z"/> +<path fill="#3C89C9" d="M9.704,7.299C9.663,7.493,9.845,7.403,9.704,7.299L9.704,7.299z"/> +<path fill="#3C89C9" d="M10.551,9.026C10.544,8.932,10.465,9.032,10.551,9.026L10.551,9.026z"/> +<path fill="#3C89C9" d="M9.799,7.247C9.708,7.225,9.787,7.303,9.799,7.247L9.799,7.247z"/> +<path fill="#3C89C9" d="M10.516,8.945C10.609,8.946,10.54,8.891,10.516,8.945L10.516,8.945z"/> +<path fill="#3C89C9" d="M11.843,4.625C11.514,4.734,11.82,4.734,11.843,4.625L11.843,4.625z"/> +<path fill="#3C89C9" d="M9.601,7.938C9.55,7.96,9.585,8.018,9.601,7.938L9.601,7.938z"/> +<path fill="#3C89C9" d="M10.899,5.829c-0.086-0.303-1.293-0.009-1.329,0.005c0.057-0.051,0.056-0.072-0.001-0.06 + c0.034-0.069,0.134,0.011,0.158-0.092C9.58,5.627,9.501,5.558,9.321,5.642c0.028-0.193-0.277-0.067-0.369-0.003 + C8.95,5.599,9.31,6.167,9.346,6.239C9.86,6.179,10.45,5.875,10.899,5.829z"/> +<path fill="#3C89C9" d="M9.706,5.512C9.57,5.549,9.647,5.731,9.706,5.512L9.706,5.512z"/> +<path fill="#3C89C9" d="M17.683,7.794C17.985,7.745,17.687,7.777,17.683,7.794L17.683,7.794z"/> +<path fill="#3C89C9" d="M17.368,6.1c0.04-0.018,0.062-0.003,0.063,0.04c0.387-0.063,0.187,0.203,0.542,0.191 + c0-0.012,0.003-0.022,0.013-0.033c-0.088-0.047-0.019-0.114-0.084-0.138c-0.037,0.007-0.071,0.012-0.071-0.01 + c0.039-0.001,0.055,0.004,0.071,0.01c0.025-0.006,0.054-0.013,0.063-0.013c-0.014-0.025-0.009-0.047,0.014-0.066 + c-0.065-0.015-0.106-0.017-0.131-0.015c0.013-0.01,0.028-0.026,0.039-0.06C17.827,6.009,17.386,5.86,17.368,6.1z"/> +<path fill="#3C89C9" d="M18.098,5.651C17.774,5.589,18.09,5.777,18.098,5.651L18.098,5.651z"/> +<path fill="#3C89C9" d="M18.611,15.901C18.609,16.122,18.644,15.901,18.611,15.901L18.611,15.901z"/> +<path fill="#3C89C9" d="M11.949,5.126C11.818,5.109,11.934,5.201,11.949,5.126L11.949,5.126z"/> +<path fill="#3C89C9" d="M19.26,11.304c0.424-0.123,0.74-0.78,0.375-0.881c-0.001,0.111-0.234,0.211-0.331,0.212 + c-0.003,0.148-0.075,0.12-0.077,0.241c0.083,0.004,0.125-0.023,0.165-0.024c0.049,0.18-0.18,0.279-0.183,0.407 + C19.351,11.227,19.262,11.226,19.26,11.304z M19.399,11.018C19.368,11.114,19.323,11.019,19.399,11.018L19.399,11.018z"/> +<path fill="#3C89C9" d="M18.373,15.979C18.371,16.109,18.48,15.979,18.373,15.979L18.373,15.979z"/> +<path fill="#3C89C9" d="M18.213,5.451C18.207,5.449,18.203,5.635,18.213,5.451L18.213,5.451z"/> +<path fill="#3C89C9" d="M14.677,3.683C14.679,3.673,14.594,3.674,14.677,3.683L14.677,3.683z"/> +<path fill="#3C89C9" d="M18.302,5.001C18.191,5.234,18.509,5.078,18.302,5.001L18.302,5.001z"/> +<path fill="#3C89C9" d="M12.021,5.129C12.03,5.151,12.099,5.145,12.021,5.129L12.021,5.129z"/> +<path fill="#3C89C9" d="M14.42,3.564c0.102-0.009,0.187,0.03,0.257,0.119C14.685,3.629,14.425,3.41,14.42,3.564z"/> +<path fill="#3C89C9" d="M18.402,5.249C18.386,5.567,18.452,5.232,18.402,5.249L18.402,5.249z"/> +<path fill="#3C89C9" d="M18.335,3.447C18.345,3.279,18.297,3.449,18.335,3.447L18.335,3.447z"/> +<path fill="#3C89C9" d="M18.213,15.948C18.211,16.033,18.388,15.929,18.213,15.948L18.213,15.948z"/> +<path fill="#3C89C9" d="M13.137,12.246C13.055,12.219,13.125,12.418,13.137,12.246L13.137,12.246z"/> +<path fill="#3C89C9" d="M14.864,9.424C14.822,9.531,14.987,9.45,14.864,9.424L14.864,9.424z"/> +<path fill="#3C89C9" d="M16.485,7.265c0.319-0.013,1.149,0.046,1.419-0.505c-0.248-0.004-0.334-0.012-0.589-0.004 + c0.003-0.045-0.001-0.07-0.02-0.083c0.089-0.017,0.18-0.064,0.177-0.106c-0.121,0.003-0.235,0.046-0.345,0.033l-0.001,0.002 + c-0.001,0.027,0.018,0.04,0.037,0.052c-0.025,0-0.046,0.001-0.081,0.002c0.008-0.024,0.028-0.038,0.044-0.054 + c0-0.001-0.002-0.001-0.002-0.002c0.001,0,0.002,0,0.003,0c0.088-0.084,0.28-0.075,0.376-0.078c-0.001-0.02-0.009-0.028-0.016-0.037 + c-0.018-0.014-0.036-0.026-0.053-0.038c-0.097,0.002-0.216-0.002-0.309,0c0.004-0.011,0-0.014-0.009-0.011 + c0.004-0.044,0.03-0.017,0.037-0.111c0.087-0.001,0.184,0.053,0.282,0.122c0.009,0,0.019,0,0.026,0c0,0.007,0.015,0.017,0.027,0.038 + c0.185,0.136,0.369,0.301,0.486,0.221c0.013-0.228-0.126-0.489-0.442-0.479c0.002-0.047,0.075-0.018,0.09-0.068 + c-0.086-0.089-0.333,0.121-0.315-0.122c0.083-0.004,0.297-0.228,0.385-0.23C17.61,6.153,18.183,5.758,18.14,5.76 + c-0.146-0.164-0.206,0.201-0.188-0.192c0.104,0.027,0.269,0.135,0.374,0.067c0-0.083-0.251-0.089-0.304-0.109 + c-0.007,0.043-0.013,0.062-0.01-0.003c0.001,0,0.007,0,0.01,0.003c0.007-0.046,0.016-0.121,0.019-0.177 + c-0.013-0.004-0.025-0.009-0.037-0.012c0.035-0.099,0.042-0.06,0.037,0.012c0.069,0.019,0.14,0.05,0.194,0.048 + c-0.002-0.011,0.001-0.016,0.011-0.012c0.016-0.303-0.064-0.313-0.22-0.279c0.002-0.035,0.033-0.088,0.03-0.044 + c0.124-0.004,0.047-0.128,0.057-0.154c0.1,0.047,0.204,0.065,0.313,0.056c-0.003-0.011,0.001-0.015,0.009-0.012 + c-0.031-0.263-0.09-0.104-0.241-0.168c0.004-0.075,0.02-0.038,0.006-0.099c0.032,0,0.09,0.041,0.14-0.016 + c-0.12-0.028-0.182-0.071-0.292-0.067c0.002-0.011,0-0.015-0.01-0.011c0.015-0.026,0.023-0.055,0.024-0.088 + c0.159,0.015,0.533-0.323,0.542-0.508c-0.378-0.085-0.093,0.058-0.333,0.064c0.003-0.051-0.031-0.079-0.029-0.108 + c0.009,0,0.03,0.001,0.057,0.002c0.014-0.056,0.063-0.012,0.014,0.001c0.152,0.009,0.484,0.019,0.494-0.195 + c-0.096,0.004-0.177,0.01-0.27,0.016c-0.073,0.022-0.123,0.03-0.122,0.005c0.048-0.001,0.083-0.004,0.122-0.005 + c0.206-0.063,0.598-0.243,0.66-0.245c-0.098-0.423-1.189,0.165-1.43,0.175c0.003-0.01,0.001-0.015-0.009-0.01 + c0.007-0.095,0.333-0.08,0.31-0.307c-0.371,0.042-0.938,0.283-1.364,0.202c0.16-0.341,1.611-0.193,1.565-0.406 + c-0.035-0.011-0.308-0.102-0.453-0.099c-0.013,0.028-0.041,0.042-0.087,0.044c0.002-0.031,0.037-0.043,0.087-0.044 + c0.012-0.025,0.011-0.063-0.013-0.123c0.03,0.006-0.555,0.095-0.167-0.015c-0.055,0.015,0.008-0.027,0,0 + c0.05-0.181-1.729,0.053-1.472,0.1c-0.046,0.047-0.067,0.061-0.085,0.07c0.005,0.012,0.012,0.027,0.005,0.075 + c-0.071,0.005-0.063-0.083-0.132-0.078c0.051,0.113-0.306,0.043-0.388-0.005c-0.01,0.024-0.026,0.131-0.029,0.152 + c0.009-0.005,0.013-0.001,0.007,0.011c0.076-0.006,0.311,0.007,0.291,0.163c0.018-0.001-0.514-0.226-0.375-0.06 + c0.029-0.002,0.033,0.019,0.029,0.05c-0.16-0.083-0.163-0.056-0.33-0.062c-0.032,0.227,0.375,0.258,0.357,0.394 + c-0.146-0.052-0.533-0.382-0.708-0.367c-0.016,0.2-0.018,0.181-0.042,0.346c-0.018,0.004-0.025,0.015-0.023,0.034 + c-0.127-0.016-0.29-0.237-0.395,0.01c0.013-0.004,0.015,0.002,0.006,0.022c-0.05,0.003-0.388-0.12-0.772-0.071 + c0.002,0.055,0.044,0.101,0.033,0.167C13.597,3.9,13.497,3.714,13.493,3.73c-0.245,0.061-0.086,0.199-0.098,0.266 + c-0.02-0.008-0.028-0.004-0.029,0.013c-0.296,0.027-0.442,0.017-0.722,0.28c-0.009,0.093,0.339-0.012,0.416-0.019 + c-0.103,0.161-1.114,0.655-1.114,0.647c0.211-0.021,0.424,0.125,0.754,0.095c-0.007,0.024-0.003,0.035,0.013,0.029 + c-0.031,0.017-0.048,0.039-0.049,0.068c-0.1-0.023-0.511,0.114-0.453,0.126c0.005-0.003-0.211,0.002-0.24,0.013 + c-0.103,0.558,1.641-0.276,1.664,0.542c0.044-0.02,0.097-0.021,0.001,0.014c0.001,0.034,0.017,0.054,0.011,0.095 + c0.384-0.152,0.063,0.686,0.062,0.701c0.151-0.01,0.359-0.001,0.55-0.057c-0.005,0.01-0.002,0.015,0.008,0.01 + c-0.006,0.053-0.087,0.01-0.095,0.071c0.037-0.003,0.135-0.055,0.14,0.034c-0.135,0.009-0.027,0.138-0.038,0.228 + c-0.185-0.015-0.254-0.123-0.472-0.12c-0.003,0.025-0.03,0.026-0.045,0.045c0.037,0.037,0.126,0.069,0.109,0.122 + c-0.2-0.026-0.1,0.153-0.229,0.208c-0.002,0.116,0.146,0.034,0.178,0.032c0.006,0.077-0.035,0.098-0.123,0.062 + c0.032,0.23,0.495-0.127,0.396-0.268c-0.102-0.008-0.205-0.023-0.201-0.055c0.121-0.009,0.174,0.017,0.201,0.055 + c0.085,0.007,0.169,0.008,0.186,0.007c-0.03,0.074-0.358,0.566-0.358,0.569c0.131-0.007,0.206-0.01,0.259-0.011 + c-0.049-0.003-0.084-0.015,0.01-0.048c0.005,0.025-0.004,0.034-0.007,0.047c0.141-0.002,0.065,0.005,0,0.001 + c-0.026,0.083-0.195,0.004-0.254,0.031c-0.012,0.057,0.021,0.078,0.099,0.07c-0.037,0.034-0.207-0.065-0.229,0.13 + c0.21-0.07,0.325-0.151,0.417-0.14c-0.023,0.027-0.057,0.032-0.016,0.055c0.007,0.062-0.464,0.058-0.417,0.153 + c0.137-0.008,0.037,0.227-0.021,0.248c0.077,0.174,0.077-0.074,0.056,0.115c0.057-0.013,0.115-0.05,0.163-0.052 + c-0.019,0.16-0.051,0.155-0.038,0.336c0.098-0.033,0.106-0.123,0.199-0.107c-0.029,0.113-0.162,0.203-0.19,0.203 + c0.093,0.207,0.166,0.39,0.377,0.38c-0.022,0.115-0.051,0.153,0.065,0.148c-0.088,0.114,0.013,0.062,0.001,0.184 + c0.101-0.005,0.154-0.092,0.257-0.174c0.065,0.101-0.039,0.092-0.043,0.143c0.132-0.006,0.112-0.005,0.221-0.01 + c-0.007,0.071-0.067,0.078-0.072,0.132c0.078-0.024,0.13,0.006,0.137-0.07c0.007,0-0.003,0.125,0.121,0.103 + c-0.019-0.039-0.041-0.031,0.034-0.035c-0.019-0.095-0.053-0.074-0.098-0.147c0.285-0.111,0.358-0.797,0.365-0.859 + c0.209-0.01,0.104-0.063,0.088-0.21C15.771,8.111,16.443,7.854,16.485,7.265z M17.249,6.757C17.327,6.756,17.128,6.898,17.249,6.757 + L17.249,6.757z M17.925,5.374C17.993,5.371,17.914,5.565,17.925,5.374L17.925,5.374z M17.62,3.747 + C17.669,3.745,17.594,3.8,17.62,3.747L17.62,3.747z M17.581,3.78c0.001-0.015-0.229,0.14-0.229,0.14 + C17.366,3.843,17.526,3.782,17.581,3.78z M17.097,3.093c0.013-0.013,0.016-0.015,0.033-0.033c0.001,0,0.003,0,0.004,0 + c0.156-0.132,0.375-0.277,0.352-0.005c-0.117,0.002-0.233,0.003-0.352,0.005c0,0,0,0,0,0c0.099-0.001-0.009,0.021-0.002,0.002 + C17.119,3.074,17.109,3.083,17.097,3.093C16.942,3.254,16.987,3.193,17.097,3.093z M16.946,3.125 + c-0.006,0.064-0.216,0.064-0.223-0.086C16.73,3.038,16.882,3.11,16.946,3.125z M16.513,3.192C16.517,3.18,16.706,3.196,16.513,3.192 + L16.513,3.192z M13.922,7.874C14.012,7.894,13.917,7.928,13.922,7.874L13.922,7.874z M14.3,7.81 + C14.253,7.974,14.034,7.877,14.3,7.81L14.3,7.81z M14.705,9.193C14.725,9.191,14.673,9.273,14.705,9.193L14.705,9.193z + M15.836,7.932C15.821,7.784,16,7.888,15.836,7.932L15.836,7.932z"/> +<path fill="#3C89C9" d="M15.608,31.381C15.42,31.376,15.637,31.498,15.608,31.381L15.608,31.381z"/> +<path fill="#3C89C9" d="M13.626,12.099c-0.118,0.039-0.06,0.083-0.023-0.097c-0.051,0.016-0.082,0.105-0.083,0.143 + c-0.012-0.019-0.033-0.022-0.061-0.009c0.002-0.011,0-0.013-0.01-0.011c0.007-0.085,0.081-0.1,0.089-0.207 + c-0.026,0.03-0.037,0.034-0.031,0.013c-0.03,0-0.088,0.047-0.129,0.048c0.003-0.007,0.013-0.186-0.011-0.236 + c-0.151,0.006-0.324,0.152-0.302-0.085c-0.05,0.002-0.066,0.122-0.125,0.124c0.017-0.182,0.12-0.406,0.123-0.435 + c-0.383,0.095-0.076,0.563-0.384,0.576c0.002,0.011-0.001,0.014-0.011,0.012c0.005-0.056-0.045,0.21-0.042,0.227 + c0.018-0.007,0.024-0.004,0.021,0.01c0.271-0.066,0.482-0.074,0.672-0.081c-0.02,0.062-0.12,0.124-0.131,0.188 + c0.105-0.013,0.141-0.188,0.224-0.191c0,0.098,0.001,0.105-0.005,0.195C13.471,12.276,13.594,12.292,13.626,12.099z"/> +<path fill="#3C89C9" d="M13.975,6.669C13.993,6.531,13.899,6.673,13.975,6.669L13.975,6.669z"/> +<path fill="#3C89C9" d="M14.084,6.629C14.057,6.679,14.182,6.623,14.084,6.629L14.084,6.629z"/> +<polygon fill="#3C89C9" points="17.134,3.061 17.13,3.061 17.131,3.063 "/> +<path fill="#3C89C9" d="M26.165,22.102C26.165,22.225,26.248,22.156,26.165,22.102L26.165,22.102z"/> +<path fill="#3C89C9" d="M27.644,24.063C27.616,24.146,27.673,24.063,27.644,24.063L27.644,24.063z"/> +<path fill="#3C89C9" d="M18.703,7.881c0.013-0.201-0.416-0.075-0.416,0.052c-0.111-0.03-0.358-0.142-0.372,0.138 + c-0.007-0.008-0.018-0.011-0.029-0.009c-0.005-0.069,0.035-0.278-0.096-0.238c0.002,0.022-0.012,0.022-0.04,0.001 + c-0.02,0.058,0.045,0.036,0.053,0.119c-0.064-0.019-0.093-0.03-0.112-0.107c-0.098,0.035-0.009,0.198-0.168,0.202 + c0.033,0.081,0.2-0.056,0.268-0.019c0-0.006-0.135,0.101,0.007,0.066c-0.009,0.011-0.013,0.021-0.013,0.034 + c0.022-0.014-0.277,0.062-0.22,0.061c0,0.02,0.23,0.088,0.243,0.082c-0.028,0.001,0.018,0.033,0.039,0.032 + c-0.065,0.078-0.078,0.036-0.153,0.079C17.809,8.858,19.272,8.083,18.703,7.881z"/> +<path fill="#3C89C9" d="M26.99,4.123C26.674,4.026,26.985,4.252,26.99,4.123L26.99,4.123z"/> +<polygon fill="#3C89C9" points="14.173,7.53 14.175,7.53 14.175,7.529 "/> +<path fill="#3C89C9" d="M13.602,5.817c0.02-0.007,0.021-0.009,0.034-0.013c0-0.005,0-0.01-0.001-0.014 + C13.617,5.798,13.604,5.807,13.602,5.817z"/> +<path fill="#3C89C9" d="M11.243,7.741C11.312,7.585,11.049,7.757,11.243,7.741L11.243,7.741z"/> +<path fill="#3C89C9" d="M10.64,8.966C10.648,9.074,10.712,8.961,10.64,8.966L10.64,8.966z"/> +<path fill="#3C89C9" d="M11.067,7.325C10.945,7.343,11.05,7.416,11.067,7.325L11.067,7.325z"/> +<path fill="#3C89C9" d="M10.959,7.66C10.804,8.09,11.261,7.577,10.959,7.66L10.959,7.66z"/> +<path fill="#3C89C9" d="M10.704,7.378C10.675,7.39,10.708,7.47,10.704,7.378L10.704,7.378z"/> +<path fill="#3C89C9" d="M10.755,7.312C10.708,7.409,10.839,7.303,10.755,7.312L10.755,7.312z"/> +<path fill="#3C89C9" d="M11.275,7.612C11.299,7.448,11.199,7.619,11.275,7.612L11.275,7.612z"/> +<path fill="#3C89C9" d="M10.728,7.251C10.391,7.332,10.674,7.435,10.728,7.251L10.728,7.251z"/> +<path fill="#3C89C9" d="M12.166,9.146C12.007,9.156,12.14,9.228,12.166,9.146L12.166,9.146z"/> +<path fill="#3C89C9" d="M12.786,7.987c0-0.011,0.002-0.015,0.012-0.012c0.087-0.15-0.063-0.104-0.042-0.253 + c-0.018,0.022-0.112,0.146-0.157,0.149c0.026-0.039,0.042-0.079,0.046-0.12c-0.17,0.177-0.258-0.094-0.249-0.152 + c-0.011,0.004-0.013,0.001-0.008-0.009c-0.138,0.045-0.067,0.121-0.222,0.133c0.024-0.1-0.067-0.266-0.241-0.257 + c0.013-0.074,0.07-0.074,0.088-0.187c0.027,0.005,0.135,0.019,0.141,0.021c0-0.012,0.003-0.015,0.012-0.012 + c-0.01-0.127-0.208-0.018-0.191-0.123c0.051-0.003,0.159-0.076,0.166-0.076c0.02-0.131-0.142-0.063-0.21-0.057 + c0.014-0.078,0.079-0.068,0.116-0.063c-0.018-0.147-0.286-0.018-0.283-0.018c0.016-0.087,0.066-0.051,0.078-0.123 + c-0.009,0.005-0.012,0-0.006-0.01c-0.072,0.044-0.061,0.023-0.164,0.067c0.064-0.156,0.061,0-0.009-0.167 + c-0.044,0.012-0.071,0.024-0.089,0.034c0-0.005,0-0.01-0.008-0.017c-0.009,0.015-0.01,0.022-0.01,0.029 + c-0.032,0.023-0.03,0.038-0.156,0.049c0.195-0.323-0.101-0.38-0.454-0.376c-0.004,0.032-0.028,0.049-0.076,0.05 + c-0.02,0.098,0.154,0.03,0.136,0.123c-0.016,0.001-0.026-0.018-0.029,0.002c-0.16,0.04-0.163-0.031-0.197,0.144 + c-0.061-0.012-0.002-0.131,0.007-0.177c0.042-0.026-0.379,0.17-0.293,0.195c0.001-0.024-0.01-0.028-0.034-0.018 + c0.022-0.109,0.075-0.305,0.148-0.491c-0.14-0.066-0.235-0.048-0.306,0.007c0,0.01,0.004,0.014,0.003,0.025 + c-0.009-0.002-0.013,0.001-0.012,0.011c-0.016,0.001-0.021,0.003-0.035,0.005c-0.101,0.123-0.121,0.335-0.109,0.413 + c-0.054-0.047-0.009-0.054-0.133-0.038c-0.031,0.089,0.038,0.129,0.016,0.278C9.936,6.951,9.895,6.979,9.817,6.988 + c0.014-0.07,0.118-0.391,0.198-0.568c0.106-0.047,0.062-0.086,0.24-0.107c0.014-0.016,0.029-0.028,0.044-0.042 + c-0.02-0.334-1.555,0.843-0.628,0.743c-0.014,0.061-0.053,0.021-0.093,0.04c-0.025,0.226,0.52,0.257,0.803,0.229 + c0-0.009,0.003-0.017,0.013-0.021c-0.014-0.009-0.109-0.12-0.106-0.126c0.109-0.008,0.126,0.186,0.211,0.179 + C10.495,7.297,10.5,7.29,10.512,7.292c0.012-0.065-0.071-0.093-0.025-0.164c0.044,0.028,0.067,0.022,0.069-0.017 + c0.074-0.003,0.238,0.195,0.244-0.038c-0.003,0-0.004-0.001-0.006-0.001c-0.058,0.05-0.081,0.05-0.058-0.007 + c0.022-0.006,0.038,0.006,0.058,0.007c0.003-0.002,0.003-0.001,0.007-0.004c0,0.003-0.001,0.003-0.001,0.005 + c0.074,0.007,0.134,0.047,0.12,0.171c0.105-0.01,0.122-0.032,0.255-0.043c-0.004,0.011-0.002,0.013,0.009,0.01 + c-0.016,0.087-0.092,0.185-0.091,0.291c0.048-0.018,0.057,0.002,0.028,0.062c0.084-0.019,0.172-0.133,0.23-0.167 + c-0.005,0.012-0.002,0.015,0.008,0.011c-0.029,0.177,0.169,0.745-0.228,0.775c-0.01,0.088,0.121,0.16,0.125,0.254 + c-0.917,0.379-0.374,0.413-0.285,0.189c0.202-0.015,0.23,0.332,0.433,0.317c-0.041,0.07-0.082,0.023-0.113,0.093 + c0.229-0.009,0.534,0.091,0.778,0.031c0.013-0.246-0.361-0.107-0.394-0.367c0.154-0.155,0.414,0.1,0.539,0.091 + c0-0.01,0.003-0.017,0.013-0.022c-0.007-0.016-0.021-0.016-0.039,0.002c-0.047-0.211,0.021-0.077,0.072-0.239 + c-0.005,0-0.389-0.234-0.362-0.398c0.023,0.012,0.049,0.028,0.093,0.024c0.004-0.059-0.043-0.104-0.035-0.157 + c0.055-0.004,0.007,0.074,0.068,0.07c0.003-0.04-0.017-0.086-0.014-0.104c0.136,0.028,0.082,0.22,0.281,0.139 + c-0.028,0.076,0.025,0.264,0.209,0.252c-0.004-0.022,0.004-0.029,0.022-0.023c0.031-0.071-0.037-0.112-0.014-0.18 + C12.676,8.142,12.6,8,12.786,7.987z M11.77,6.961C11.855,6.973,11.751,7.067,11.77,6.961L11.77,6.961z M11.556,8.582 + c-0.167,0.013-0.12,0.014-0.116-0.14C11.394,8.43,11.608,8.248,11.556,8.582z M11.608,8.176c-0.086-0.018-0.04-0.24-0.027-0.315 + c0.008,0.003,0.013,0,0.01-0.01C11.664,7.889,11.771,8.004,11.84,8c-0.008,0.02-0.003,0.03,0.015,0.031 + C11.813,8.14,11.668,8.021,11.608,8.176z M11.862,7.142C12.099,7.124,11.824,7.207,11.862,7.142L11.862,7.142z"/> +<path fill="#3C89C9" d="M12.192,8.39C12.189,8.413,12.265,8.384,12.192,8.39L12.192,8.39z"/> +<path fill="#3C89C9" d="M12.274,8.788C12.252,8.952,12.436,8.8,12.274,8.788L12.274,8.788z"/> +<path fill="#3C89C9" d="M11.693,9.409C11.683,9.485,11.789,9.403,11.693,9.409L11.693,9.409z"/> +<path fill="#3C89C9" d="M11.389,9.102C11.397,9.178,11.515,9.115,11.389,9.102L11.389,9.102z"/> +<path fill="#3C89C9" d="M11.072,8.723C11.062,8.795,11.108,8.72,11.072,8.723L11.072,8.723z"/> +<path fill="#3C89C9" d="M18.295,3.963c0.01,0,0.011-0.004,0.017-0.006c-0.005,0-0.01-0.001-0.014-0.001 + C18.298,3.959,18.296,3.959,18.295,3.963z"/> +<path fill="#3C89C9" d="M21.718,8.458C21.889,8.442,21.739,8.353,21.718,8.458L21.718,8.458z"/> +<path fill="#3C89C9" d="M23.41,6.653C23.413,6.705,23.5,6.655,23.41,6.653L23.41,6.653z"/> +<path fill="#3C89C9" d="M23.48,6.502C23.171,6.507,23.451,6.753,23.48,6.502L23.48,6.502z"/> +<path fill="#3C89C9" d="M23.57,6.603C23.412,6.645,23.567,6.755,23.57,6.603L23.57,6.603z"/> +<path fill="#3C89C9" d="M23.188,6.669C23.165,6.78,23.246,6.671,23.188,6.669L23.188,6.669z"/> +<path fill="#3C89C9" d="M23.613,6.506C23.64,6.602,23.653,6.507,23.613,6.506L23.613,6.506z"/> +<path fill="#3C89C9" d="M23.131,6.713C23.109,6.555,23.033,6.711,23.131,6.713L23.131,6.713z"/> +<path fill="#3C89C9" d="M23.562,4.875c-0.009-0.018-0.007-0.026,0.008-0.021c0,0.026-0.243-0.145-0.268-0.15 + c-0.033,0.142-0.178-0.038-0.174,0.226c0.151-0.016,0.24-0.037,0.417-0.032C23.541,4.882,23.546,4.876,23.562,4.875z"/> +<path fill="#3C89C9" d="M22.223,4.034c-0.058-0.001-0.101,0.02-0.165,0.02c-0.171,0.563,0.608,0.305,0.615,0.481 + c-0.184,0.128-0.445-0.087-0.421,0.168c-0.001-0.001,0.249-0.069,0.251-0.018c-0.095,0.098-0.075,0.135-0.22,0.084 + c-0.143,0.632,0.514,0.085,0.731-0.159c-0.009-0.01-0.013-0.012-0.024-0.024c0.011,0.003,0.014,0,0.011-0.011 + c0.013,0,0.034-0.007,0.058-0.015c0.027-0.034,0.041-0.058,0.029-0.059c-0.011-0.061-0.469-0.537-0.52-0.538 + c-0.023,0.177-0.081,0.188-0.05,0.381c0.014-0.003,0.016,0.004,0.011,0.021c-0.02,0-0.154-0.26-0.157-0.297 + c-0.069,0-0.095,0.028-0.107,0.055c0.003-0.018,0.008-0.034,0.005-0.079C22.237,4.063,22.221,4.059,22.223,4.034z"/> +<path fill="#3C89C9" d="M23.118,3.856c-0.183-0.005-0.051,0.145-0.322,0.069c0.021,0.267,0.14,0.101,0.393,0.218 + c-0.02,0.095-0.186,0.03-0.226,0.061c0.046,0.29,0.918,0.127,0.95-0.169c-0.172-0.006-0.382-0.007-0.4-0.144 + C23.588,3.894,23.137,4.186,23.118,3.856z"/> +<path fill="#3C89C9" d="M23.252,4.625c-0.021-0.13-0.121-0.09-0.193-0.064c-0.013,0.014-0.028,0.033-0.044,0.05 + C23.128,4.734,23.153,4.664,23.252,4.625z"/> +<path fill="#3C89C9" d="M19.583,9.93C19.581,10.048,19.636,9.93,19.583,9.93L19.583,9.93z"/> +<path fill="#3C89C9" d="M23.876,6.534C23.876,6.52,23.809,6.533,23.876,6.534L23.876,6.534z"/> +<path fill="#3C89C9" d="M23.906,4.461C23.861,4.477,23.931,4.617,23.906,4.461L23.906,4.461z"/> +<path fill="#3C89C9" d="M23.057,6.733C22.921,6.712,23.026,6.876,23.057,6.733L23.057,6.733z"/> +<path fill="#3C89C9" d="M24.236,4.43C23.87,4.415,24.236,4.459,24.236,4.43L24.236,4.43z"/> +<path fill="#3C89C9" d="M22.368,7.324C22.337,7.458,22.455,7.325,22.368,7.324L22.368,7.324z"/> +<path fill="#3C89C9" d="M26.57,3.952c-0.022-0.001-0.083,0.014-0.153,0.03c0.004,0.009,0.015,0.015,0.016,0.024 + c-0.024-0.013-0.038-0.019-0.049-0.019c0.011-0.003,0.021-0.003,0.033-0.005c-0.095-0.139-0.77-0.149-0.748,0.051 + c0.071-0.005,0.367,0.022,0.367,0.022c0.058-0.008,0.098-0.02,0.141-0.028c0-0.002-0.003-0.001-0.003-0.006 + c0.067-0.002,0.141-0.019,0.208-0.033c-0.012,0.002-0.014,0.009-0.012,0.025c-0.085-0.007-0.139,0.002-0.193,0.014 + c0.011,0.047,0.038,0.022,0.046,0.105c0.147,0.01,0.318,0.068,0.474-0.054C26.677,3.961,26.579,4.021,26.57,3.952z"/> +<path fill="#3C89C9" d="M22.923,6.807C22.931,6.987,23.074,6.785,22.923,6.807L22.923,6.807z"/> +<path fill="#3C89C9" d="M26.749,4.212C26.525,4.196,26.825,4.473,26.749,4.212L26.749,4.212z"/> +<path fill="#3C89C9" d="M26.899,7.116C26.574,7.099,26.99,7.421,26.899,7.116L26.899,7.116z"/> +<path fill="#3C89C9" d="M26.625,4.16C26.458,4.194,26.661,4.279,26.625,4.16L26.625,4.16z"/> +<path fill="#3C89C9" d="M22,4.271C22.043,4.666,22.129,4.273,22,4.271L22,4.271z"/> +<path fill="#3C89C9" d="M22.511,7.249C22.477,7.221,22.39,7.501,22.511,7.249L22.511,7.249z"/> +<path fill="#3C89C9" d="M22.737,7.011C22.714,7.094,22.762,7.011,22.737,7.011L22.737,7.011z"/> +<path fill="#3C89C9" d="M22.874,7.069C22.912,6.831,22.65,7.066,22.874,7.069L22.874,7.069z"/> +<path fill="#3C89C9" d="M22.717,7.044C22.697,7.126,22.745,7.044,22.717,7.044L22.717,7.044z"/> +<path fill="#3C89C9" d="M22.619,7.316c0-0.069,0.198-0.205,0.003-0.208C22.597,7.21,22.504,7.315,22.619,7.316z"/> +<path fill="#3C89C9" d="M22.564,7.13C22.446,7.156,22.569,7.237,22.564,7.13L22.564,7.13z"/> +<path fill="#3C89C9" d="M23.34,3.917C23.318,3.849,23.298,3.917,23.34,3.917L23.34,3.917z"/> +<path fill="#3C89C9" d="M23.409,14.053C23.41,14.131,23.544,14.065,23.409,14.053L23.409,14.053z"/> +<path fill="#3C89C9" d="M22.683,14.068c-0.14,0.027-0.284-0.019-0.393,0.008C22.301,14.357,22.652,14.375,22.683,14.068z"/> +<path fill="#3C89C9" d="M21.3,13.657C21.158,13.654,21.325,13.794,21.3,13.657L21.3,13.657z"/> +<path fill="#3C89C9" d="M21.859,13.439c-0.279-0.09-0.034,0.581,0.004,0.417C22.116,13.856,21.859,13.507,21.859,13.439z"/> +<path fill="#3C89C9" d="M23.705,14.428C23.701,14.338,23.653,14.427,23.705,14.428L23.705,14.428z"/> +<path fill="#3C89C9" d="M24.218,14.182C24.22,14.234,24.294,14.183,24.218,14.182L24.218,14.182z"/> +<path fill="#3C89C9" d="M24.206,14.072C24.177,13.985,24.172,14.072,24.206,14.072L24.206,14.072z"/> +<path fill="#3C89C9" d="M19.764,10.005C19.809,10.018,19.711,9.764,19.764,10.005L19.764,10.005z"/> +<path fill="#3C89C9" d="M24.254,14.335C24.254,14.36,24.333,14.337,24.254,14.335L24.254,14.335z"/> +<path fill="#3C89C9" d="M19.594,9.865C19.609,9.923,19.7,9.863,19.594,9.865L19.594,9.865z"/> +<path fill="#3C89C9" d="M19.742,10.138C19.766,10.31,19.789,10.138,19.742,10.138L19.742,10.138z"/> +<path fill="#3C89C9" d="M19.747,9.819C19.808,9.473,19.57,9.821,19.747,9.819L19.747,9.819z"/> +<path fill="#3C89C9" d="M21.046,13.81C21.126,13.478,20.944,13.81,21.046,13.81L21.046,13.81z"/> +<path fill="#3C89C9" d="M20.792,13.777C20.684,13.913,20.828,13.777,20.792,13.777L20.792,13.777z"/> +<path fill="#3C89C9" d="M23.555,9.632C23.663,9.605,23.505,9.425,23.555,9.632L23.555,9.632z"/> +<path fill="#3C89C9" d="M23.118,9.866c-0.014,0.076-0.225,0.101-0.072,0.261C23.062,10.068,23.179,9.867,23.118,9.866z"/> +<path fill="#3C89C9" d="M23.158,9.231C23.212,9.423,23.282,9.277,23.158,9.231L23.158,9.231z"/> +<path fill="#3C89C9" d="M22.552,10.439C22.559,10.592,22.737,10.511,22.552,10.439L22.552,10.439z"/> +<path fill="#3C89C9" d="M22.021,10.522C22.045,10.314,21.812,10.476,22.021,10.522L22.021,10.522z"/> +<path fill="#3C89C9" d="M24.373,14.349c0.013,0.032,0,0.012,0.033,0.012C24.392,14.328,24.406,14.347,24.373,14.349z"/> +<path fill="#3C89C9" d="M23.66,9.688C23.298,9.644,23.616,9.971,23.66,9.688L23.66,9.688z"/> +<path fill="#3C89C9" d="M23.504,9.838C23.505,9.913,23.541,9.84,23.504,9.838L23.504,9.838z"/> +<path fill="#3C89C9" d="M25.32,14.646c-0.078,0.018-0.218,0.05-0.252,0.063C25.125,14.9,25.322,14.723,25.32,14.646z"/> +<path fill="#3C89C9" d="M21.418,10.858C21.287,10.887,21.418,10.905,21.418,10.858L21.418,10.858z"/> +<path fill="#3C89C9" d="M25.32,14.646L25.32,14.646C25.382,14.632,25.409,14.627,25.32,14.646z"/> +<path fill="#3C89C9" d="M22.268,10.589C22.283,10.533,21.897,10.681,22.268,10.589L22.268,10.589z"/> +<path fill="#3C89C9" d="M22.17,10.261c0.002,0.113-0.027,0.11-0.131,0.109c0.01,0.099,0.166,0.188,0.166,0.12 + C22.261,10.476,22.303,10.241,22.17,10.261z"/> +<path fill="#3C89C9" d="M22.012,10.632C22.065,10.615,22.077,10.418,22.012,10.632L22.012,10.632z"/> +<linearGradient id="hl_2_" gradientUnits="userSpaceOnUse" x1="215.9331" y1="792.7061" x2="215.9331" y2="774.8809" gradientTransform="matrix(1 0 0 1 -195.2002 -770.8008)"> + <stop offset="0" style="stop-color:#F2F2F2;stop-opacity:0"/> + <stop offset="1" style="stop-color:#F2F2F2"/> +</linearGradient> +<path id="hl_1_" opacity="0.63" fill="url(#hl_2_)" enable-background="new " d="M33.147,14.728 + c-0.033,2.735-2.54,7.178-12.287,7.178c-9.354,0-12.835-3.199-12.521-7.656c0.273-3.87,3.254-10.169,12.521-10.169 + C29.365,4.081,33.195,10.393,33.147,14.728z"/> +<path fill="#9CD7FF" d="M30.042,3.613c0.906,0.484,1.782,1.047,2.618,1.683c0.924,0.401,1.758,0.949,2.468,1.66 + c4.808,4.808,2.37,15.068-5.431,22.871c-7.801,7.802-18.062,10.239-22.87,5.431c-0.772-0.772-1.354-1.685-1.761-2.701 + c-0.604-0.816-1.139-1.666-1.6-2.544c0.242,2.34,1.108,4.396,2.659,5.947c5.196,5.195,16.086,2.76,24.275-5.43 + c8.19-8.191,10.626-19.08,5.431-24.277C34.315,4.74,32.315,3.878,30.042,3.613z"/> +<path fill="#9CD7FF" d="M11.46,37.931c-0.906-0.483-1.782-1.046-2.62-1.684c-0.923-0.4-1.756-0.948-2.466-1.659 + c-4.808-4.809-2.372-15.07,5.431-22.873c7.802-7.801,18.062-10.238,22.871-5.429c0.771,0.772,1.354,1.684,1.759,2.702 + c0.604,0.815,1.141,1.665,1.602,2.543c-0.242-2.34-1.107-4.397-2.658-5.948c-5.195-5.196-16.086-2.759-24.275,5.43 + c-8.19,8.188-10.627,19.078-5.43,24.275C7.186,36.805,9.186,37.666,11.46,37.931z"/> +<path fill="#9CD7FF" d="M29.887,38.302c0.908-0.484,1.783-1.047,2.621-1.684c0.923-0.4,1.755-0.95,2.465-1.659 + c4.809-4.809,2.373-15.07-5.428-22.873C21.742,4.285,11.481,1.851,6.672,6.658C5.902,7.43,5.32,8.342,4.913,9.361 + c-0.604,0.815-1.139,1.665-1.6,2.543C3.555,9.563,4.421,7.505,5.97,5.957c5.196-5.196,16.088-2.76,24.276,5.429 + c8.189,8.19,10.625,19.079,5.429,24.277C34.163,37.176,32.161,38.037,29.887,38.302z"/> +<path fill="#9CD7FF" d="M11.707,3.429C10.8,3.914,9.924,4.477,9.086,5.113c-0.922,0.401-1.756,0.949-2.466,1.66 + c-4.807,4.809-2.373,15.068,5.43,22.873c7.803,7.803,18.061,10.236,22.87,5.429c0.771-0.771,1.354-1.683,1.761-2.7 + c0.604-0.817,1.139-1.666,1.6-2.545c-0.241,2.34-1.106,4.398-2.656,5.946c-5.198,5.195-16.087,2.763-24.276-5.428 + C3.158,22.157,0.723,11.266,5.919,6.069C7.433,4.555,9.433,3.694,11.707,3.429z"/> +<path fill="#9CD7FF" d="M40.425,19.836c0.015,0.264,0.02,0.532,0.021,0.799c0.195,0.077,0.354,0.152,0.432,0.225 + c-0.829,0.76-8.186,1.813-20.019,1.813c-11.833,0-19.188-1.052-20.02-1.813c0.079-0.073,0.236-0.148,0.433-0.225 + c0.003-0.267,0.007-0.535,0.021-0.8C0.481,20.122,0,20.459,0,20.859c0,2.582,20.008,2.611,20.86,2.611 + c0.851,0,20.859-0.029,20.859-2.611C41.719,20.46,41.239,20.122,40.425,19.836z"/> +<path fill="#9CD7FF" d="M22.304,40.427c-0.265,0.013-0.53,0.018-0.799,0.021c-0.078,0.195-0.152,0.353-0.224,0.432 + c-0.763-0.832-1.812-10.28-1.812-20.021c0-11.833,1.049-19.188,1.812-20.02c0.071,0.08,0.146,0.237,0.224,0.433 + c0.267,0.003,0.534,0.007,0.799,0.021C22.018,0.48,21.68,0,21.282,0c-2.583,0-2.612,20.008-2.612,20.859 + c0,0.852,0.029,20.861,2.612,20.861C21.68,41.721,22.016,41.238,22.304,40.427z"/> +</svg> + + <?xml version="1.0" encoding="utf-8"?> +<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" + width="57px" height="63px" viewBox="0 0 57 63" enable-background="new 0 0 57 63" xml:space="preserve"> +<g> + + <linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="26.5" y1="1570.3457" x2="27.741" y2="1600.1431" gradientTransform="matrix(1 0 0 1 0.1602 -1546.3828)"> + <stop offset="0.2711" style="stop-color:#FFAB4F"/> + <stop offset="1" style="stop-color:#FFD28F"/> + </linearGradient> + <path fill="url(#SVGID_1_)" stroke="#ED9135" stroke-miterlimit="10" d="M49.529,51.225c-4.396-4.396-10.951-5.884-12.063-6.109 + V37.8H19.278c0,0,0.038,6.903,0,6.868c0,0-6.874,0.997-12.308,6.432C1.378,56.691,0.5,62.77,0.5,62.77 + c0,1.938,1.575,3.492,3.523,3.492h48.51c1.947,0,3.521-1.558,3.521-3.492C56.055,62.768,54.211,55.906,49.529,51.225z"/> + + <radialGradient id="face_x5F_white_1_" cx="27.7427" cy="1572.1094" r="23.4243" fx="23.1732" fy="1569.6195" gradientTransform="matrix(1 0 0 1 0.1602 -1546.3828)" gradientUnits="userSpaceOnUse"> + <stop offset="0" style="stop-color:#FFD28F"/> + <stop offset="1" style="stop-color:#FFAB4F"/> + </radialGradient> + <path id="face_x5F_white_3_" fill="url(#face_x5F_white_1_)" stroke="#ED9135" stroke-miterlimit="10" d="M43.676,23.357 + c0.086,10.2-6.738,18.52-15.247,18.586c-8.502,0.068-15.466-8.146-15.552-18.344C12.794,13.4,19.618,5.079,28.123,5.012 + C36.627,4.945,43.59,13.158,43.676,23.357z"/> + + <linearGradient id="face_highlight_1_" gradientUnits="userSpaceOnUse" x1="3646.5117" y1="-6644.2471" x2="3670.1414" y2="-6737.6978" gradientTransform="matrix(0.275 0 0 -0.2733 -977.2951 -1807.6279)"> + <stop offset="0" style="stop-color:#FFFFFF;stop-opacity:0.24"/> + <stop offset="1" style="stop-color:#FFFFFF;stop-opacity:0.16"/> + </linearGradient> + <path id="face_highlight_3_" fill="url(#face_highlight_1_)" d="M27.958,6.333c-6.035,0.047-10.747,4.493-12.787,10.386 + c-0.664,1.919-0.294,4.043,0.98,5.629c2.73,3.398,5.729,6.283,9.461,8.088c3.137,1.518,7.535,2.384,11.893,1.247 + c2.274-0.592,3.988-2.459,4.375-4.766c0.183-1.094,0.293-2.289,0.283-3.553C42.083,13.952,36.271,6.268,27.958,6.333z"/> + <path fill="#656565" stroke="#4B4B4B" stroke-linejoin="round" stroke-miterlimit="10" d="M15.038,26.653 + c0.145,2.05,3.468,2.593,6.477,2.56c2.298-0.026,3.25-0.889,4.746-2.685c2.539-3.05-0.767-3.715-4.817-3.67 + C15.984,22.919,14.777,22.933,15.038,26.653z"/> + <path fill="#656565" stroke="#4B4B4B" stroke-linejoin="round" stroke-miterlimit="10" d="M41.116,26.653 + c-0.146,2.05-3.47,2.593-6.478,2.56c-2.299-0.026-3.252-0.889-4.746-2.685c-2.538-3.05,0.769-3.715,4.816-3.67 + C40.17,22.919,41.377,22.933,41.116,26.653z"/> + <path fill="none" stroke="#4B4B4B" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" d="M27.453,24.375 + c0,0,0.604-0.469,1.305,0"/> + + <line fill="none" stroke="#4B4B4B" stroke-linecap="round" stroke-miterlimit="10" x1="41.727" y1="24.592" x2="41.844" y2="25.375"/> + + <line fill="none" stroke="#4B4B4B" stroke-linecap="round" stroke-miterlimit="10" x1="42.165" y1="24.938" x2="44.027" y2="24.938"/> + + <line fill="none" stroke="#4B4B4B" stroke-linecap="round" stroke-miterlimit="10" x1="14.374" y1="24.592" x2="14.257" y2="25.375"/> + + <line fill="none" stroke="#4B4B4B" stroke-linecap="round" stroke-miterlimit="10" x1="13.937" y1="24.938" x2="12.073" y2="24.938"/> + <path id="body_9_" fill="#9B9B9B" stroke="#4B4B4B" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" d=" + M0.5,62.768c0,1.938,1.575,3.494,3.523,3.494h48.51c1.947,0,3.521-1.559,3.521-3.494c0,0-1.844-6.861-6.525-11.543 + c-4.815-4.813-11.244-6.146-11.244-6.146c-1.771,1.655-5.61,2.802-10.063,2.802c-4.453,0-8.292-1.146-10.063-2.802 + c0,0-5.755,0.586-11.189,6.021C1.378,56.689,0.5,62.768,0.5,62.768z"/> + + <path id="turtleneck_6_" fill="#9B9B9B" stroke="#4B4B4B" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" d=" + M39.715,44.786l-1.557-3.405c0,0-0.574,2.369-3.012,4.441c-2.109,1.795-6.785,2.072-6.785,2.072s-4.753-0.356-6.722-2.031 + c-2.436-2.072-3.012-4.441-3.012-4.441l-1.555,3.404c0,0-0.552,1.404,1.37,3.479c1.025,1.105,5.203,3.611,9.682,3.582 + c4.479-0.029,9.264-2.594,10.218-3.623C40.266,46.191,39.715,44.786,39.715,44.786z"/> + <path fill="#656565" stroke="#4B4B4B" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" d="M49.529,51.225 + c-1.094-1.094-2.319-2.006-3.563-2.766c0.193,0.346,0.401,0.68,0.574,1.041c-4.906,6.014-15.921,9.289-21.743,16.709 + c1.969-7.594-11.166-13.127-14.493-16.926c-0.158-0.182-0.258-0.422-0.332-0.686c-1.015,0.707-2.031,1.525-3.001,2.5 + c-5.592,5.592-6.47,11.67-6.47,11.67c0,1.936,1.575,3.489,3.523,3.489h48.51c1.948,0,3.521-1.558,3.521-3.489 + C56.055,62.768,54.211,55.906,49.529,51.225z"/> + <path fill="#656565" stroke="#4B4B4B" stroke-linejoin="round" stroke-miterlimit="10" d="M3.007,32.205 + c1.521,2.295,10.771,12.17,10.771,12.17s-5.137,3.012-3.474,4.908c3.327,3.799,10.533,14.018,14.865,16.467 + c2.499-4.6-3.906-23.327-5.724-25.833c-1.296-1.786-3.22-3.269-4.598-5.417C14.846,34.5,9.195,34.5,3.007,32.205z"/> + <path fill="#656565" stroke="#4B4B4B" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" d="M52.277,32.205 + c-4.791,3.299-10.368,10.391-11.074,11.066c2.313,1.744,4.9,3.799,6.146,6.406c-4.906,6.014-14.766,9.277-21.747,16.069 + c2.015-7.771,5.157-20.46,12.517-27.083c1.667-1.5,2.713-2.833,4.043-5.391C42.165,33.275,45.637,33.25,52.277,32.205z"/> + <path id="wh2_1_" fill="#9B9B9B" stroke="#4B4B4B" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" d=" + M28.276,15.5c5.635,0,10.826,1.416,14.979,3.794c-1.614-8.228-7.794-14.34-15.132-14.282c-7.272,0.057-13.299,6.155-14.846,14.294 + C17.434,16.921,22.632,15.5,28.276,15.5z"/> + <path id="wh1_1_" fill="#9B9B9B" stroke="#4B4B4B" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" d=" + M28.278,20.808c5.662,0,11.937,0.811,16.391,2.207c-0.11-2.059-0.274-2.826-0.413-3.72c-4.154-2.379-10.344-3.795-15.98-3.795 + c-5.644,0-11.842,1.421-16,3.807c-0.228,1.197-0.362,2.436-0.388,3.707C16.343,21.618,22.618,20.808,28.278,20.808z"/> +</g> +</svg> + + <?xml version="1.0" encoding="utf-8"?> +<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" + width="57px" height="65px" viewBox="0 0 57 65" enable-background="new 0 0 57 65" xml:space="preserve"> +<g> + + <linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="26.5796" y1="796.6533" x2="27.8207" y2="826.4517" gradientTransform="matrix(1 0 0 1 0.0801 -771.6914)"> + <stop offset="0.2711" style="stop-color:#FFAB4F"/> + <stop offset="1" style="stop-color:#FFD28F"/> + </linearGradient> + <path fill="url(#SVGID_1_)" stroke="#ED9135" stroke-miterlimit="10" d="M49.529,52.225c-4.396-4.396-10.951-5.884-12.063-6.109 + V38.8H19.278c0,0,0.038,6.903,0,6.868c0,0-6.874,0.997-12.308,6.432C1.378,57.691,0.5,63.77,0.5,63.77 + c0,1.937,1.575,3.492,3.523,3.492h48.51c1.947,0,3.521-1.558,3.521-3.492C56.055,63.768,54.211,56.906,49.529,52.225z"/> + + <radialGradient id="face_x5F_white_1_" cx="27.8228" cy="798.418" r="23.4236" fx="23.2533" fy="795.9283" gradientTransform="matrix(1 0 0 1 0.0801 -771.6914)" gradientUnits="userSpaceOnUse"> + <stop offset="0" style="stop-color:#FFD28F"/> + <stop offset="1" style="stop-color:#FFAB4F"/> + </radialGradient> + <path id="face_x5F_white_3_" fill="url(#face_x5F_white_1_)" stroke="#ED9135" stroke-miterlimit="10" d="M43.676,24.357 + c0.086,10.2-6.738,18.52-15.245,18.586c-8.504,0.068-15.468-8.146-15.554-18.344C12.794,14.4,19.618,6.079,28.123,6.012 + C36.627,5.945,43.59,14.158,43.676,24.357z"/> + <path id="hair_x5F_gray_1_" fill="#ECECEC" stroke="#9B9B9B" stroke-linecap="round" stroke-linejoin="round" d="M20.278,14.25 + c0,0,5.321,7.25,15,3.75c2.729-0.563,9.058,1.035,9.058,1.035S40.68,2.865,27.289,3.744C9.403,5.125,12.058,26.678,12.058,26.678 + s2.768-0.684,5.036-4.802C18.068,20.106,20.278,14.25,20.278,14.25z"/> + + <radialGradient id="collar_x5F_body_1_" cx="15.1982" cy="829.8604" r="32.4004" gradientTransform="matrix(1 0 0 1 0.0801 -771.6914)" gradientUnits="userSpaceOnUse"> + <stop offset="0" style="stop-color:#B0E8FF"/> + <stop offset="1" style="stop-color:#74AEEE"/> + </radialGradient> + <path id="collar_x5F_body_3_" fill="url(#collar_x5F_body_1_)" stroke="#5491CF" d="M0.5,63.768c0,1.938,1.575,3.494,3.523,3.494 + h48.51c1.947,0,3.521-1.559,3.521-3.494c0,0-1.844-6.861-6.525-11.543c-4.815-4.814-11.244-6.146-11.244-6.146 + c-1.771,1.655-5.61,2.802-10.063,2.802c-4.453,0-8.292-1.146-10.063-2.802c0,0-5.755,0.586-11.189,6.021 + C1.378,57.689,0.5,63.768,0.5,63.768z"/> + + <radialGradient id="collar_x5F_r_1_" cx="31.54" cy="819.9863" r="9.2835" gradientTransform="matrix(1 0 0 1 0.0801 -771.6914)" gradientUnits="userSpaceOnUse"> + <stop offset="0" style="stop-color:#80CCFF"/> + <stop offset="1" style="stop-color:#74AEEE"/> + </radialGradient> + <path id="collar_x5F_r_3_" fill="url(#collar_x5F_r_1_)" stroke="#5491CF" d="M38.159,42.381c0,0-0.574,2.369-3.013,4.441 + c-2.108,1.795-5.783,2.072-5.783,2.072l3.974,6.217c0,0,2.957-1.637,5.009-3.848c1.922-2.072,1.37-5.479,1.37-5.479L38.159,42.381z + "/> + + <radialGradient id="collar_x5F_l_1_" cx="19.1777" cy="820.0273" r="9.2834" gradientTransform="matrix(1 0 0 1 0.0801 -771.6914)" gradientUnits="userSpaceOnUse"> + <stop offset="0" style="stop-color:#80CCFF"/> + <stop offset="1" style="stop-color:#74AEEE"/> + </radialGradient> + <path id="collar_x5F_l_3_" fill="url(#collar_x5F_l_1_)" stroke="#5491CF" d="M18.63,42.422c0,0,0.576,2.369,3.012,4.441 + c2.109,1.793,5.785,2.072,5.785,2.072l-3.974,6.217c0,0-2.957-1.637-5.007-3.85c-1.922-2.072-1.37-5.479-1.37-5.479L18.63,42.422z" + /> +</g> +</svg> + + <?xml version="1.0" encoding="utf-8"?> +<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" + width="57px" height="65px" viewBox="0 0 57 65" enable-background="new 0 0 57 65" xml:space="preserve"> +<g> + + <linearGradient id="SVGID_1_" gradientUnits="userSpaceOnUse" x1="26.3398" y1="3115.7266" x2="27.5807" y2="3145.5239" gradientTransform="matrix(1 0 0 1 0.3203 -3091.7656)"> + <stop offset="0.2711" style="stop-color:#FFAB4F"/> + <stop offset="1" style="stop-color:#FFD28F"/> + </linearGradient> + <path fill="url(#SVGID_1_)" stroke="#ED9135" stroke-miterlimit="10" d="M49.529,51.225c-4.396-4.396-10.951-5.884-12.063-6.109 + V37.8H19.278c0,0,0.038,6.903,0,6.868c0,0-6.874,0.997-12.308,6.432C1.378,56.691,0.5,62.77,0.5,62.77 + c0,1.938,1.575,3.492,3.523,3.492h48.51c1.947,0,3.521-1.558,3.521-3.492C56.055,62.768,54.211,55.906,49.529,51.225z"/> + + <radialGradient id="face_x5F_white_1_" cx="27.5835" cy="3117.4922" r="23.425" fx="23.0139" fy="3115.0024" gradientTransform="matrix(1 0 0 1 0.3203 -3091.7656)" gradientUnits="userSpaceOnUse"> + <stop offset="0" style="stop-color:#FFD28F"/> + <stop offset="1" style="stop-color:#FFAB4F"/> + </radialGradient> + <path id="face_x5F_white_3_" fill="url(#face_x5F_white_1_)" stroke="#ED9135" stroke-miterlimit="10" d="M43.676,23.357 + c0.086,10.2-6.738,18.52-15.25,18.586c-8.5,0.068-15.464-8.146-15.55-18.344C12.794,13.4,19.618,5.079,28.123,5.012 + C36.627,4.945,43.59,13.158,43.676,23.357z"/> + + <linearGradient id="face_highlight_1_" gradientUnits="userSpaceOnUse" x1="6468.501" y1="-12291.5195" x2="6492.1304" y2="-12384.9688" gradientTransform="matrix(0.275 0 0 -0.2733 -1752.8849 -3351.7349)"> + <stop offset="0" style="stop-color:#FFFFFF;stop-opacity:0.24"/> + <stop offset="1" style="stop-color:#FFFFFF;stop-opacity:0.16"/> + </linearGradient> + <path id="face_highlight_3_" fill="url(#face_highlight_1_)" d="M28.415,5.625c-6.035,0.047-10.747,4.493-12.787,10.386 + c-0.664,1.919-0.294,4.043,0.98,5.629c2.73,3.398,5.729,6.283,9.461,8.088c3.137,1.518,7.535,2.385,11.893,1.247 + c2.274-0.592,3.988-2.459,4.375-4.766c0.187-1.094,0.293-2.289,0.283-3.553C42.54,13.244,36.729,5.56,28.415,5.625z"/> + <path fill="#CC9869" stroke="#99724F" stroke-width="0.9271" stroke-linecap="round" stroke-linejoin="round" d="M28.02,31.921 + c-6.78,0-6.717,3.708-6.717,3.708c0,8.133,2.985,8.788,6.955,8.788c4.243,0,6.792-0.926,6.792-8.595 + C35.051,35.822,35.881,31.921,28.02,31.921z M23.989,35.678c0-0.556,1.838-1.005,4.107-1.005c2.27,0,4.107,0.449,4.107,1.005 + C32.204,36.232,23.989,36.232,23.989,35.678z"/> + <path id="hair_x5F_gray_2_" fill="#CC9869" stroke="#99724F" stroke-linecap="round" stroke-linejoin="round" d="M20.278,13.25 + c0,0,5.321,7.25,15,3.75c2.729-0.563,9.058,1.035,9.058,1.035S40.68,1.865,27.289,2.744C9.403,4.125,12.058,25.678,12.058,25.678 + s2.768-0.684,5.036-4.802C18.068,19.106,20.278,13.25,20.278,13.25z"/> + + <radialGradient id="collar_x5F_body_1_" cx="14.9609" cy="3148.9336" r="32.4004" gradientTransform="matrix(1 0 0 1 0.3203 -3091.7656)" gradientUnits="userSpaceOnUse"> + <stop offset="0" style="stop-color:#B0E8FF"/> + <stop offset="1" style="stop-color:#74AEEE"/> + </radialGradient> + <path id="collar_x5F_body_3_" fill="url(#collar_x5F_body_1_)" stroke="#5491CF" d="M0.5,62.768c0,1.938,1.575,3.494,3.523,3.494 + h48.51c1.947,0,3.521-1.559,3.521-3.494c0,0-1.844-6.861-6.525-11.543c-4.815-4.813-11.244-6.146-11.244-6.146 + c-1.771,1.655-5.61,2.802-10.063,2.802c-4.453,0-8.292-1.146-10.063-2.802c0,0-5.755,0.586-11.189,6.021 + C1.378,56.689,0.5,62.768,0.5,62.768z"/> + + <radialGradient id="collar_x5F_r_1_" cx="31.2998" cy="3139.0605" r="9.2823" gradientTransform="matrix(1 0 0 1 0.3203 -3091.7656)" gradientUnits="userSpaceOnUse"> + <stop offset="0" style="stop-color:#80CCFF"/> + <stop offset="1" style="stop-color:#74AEEE"/> + </radialGradient> + <path id="collar_x5F_r_3_" fill="url(#collar_x5F_r_1_)" stroke="#5491CF" d="M38.159,41.381c0,0-0.574,2.369-3.013,4.441 + c-2.108,1.795-5.783,2.072-5.783,2.072l3.974,6.217c0,0,2.957-1.637,5.009-3.848c1.922-2.072,1.37-5.479,1.37-5.479L38.159,41.381z + "/> + + <radialGradient id="collar_x5F_l_1_" cx="18.9375" cy="3139.1016" r="9.2843" gradientTransform="matrix(1 0 0 1 0.3203 -3091.7656)" gradientUnits="userSpaceOnUse"> + <stop offset="0" style="stop-color:#80CCFF"/> + <stop offset="1" style="stop-color:#74AEEE"/> + </radialGradient> + <path id="collar_x5F_l_3_" fill="url(#collar_x5F_l_1_)" stroke="#5491CF" d="M18.63,41.422c0,0,0.576,2.369,3.012,4.441 + c2.109,1.793,5.785,2.072,5.785,2.072l-3.974,6.217c0,0-2.957-1.637-5.007-3.85c-1.922-2.072-1.37-5.48-1.37-5.48L18.63,41.422z"/> + + <radialGradient id="Knob2_1_" cx="27.6895" cy="2375.2871" r="0.9669" gradientTransform="matrix(1 0 0 1 0.2402 -2319.0742)" gradientUnits="userSpaceOnUse"> + <stop offset="0" style="stop-color:#80CCFF"/> + <stop offset="1" style="stop-color:#74AEEE"/> + </radialGradient> + <circle id="Knob2_3_" fill="url(#Knob2_1_)" stroke="#5491CF" cx="28.258" cy="56.254" r="0.584"/> + + <radialGradient id="Knob1_1_" cx="27.7275" cy="2381.5283" r="0.9669" gradientTransform="matrix(1 0 0 1 0.2402 -2319.0742)" gradientUnits="userSpaceOnUse"> + <stop offset="0" style="stop-color:#80CCFF"/> + <stop offset="1" style="stop-color:#74AEEE"/> + </radialGradient> + <circle id="Knob1_3_" fill="url(#Knob1_1_)" stroke="#5491CF" cx="28.297" cy="62.499" r="0.584"/> + <path id="path5135_5_" fill="#D54A30" stroke="#B51A19" d="M27.442,55.23c0,0-1.852,2.057-2.082,6.543c-0.23,4.488,0,4.488,0,4.488 + h6.546c0,0,0.23,0.063-0.154-4.367c-0.4-4.604-2.389-6.668-2.389-6.668L27.442,55.23L27.442,55.23z"/> + <path id="path5131_5_" fill="#D54A30" stroke="#B51A19" d="M28.325,48.688h0.125L31,52.691c0.516,0.953-1.207,1.797-1.457,2.547 + l-2.277-0.018c-0.242-0.761-2.26-1.369-1.477-2.584L28.325,48.688z"/> +</g> +</svg> + + + + diff --git a/servers/manifesto/index.html b/servers/manifesto/index.html new file mode 100644 index 0000000..33faf15 --- /dev/null +++ b/servers/manifesto/index.html @@ -0,0 +1,190 @@ + + + + + + + + + + + a Nihilist's Manifesto + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

user@Whonix - 2024-05-19

+

a Nihilist's Manifesto

+

Explaining why I have a blog in the first place.

+
+
+
+
+ + +
+
+
+
+

The History behind this Blog



+

At first, this blog started out as a hacking writeup blog, to show everyone how i hacked half of HackTheBox back in 2022, it was my way of showing that i understood how systems worked from the adversarial point of view. Then once i learned the pentesting methodology i realized that i was doing the same thing over and over again with different technologies, got bored with it, and decided to move on to Sysadmin topics.

+

At that point, i dabbled heavily into the self-hosting community, running a servers at home, running every possible service from home, open source only, remaining the only one in control of my data, etc.

+

But something was missing. I realized that Decentralisation and Privacy were not enough when reading the news, i realized that the very same governments that were supposed to be at the head of democracies were starting to turn into dictatorships. When that is the case, you have no choice but to fit into their view of a perfect law abiding citizen because any reason is a good reason to put you behind bars.

+

That's why i decided to move on to Anonymity topics specifically, because that is the key to remain in control of your freedom, is to make sure your sensitive actions remain secret, while portraying yourself as the perfect citizen. Wether you see this as right or wrong, it does not matter to me.

+

What truly matters here, is exploring how you can use technology to protect your abilities, and enhance them.

+ +
+
+
+
+ +
+
+
+
+

The Reasons behind this Blog



+

+"If you pull that trigger, right, you pull that trigger for a fucking honorable reason. Like an honorable man, not like some fucking civilian that does not understand the wicked way of our world, mate" -Alfie Solomons, Peaky Blinders
+
+
+

First of all let's cover the reasons that I see justify the vast majority of actions done out there in our current world:

+

+Limited Reasons:
+-Self-preservation
+-Pleasure seeking
+-Acting
+
+
+

The most limited reason behind one's action is that of self-preservation, nothing wrong with it, but every other animal out there is already doing it, you're supposed to be able to be more than just any other creature out there.

+

Seeking pleasure (ex: Playing video games, watching movies, behavioral addiction or substance abuse) is alright, but at some point you need to grow up and to realize that it's an immature waste of time.

+

Willingly getting things done is a great, until everything you do revolves around your limited sense of self, and identity.

+ +

So, here are the reasons that i consider honorable, which all stem out of a broader sense of self (daily practiced as part of my morning routine):

+

+Honorable reasons:
+-Purifying
+-Percieving
+-Transcending
+
+
+

I am motivated by my will to purify, refine and enhance my abilities using tools and technology, and I want anyone that also shares that same drive, to be able to explore the full scope of what they can do aswell.

+

I am also motivated by my will to clear out any misconceptions and help everyone percieve technology for what it truly is, regardless of any morality or any political view. My blog aims to bring to light that any usage of any technology is to be justified with a clear reason, to be described, and showcased in great detail.

+

Yes, anyone that tries to mix politics and ideologies into technology, is merely trying to preserve what they are currently identified with. Such people cannot pretend to have an objective view when talking about anything.

+

Transcending limitations is what i consider the most honorable way behind any action. Ultimately, this blog aims to showcase that Technology, when used correctly, can allow one to transcend any limitation. Be it to transcend surveillance, centralisation, deanonymization, lack of security. Any ability that we have as Humans, such as Privacy, Decentralisation, Anonymity, Security, Plausible Deniability can be protected and enhanced by using the correct Technology.

+

TLDR: You want to know the most effective technologies that can enhance your life ? It's right there. Just read it up, understand what they are, understand why they are used, understand how they are used, and use them yourself.

+ + + +
+
+
+
+ + + +
+
+
+
+

Technology is all that matters.

+

We, humans are able to do things, and no matter what we can do, we are able to enhance what we can do using tools. We can run that far, but with a car we can run farther, we can calculate fast, but with a computer we can calculate much faster.

+

You wished you could do more in the world right now ? Well, maybe you should have turned to technology, a long time ago.

+

People are not reliable, as their values, intentions, identities, habits change over time. Technology that you can audit (open source technology) is the only thing you should rely on.

+

You should not pay someone, nor put your trust into anyone to enhance your ability to do anything. Understand your needs, understand your abilities, understand your limits and then Look for tools, study those tools, and learn to use those tools to enhance what you can do in the world.

+

Yes, noone can be trusted, do not expect anyone to uphold any promise. Putting your trust into politicians will always remain a meaningless circus of broken promises, they are only interested in keeping their current power.

+

Everyone's greedy, and the vast majority are only pretending to care for you, they're only looking after their own personal interests.

+

Look at what people are doing, but look even closer at the reason behind their actions.

+ +

TLDR: Technology dictates the way of our world. So, that's what I focus on. I will continue to share it with everyone, until there is nothing left to cover.

+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/mastodon/index.html b/servers/mastodon/index.html new file mode 100644 index 0000000..641c365 --- /dev/null +++ b/servers/mastodon/index.html @@ -0,0 +1,1069 @@ + + + + + + + + + + + mastodon Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-03-23

+

mastodon Setup

+ +

+ +
+
+
+
+ + +
+
+
+
+

Initial Setup

+

+ +

+	
+
+ +

+ +

+	
+
+ +

+ +

+	
+
+
+
+
+
+ +
+
+
+
+

Setup



+

https://docs.joinmastodon.org/admin/install/

+

+
+[ Belladona ] [ /dev/pts/16 ] [~]
+→ adduser --disabled-login mastodon
+Adding user `mastodon' ...
+Adding new group `mastodon' (1000) ...
+Adding new user `mastodon' (1000) with group `mastodon (1000)' ...
+Creating home directory `/home/mastodon' ...
+Copying files from `/etc/skel' ...
+Changing the user information for mastodon
+Enter the new value, or press ENTER for the default
+        Full Name []:
+        Room Number []:
+        Work Phone []:
+        Home Phone []:
+        Other []:
+Is the information correct? [Y/n]
+Adding new user `mastodon' to supplemental / extra groups `users' ...
+Adding user `mastodon' to group `users' ...
+
+[ Belladona ] [ /dev/pts/16 ] [~]
+→ su - mastodon
+This account is currently not available.
+
+[ Belladona ] [ /dev/pts/16 ] [~]
+→ su - mastodon
+This account is currently not available.
+
+[ Belladona ] [ /dev/pts/16 ] [~]
+→ sudo -u mastodon
+usage: sudo -h | -K | -k | -V
+usage: sudo -v [-ABkNnS] [-g group] [-h host] [-p prompt] [-u user]
+usage: sudo -l [-ABkNnS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command [arg ...]]
+usage: sudo [-ABbEHkNnPS] [-r role] [-t type] [-C num] [-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] [VAR=value] [-i | -s] [command [arg ...]]
+usage: sudo -e [-ABkNnS] [-r role] [-t type] [-C num] [-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-T timeout] [-u user] file ...
+
+[ Belladona ] [ /dev/pts/16 ] [~]
+→ sudo -u mastodon bash
+mastodon@Belladona:/root$ pwd
+/root
+mastodon@Belladona:/root$ exit
+exit
+
+[ Belladona ] [ /dev/pts/16 ] [~]
+→ mkdir /srv/mastodon
+mkdir: cannot create directory ‘/srv/mastodon’: File exists
+
+[ Belladona ] [ /dev/pts/16 ] [~]
+→ sudo -u mastodon bash
+mastodon@Belladona:/root$ id
+uid=1000(mastodon) gid=1000(mastodon) groups=1000(mastodon),100(users)
+mastodon@Belladona:/root$ ls
+ls: cannot open directory '.': Permission denied
+mastodon@Belladona:/root$ exit
+exit
+
+[ Belladona ] [ /dev/pts/16 ] [~]
+→ mkdir /home/mastodon
+mkdir: cannot create directory ‘/home/mastodon’: File exists
+
+[ Belladona ] [ /dev/pts/16 ] [~]
+→ sudo -u mastodon bash
+mastodon@Belladona:/root$ cd /home/mastodon
+mastodon@Belladona:~$ ls
+mastodon@Belladona:~$ ls -lash
+total 24K
+4.0K drwx------ 2 mastodon mastodon 4.0K Mar 23 15:24 .
+4.0K drwxr-xr-x 3 root     root     4.0K Mar 23 15:22 ..
+4.0K -rw------- 1 mastodon mastodon   20 Mar 23 15:24 .bash_history
+4.0K -rw-r--r-- 1 mastodon mastodon  220 Mar 23 15:22 .bash_logout
+4.0K -rw-r--r-- 1 mastodon mastodon 3.5K Mar 23 15:22 .bashrc
+   0 -rw-r--r-- 1 mastodon mastodon    0 Mar 23 15:22 .cloud-locale-test.skip
+4.0K -rw-r--r-- 1 mastodon mastodon  807 Mar 23 15:22 .profile
+mastodon@Belladona:~$ git clone https://github.com/rbenv/rbenv.git ~/.rbenv
+Cloning into '/home/mastodon/.rbenv'...
+remote: Enumerating objects: 3270, done.
+remote: Counting objects: 100% (420/420), done.
+remote: Compressing objects: 100% (218/218), done.
+remote: Total 3270 (delta 234), reused 327 (delta 188), pack-reused 2850
+Receiving objects: 100% (3270/3270), 662.28 KiB | 5.56 MiB/s, done.
+Resolving deltas: 100% (2024/2024), done.
+mastodon@Belladona:~$ echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
+mastodon@Belladona:~$ echo 'eval "$(rbenv init -)"' >> ~/.bashrc
+mastodon@Belladona:~$ exec bash
+mastodon@Belladona:~$ git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
+Cloning into '/home/mastodon/.rbenv/plugins/ruby-build'...
+remote: Enumerating objects: 15923, done.
+remote: Counting objects: 100% (4057/4057), done.
+remote: Compressing objects: 100% (363/363), done.
+remote: Total 15923 (delta 3854), reused 3819 (delta 3682), pack-reused 11866
+Receiving objects: 100% (15923/15923), 3.11 MiB | 15.55 MiB/s, done.
+Resolving deltas: 100% (11360/11360), done.
+mastodon@Belladona:~$ RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install 3.2.3
+==> Downloading ruby-3.2.3.tar.gz...
+-> curl -q -fL -o ruby-3.2.3.tar.gz https://cache.ruby-lang.org/pub/ruby/3.2/ruby-3.2.3.tar.gz
+  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                 Dload  Upload   Total   Spent    Left  Speed
+100 19.6M  100 19.6M    0     0  18.7M      0  0:00:01  0:00:01 --:--:-- 18.7M
+==> Installing ruby-3.2.3...
+-> ./configure "--prefix=$HOME/.rbenv/versions/3.2.3" --enable-shared --with-ext=openssl,psych,+ --with-jemalloc
+-> make -j 12
+-> make install
+==> Installed ruby-3.2.3 to /home/mastodon/.rbenv/versions/3.2.3
+
+NOTE: to activate this Ruby version as the new default, run: rbenv global 3.2.3
+mastodon@Belladona:~$ rbenv global 3.2.3
+mastodon@Belladona:~$ gem install bundler --no-document
+Fetching bundler-2.5.7.gem
+Successfully installed bundler-2.5.7
+1 gem installed
+
+A new release of RubyGems is available: 3.4.19 → 3.5.7!
+Run `gem update --system 3.5.7` to update your installation.
+
+mastodon@Belladona:~$ exit
+exit
+
+[ Belladona ] [ /dev/pts/16 ] [~]
+→ sudo -u postgres psql
+psql (16.2 (Debian 16.2-1.pgdg120+2))
+Type "help" for help.
+
+postgres=# CREATE USER mastodon CREATEDB;
+CREATE ROLE
+postgres=# \q
+
+[ Belladona ] [ /dev/pts/16 ] [~]
+→ su - mastodon
+This account is currently not available.
+
+[ Belladona ] [ /dev/pts/16 ] [~]
+→ sudo -u mastodon bash
+mastodon@Belladona:/root$ cd /home/mastodon
+mastodon@Belladona:~$ git clone https://github.com/mastodon/mastodon.git live && cd live
+Cloning into 'live'...
+remote: Enumerating objects: 190880, done.
+remote: Counting objects: 100% (17/17), done.
+remote: Compressing objects: 100% (17/17), done.
+remote: Total 190880 (delta 0), reused 1 (delta 0), pack-reused 190863
+Receiving objects: 100% (190880/190880), 228.45 MiB | 14.19 MiB/s, done.
+Resolving deltas: 100% (141462/141462), done.
+mastodon@Belladona:~/live$ git checkout $(git tag -l | grep '^v[0-9.]*$' | sort -V | tail -n 1)
+Note: switching to 'v4.2.8'.
+
+You are in 'detached HEAD' state. You can look around, make experimental
+changes and commit them, and you can discard any commits you make in this
+state without impacting any branches by switching back to a branch.
+
+If you want to create a new branch to retain commits you create, you may
+do so (now or later) by using -c with the switch command. Example:
+
+  git switch -c new-branch-name>
+
+Or undo this operation with:
+
+  git switch -
+
+Turn off this advice by setting config variable advice.detachedHead to false
+
+HEAD is now at bdb6650eb Bump version to v4.2.8 (#29370)
+mastodon@Belladona:~/live$ bundle config deployment 'true'
+mastodon@Belladona:~/live$ bundle config without 'development test'
+mastodon@Belladona:~/live$ bundle install -j$(getconf _NPROCESSORS_ONLN)
+Bundler 2.5.7 is running, but your lockfile was generated with 2.4.13. Installing Bundler 2.4.13 and restarting using that version.
+Fetching gem metadata from https://rubygems.org/.
+Fetching bundler 2.4.13
+Installing bundler 2.4.13
+Fetching gem metadata from https://rubygems.org/.........
+Fetching https://github.com/stanhu/omniauth-cas.git
+Fetching https://github.com/mastodon/rails-settings-cached.git
+Fetching https://github.com/ClearlyClaire/webpush.git
+Fetching rake 13.0.6
+Installing rake 13.0.6
+Fetching date 3.3.4
+Fetching mini_mime 1.1.5
+Fetching minitest 5.19.0
+Fetching concurrent-ruby 1.2.3
+Fetching erubi 1.12.0
+Fetching racc 1.7.3
+Fetching crass 1.0.6
+Fetching rack 2.2.8.1
+Fetching nio4r 2.7.0
+Fetching websocket-extensions 0.1.5
+Fetching marcel 1.0.2
+Fetching builder 3.2.4
+Installing erubi 1.12.0
+Installing crass 1.0.6
+Installing websocket-extensions 0.1.5
+Installing mini_mime 1.1.5
+Fetching timeout 0.4.1
+Installing builder 3.2.4
+Installing marcel 1.0.2
+Installing date 3.3.4 with native extensions
+Installing racc 1.7.3 with native extensions
+Fetching jsonapi-renderer 0.2.2
+Installing timeout 0.4.1
+Installing minitest 5.19.0
+Installing nio4r 2.7.0 with native extensions
+Fetching public_suffix 5.0.3
+Installing jsonapi-renderer 0.2.2
+Fetching aes_key_wrap 1.1.0
+Installing rack 2.2.8.1
+Fetching android_key_attestation 0.3.0
+Installing aes_key_wrap 1.1.0
+Fetching encryptor 3.0.0
+Fetching attr_required 1.0.1
+Installing android_key_attestation 0.3.0
+Installing public_suffix 5.0.3
+Installing concurrent-ruby 1.2.3
+Installing attr_required 1.0.1
+Fetching awrence 1.2.1
+Fetching aws-eventstream 1.2.0
+Installing awrence 1.2.1
+Fetching aws-partitions 1.809.0
+Installing aws-eventstream 1.2.0
+Fetching jmespath 1.6.2
+Fetching faraday-em_http 1.0.0
+Fetching faraday-em_synchrony 1.0.0
+Installing encryptor 3.0.0
+Installing faraday-em_http 1.0.0
+Installing jmespath 1.6.2
+Installing aws-partitions 1.809.0
+Installing faraday-em_synchrony 1.0.0
+Fetching faraday-excon 1.1.0
+Fetching faraday-httpclient 1.0.1
+Installing faraday-excon 1.1.0
+Fetching multipart-post 2.3.0
+Fetching faraday-net_http 1.0.1
+Installing faraday-httpclient 1.0.1
+Fetching faraday-patron 1.0.0
+Installing multipart-post 2.3.0
+Fetching faraday-net_http_persistent 1.2.0
+Installing faraday-net_http 1.0.1
+Fetching faraday-rack 1.0.0
+Installing faraday-patron 1.0.0
+Installing faraday-net_http_persistent 1.2.0
+Fetching faraday-retry 1.0.3
+Using ruby2_keywords 0.0.5
+Fetching connection_pool 2.4.1
+Fetching bcp47_spec 0.2.1
+Fetching bcrypt 3.1.18
+Installing faraday-rack 1.0.0
+Fetching bindata 2.4.15
+Installing faraday-retry 1.0.3
+Installing connection_pool 2.4.1
+Fetching blurhash 0.1.7
+Installing bcp47_spec 0.2.1
+Fetching msgpack 1.7.1
+Installing blurhash 0.1.7 with native extensions
+Fetching browser 5.3.1
+Fetching redis 4.8.1
+Using bundler 2.4.13
+Fetching cbor 0.5.9.6
+Installing bcrypt 3.1.18 with native extensions
+Installing bindata 2.4.15
+Fetching charlock_holmes 0.7.7
+Fetching multi_json 1.15.0
+Installing msgpack 1.7.1 with native extensions
+Installing cbor 0.5.9.6 with native extensions
+Installing redis 4.8.1
+Installing browser 5.3.1
+Installing charlock_holmes 0.7.7 with native extensions
+Installing multi_json 1.15.0
+Fetching elasticsearch-dsl 0.1.10
+Fetching chunky_png 1.4.0
+Fetching climate_control 0.2.0
+Fetching cocoon 1.2.15
+Installing elasticsearch-dsl 0.1.10
+Installing climate_control 0.2.0
+Fetching color_diff 0.1
+Using openssl 3.1.0
+Fetching orm_adapter 0.5.0
+Installing cocoon 1.2.15
+Installing color_diff 0.1
+Installing chunky_png 1.4.0
+Fetching method_source 1.0.0
+Fetching thor 1.3.0
+Installing method_source 1.0.0
+Fetching rotp 6.2.2
+Fetching zeitwerk 2.6.13
+Installing orm_adapter 0.5.0
+Fetching unf_ext 0.0.8.2
+Installing thor 1.3.0
+Fetching dotenv 2.8.1
+Installing rotp 6.2.2
+Installing zeitwerk 2.6.13
+Installing dotenv 2.8.1
+Fetching ed25519 1.3.0
+Fetching excon 0.100.0
+Fetching fast_blank 1.0.1
+Installing ed25519 1.3.0 with native extensions
+Installing unf_ext 0.0.8.2 with native extensions
+Installing fast_blank 1.0.1 with native extensions
+Fetching fastimage 2.2.7
+Installing excon 0.100.0
+Installing fastimage 2.2.7
+Fetching ffi 1.15.5
+Fetching formatador 0.3.0
+Installing formatador 0.3.0
+Fetching mime-types-data 3.2023.0808
+Fetching ipaddress 0.8.3
+Fetching raabro 1.4.0
+Installing ffi 1.15.5 with native extensions
+Installing mime-types-data 3.2023.0808
+Installing raabro 1.4.0
+Fetching temple 0.10.2
+Fetching tilt 2.2.0
+Installing ipaddress 0.8.3
+Fetching hashie 5.0.0
+Using json 2.6.3
+Fetching hiredis 0.6.3
+Installing temple 0.10.2
+Installing tilt 2.2.0
+Installing hashie 5.0.0
+Fetching hkdf 0.3.0
+Fetching htmlentities 4.3.4
+Fetching http-form_data 2.3.0
+Installing hkdf 0.3.0
+Fetching http_accept_language 2.1.1
+Installing hiredis 0.6.3 with native extensions
+Installing htmlentities 4.3.4
+Installing http_accept_language 2.1.1
+Fetching httpclient 2.8.3
+Fetching rainbow 3.1.1
+Installing http-form_data 2.3.0
+Installing rainbow 3.1.1
+Fetching json-canonicalization 1.0.0
+Fetching idn-ruby 0.1.5
+Installing httpclient 2.8.3
+Installing json-canonicalization 1.0.0
+Installing idn-ruby 0.1.5 with native extensions
+Fetching link_header 0.0.8
+Fetching jwt 2.7.1
+Installing jwt 2.7.1
+Fetching kaminari-core 1.2.2
+Installing kaminari-core 1.2.2
+Using uri 0.12.2
+Installing link_header 0.0.8
+Fetching statsd-ruby 1.5.0
+Fetching net-ldap 0.18.0
+Installing statsd-ruby 1.5.0
+Installing net-ldap 0.18.0
+Fetching oj 3.16.1
+Fetching rexml 3.2.6
+Installing rexml 3.2.6
+Installing oj 3.16.1 with native extensions
+Fetching ox 2.14.17
+Installing ox 2.14.17 with native extensions
+Fetching parslet 2.0.0
+Installing parslet 2.0.0
+Fetching tty-color 0.6.0
+Installing tty-color 0.6.0
+Fetching pg 1.5.5
+Installing pg 1.5.5 with native extensions
+Fetching posix-spawn 0.3.15
+Fetching private_address_check 0.5.0
+Installing posix-spawn 0.3.15 with native extensions
+Installing private_address_check 0.5.0
+Fetching redcarpet 3.6.0
+Installing redcarpet 3.6.0 with native extensions
+Fetching rqrcode_core 1.2.0
+Installing rqrcode_core 1.2.0
+Fetching ruby-progressbar 1.13.0
+Installing ruby-progressbar 1.13.0
+Fetching rubyzip 2.3.2
+Installing rubyzip 2.3.2
+Fetching semantic_range 3.0.0
+Installing semantic_range 3.0.0
+Fetching tty-cursor 0.7.1
+Installing tty-cursor 0.7.1
+Fetching tty-screen 0.8.1
+Installing tty-screen 0.8.1
+Fetching wisper 2.0.1
+Installing wisper 2.0.1
+Fetching xorcist 1.1.3
+Fetching websocket-driver 0.7.6
+Installing xorcist 1.1.3 with native extensions
+Installing websocket-driver 0.7.6 with native extensions
+Fetching net-protocol 0.2.2
+Fetching aws-sigv4 1.6.0
+Installing aws-sigv4 1.6.0
+Installing net-protocol 0.2.2
+Fetching addressable 2.8.5
+Fetching nokogiri 1.16.2 (x86_64-linux)
+Fetching attr_encrypted 4.0.0
+Installing addressable 2.8.5
+Installing attr_encrypted 4.0.0
+Fetching rack-test 2.1.0
+Fetching warden 1.2.9
+Installing rack-test 2.1.0
+Fetching request_store 1.5.1
+Installing warden 1.2.9
+Fetching rack-protection 3.0.5
+Installing request_store 1.5.1
+Installing rack-protection 3.0.5
+Fetching rack-attack 6.7.0
+Fetching rack-cors 2.0.1
+Installing rack-cors 2.0.1
+Installing rack-attack 6.7.0
+Fetching rack-proxy 0.7.6
+Fetching faraday-multipart 1.0.4
+Fetching net-http-persistent 4.0.2
+Installing nokogiri 1.16.2 (x86_64-linux)
+Installing rack-proxy 0.7.6
+Fetching i18n 1.14.1
+Installing net-http-persistent 4.0.2
+Fetching sprockets 3.7.2
+Installing faraday-multipart 1.0.4
+Fetching brpoplpush-redis_script 0.1.3
+Fetching tzinfo 2.0.6
+Installing sprockets 3.7.2
+Installing i18n 1.14.1
+Installing brpoplpush-redis_script 0.1.3
+Fetching mario-redis-lock 1.2.1
+Fetching sidekiq 6.5.12
+Fetching redis-namespace 1.11.0
+Installing tzinfo 2.0.6
+Installing mario-redis-lock 1.2.1
+Fetching redlock 1.3.2
+Fetching elasticsearch-api 7.13.3
+Installing redis-namespace 1.11.0
+Fetching openssl-signature_algorithm 1.3.0
+Installing redlock 1.3.2
+Fetching terrapin 0.6.0
+Installing openssl-signature_algorithm 1.3.0
+Installing sidekiq 6.5.12
+Installing elasticsearch-api 7.13.3
+Installing terrapin 0.6.0
+Fetching mime-types 3.5.1
+Fetching hcaptcha 7.1.0
+Installing mime-types 3.5.1
+Installing hcaptcha 7.1.0
+Fetching haml 6.1.2
+Fetching httplog 1.6.2
+Installing haml 6.1.2 with native extensions
+Fetching safety_net_attestation 0.4.0
+Installing httplog 1.6.2
+Using webpush 0.3.8 from https://github.com/ClearlyClaire/webpush.git (at f14a4d5@f14a4d5)
+Installing safety_net_attestation 0.4.0
+Fetching rdf 3.3.1
+Fetching net-http 0.3.2
+Fetching unf 0.1.4
+Installing rdf 3.3.1
+Installing net-http 0.3.2
+Fetching pastel 0.8.0
+Installing unf 0.1.4
+Installing pastel 0.8.0
+Fetching rqrcode 2.2.0
+Fetching puma 6.4.2
+Fetching tty-reader 0.9.0
+Fetching net-pop 0.1.2
+Fetching net-smtp 0.3.4
+Installing tty-reader 0.9.0
+Fetching aws-sdk-core 3.181.0
+Installing rqrcode 2.2.0
+Installing net-smtp 0.3.4
+Fetching css_parser 1.14.0
+Installing net-pop 0.1.2
+Installing puma 6.4.2 with native extensions
+Fetching omniauth 2.1.1
+Fetching faraday 1.10.3
+Fetching activesupport 7.0.8.1
+Installing css_parser 1.14.0
+Installing omniauth 2.1.1
+Installing aws-sdk-core 3.181.0
+Installing faraday 1.10.3
+Fetching et-orbi 1.2.7
+Installing et-orbi 1.2.7
+Fetching tzinfo-data 1.2023.3
+Fetching stoplight 3.0.2
+Installing stoplight 3.0.2
+Fetching cose 1.3.0
+Installing activesupport 7.0.8.1
+Installing cose 1.3.0
+Fetching tpm-key_attestation 0.12.0
+Installing tpm-key_attestation 0.12.0
+Installing tzinfo-data 1.2023.3
+Fetching sidekiq-bulk 0.2.0
+Installing sidekiq-bulk 0.2.0
+Fetching sidekiq-unique-jobs 7.1.33
+Fetching fog-core 2.1.0
+Fetching bootsnap 1.16.0
+Fetching loofah 2.21.4
+Installing bootsnap 1.16.0 with native extensions
+Installing sidekiq-unique-jobs 7.1.33
+Installing fog-core 2.1.0
+Installing loofah 2.21.4
+Fetching ruby-saml 1.15.0
+Installing ruby-saml 1.15.0
+Fetching sanitize 6.0.2
+Installing sanitize 6.0.2
+Fetching domain_name 0.5.20190701
+Fetching twitter-text 3.1.0
+Fetching json-ld 3.3.1
+Fetching rdf-normalize 0.6.1
+Fetching tty-prompt 0.23.1
+Installing twitter-text 3.1.0
+Installing domain_name 0.5.20190701
+Installing rdf-normalize 0.6.1
+Fetching premailer 1.21.0
+Using omniauth-cas 2.0.0 from https://github.com/stanhu/omniauth-cas.git (at 4211e6d@4211e6d)
+Fetching fugit 1.8.1
+Installing json-ld 3.3.1
+Fetching net-imap 0.3.7
+Fetching faraday_middleware 1.2.0
+Installing tty-prompt 0.23.1
+Installing premailer 1.21.0
+Installing fugit 1.8.1
+Installing faraday_middleware 1.2.0
+Installing net-imap 0.3.7
+Fetching elasticsearch-transport 7.13.3
+Fetching rails-html-sanitizer 1.6.0
+Fetching webauthn 3.0.0
+Fetching rails-dom-testing 2.1.1
+Fetching globalid 1.1.0
+Installing rails-dom-testing 2.1.1
+Installing rails-html-sanitizer 1.6.0
+Fetching activemodel 7.0.8.1
+Installing globalid 1.1.0
+Fetching case_transform 0.2
+Installing webauthn 3.0.0
+Installing elasticsearch-transport 7.13.3
+Fetching json-jwt 1.15.3
+Fetching nsa 0.3.0
+Installing activemodel 7.0.8.1
+Installing case_transform 0.2
+Fetching swd 1.3.0
+Installing nsa 0.3.0
+Installing json-jwt 1.15.3
+Fetching webfinger 1.2.0
+Fetching pundit 2.3.0
+Installing swd 1.3.0
+Fetching simple-navigation 4.4.0
+Fetching fog-json 1.2.0
+Fetching omniauth-saml 2.1.0
+Installing pundit 2.3.0
+Installing webfinger 1.2.0
+Installing fog-json 1.2.0
+Installing omniauth-saml 2.1.0
+Fetching aws-sdk-kms 1.71.0
+Installing simple-navigation 4.4.0
+Fetching http-cookie 1.0.5
+Fetching json-ld-preloaded 3.2.2
+Fetching rufus-scheduler 3.9.1
+Fetching azure-storage-common 2.0.4
+Installing http-cookie 1.0.5
+Installing rufus-scheduler 3.9.1
+Fetching actionview 7.0.8.1
+Installing aws-sdk-kms 1.71.0
+Installing azure-storage-common 2.0.4
+Installing json-ld-preloaded 3.2.2
+Fetching activejob 7.0.8.1
+Fetching mail 2.8.1
+Fetching elasticsearch 7.13.3
+Fetching rack-oauth2 1.21.3
+Fetching activerecord 7.0.8.1
+Installing actionview 7.0.8.1
+Installing activejob 7.0.8.1
+Installing rack-oauth2 1.21.3
+Installing elasticsearch 7.13.3
+Fetching kt-paperclip 7.2.1
+Fetching validate_url 1.0.15
+Installing mail 2.8.1
+Installing validate_url 1.0.15
+Fetching fog-openstack 0.3.10
+Installing activerecord 7.0.8.1
+Fetching sidekiq-scheduler 5.0.3
+Fetching aws-sdk-s3 1.133.0
+Installing kt-paperclip 7.2.1
+Installing sidekiq-scheduler 5.0.3
+Installing fog-openstack 0.3.10
+Fetching azure-storage-blob 2.0.3
+Installing azure-storage-blob 2.0.3
+Installing aws-sdk-s3 1.133.0
+Fetching chewy 7.3.4
+Fetching actionpack 7.0.8.1
+Fetching kaminari-actionview 1.2.2
+Fetching md-paperclip-azure 2.2.0
+Installing chewy 7.3.4
+Installing kaminari-actionview 1.2.2
+Fetching validate_email 0.1.6
+Installing actionpack 7.0.8.1
+Installing md-paperclip-azure 2.2.0
+Installing validate_email 0.1.6
+Fetching openid_connect 1.4.2
+Installing openid_connect 1.4.2
+Fetching discard 1.2.1
+Fetching kaminari-activerecord 1.2.2
+Fetching strong_migrations 0.8.0
+Fetching pghero 3.3.4
+Fetching omniauth_openid_connect 0.6.1
+Installing discard 1.2.1
+Installing kaminari-activerecord 1.2.2
+Fetching kaminari 1.2.2
+Installing omniauth_openid_connect 0.6.1
+Installing strong_migrations 0.8.0
+Installing kaminari 1.2.2
+Fetching actioncable 7.0.8.1
+Fetching actionmailer 7.0.8.1
+Fetching activestorage 7.0.8.1
+Installing pghero 3.3.4
+Installing actioncable 7.0.8.1
+Installing actionmailer 7.0.8.1
+Fetching active_model_serializers 0.10.13
+Fetching railties 7.0.8.1
+Installing activestorage 7.0.8.1
+Fetching omniauth-rails_csrf_protection 1.0.1
+Installing active_model_serializers 0.10.13
+Fetching simple_form 5.2.0
+Installing omniauth-rails_csrf_protection 1.0.1
+Fetching sprockets-rails 3.4.2
+Installing sprockets-rails 3.4.2
+Fetching premailer-rails 1.12.0
+Installing simple_form 5.2.0
+Fetching ffi-compiler 1.0.1
+Installing railties 7.0.8.1
+Installing premailer-rails 1.12.0
+Installing ffi-compiler 1.0.1
+Fetching llhttp-ffi 0.4.0
+Fetching actiontext 7.0.8.1
+Fetching actionmailbox 7.0.8.1
+Installing llhttp-ffi 0.4.0 with native extensions
+Installing actionmailbox 7.0.8.1
+Installing actiontext 7.0.8.1
+Fetching responders 3.1.0
+Fetching dotenv-rails 2.8.1
+Fetching haml-rails 2.1.0
+Fetching rails 7.0.8.1
+Fetching doorkeeper 5.6.6
+Fetching lograge 0.13.0
+Fetching rails-i18n 7.0.7
+Installing dotenv-rails 2.8.1
+Installing responders 3.1.0
+Installing haml-rails 2.1.0
+Installing rails 7.0.8.1
+Installing lograge 0.13.0
+Fetching scenic 1.7.0
+Installing rails-i18n 7.0.7
+Fetching webpacker 5.4.4
+Using rails-settings-cached 0.6.6 from https://github.com/mastodon/rails-settings-cached.git (at v0.6.6-aliases-true@86328ef)
+Installing doorkeeper 5.6.6
+Installing scenic 1.7.0
+Fetching devise 4.9.2
+Installing webpacker 5.4.4
+Installing devise 4.9.2
+Fetching http 5.1.1
+Installing http 5.1.1
+Fetching devise-two-factor 4.1.0
+Installing devise-two-factor 4.1.0
+Bundle complete! 130 Gemfile dependencies, 243 gems now installed.
+Gems in the groups 'development' and 'test' were not installed.
+Bundled gems are installed into `./vendor/bundle`
+Post-install message from encryptor:
+
+
+
+Please be aware that Encryptor v2.0.0 had a major security bug when using AES-*-GCM algorithms.
+
+By default You will not be able to decrypt data that was previously encrypted using an AES-*-GCM algorithm.
+
+Please see the README and https://github.com/attr-encrypted/encryptor/pull/22 for more information.
+
+
+Post-install message from attr_encrypted:
+
+
+
+WARNING: Using `#encrypted_attributes` is no longer supported. Instead, use `#attr_encrypted_encrypted_attributes` to avoid
+  collision with Active Record 7 native encryption.
+
+
+Post-install message from devise:
+
+[DEVISE] Please review the [changelog] and [upgrade guide] for more info on Hotwire / Turbo integration.
+
+  [changelog] https://github.com/heartcombo/devise/blob/main/CHANGELOG.md
+  [upgrade guide] https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-%5BHotwire-Turbo-integration%5D
+  Post-install message from doorkeeper:
+Starting from 5.5.0 RC1 Doorkeeper requires client authentication for Resource Owner Password Grant
+as stated in the OAuth RFC. You have to create a new OAuth client (Doorkeeper::Application) if you didn't
+have it before and use client credentials in HTTP Basic auth if you previously used this grant flow without
+client authentication.
+
+To opt out of this you could set the "skip_client_authentication_for_password_grant" configuration option
+to "true", but note that this is in violation of the OAuth spec and represents a security risk.
+
+Read https://github.com/doorkeeper-gem/doorkeeper/issues/561#issuecomment-612857163 for more details.
+Post-install message from kt-paperclip:
+##################################################
+#  NOTE FOR UPGRADING FROM 4.3.0 OR EARLIER      #
+##################################################
+
+Paperclip is now compatible with aws-sdk-s3.
+
+If you are using S3 storage, aws-sdk-s3 requires you to make a few small
+changes:
+
+* You must set the `s3_region`
+* If you are explicitly setting permissions anywhere, such as in an initializer,
+  note that the format of the permissions changed from using an underscore to
+  using a hyphen. For example, `:public_read` needs to be changed to
+  `public-read`.
+
+For a walkthrough of upgrading from 4 to *5* (not 6) and aws-sdk >= 2.0 you can watch
+http://rubythursday.com/episodes/ruby-snack-27-upgrade-paperclip-and-aws-sdk-in-prep-for-rails-5
+Post-install message from rubyzip:
+RubyZip 3.0 is coming!
+**********************
+
+The public API of some Rubyzip classes has been modernized to use named
+parameters for optional arguments. Please check your usage of the
+following classes:
+  * `Zip::File`
+  * `Zip::Entry`
+  * `Zip::InputStream`
+  * `Zip::OutputStream`
+
+Please ensure that your Gemfiles and .gemspecs are suitably restrictive
+to avoid an unexpected breakage when 3.0 is released (e.g. ~> 2.3.0).
+See https://github.com/rubyzip/rubyzip for details. The Changelog also
+lists other enhancements and bugfixes that have been implemented since
+version 2.3.0.
+Post-install message from sidekiq-unique-jobs:
+IMPORTANT!
+
+Automatic configuration of the sidekiq middleware is no longer done.
+Please see: https://github.com/mhenrixon/sidekiq-unique-jobs/blob/master/README.md#add-the-middleware
+
+This version deprecated the following sidekiq_options
+
+  - sidekiq_options lock_args: :method_name
+
+It is now configured with:
+
+  - sidekiq_options lock_args_method: :method_name
+
+This is also true for `Sidekiq.default_worker_options`
+
+We also deprecated the global configuration options:
+  - default_lock_ttl
+  - default_lock_ttl=
+  - default_lock_timeout
+  - default_lock_timeout=
+
+The new methods to use are:
+  - lock_ttl
+  - lock_ttl=
+  - lock_timeout
+  - lock_timeout=
+mastodon@Belladona:~/live$ yarn install --pure-lockfile
+yarn install v1.22.22
+[1/6] Validating package.json...
+[2/6] Resolving packages...
+[3/6] Fetching packages...
+warning Pattern ["strip-ansi@^6.0.1"] is trying to unpack in the same destination "/home/mastodon/.cache/yarn/v6/npm-strip-ansi-cjs-6.0.1-9e26c63d30f53443e9489495b2105d37b67a85d9-integrity/node_modules/strip-ansi-cjs" as pattern ["strip-ansi-cjs@npm:strip-ansi@^6.0.1"]. This could result in non-deterministic behavior, skipping.
+warning Pattern ["string-width@^4.1.0"] is trying to unpack in the same destination "/home/mastodon/.cache/yarn/v6/npm-string-width-cjs-4.2.3-269c7117d27b05ad2e536830a8ec895ef9c6d010-integrity/node_modules/string-width-cjs" as pattern ["string-width-cjs@npm:string-width@^4.2.0"]. This could result in non-deterministic behavior, skipping.
+warning Pattern ["strip-ansi@^6.0.0"] is trying to unpack in the same destination "/home/mastodon/.cache/yarn/v6/npm-strip-ansi-cjs-6.0.1-9e26c63d30f53443e9489495b2105d37b67a85d9-integrity/node_modules/strip-ansi-cjs" as pattern ["strip-ansi-cjs@npm:strip-ansi@^6.0.1"]. This could result in non-deterministic behavior, skipping.
+warning Pattern ["string-width@^4.2.3"] is trying to unpack in the same destination "/home/mastodon/.cache/yarn/v6/npm-string-width-cjs-4.2.3-269c7117d27b05ad2e536830a8ec895ef9c6d010-integrity/node_modules/string-width-cjs" as pattern ["string-width-cjs@npm:string-width@^4.2.0"]. This could result in non-deterministic behavior, skipping.
+warning Pattern ["string-width@^1.0.2 || 2 || 3 || 4"] is trying to unpack in the same destination "/home/mastodon/.cache/yarn/v6/npm-string-width-cjs-4.2.3-269c7117d27b05ad2e536830a8ec895ef9c6d010-integrity/node_modules/string-width-cjs" as pattern ["string-width-cjs@npm:string-width@^4.2.0"]. This could result in non-deterministic behavior, skipping.
+warning Pattern ["string-width@^4.2.0"] is trying to unpack in the same destination "/home/mastodon/.cache/yarn/v6/npm-string-width-cjs-4.2.3-269c7117d27b05ad2e536830a8ec895ef9c6d010-integrity/node_modules/string-width-cjs" as pattern ["string-width-cjs@npm:string-width@^4.2.0"]. This could result in non-deterministic behavior, skipping.
+warning Pattern ["wrap-ansi@^7.0.0"] is trying to unpack in the same destination "/home/mastodon/.cache/yarn/v6/npm-wrap-ansi-cjs-7.0.0-67e145cff510a6a6984bdf1152911d69d2eb9e43-integrity/node_modules/wrap-ansi-cjs" as pattern ["wrap-ansi-cjs@npm:wrap-ansi@^7.0.0"]. This could result in non-deterministic behavior, skipping.
+[4/6] Linking dependencies...
+warning " > emoji-mart@3.0.1-j" has incorrect peer dependency "react@^0.14.0 || ^15.0.0-0 || ^16.0.0 || ^17.0.0".
+warning " > react-motion@0.5.2" has incorrect peer dependency "react@^0.14.9 || ^15.3.0 || ^16.0.0".
+warning " > react-notification@6.8.5" has incorrect peer dependency "react@^0.14.0 || ^15.0.0 || ^16.0.0".
+warning " > react-router-scroll-4@1.0.0-beta.2" has incorrect peer dependency "react@^15.0.0 || ^16.0.0".
+warning " > react-router-scroll-4@1.0.0-beta.2" has incorrect peer dependency "react-dom@^15.0.0 || ^16.0.0".
+warning " > react-swipeable-views@0.14.0" has incorrect peer dependency "react@^15.3.0 || ^16.0.0 || ^17.0.0".
+warning "react-swipeable-views > react-swipeable-views-utils > react-event-listener@0.6.6" has incorrect peer dependency "react@^16.3.0".
+[5/6] Building fresh packages...
+[6/6] Cleaning modules...
+$ husky install
+[##################################################################################################################################################################################################################################] 5661/5661husky - Git hooks installed
+Done in 39.39s.
+mastodon@Belladona:~/live$ RAILS_ENV=production bundle exec rake mastodon:setup
+Your instance is identified by its domain name. Changing it afterward will break things.
+Domain name: mastodon.datura.network
+
+Single user mode disables registrations and redirects the landing page to your public profile.
+Do you want to enable single user mode? No
+
+Are you using Docker to run Mastodon? no
+
+PostgreSQL host: /var/run/postgresql
+PostgreSQL port: 5432
+Name of PostgreSQL database: mastodon_production
+Name of PostgreSQL user: mastodon
+Password of PostgreSQL user:
+Database configuration works! 🎆
+
+Redis host: localhost
+Redis port: 6379
+Redis password:
+Redis configuration works! 🎆
+
+Do you want to store uploaded files on the cloud? No
+
+Do you want to send e-mails from localhost? No
+SMTP server: mail.nihilism.network
+SMTP port: 587
+SMTP username: surveillance
+SMTP password:
+SMTP authentication: starttls
+SMTP OpenSSL verify mode: client_once
+Enable STARTTLS: always
+E-mail address to send e-mails "from": surveillance@nihilism.network
+Send a test e-mail with this configuration right now? Yes
+Send test e-mail to: nihilist@nihilism.network
+E-mail could not be sent with this configuration, try again.
+wrong authentication type starttls
+Try again? Yes
+Do you want to send e-mails from localhost? No
+SMTP server: mail.nihilism.network
+SMTP port: 587
+SMTP username: surveillance
+SMTP password:
+SMTP authentication: plain
+SMTP OpenSSL verify mode: none
+Enable STARTTLS: always
+E-mail address to send e-mails "from": surveillance@nihilism.network
+Send a test e-mail with this configuration right now? Yes
+Send test e-mail to: nihilist@nihilism.network
+
+Do you want Mastodon to periodically check for important updates and notify you? (Recommended) Yes
+
+This configuration will be written to .env.production
+Save configuration? Yes
+
+Now that configuration is saved, the database schema must be loaded.
+If the database already exists, this will erase its contents.
+Prepare the database now? Yes
+Running `RAILS_ENV=production rails db:setup` ...
+
+
+Created database 'mastodon_production'
+Done!
+
+The final step is compiling CSS/JS assets.
+This may take a while and consume a lot of RAM.
+Compile the assets now? Yes
+Running `RAILS_ENV=production rails assets:precompile` ...
+
+
+I, [2024-03-23T15:37:10.410961 #561860]  INFO -- : Writing /home/mastodon/live/public/assets/doorkeeper/admin/application-a644908e7bab54fb749be0f59fb64a7480bbf9c4c2b79d4a65791cb7ab4d8730.css
+I, [2024-03-23T15:37:10.411250 #561860]  INFO -- : Writing /home/mastodon/live/public/assets/doorkeeper/admin/application-a644908e7bab54fb749be0f59fb64a7480bbf9c4c2b79d4a65791cb7ab4d8730.css.gz
+I, [2024-03-23T15:37:10.418962 #561860]  INFO -- : Writing /home/mastodon/live/public/assets/doorkeeper/application-c93dac2ad9d65e3393e0e2c958481e86ef7a5e5b0f6ce406842a7b99b25a4850.css
+I, [2024-03-23T15:37:10.419052 #561860]  INFO -- : Writing /home/mastodon/live/public/assets/doorkeeper/application-c93dac2ad9d65e3393e0e2c958481e86ef7a5e5b0f6ce406842a7b99b25a4850.css.gz
+I, [2024-03-23T15:37:10.420412 #561860]  INFO -- : Writing /home/mastodon/live/public/assets/pghero/favicon-db10337a56c45eb43c22ff5019546b520fa22c7281d4d385f235cbca67ed26bb.png
+I, [2024-03-23T15:37:10.683030 #561860]  INFO -- : Writing /home/mastodon/live/public/assets/pghero/application-fc5c893e805df52338bef3bda5a5431f74f1401da68e4f0381ac9ecb7a801e1a.js
+I, [2024-03-23T15:37:10.683160 #561860]  INFO -- : Writing /home/mastodon/live/public/assets/pghero/application-fc5c893e805df52338bef3bda5a5431f74f1401da68e4f0381ac9ecb7a801e1a.js.gz
+I, [2024-03-23T15:37:10.689346 #561860]  INFO -- : Writing /home/mastodon/live/public/assets/pghero/application-29fa393e673685cdbf2fb2b637098a15b988605f46bfa962f6e0cb94d15bc567.css
+I, [2024-03-23T15:37:10.689459 #561860]  INFO -- : Writing /home/mastodon/live/public/assets/pghero/application-29fa393e673685cdbf2fb2b637098a15b988605f46bfa962f6e0cb94d15bc567.css.gz
+Compiling...
+Compiled all packs in /home/mastodon/live/public/packs
+Browserslist: caniuse-lite is outdated. Please run:
+  npx update-browserslist-db@latest
+  Why you should do it regularly: https://github.com/browserslist/update-db#readme
+`isModuleDeclaration` has been deprecated, please migrate to `isImportOrExportDeclaration`
+    at isModuleDeclaration (/home/mastodon/live/node_modules/babel-plugin-lodash/node_modules/@babel/types/lib/validators/generated/index.js:2740:35)
+    at PluginPass.Program (/home/mastodon/live/node_modules/babel-plugin-lodash/lib/index.js:102:44)
+Browserslist: caniuse-lite is outdated. Please run:
+  npx update-browserslist-db@latest
+  Why you should do it regularly: https://github.com/browserslist/update-db#readme
+Browserslist: caniuse-lite is outdated. Please run:
+  npx update-browserslist-db@latest
+  Why you should do it regularly: https://github.com/browserslist/update-db#readme
+
+Done!
+
+All done! You can now power on the Mastodon server 🐘
+
+Do you want to create an admin user straight away? Yes
+Username: nihilist
+E-mail: nihilist@nihilism.network
+You can login with the password: 
+You can change your password once you login.
+
+	
+
+ +

+ +

+	
+
+ +

+ +

+	
+
+ +
+
+
+
+ + + +
+
+
+
+

Setup



+

+

+	
+
+ +

+

+	
+
+ +

+

+	
+
+ +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/matrixnew/0.png b/servers/matrixnew/0.png new file mode 100644 index 0000000..1ab3b67 Binary files /dev/null and b/servers/matrixnew/0.png differ diff --git a/servers/matrixnew/1.png b/servers/matrixnew/1.png new file mode 100644 index 0000000..cf2dae7 Binary files /dev/null and b/servers/matrixnew/1.png differ diff --git a/servers/matrixnew/10.png b/servers/matrixnew/10.png new file mode 100644 index 0000000..c3a4925 Binary files /dev/null and b/servers/matrixnew/10.png differ diff --git a/servers/matrixnew/11.png b/servers/matrixnew/11.png new file mode 100644 index 0000000..f993458 Binary files /dev/null and b/servers/matrixnew/11.png differ diff --git a/servers/matrixnew/12.png b/servers/matrixnew/12.png new file mode 100644 index 0000000..ebdf171 Binary files /dev/null and b/servers/matrixnew/12.png differ diff --git a/servers/matrixnew/13.png b/servers/matrixnew/13.png new file mode 100644 index 0000000..437a1d2 Binary files /dev/null and b/servers/matrixnew/13.png differ diff --git a/servers/matrixnew/14.png b/servers/matrixnew/14.png new file mode 100644 index 0000000..bc4eabc Binary files /dev/null and b/servers/matrixnew/14.png differ diff --git a/servers/matrixnew/15.png b/servers/matrixnew/15.png new file mode 100644 index 0000000..287ff4b Binary files /dev/null and b/servers/matrixnew/15.png differ diff --git a/servers/matrixnew/2.png b/servers/matrixnew/2.png new file mode 100644 index 0000000..764c84d Binary files /dev/null and b/servers/matrixnew/2.png differ diff --git a/servers/matrixnew/3.png b/servers/matrixnew/3.png new file mode 100644 index 0000000..5f5205b Binary files /dev/null and b/servers/matrixnew/3.png differ diff --git a/servers/matrixnew/4.png b/servers/matrixnew/4.png new file mode 100644 index 0000000..646f212 Binary files /dev/null and b/servers/matrixnew/4.png differ diff --git a/servers/matrixnew/5.png b/servers/matrixnew/5.png new file mode 100644 index 0000000..2df6627 Binary files /dev/null and b/servers/matrixnew/5.png differ diff --git a/servers/matrixnew/6.png b/servers/matrixnew/6.png new file mode 100644 index 0000000..2d8d2e4 Binary files /dev/null and b/servers/matrixnew/6.png differ diff --git a/servers/matrixnew/7.png b/servers/matrixnew/7.png new file mode 100644 index 0000000..267858b Binary files /dev/null and b/servers/matrixnew/7.png differ diff --git a/servers/matrixnew/8.png b/servers/matrixnew/8.png new file mode 100644 index 0000000..e5b8fe0 Binary files /dev/null and b/servers/matrixnew/8.png differ diff --git a/servers/matrixnew/9.png b/servers/matrixnew/9.png new file mode 100644 index 0000000..9d879c6 Binary files /dev/null and b/servers/matrixnew/9.png differ diff --git a/servers/matrixnew/index.html b/servers/matrixnew/index.html new file mode 100644 index 0000000..180e3b3 --- /dev/null +++ b/servers/matrixnew/index.html @@ -0,0 +1,342 @@ + + + + + + + + + + + Matrix Chat Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

root@Datura - 2024-01-14

+

Matrix Chat Setup

+ +

In this tutorial we're going to setup a private matrix chat server along with VoIP support for the element desktop client.

+

Disclaimer: If you want this service to remain anonymous, make sure you at least keep TOR between you and the service from the VPS acquisition to actual service usage.

+ +
+
+
+
+ + +
+
+
+
+

Initial Setup

+

First install the required packages:

+

+apt install docker.io docker-compose
+	
+
+ +

Then create the directories required:

+

+mkdir /srv/matrix/data -p
+chown -R 755 /srv/matrix/data
+cd /srv/matrix
+
+
+

Then we'll create the docker-compose.yml file and the generateconfig.sh script:

+

+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ cat docker-compose.yml
+version: "3.3"
+
+services:
+ synapse:
+  image: "matrixdotorg/synapse:latest"
+  container_name: "matrix_synapse"
+  ports:
+   - 8008:8008
+  volumes:
+   - "./data:/data" #it will look at the current directory where you save the file and look for the data folder inside
+  environment:
+   VIRTUAL_HOST: "m.datura.network"
+   VIRTUAL_PORT: 8008
+   LETSENCRYPT_HOST: "m.datura.network"
+   SYNAPSE_SERVER_NAME: "m.datura.network"
+   SYNAPSE_REPORT_STATS: "yes"
+ coturn:
+  image: instrumentisto/coturn:latest
+  restart: unless-stopped
+  volumes:
+   - ./coturn/turnserver.conf:/etc/coturn/turnserver.conf
+  ports:
+   - 47160-47200:47160-47200/udp
+   - 3478:3478
+   - 5349:5349
+  networks:
+   - mybridge
+networks:
+ mybridge:
+  driver: bridge
+
+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ cat generateconfig.sh
+#!/bin/bash
+
+docker-compose run --rm -e SYNAPSE_SERVER_NAME=m.datura.network -e SYNAPSE_REPORT_STATS=yes synapse generate
+	
+
+

My matrix server will have the "m.datura.network" domain name. The coturn config mentionned here is used for the VOIP support. Now let's generate the initial keys of the matrix server like so:

+

+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ ./generateconfig.sh
+Creating network "matrix_default" with the default driver
+Creating network "matrix_mybridge" with driver "bridge"
+Setting ownership on /data to 991:991
+Creating log config /data/m.datura.network.log.config
+Generating config file /data/homeserver.yaml
+Generating signing key file /data/m.datura.network.signing.key
+A config file has been generated in '/data/homeserver.yaml' for server name 'm.datura.network'. Please review this file and customise it to your needs.
+
+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ ls
+coturn  data  docker-compose.yml  docker-compose.yml.coturn  generateconfig.sh  m.datura.network.conf.nginx
+
+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ ls data -lash
+total 20K
+4.0K drwxr-xr-x 2  991  991 4.0K Jan 14 11:12 .
+4.0K drwxr-xr-x 4 root root 4.0K Jan  4 13:50 ..
+4.0K -rw-r--r-- 1 root root 1.3K Jan 14 11:12 homeserver.yaml
+4.0K -rw-r--r-- 1 root root  694 Jan 14 11:12 m.datura.network.log.config
+4.0K -rw-r--r-- 1 root root   59 Jan 14 11:12 m.datura.network.signing.key
+	
+
+

Now that's done, we can edit the homeserver.yaml if you want to remove trust into the "matrix.org" keys for federation to make it a truly private server:

+

+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ cat data/homeserver.yaml | grep server
+
+trusted_key_servers:
+  - server_name: ""
+
+
+

Then we can edit the coturn config like so:

+

+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ ls
+coturn  data  docker-compose.yml  docker-compose.yml.coturn  generateconfig.sh  m.datura.network.conf.nginx
+
+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ cat coturn/turnserver.conf
+use-auth-secret
+static-auth-secret=cuAWWAAWWAAWWAWADDWADWADWADWADWADWAWADDWADWWADWADDWADWDWoy
+realm=m.datura.network
+listening-port=3478
+tls-listening-port=5349
+min-port=47160
+max-port=47200
+verbose
+allow-loopback-peers
+cli-password=cuAWWAAWWAAWWAWADDWADWADWADWADWADWAWADDWADWWADWADDWADWDWoy
+external-ip=116.202.216.190	
+
+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ cat data/homeserver.yaml | grep turn
+turn_uris: [ "turn:m.datura.network?transport=udp", "turn:m.datura.network?transport=tcp" ]
+turn_shared_secret: "cuAWWAAWWAAWWAWADDWADWADWADWADWADWAWADDWADWWADWADDWADWDWoy"
+turn_user_lifetime: 86400000
+turn_allow_guests: true
+
+
+
+

Make sure the ports match the ones in the docker-compose.yml file, and the external IP is the one of your server:

+

+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ curl ifconfig.me -4
+116.202.216.190
+	
+
+

Then we start the docker-compose:

+

+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ docker-compose up -d
+Creating matrix_coturn_1 ... done
+Creating matrix_synapse  ... done
+	
+
+

Then we create the accounts like so:

+

+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ docker container ls | grep matrixdot
+134d440b1480   matrixdotorg/synapse:latest                          "/start.py"              About a minute ago   Up 25 seconds (healthy)   8009/tcp, 0.0.0.0:8008->8008/tcp, :::8008->8008/tcp, 8448/tcp                                                                                                           matrix_synapse
+
+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ docker exec -it 134 bash
+root@134d440b1480:/#
+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ docker exec -it 134 bash
+
+root@134d440b1480:/# register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008
+New user localpart [root]: nihilist
+Password:
+Confirm password:
+Make admin [no]: yes
+Sending registration request...
+Success!
+
+root@134d440b1480:/# exit
+exit
+
+
+

Then we make sure that we can access the matrix server via nginx:

+

+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ cat /etc/nginx/sites-enabled/m.datura.network.conf
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    # For the federation port
+    listen 8448 ssl http2;
+    listen [::]:8448 ssl http2;
+
+    server_name m.datura.network;
+
+        ssl_certificate                         /etc/acme/certs/m.datura.network/fullchain.cer;
+        ssl_certificate_key                     /etc/acme/certs/m.datura.network/m.datura.network.key;
+
+    location ~ ^(/_matrix|/_synapse/client) {
+        # note: do not add a path (even a single /) after the port in `proxy_pass`,
+        # otherwise nginx will canonicalise the URI and cause signature verification
+        # errors.
+        proxy_pass http://localhost:8008;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+
+        # Nginx by default only allows file uploads up to 1M in size
+        # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
+        client_max_body_size 50M;
+
+        # Synapse responses may be chunked, which is an HTTP/1.1 feature.
+        proxy_http_version 1.1;
+    }
+}
+	
+[ Datura-Network ] [ /dev/pts/1 ] [/srv/matrix]
+→ nginx -t
+nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+nginx: configuration file /etc/nginx/nginx.conf test is successful
+
+
+

Then we test that we can login from a matrix client (which can be installed inside a whonix VM), let's use element because we want to be able to do voicecalls:

+ + + + + +

Here we will setup a secure backup password, that is a separate password, for end to end encryption purposes. Then you can do the following steps:

+ +

Make sure you log out of every unverified session:

+ + +

You may need to log in and log out before being able to send messages so do that, then create the space along with the chatroom

+ + + + + + + + +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/monero/0.png b/servers/monero/0.png new file mode 100644 index 0000000..76cd4dd Binary files /dev/null and b/servers/monero/0.png differ diff --git a/servers/monero/1.png b/servers/monero/1.png new file mode 100644 index 0000000..5710413 Binary files /dev/null and b/servers/monero/1.png differ diff --git a/servers/monero/2.png b/servers/monero/2.png new file mode 100644 index 0000000..8979f24 Binary files /dev/null and b/servers/monero/2.png differ diff --git a/servers/monero/3.png b/servers/monero/3.png new file mode 100644 index 0000000..aef7dba Binary files /dev/null and b/servers/monero/3.png differ diff --git a/servers/monero/4.png b/servers/monero/4.png new file mode 100644 index 0000000..9a35b3c Binary files /dev/null and b/servers/monero/4.png differ diff --git a/servers/monero/index.html b/servers/monero/index.html new file mode 100644 index 0000000..0aeb08c --- /dev/null +++ b/servers/monero/index.html @@ -0,0 +1,945 @@ + + + + + + + + + + + monero Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nothing@nowhere - 2021-12-07

+

Monero Node Setup

+ +

In this tutorial we're going to take a look at how to setup a monero node on a Ubuntu VM:

+ +
+
+
+
+ +
+
+
+
+

2023 easy tutorial:



+

first install monero from the repositories:

+

+[ Datura Network ] [ /dev/pts/0 ] [/srv/datura.network]
+→ apt install monero -y
+
+
+

create the systemd service

+

+[ Datura Network ] [ /dev/pts/0 ] [/srv/datura.network]
+→ vim /etc/systemd/system/moneronode.service
+
+[ Datura Network ] [ /dev/pts/0 ] [/srv/datura.network]
+→ cat /etc/systemd/system/moneronode.service
+[Unit]
+Description=monerod
+After=network.target
+Wants=network.target
+
+[Service]
+ExecStart=/usr/bin/monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist --data-dir /srv/XMR --block-sync-size=50 --out-peers 100 --prep-blocks-threads=128 --prune-blockchain --sync-pruned-blocks --rpc-bind-port=18081 --rpc-bind-ip=0.0.0.0 --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --confirm-external-bind --non-interactive
+Restart=on-failure
+RestartSec=10s
+
+
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
+
+
+

Then enable it:

+

+[ Datura Network ] [ /dev/pts/0 ] [/srv/datura.network]
+→ systemctl daemon-reload
+
+[ Datura Network ] [ /dev/pts/0 ] [/srv/datura.network]
+→ systemctl enable --now moneronode
+Created symlink /etc/systemd/system/multi-user.target.wants/moneronode.service → /etc/systemd/system/moneronode.service.
+
+

Then wait for it to sync:

+

+[ Datura Network ] [ /dev/pts/0 ] [/srv/datura.network]
+→ systemctl status moneronode
+● moneronode.service - monerod
+     Loaded: loaded (/etc/systemd/system/moneronode.service; enabled; preset: enabled)
+     Active: active (running) since Sun 2023-07-09 15:36:44 CEST; 2min 22s ago
+   Main PID: 8410 (monerod)
+      Tasks: 30 (limit: 77000)
+     Memory: 1.7G
+        CPU: 1min 53.681s
+     CGroup: /system.slice/moneronode.service
+             └─8410 /usr/bin/monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist --data-dir /srv/XMR --block-sync-size=50 --out-peers 100 --prep-blocks-threads=128 --prune-blockchain --sync-pruned-blocks --rpc-bind-port=18081 --rpc-bind-ip=0.0.0.0 ->
+
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.055        I Synced 88702/2925934 (3%, 2837232 left)
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.188        I Synced 88752/2925934 (3%, 2837182 left)
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.310        I Synced 88802/2925934 (3%, 2837132 left)
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.452        I Synced 88852/2925934 (3%, 2837082 left)
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.576        I Synced 88902/2925934 (3%, 2837032 left)
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.756        I Synced 88952/2925934 (3%, 2836982 left)
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.890        I Synced 89002/2925934 (3%, 2836932 left)
+Jul 09 15:39:07 Datura monerod[8410]: 2023-07-09 13:39:07.060        I Synced 89052/2925934 (3%, 2836882 left)
+Jul 09 15:39:07 Datura monerod[8410]: 2023-07-09 13:39:07.182        I Synced 89088/2925934 (3%, 2836846 left)
+Jul 09 15:39:07 Datura monerod[8410]: 2023-07-09 13:39:07.376        I Synced 89138/2925934 (3%, 2836796 left)
+
+
+

On a SSD it may take 1 day, and weigh approximately 60 gigs as of writing this tutorial. The synchronisation is a very disk-intensive process, and so it is required to do it on a nvme disk or ssd at least. If you try to do that on a HDD it will take much, much longer. If you don't have a choice, sync it on a nvme somewhere and then rsync it to a server that has only HDDs.

+
+
+
+
+ + +
+
+
+
+

Initial Setup

+

First let's setup the required dependencies:

+

+root@XMR:~# sudo ufw allow 18080
+Rules updated
+Rules updated (v6)
+root@XMR:~# wget https://downloads.getmonero.org/linux64
+--2021-12-07 17:46:09--  https://downloads.getmonero.org/linux64
+Resolving downloads.getmonero.org (downloads.getmonero.org)... 157.185.175.107, 157.185.145.90
+Connecting to downloads.getmonero.org (downloads.getmonero.org)|157.185.175.107|:443... connected.
+HTTP request sent, awaiting response... 302 Moved Temporarily
+Location: https://downloads.getmonero.org/cli/monero-linux-x64-v0.17.3.0.tar.bz2 [following]
+--2021-12-07 17:46:10--  https://downloads.getmonero.org/cli/monero-linux-x64-v0.17.3.0.tar.bz2
+Reusing existing connection to downloads.getmonero.org:443.
+HTTP request sent, awaiting response... 200 OK
+Length: 75791408 (72M) [application/octet-stream]
+Saving to: 'linux64'
+
+linux64                                              100%[======================================================================================================================>]  72.28M   505KB/s    in 2m 29s
+
+2021-12-07 17:48:39 (497 KB/s) - 'linux64' saved [75791408/75791408]
+
+root@XMR:~# mkdir monero
+root@XMR:~# tar -xjvf linux64 -C monero
+root@XMR:~# cd monero
+root@XMR:~/monero# cd monero-x86_64-linux-gnu-v0.17.3.0/
+	
+root@XMR:~/monero/monero-x86_64-linux-gnu-v0.17.3.0# ls -l
+total 218860
+-rw-r--r-- 1 root root    10083 Nov 30 22:07 ANONYMITY_NETWORKS.md
+-rw-r--r-- 1 root root     2730 Nov 30 22:07 LICENSE
+-rw-r--r-- 1 root root    44212 Nov 30 22:07 README.md
+-rwxr-xr-x 1 root root 13548008 Nov 30 22:07 monero-blockchain-ancestry
+-rwxr-xr-x 1 root root 12499760 Nov 30 22:07 monero-blockchain-depth
+-rwxr-xr-x 1 root root 12569272 Nov 30 22:07 monero-blockchain-export
+-rwxr-xr-x 1 root root 12927888 Nov 30 22:07 monero-blockchain-import
+-rwxr-xr-x 1 root root  9722384 Nov 30 22:07 monero-blockchain-mark-spent-outputs
+-rwxr-xr-x 1 root root 12529472 Nov 30 22:07 monero-blockchain-prune
+-rwxr-xr-x 1 root root 12501264 Nov 30 22:07 monero-blockchain-prune-known-spent-data
+-rwxr-xr-x 1 root root 12492048 Nov 30 22:07 monero-blockchain-stats
+-rwxr-xr-x 1 root root 12515000 Nov 30 22:07 monero-blockchain-usage
+-rwxr-xr-x 1 root root  8721000 Nov 30 22:07 monero-gen-ssl-cert
+-rwxr-xr-x 1 root root 25978048 Nov 30 22:07 monero-gen-trusted-multisig
+-rwxr-xr-x 1 root root 27279384 Nov 30 22:07 monero-wallet-cli
+-rwxr-xr-x 1 root root 27732200 Nov 30 22:07 monero-wallet-rpc
+-rwxr-xr-x 1 root root 23004560 Nov 30 22:07 monerod
+root@XMR:~/monero/monero-x86_64-linux-gnu-v0.17.3.0# ./monerod
+
+

To add the monero commands to your PATH, do the following:

+

+root@anonymity:~/monero/monero-x86_64-linux-gnu-v0.18.2.0# PATH=$PATH:$(pwd)
+root@anonymity:~/monero/monero-x86_64-linux-gnu-v0.18.2.0# cd
+root@anonymity:~# monerod --version
+Monero 'Fluorine Fermi' (v0.18.2.0-release)
+
+
+ +

Now from here, the monerod daemon will start synchronizing with the network.

+

+root@XMR:~/monero/monero-x86_64-linux-gnu-v0.17.3.0# ./monerod
+2021-12-07 17:50:41.765 I Monero 'Oxygen Orion' (v0.17.3.0-release)
+2021-12-07 17:50:41.765 I Initializing cryptonote protocol...
+2021-12-07 17:50:41.765 I Cryptonote protocol initialized OK
+2021-12-07 17:50:41.766 I Initializing core...
+2021-12-07 17:50:41.767 I Loading blockchain from folder /root/.bitmonero/lmdb ...
+2021-12-07 17:50:41.767 W The blockchain is on a rotating drive: this will be very slow, use an SSD if possible
+2021-12-07 17:50:41.918 I Loading checkpoints
+2021-12-07 17:50:41.918 I Core initialized OK
+2021-12-07 17:50:41.918 I Initializing p2p server...
+2021-12-07 17:50:41.919 I p2p server initialized OK
+2021-12-07 17:50:41.919 I Initializing core RPC server...
+2021-12-07 17:50:41.919 I Binding on 127.0.0.1 (IPv4):18081
+2021-12-07 17:50:43.028 I core RPC server initialized OK on port: 18081
+2021-12-07 17:50:43.029 I Starting core RPC server...
+2021-12-07 17:50:43.029 I core RPC server started ok
+2021-12-07 17:50:43.030 I Starting p2p net loop...
+2021-12-07 17:50:44.030 I
+2021-12-07 17:50:44.030 I **********************************************************************
+2021-12-07 17:50:44.031 I The daemon will start synchronizing with the network. This may take a long time to complete.
+2021-12-07 17:50:44.031 I
+2021-12-07 17:50:44.031 I You can set the level of process detailization through "set_log <level|categories>" command,
+2021-12-07 17:50:44.031 I where <level> is between 0 (no details) and 4 (very verbose), or custom category based levels (eg, *:WARNING).
+2021-12-07 17:50:44.031 I
+2021-12-07 17:50:44.031 I Use the "help" command to see the list of available commands.
+2021-12-07 17:50:44.031 I Use "help <command>" to see a command's documentation.
+2021-12-07 17:50:44.031 I **********************************************************************
+2021-12-07 17:50:46.924 I [217.168.143.169:18080 OUT] Sync data returned a new top block candidate: 1 -> 2509762 [Your node is 2509761 blocks (7.6 years) behind]
+2021-12-07 17:50:46.924 I SYNCHRONIZATION started
+2021-12-07 17:50:47.704 I Synced 101/2509762 (0%, 2509661 left)
+2021-12-07 17:50:48.003 I Synced 201/2509762 (0%, 2509561 left)
+2021-12-07 17:50:48.270 I Synced 301/2509762 (0%, 2509461 left)
+2021-12-07 17:50:48.489 I Synced 401/2509762 (0%, 2509361 left)
+2021-12-07 17:50:48.737 I Synced 501/2509762 (0%, 2509261 left)
+2021-12-07 17:50:49.404 I Synced 601/2509762 (0%, 2509161 left)
+2021-12-07 17:50:49.747 I Synced 701/2509762 (0%, 2509061 left)
+2021-12-07 17:50:50.105 I Synced 801/2509762 (0%, 2508961 left)
+2021-12-07 17:50:50.466 I Synced 901/2509762 (0%, 2508861 left)
+2021-12-07 17:50:50.812 I Synced 1001/2509762 (0%, 2508761 left)
+2021-12-07 17:50:51.142 I Synced 1101/2509762 (0%, 2508661 left)
+2021-12-07 17:50:51.478 I Synced 1201/2509762 (0%, 2508561 left)
+2021-12-07 17:50:51.798 I Synced 1301/2509762 (0%, 2508461 left)
+2021-12-07 17:50:52.106 I Synced 1401/2509762 (0%, 2508361 left)
+2021-12-07 17:50:52.311 I Synced 1501/2509762 (0%, 2508261 left)
+2021-12-07 17:50:52.486 I Synced 1601/2509762 (0%, 2508161 left)
+2021-12-07 17:50:52.705 I Synced 1701/2509762 (0%, 2508061 left)
+2021-12-07 17:50:53.052 I Synced 1801/2509762 (0%, 2507961 left)
+2021-12-07 17:50:53.301 I Synced 1901/2509762 (0%, 2507861 left)
+2021-12-07 17:50:53.486 I Synced 2001/2509762 (0%, 2507761 left)
+	
+[...]
+
+2021-12-08 22:43:43.742 I Synced 2510440/2510616 (99%, 176 left, 99% of total synced, estimated 1.4 minutes left)
+2021-12-08 22:43:54.585 I Synced 2510460/2510616 (99%, 156 left)
+2021-12-08 22:44:05.633 I Synced 2510480/2510616 (99%, 136 left)
+2021-12-08 22:44:16.890 I Synced 2510500/2510616 (99%, 116 left)
+2021-12-08 22:44:29.678 I Synced 2510520/2510616 (99%, 96 left)
+2021-12-08 22:44:38.997 I Synced 2510540/2510616 (99%, 76 left)
+2021-12-08 22:44:50.386 I Synced 2510560/2510616 (99%, 56 left)
+2021-12-08 22:45:00.147 I Synced 2510580/2510616 (99%, 36 left)
+2021-12-08 22:45:10.336 I Synced 2510600/2510616 (99%, 16 left)
+2021-12-08 22:45:20.776 I Synced 2510615/2510616 (99%, 1 left)
+2021-12-08 22:45:21.325 I Synced 2510616/2510616
+2021-12-08 22:46:17.775 I Synced 2510617/2510617
+2021-12-08 22:46:17.776 I SYNCHRONIZED OK
+2021-12-08 22:46:17.776 I
+2021-12-08 22:46:17.776 I **********************************************************************
+2021-12-08 22:46:17.776 I You are now synchronized with the network. You may now start monero-wallet-cli.
+2021-12-08 22:46:17.776 I
+2021-12-08 22:46:17.776 I Use the "help" command to see the list of available commands.
+2021-12-08 22:46:17.776 I **********************************************************************
+
+ +

Now from there you can select the monero node's IP from the monero wallet, or simply choose a local node if you have a ssd and CPU:

+ + +
+
+
+
+ +
+
+
+
+

Monero Mining



+

In order to mine monero, let's use xmrig and the p2pool network:

+

+[ 10.66.66.2/32 ] [ /dev/pts/13 ] [~]
+→ yay -S p2pool-git
+:: Checking for conflicts...
+:: Checking for inner conflicts...
+[Repo Make:2]  rhash-1.4.2-1  cmake-3.22.1-1
+[Aur:1]  p2pool-git-1.0.r16.g2a3cd13-1
+
+==> Remove make dependencies after install? [y/N] y
+  1 p2pool-git                               (Build Files Exist)
+==> Packages to cleanBuild?
+==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
+==>
+:: PKGBUILD up to date, Skipping (1/0): p2pool-git
+  1 p2pool-git                               (Build Files Exist)
+==> Diffs to show?
+==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
+==>
+:: (1/1) Parsing SRCINFO: p2pool-git
+resolving dependencies...
+looking for conflicting packages...
+
+
+[ 10.66.66.2/32 ] [ /dev/pts/9 ] [~]
+→ monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist
+
+
+[ 10.66.66.2/32 ] [ /dev/pts/13 ] [~/Documents/Github]
+→ p2pool
+P2Pool v1.4.0 (built with GCC/11.1.0 on Dec 11 2021)
+
+Usage:
+
+--wallet             Wallet address to mine to. Subaddresses and integrated addresses are not supported!
+--host               IP address of your Monero node, default is 127.0.0.1
+--rpc-port           monerod RPC API port number, default is 18081
+--zmq-port           monerod ZMQ pub port number, default is 18083 (same port as in monerod's "--zmq-pub" command line parameter)
+--stratum            Comma-separated list of IP:port for stratum server to listen on
+--p2p                Comma-separated list of IP:port for p2p server to listen on
+--addpeers           Comma-separated list of IP:port of other p2pool nodes to connect to
+--light-mode         Don't allocate RandomX dataset, saves 2GB of RAM
+--loglevel           Verbosity of the log, integer number between 0 and 6
+--config             Name of the p2pool config file
+--data-api           Path to the p2pool JSON data (use it in tandem with an external web-server)
+--stratum-api        Enable /local/ path in api path for Stratum Server statistics
+--no-cache           Disable p2pool.cache
+--no-color           Disable colors in console output
+--no-randomx         Disable internal RandomX hasher: p2pool will use RPC calls to monerod to check PoW hashes
+--help               Show this help message
+
+Example command line:
+
+./p2pool --host 127.0.0.1 --rpc-port 18081 --zmq-port 18083 --wallet YOUR_WALLET_ADDRESS --stratum 0.0.0.0:3333 --p2p 0.0.0.0:37889
+
+2021-12-11 18:54:36.8175 Log started
+2021-12-11 18:54:36.8176 Log stopped
+
+
+[ 10.66.66.2/32 ] [ /dev/pts/13 ] [~/Documents/Github]
+→ p2pool --host 127.0.0.1 --wallet 447KnLGYbQrHD4npGPmqdGQ3ARqz9kgLLQfaYY9KDC7eUcyKfnwZtj1JLNSqQHKEudHNyuDeKLBbhWtPdS7SoVM54nWHw1b
+2021-12-11 18:56:08.2917 Log started
+2021-12-11 18:56:08.2918 P2Pool v1.4.0 (built with GCC/11.1.0 on Dec 11 2021)
+2021-12-11 18:56:08.2920 SideChain network type  = mainnet
+2021-12-11 18:56:08.2920 SideChain using default config
+2021-12-11 18:56:08.2920 SideChain pool name     = default
+2021-12-11 18:56:08.2920 SideChain block time    = 10 seconds
+2021-12-11 18:56:08.2920 SideChain min diff      = 100000
+2021-12-11 18:56:08.2921 SideChain PPLNS window  = 2160 blocks
+2021-12-11 18:56:08.2921 SideChain uncle penalty = 20%
+2021-12-11 18:56:08.2921 SideChain generating consensus ID
+2021-12-11 18:56:08.2921 SideChain consensus ID = 22af7ee7************************************************4407f918
+2021-12-11 18:56:08.2921 RandomX_Hasher couldn't allocate RandomX dataset using large pages
+2021-12-11 18:56:08.2921 RandomX_Hasher couldn't allocate RandomX cache using large pages
+2021-12-11 18:56:08.2922 RandomX_Hasher couldn't allocate RandomX cache using large pages
+2021-12-11 18:56:08.2922 RandomX_Hasher allocated 2592 MB
+2021-12-11 18:56:08.2923 ConsoleCommands started
+2021-12-11 18:56:08.4697 P2Pool new miner data
+---------------------------------------------------------------------------------------------------------------
+major_version           = 14
+height                  = 2512684
+prev_id                 = 9e12d7a34b225e84a9febe1effcdbee003c956cc77c25cd7f6fb446e5ce2f4c4
+seed_hash               = 8954432e62d63ad320107fbdae7fdd8667c1d69391660cffd7f99b30d0592147
+difficulty              = 353157222750
+median_weight           = 300000
+already_generated_coins = 18044465200878847465
+transactions            = 45
+---------------------------------------------------------------------------------------------------------------
+2021-12-11 18:56:08.4697 BlockTemplate base  reward = 0.767286058102 XMR, 0 transactions, fees = 0.000000000000 XMR, weight = 0
+2021-12-11 18:56:08.4697 RandomX_Hasher new seed 8954432e62d63ad320107fbdae7fdd8667c1d69391660cffd7f99b30d0592147
+2021-12-11 18:56:08.4699 BlockTemplate final reward = 0.767286058102 XMR, weight = 126, outputs = 1, 0 of 0 transactions included
+2021-12-11 18:56:08.4707 RandomX_Hasher old seed 72e85eed124de1b5098f779d89ca07c00ccf7de79f94fcc085e15bc2b45c6c73
+2021-12-11 18:56:08.7374 RandomX_Hasher couldn't allocate RandomX light VM using large pages
+2021-12-11 18:56:08.7374 RandomX_Hasher cache updated
+2021-12-11 18:56:08.7374 RandomX_Hasher running 8 threads to update dataset
+2021-12-11 18:56:12.3926 RandomX_Hasher couldn't allocate RandomX VM using large pages
+2021-12-11 18:56:12.3927 RandomX_Hasher dataset updated
+2021-12-11 18:56:12.6746 RandomX_Hasher couldn't allocate RandomX light VM using large pages
+2021-12-11 18:56:12.6747 RandomX_Hasher old cache updated
+2021-12-11 18:56:12.7170 StratumServer listening on [::]:3333
+2021-12-11 18:56:12.7170 StratumServer listening on 0.0.0.0:3333
+2021-12-11 18:56:12.7170 StratumServer event loop started
+2021-12-11 18:56:12.7175 ZMQReader connected to tcp://127.0.0.1:18083
+2021-12-11 18:56:12.7176 BlockCache loading cached blocks
+2021-12-11 18:56:12.7177 ZMQReader connected to tcp://127.0.0.1:37891
+2021-12-11 18:56:12.7177 ZMQReader worker thread ready
+2021-12-11 18:56:12.7838 BlockCache loaded 0 cached blocks
+2021-12-11 18:56:12.8336 P2PServer listening on [::]:37889
+2021-12-11 18:56:12.8336 P2PServer listening on 0.0.0.0:37889
+2021-12-11 18:56:12.8337 P2PServer event loop started
+
+ +

Now let's install xmrig:

+ +

+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~]
+→ mv Downloads/xmrig-6.16.2-linux-static-x64.tar.gz .
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~]
+→ mkdir xmrig
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~]
+→ mv xmrig-6.16.2-linux-static-x64.tar.gz xmrig/
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~]
+→ cd xmrig
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~/xmrig]
+→ tar xvf xmrig-6.16.2-linux-static-x64.tar.gz
+xmrig-6.16.2/
+xmrig-6.16.2/config.json
+xmrig-6.16.2/xmrig
+xmrig-6.16.2/SHA256SUMS
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~/xmrig]
+→ ls -l
+total 2912
+drwxr-xr-x 2 nothing nothing    4096 Dec  2 14:05 xmrig-6.16.2
+-rw-r--r-- 1 nothing nothing 2974083 Dec 11 19:02 xmrig-6.16.2-linux-static-x64.tar.gz
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~/xmrig]
+→ cd xmrig-6.16.2
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~/xmrig/xmrig-6.16.2]
+→ ls -l
+total 6892
+-rw-r--r-- 1 nothing nothing    2351 Dec  2 14:05 config.json
+-rw-r--r-- 1 nothing nothing     150 Dec  2 14:05 SHA256SUMS
+-rwxr-xr-x 1 nothing nothing 7047360 Dec  2 14:05 xmrig
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~/xmrig/xmrig-6.16.2]
+→ cd ..
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~/xmrig]
+→ mv xmrig-6.16.2/* .
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~/xmrig]
+→ ls -l
+total 9804
+-rw-r--r-- 1 nothing nothing    2351 Dec  2 14:05 config.json
+-rw-r--r-- 1 nothing nothing     150 Dec  2 14:05 SHA256SUMS
+-rwxr-xr-x 1 nothing nothing 7047360 Dec  2 14:05 xmrig
+drwxr-xr-x 2 nothing nothing    4096 Dec 11 19:04 xmrig-6.16.2
+-rw-r--r-- 1 nothing nothing 2974083 Dec 11 19:02 xmrig-6.16.2-linux-static-x64.tar.gz
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~/xmrig]
+→ rm xmrig-6.16.2-linux-static-x64.tar.gz
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~/xmrig]
+→ rm -rf xmrig-6.16.2
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~/xmrig]
+→ vim config.json
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~/xmrig]
+→ cat config.json
+{
+    "api": {
+        "id": null,
+        "worker-id": null
+    },
+    "http": {
+        "enabled": false,
+        "host": "127.0.0.1",
+        "port": 0,
+        "access-token": null,
+        "restricted": true
+    },
+    "autosave": true,
+    "background": false,
+    "colors": true,
+    "title": true,
+    "randomx": {
+        "init": -1,
+        "init-avx2": -1,
+        "mode": "auto",
+        "1gb-pages": false,
+        "rdmsr": true,
+        "wrmsr": true,
+        "cache_qos": false,
+        "numa": true,
+        "scratchpad_prefetch_mode": 1
+    },
+    "cpu": {
+        "enabled": true,
+        "huge-pages": true,
+        "huge-pages-jit": false,
+        "hw-aes": null,
+        "priority": null,
+        "memory-pool": false,
+        "yield": true,
+        "max-threads-hint": 100,
+        "asm": true,
+        "argon2-impl": null,
+        "astrobwt-max-size": 550,
+        "astrobwt-avx2": false,
+        "cn/0": false,
+        "cn-lite/0": false
+    },
+    "opencl": {
+        "enabled": false,
+        "cache": true,
+        "loader": null,
+        "platform": "AMD",
+        "adl": true,
+        "cn/0": false,
+        "cn-lite/0": false
+    },
+    "cuda": {
+        "enabled": false,
+        "loader": null,
+        "nvml": true,
+        "cn/0": false,
+        "cn-lite/0": false
+    },
+    "donate-level": 0,
+    "donate-over-proxy": 1,
+    "log-file": null,
+    "pools": [
+        {
+            "algo": null,
+            "coin": null,
+            "url": "donate.v2.xmrig.com:3333",
+            "user": "YOUR_WALLET_ADDRESS",
+            "pass": "x",
+            "rig-id": null,
+            "nicehash": false,
+            "keepalive": false,
+            "enabled": true,
+            "tls": false,
+            "tls-fingerprint": null,
+            "daemon": false,
+            "socks5": null,
+            "self-select": null,
+            "submit-to-origin": false
+        }
+    ],
+    "print-time": 60,
+    "health-print-time": 60,
+    "dmi": true,
+    "retries": 5,
+    "retry-pause": 5,
+    "syslog": false,
+    "tls": {
+        "enabled": false,
+        "protocols": null,
+        "cert": null,
+        "cert_key": null,
+        "ciphers": null,
+        "ciphersuites": null,
+        "dhparam": null
+    },
+    "user-agent": null,
+    "verbose": 0,
+    "watch": true,
+    "pause-on-battery": false,
+    "pause-on-active": false
+}
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~/xmrig]
+→ ./xmrig
+	
+
+ + +

Now we need to add our wallet address and change the pool to be the p2pool address 127.0.0.1:3333

+

+[ 10.66.66.2/32 ] [ /dev/pts/16 ] [~/xmrig]
+→ nmap 127.0.0.1 -p 3333
+Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-11 19:10 UTC
+Nmap scan report for localhost (127.0.0.1)
+Host is up (0.000054s latency).
+
+PORT     STATE SERVICE
+3333/tcp open  dec-notes
+
+Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds
+
+[ 10.66.66.2/32 ] [ /dev/pts/16 ] [~/xmrig]
+→ cat config.json
+{
+    "api": {
+        "id": null,
+        "worker-id": null
+    },
+    "http": {
+        "enabled": false,
+        "host": "127.0.0.1",
+        "port": 0,
+        "access-token": null,
+        "restricted": true
+    },
+    "autosave": true,
+    "background": false,
+    "colors": true,
+    "title": true,
+    "randomx": {
+        "init": -1,
+        "init-avx2": -1,
+        "mode": "auto",
+        "1gb-pages": false,
+        "rdmsr": true,
+        "wrmsr": true,
+        "cache_qos": false,
+        "numa": true,
+        "scratchpad_prefetch_mode": 1
+    },
+    "cpu": {
+        "enabled": true,
+        "huge-pages": true,
+        "huge-pages-jit": false,
+        "hw-aes": null,
+        "priority": null,
+        "memory-pool": false,
+        "yield": true,
+        "asm": true,
+        "argon2-impl": null,
+        "astrobwt-max-size": 550,
+        "astrobwt-avx2": false,
+        "argon2": [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15],
+        "astrobwt": [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15],
+        "cn": [
+            [1, 0],
+            [1, 1],
+            [1, 2],
+            [1, 3],
+            [1, 4],
+            [1, 5],
+            [1, 6],
+            [1, 7]
+        ],
+        "cn-heavy": [
+            [1, 0],
+            [1, 1],
+            [1, 2],
+            [1, 3]
+        ],
+        "cn-lite": [
+            [1, 0],
+            [1, 8],
+            [1, 1],
+            [1, 9],
+            [1, 2],
+            [1, 10],
+            [1, 3],
+            [1, 11],
+            [1, 4],
+            [1, 12],
+            [1, 5],
+            [1, 13],
+            [1, 6],
+            [1, 14],
+            [1, 7],
+            [1, 15]
+        ],
+        "cn-pico": [
+            [2, 0],
+            [2, 8],
+            [2, 1],
+            [2, 9],
+            [2, 2],
+            [2, 10],
+            [2, 3],
+            [2, 11],
+            [2, 4],
+            [2, 12],
+            [2, 5],
+            [2, 13],
+            [2, 6],
+            [2, 14],
+            [2, 7],
+            [2, 15]
+        ],
+        "cn/upx2": [
+            [2, 0],
+            [2, 8],
+            [2, 1],
+            [2, 9],
+            [2, 2],
+            [2, 10],
+            [2, 3],
+            [2, 11],
+            [2, 4],
+            [2, 12],
+            [2, 5],
+            [2, 13],
+            [2, 6],
+            [2, 14],
+            [2, 7],
+            [2, 15]
+        ],
+        "ghostrider": [
+            [8, 0],
+            [8, 1],
+            [8, 2],
+            [8, 3],
+            [8, 4],
+            [8, 5],
+            [8, 6],
+            [8, 7]
+        ],
+        "rx": [0, 1, 2, 3, 4, 5, 6, 7],
+        "rx/wow": [0, 8, 1, 9, 2, 10, 3, 11, 4, 12, 5, 13, 6, 14, 7, 15],
+        "cn-lite/0": false,
+        "cn/0": false,
+        "rx/arq": "rx/wow",
+        "rx/keva": "rx/wow"
+    },
+    "log-file": null,
+    "donate-level": 1,
+    "donate-over-proxy": 1,
+    "pools": [
+        {
+            "algo": null,
+            "coin": null,
+            "url": "127.0.0.1:3333",
+            "user": "447KnLGYbQrHD4npGPmqdGQ3ARqz9kgLLQfaYY9KDC7eUcyKfnwZtj1JLNSqQHKEudHNyuDeKLBbhWtPdS7SoVM54nWHw1b",
+            "pass": "x",
+            "rig-id": null,
+            "nicehash": false,
+            "keepalive": false,
+            "enabled": true,
+            "tls": false,
+            "tls-fingerprint": null,
+            "daemon": false,
+            "socks5": null,
+            "self-select": null,
+            "submit-to-origin": false
+        }
+    ],
+    "retries": 5,
+    "retry-pause": 5,
+    "print-time": 60,
+    "dmi": true,
+    "syslog": false,
+    "tls": {
+        "enabled": false,
+        "protocols": null,
+        "cert": null,
+        "cert_key": null,
+        "ciphers": null,
+        "ciphersuites": null,
+        "dhparam": null
+    },
+    "dns": {
+        "ipv6": false,
+        "ttl": 30
+    },
+    "user-agent": null,
+    "verbose": 0,
+    "watch": true,
+    "pause-on-battery": false,
+    "pause-on-active": false
+}
+
+[ 10.66.66.2/32 ] [ /dev/pts/15 ] [~/xmrig]
+→ ./xmrig -o 127.0.0.1:3333	
+
+[term2]
+
+[ 10.66.66.2/32 ] [ /dev/pts/7 ] [blog/servers/exodus]
+→ watch -n 0.1 sensors
+
+ +

And that's it! We managed to start mining on the p2pool using xmrig, by default it is using half of the CPU. To summarize, here's the commands you want to run:

+

+monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist
+p2pool --host 127.0.0.1 --wallet 447KnLGYbQrHD4npGPmqdGQ3ARqz9kgLLQfaYY9KDC7eUcyKfnwZtj1JLNSqQHKEudHNyuDeKLBbhWtPdS7SoVM54nWHw1b
+sudo ./xmrig -o 127.0.0.1:3333
+watch -n 0.1 sensors
+htop	
+
+
+

EDIT: run xmrig with SUDO privileges, to enable msr support see here. It nearly doubles the hashrate!!!

+

EDIT: if you want to mine from another location (for example another drive with more space)

+

+monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist --data-dir /mnt/VAULT/XMR
+p2pool --host 127.0.0.1 --wallet 447KnLGYbQrHD4npGPmqdGQ3ARqz9kgLLQfaYY9KDC7eUcyKfnwZtj1JLNSqQHKEudHNyuDeKLBbhWtPdS7SoVM54nWHw1b
+sudo ./xmrig -o 127.0.0.1:3333
+watch -n 0.1 sensors
+htop	
+
+
+

If you want to make it a tmux session automatically, you can put it in your bashrc/ zshrc like so ((careful i added my custom location /mnt/VAULT/XMR/ in here):

+

+xmr(){
+                num=$(tmux list-sessions | grep XMR | wc -l)
+
+                # set up tmux
+                #tmux start-server
+
+                set -g mouse on
+
+                # create a new tmux session, starting vim from a saved session in the new window
+                #tmux kill-session -t $session 2>/dev/null
+                #tmux new -d -s $session -n Blog  -y 100 -x 200
+                if [ "$num" -eq "0" ]; then
+                    tmux rename-session XMR
+                    #tmux rename-window -t 0 'BlogDir'
+
+                    tmux splitw -h -p 50
+                    #second pane : monerod
+                    tmux selectp -t 2
+                    tmux send-keys "cd /mnt/VAULT/XMR/" C-m
+					tmux send-keys "monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist --data-dir /mnt/VAULT/XMR --block-sync-size=50 --out-peers 100 --prep-blocks-threads=128 --prune-blockchain --sync-pruned-blocks --rpc-bind-port=18081 --rpc-bind-ip=0.0.0.0 --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --confirm-external-bind" C-m
+
+                    sleep 2
+                    #after 5 secs, first pane: p2pool
+                    tmux selectp -t 1
+                    tmux send-keys "p2pool --host 127.0.0.1 --wallet 447KnLGYbQrHD4npGPmqdGQ3ARqz9kgLLQfaYY9KDC7eUcyKfnwZtj1JLNSqQHKEudHNyuDeKLBbhWtPdS7SoVM54nWHw1b" C-m
+                    #select 2nd pane, split vertically
+                    tmux selectp -t 2
+                    tmux splitw -v -p 50
+                    tmux send-keys "cd /mnt/VAULT/XMR/xmrig" C-m
+                    tmux send-keys "sudo ./xmrig -o 127.0.0.1:3333 -t 4 --cpu-priority=0 -u x+10000" C-m
+                    #select 3rd pane, split vertically
+                    tmux selectp -t 3
+                    tmux splitw -v -p 50
+                    tmux send-keys "htop" C-m
+                    #select 2nd pane, split horizontally, displaying sensors
+                    tmux selectp -t 2
+                    tmux splitw -h -p 50
+                    tmux send-keys "watch -n0.1 sensors" C-m
+
+                    #select 2nd pane, split horizontally, displaying sensors
+                    tmux selectp -t 3
+                    tmux splitw -v -p 50
+                    tmux send-keys "watch -n0.1 dfc" C-m
+                    tmux selectp -t 5
+
+#ctrl+b+q to show the tmux pane numbers
+
+                                    else
+                    if [[ $TMUX ]]; then
+                        tmux switch -t XMR
+                    else
+                        tmux attach -t XMR -d
+                    fi
+                fi
+
+    }
+
+
+

If you want to run a simple node on a debian server, you can use the following systemd service (in this example the node is stored in /srv/XMR/:

+

+[ 10.8.0.2/24 ] [ home ] [~]
+→ cat /etc/systemd/system/moneronode.service
+[Unit]
+Description=monerod
+After=network.target
+Wants=network.target
+
+[Service]
+ExecStart=/usr/bin/monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist --data-dir /srv/XMR --block-sync-size=50 --out-peers 100 --prep-blocks-threads=128 --prune-blockchain --sync-pruned-blocks --rpc-bind-port=18081 --rpc-bind-ip=0.0.0.0 --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --confirm-external-bind --non-interactive
+Restart=on-failure
+RestartSec=10s
+
+
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
+
+
+ + +
+
+
+
+ + + +
+
+
+
+

Buying XMR



+

You can buy it (ex: EUR->XMR via credit card) from here. Although be careful they have high fees. Another way of getting monero is through BISQ:

+ + +
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/monero2024/0.png b/servers/monero2024/0.png new file mode 100644 index 0000000..76cd4dd Binary files /dev/null and b/servers/monero2024/0.png differ diff --git a/servers/monero2024/1.png b/servers/monero2024/1.png new file mode 100644 index 0000000..59fd9ed Binary files /dev/null and b/servers/monero2024/1.png differ diff --git a/servers/monero2024/10.png b/servers/monero2024/10.png new file mode 100644 index 0000000..ffc80d0 Binary files /dev/null and b/servers/monero2024/10.png differ diff --git a/servers/monero2024/11.png b/servers/monero2024/11.png new file mode 100644 index 0000000..d5ee9b9 Binary files /dev/null and b/servers/monero2024/11.png differ diff --git a/servers/monero2024/12.png b/servers/monero2024/12.png new file mode 100644 index 0000000..25ebda5 Binary files /dev/null and b/servers/monero2024/12.png differ diff --git a/servers/monero2024/13.png b/servers/monero2024/13.png new file mode 100644 index 0000000..6fc731c Binary files /dev/null and b/servers/monero2024/13.png differ diff --git a/servers/monero2024/14.png b/servers/monero2024/14.png new file mode 100644 index 0000000..e0b8615 Binary files /dev/null and b/servers/monero2024/14.png differ diff --git a/servers/monero2024/15.png b/servers/monero2024/15.png new file mode 100644 index 0000000..69b0cbe Binary files /dev/null and b/servers/monero2024/15.png differ diff --git a/servers/monero2024/16.png b/servers/monero2024/16.png new file mode 100644 index 0000000..7905880 Binary files /dev/null and b/servers/monero2024/16.png differ diff --git a/servers/monero2024/17.png b/servers/monero2024/17.png new file mode 100644 index 0000000..5cceae1 Binary files /dev/null and b/servers/monero2024/17.png differ diff --git a/servers/monero2024/18.png b/servers/monero2024/18.png new file mode 100644 index 0000000..e352c8a Binary files /dev/null and b/servers/monero2024/18.png differ diff --git a/servers/monero2024/19.png b/servers/monero2024/19.png new file mode 100644 index 0000000..4e5c10a Binary files /dev/null and b/servers/monero2024/19.png differ diff --git a/servers/monero2024/2.png b/servers/monero2024/2.png new file mode 100644 index 0000000..d495c7d Binary files /dev/null and b/servers/monero2024/2.png differ diff --git a/servers/monero2024/20.png b/servers/monero2024/20.png new file mode 100644 index 0000000..e2cd109 Binary files /dev/null and b/servers/monero2024/20.png differ diff --git a/servers/monero2024/21.png b/servers/monero2024/21.png new file mode 100644 index 0000000..8fa536b Binary files /dev/null and b/servers/monero2024/21.png differ diff --git a/servers/monero2024/22.png b/servers/monero2024/22.png new file mode 100644 index 0000000..a4c3a6c Binary files /dev/null and b/servers/monero2024/22.png differ diff --git a/servers/monero2024/23.png b/servers/monero2024/23.png new file mode 100644 index 0000000..91ec76a Binary files /dev/null and b/servers/monero2024/23.png differ diff --git a/servers/monero2024/24.png b/servers/monero2024/24.png new file mode 100644 index 0000000..551514a Binary files /dev/null and b/servers/monero2024/24.png differ diff --git a/servers/monero2024/25.png b/servers/monero2024/25.png new file mode 100644 index 0000000..32a4efc Binary files /dev/null and b/servers/monero2024/25.png differ diff --git a/servers/monero2024/26.png b/servers/monero2024/26.png new file mode 100644 index 0000000..bc87b64 Binary files /dev/null and b/servers/monero2024/26.png differ diff --git a/servers/monero2024/27.png b/servers/monero2024/27.png new file mode 100644 index 0000000..f4e7935 Binary files /dev/null and b/servers/monero2024/27.png differ diff --git a/servers/monero2024/28.png b/servers/monero2024/28.png new file mode 100644 index 0000000..89e4fa5 Binary files /dev/null and b/servers/monero2024/28.png differ diff --git a/servers/monero2024/29.png b/servers/monero2024/29.png new file mode 100644 index 0000000..ffabde5 Binary files /dev/null and b/servers/monero2024/29.png differ diff --git a/servers/monero2024/3.png b/servers/monero2024/3.png new file mode 100644 index 0000000..54d37c6 Binary files /dev/null and b/servers/monero2024/3.png differ diff --git a/servers/monero2024/30.png b/servers/monero2024/30.png new file mode 100644 index 0000000..7643597 Binary files /dev/null and b/servers/monero2024/30.png differ diff --git a/servers/monero2024/4.png b/servers/monero2024/4.png new file mode 100644 index 0000000..acfee9f Binary files /dev/null and b/servers/monero2024/4.png differ diff --git a/servers/monero2024/5.png b/servers/monero2024/5.png new file mode 100644 index 0000000..0e51fdf Binary files /dev/null and b/servers/monero2024/5.png differ diff --git a/servers/monero2024/6.png b/servers/monero2024/6.png new file mode 100644 index 0000000..0ebcae1 Binary files /dev/null and b/servers/monero2024/6.png differ diff --git a/servers/monero2024/7.png b/servers/monero2024/7.png new file mode 100644 index 0000000..93164d1 Binary files /dev/null and b/servers/monero2024/7.png differ diff --git a/servers/monero2024/8.png b/servers/monero2024/8.png new file mode 100644 index 0000000..0fcd906 Binary files /dev/null and b/servers/monero2024/8.png differ diff --git a/servers/monero2024/9.png b/servers/monero2024/9.png new file mode 100644 index 0000000..c44a041 Binary files /dev/null and b/servers/monero2024/9.png differ diff --git a/servers/monero2024/index.html b/servers/monero2024/index.html new file mode 100644 index 0000000..20bfa78 --- /dev/null +++ b/servers/monero2024/index.html @@ -0,0 +1,307 @@ + + + + + + + + + + + How to acquire and use Monero + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-04-28

+

How to acquire and use Monero

+ +

In this tutorial we're going to take a look at how to setup a monero wallet locally, how to recieve some monero there, and how to send monero to someone else.

+ +
+
+
+
+ + +
+
+
+
+

Wallet Setup



+GUI Wallet Setup +

Now on whonix there can be some issues with syncing to the monero nodes over the CLI monero wallet, due to the slow tor network and connection timeouts, So we'll first cover how to install the GUI monero wallet:

+

First let's download the monero GUI wallet from https://getmonero.org: (.onion address: http://monerotoruzizulg5ttgat2emf4d6fbmiea25detrmmy7erypseyteyd.onion )

+ +

Then we unpack it on the desktop and run the appimage:

+

+[ Whonix ] [ /dev/pts/5 ] [~]
+→ mv /home/user/.tb/tor-browser/Browser/Downloads/monero-gui-linux-x64-v0.18.3.3.tar.bz2 ~/Desktop/
+
+[ Whonix ] [ /dev/pts/5 ] [~/Desktop]
+→ cd Desktop
+
+
+[ Whonix ] [ /dev/pts/5 ] [~/Desktop]
+→ tar -xvf monero-gui-linux-x64-v0.18.3.3.tar.bz2                                                                                                                                                                                                                            (2)
+monero-gui-v0.18.3.3/
+monero-gui-v0.18.3.3/LICENSE
+monero-gui-v0.18.3.3/extras/
+monero-gui-v0.18.3.3/extras/monero-blockchain-ancestry
+
+[...]
+
+monero-gui-v0.18.3.3/monero-wallet-gui
+monero-gui-v0.18.3.3/monero-wallet-gui.AppImage
+monero-gui-v0.18.3.3/monerod
+
+[ Whonix ] [ /dev/pts/5 ] [~/Desktop]
+→ cd monero-gui-v0.18.3.3
+
+[ Whonix ] [ /dev/pts/5 ] [~/Desktop/monero-gui-v0.18.3.3]
+→ ls
+LICENSE  extras  monero-gui-wallet-guide.pdf  monero-wallet-gui  monero-wallet-gui.AppImage  monerod
+
+[ Whonix ] [ /dev/pts/5 ] [~/Desktop/monero-gui-v0.18.3.3]
+→ ./monero-wallet-gui.AppImage                                                                                                                                                                                                                                             (130)
+2024-04-27 09:57:47.456 W Qt:5.15.13 GUI:- | screen: 3840x2160 - available: QSize(3840, 2129) - dpi: 96 - ratio:2.22803
+2024-04-27 09:57:49.847 W qrc:/qt-project.org/imports/QtQuick/Dialogs/DefaultFileDialog.qml:413:17: QML ToolButton: Binding loop detected for property "implicitHeight"
+2024-04-27 09:57:49.850 W qrc:/qt-project.org/imports/QtQuick/Dialogs/DefaultFileDialog.qml:309:21: QML Button: Binding loop detected for property "implicitHeight"
+
+
+

Now that the archive is extracted, make sure that the monero wallet gets added to the list of software of your OS:

+ + +

Here we use advanced mode as we want to choose our node:

+ + + + +

Here very important, make sure you save your monero mnemonic phrase (recovery phrase) into your keepass, along with the recovery height, :

+ + +

Then have a wallet password (local password) to open your wallet locally::

+ + + +

Here we pick a clearnet monero node (if you dont want to, scroll down to know how to setup a .onion monero node)

+ + + + +

Here just wait for the monero wallet to finish synchronizing with the monero node:

+ +

Now here you can use the monero wallet like that without going through tor (but here we're in whonix so it goes through tor anyway), if you want to use .onion monero nodes you will need to enable the SOCKS5 proxy option inside the wallet:

+ + +

Now with this setup we can use .onion monero nodes as follows (pick one you trust from https://monero.fail/ for example my .onion monero node at this URL: http://daturab6drmkhyeia4ch5gvfc2f3wgo6bhjrv3pz6n7kxmvoznlkq4yd.onion:18081

+ +

Here again, wait for the monero wallet to finish synchronizing to be able to recieve and send monero:

+ +

Now that we're setup let's get some monero from localmonero.co:

+

AS OF 7TH OF MAY 2024 LOCALMONERO HAS STOPPED OPERATING, THEY WERE THE ONLY DIRECT FIAT -> XMR OPTION WITHOUT ANY KYC. this means you're now forced to use Haveno DEX!!!!

+ + + + +

Now we want to buy monero for euros, for speed i recommend just buying some using SEPA instant transfer if your bank accepts it. However if you don't mind waiting weeks, the preferred method on localmonero.co is cash-by-mail, as cash can't be traced. But still, it shoudln't matter even if you buy monero with your credit card to a random vendor, your bank will see that you sent money to someone, and if the vendor is malicious they may log that you bought some monero, but still they will be unable to know what you do with your monero. it's like retrieving cash from the bank, the bank knows you bought some cash but they can't know what you do with it.

+

So here we want to find a vendor that offers monero for SEPA instant transfers, preferably someone who doesn't do KYC.

+ +

The trade should go like this:

+
    +
  • 0) you send the monero address
  • +
  • 1) they send you the IBAN to send the bank transfer to,
  • +
  • 2) you send them the money,
  • +
  • 3) and then you declare that you have paid on monero,
  • +
  • 4) and then you wait 30 minutes approximately to recieve the monero.
  • +
+ +

if trade is completed smoothly, always rate vendors as trustworthy, as this is how localmonero works, always on trust.

+

Now that you recieved some monero, you can send them to whoever has a XMR address like i do:

+ +

for example if you want to donate a few leftovers moneros like this feel free to do so:

+ +

Keep in mind that services that ask you to pay monero, they will ask you to send an EXACT monero amount for purchases (ex: 0.763011 XMR), that is intentional, do not send more than requested as it is used to know from which customer the monero comes from.

+ +BONUS: CLI Wallet Setup +

If you want to get the full Haxx0r vibes, you can install the monero CLI wallet aswell:

+

+[ mainpc ] [ /dev/pts/2 ] [~/Desktop]
+→ apt install monero -y
+
+[ mainpc ] [ /dev/pts/2 ] [~/Desktop]
+→ monero-wallet-cli --version
+Monero 'Fluorine Fermi' (v0.18.0.0-unknown)
+
+
+ +

Once it finishes installing, create your monero wallet:

+ +

If you're doing it from a whonix VM, then say no to mining and use an onion-based monero daemon (if not on a whonix VM, then use a clearnet monero node), like the one i'm hosting, you can find a full list of other ones on monero.fail or on xmr.datura.network :

+ +

Wait for it to finish synchronizing, then you can go get some monero from a vendor on localmonero.co (by giving them a wallet address you'd have created:

+

+apt install monero -y
+
+monero-wallet-cli
+#follow the instructions to create your wallet
+#synchronize it with this command:
+set_daemon http://uyjehlovjudh2wlvkp5a2seme5vgqc4o463atkv2ulsovloqrqw2icyd.onion:18081 trusted
+#then wait for the daemon to finish synchronizing, and type "refresh" regularly to make sure that it synchronizes with the node, expect to type that command a few times as tor connections are unstable at times.
+
+#OR you can use a clearnet monero node, but this is not recommended because you may be spied on!
+
+[wallet 49vq93 (no daemon)]: set_daemon  http://datura.network:18081
+Error: This is not Tor/I2P address, and is not a trusted daemon.
+Error: Either use your own trusted node, connect via Tor or I2P, or pass this-is-probably-a-spy-node and be spied on.
+
+[wallet 49vq93 (no daemon)]: set_daemon http://datura.network:18081 this-is-probably-a-spy-node
+Warning: connecting to a non-local daemon without SSL, passive adversaries will be able to spy on you.
+Daemon set to http://datura.network:18081, untrusted
+[wallet 49vq93 (out of sync)]: refresh
+Starting refresh...
+
+[wallet 49vq93 (out of sync)]: refresh
+Starting refresh...
+Refresh done, blocks received: 19388
+Currently selected account: [0] Primary account
+Tag: (No tag assigned)
+Balance: 0.000000000000, unlocked balance: 0.000000000000
+
+
+ +

Once that's done, you can order monero from a non-KYC exchange here (out of which i recommend using Haveno DEX.

+

You're going to need to create a monero address first like so:

+

+[wallet 49vq93]: help
+
+Important commands:
+
+"welcome" - Show welcome message.
+"help all" - Show the list of all available commands.
+"help <command>" - Show a command's documentation.
+"apropos <keyword>" - Show commands related to a keyword.
+
+"wallet_info" - Show wallet main address and other info.
+"balance" - Show balance.
+"address all" - Show all addresses.
+"address new" - Create new subaddress.
+"transfer <address> " - Send XMR to an address.
+"show_transfers [in|out|pending|failed|pool]" - Show transactions.
+"sweep_all <address>" - Send whole balance to another wallet.
+"seed" - Show secret 25 words that can be used to recover this wallet.
+"refresh" - Synchronize wallet with the Monero network.
+"status" - Check current status of wallet.
+"version" - Check software version.
+"exit" - Exit wallet.
+
+"donate <amount>" - Donate XMR to the development team.
+
+[wallet 49vq93 (out of sync)]: address new
+1  85j1rw64XoMhrXc55kwdCdFAmXaiU23MHYf1VBSLExTve5WM1NeFfw13wXrDeUumj48h5G4nuw3tuAxqpw5WyXniE8pE8uK  (Untitled address)
+[wallet 49vq93 (out of sync)]: address new localmonero
+2  89uyMGJunXfSC375iEptD2WLCb5uidKJSEuUYL3n5fRMg6ccM7L5prSUi9YGgGFPS5T8Z95BJh93HKykUYWECmNfJhNFb9z  localmonero
+
+
+

in this case, we'll use the 89uyMGJunXfSC375iEptD2WLCb5uidKJSEuUYL3n5fRMg6ccM7L5prSUi9YGgGFPS5T8Z95BJh93HKykUYWECmNfJhNFb9z address for all trades on haveno DEX. DO NOT USE IT ELSEWHERE! just like passwords, you want to have one per service. If you want to recieve monero from another place, create a new address.

+ + +

Check out my other tutorials on Decentralised Finances below:

+
    +
  1. ✅ How to acquire and use Monero
  2. +
  3. ✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐
  4. +
  5. ✅ Haveno DEX Dispute resolution (Fiat -> XMR)
  6. +
  7. ✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction
  8. +
  9. ✅ Haveno DEX Cash By Mail -> XMR transaction ⭐

+ + +
+
+
+
+ + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/monero2024/node.html b/servers/monero2024/node.html new file mode 100644 index 0000000..89505a2 --- /dev/null +++ b/servers/monero2024/node.html @@ -0,0 +1,264 @@ + + + + + + + + + + + Monero Node Setup + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+
+ Previous Page

nihilist@mainpc - 2024-01-31

+

Monero Node Setup

+ +

In this tutorial we're going to take a look at how to setup a monero node

+ +
+
+
+
+ + +
+
+
+
+

Initial Setup

+

First install monero from the repositories:

+

+[ Datura Network ] [ /dev/pts/0 ] [/srv/datura.network]
+→ apt install monero -y
+	
+[ Datura Network ] [ /dev/pts/0 ] [/srv/datura.network]
+→ vim /etc/systemd/system/moneronode.service
+
+[ Datura Network ] [ /dev/pts/0 ] [/srv/datura.network]
+→ cat /etc/systemd/system/moneronode.service
+[Unit]
+Description=monerod
+After=network.target
+Wants=network.target
+
+[Service]
+ExecStart=/usr/bin/monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist --data-dir /srv/XMR --block-sync-size=50 --out-peers 100 --prep-blocks-threads=128 --prune-blockchain --sync-pruned-blocks --rpc-bind-port=18081 --rpc-bind-ip=0.0.0.0 --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --confirm-external-bind --non-interactive
+Restart=on-failure
+RestartSec=10s
+
+
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
+
+

If you want to have a local-only monero node to use over tor, you can use this config instead:

+

+[ Wonderland ] [ /dev/pts/9 ] [/mnt/md3]
+→ cat /etc/systemd/system/moneronode.service
+[Unit]
+Description=monerod
+After=network.target
+Wants=network.target
+
+[Service]
+ExecStart=/usr/bin/monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist --data-dir /mnt/md3/XMR --block-sync-size=50 --out-peers 100 --prep-blocks-threads=128 --prune-blockchain --sync-pruned-blocks --rpc-bind-port=18081 --rpc-bind-ip=127.0.0.1 --p2p-bind-ip=127.0.0.1 --p2p-bind-port=18080 --non-interactive
+Restart=on-failure
+RestartSec=10s
+
+
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
+
+
+
+

Then wait for it to sync after enabling the systemd service:

+

+[ Datura Network ] [ /dev/pts/0 ] [/srv/datura.network]
+→ systemctl daemon-reload
+
+[ Datura Network ] [ /dev/pts/0 ] [/srv/datura.network]
+→ systemctl enable --now moneronode
+Created symlink /etc/systemd/system/multi-user.target.wants/moneronode.service → /etc/systemd/system/moneronode.service.
+
+[ Datura Network ] [ /dev/pts/0 ] [/srv/datura.network]
+→ systemctl status moneronode
+● moneronode.service - monerod
+     Loaded: loaded (/etc/systemd/system/moneronode.service; enabled; preset: enabled)
+     Active: active (running) since Sun 2023-07-09 15:36:44 CEST; 2min 22s ago
+   Main PID: 8410 (monerod)
+      Tasks: 30 (limit: 77000)
+     Memory: 1.7G
+        CPU: 1min 53.681s
+     CGroup: /system.slice/moneronode.service
+             └─8410 /usr/bin/monerod --zmq-pub tcp://127.0.0.1:18083 --disable-dns-checkpoints --enable-dns-blocklist --data-dir /srv/XMR --block-sync-size=50 --out-peers 100 --prep-blocks-threads=128 --prune-blockchain --sync-pruned-blocks --rpc-bind-port=18081 --rpc-bind-ip=0.0.0.0 ->
+
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.055        I Synced 88702/2925934 (3%, 2837232 left)
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.188        I Synced 88752/2925934 (3%, 2837182 left)
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.310        I Synced 88802/2925934 (3%, 2837132 left)
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.452        I Synced 88852/2925934 (3%, 2837082 left)
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.576        I Synced 88902/2925934 (3%, 2837032 left)
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.756        I Synced 88952/2925934 (3%, 2836982 left)
+Jul 09 15:39:06 Datura monerod[8410]: 2023-07-09 13:39:06.890        I Synced 89002/2925934 (3%, 2836932 left)
+Jul 09 15:39:07 Datura monerod[8410]: 2023-07-09 13:39:07.060        I Synced 89052/2925934 (3%, 2836882 left)
+Jul 09 15:39:07 Datura monerod[8410]: 2023-07-09 13:39:07.182        I Synced 89088/2925934 (3%, 2836846 left)
+Jul 09 15:39:07 Datura monerod[8410]: 2023-07-09 13:39:07.376        I Synced 89138/2925934 (3%, 2836796 left)
+	
+
+

On a SSD it may take 1 day, and weigh approximately 60 gigs as of writing this tutorial. The synchronisation is a very disk-intensive process, and so it is required to do it on a nvme disk or ssd at least. If you try to do that on a HDD it will take much, much longer. If you don't have a choice, sync it on a nvme somewhere and then rsync it to a server that has only HDDs.

+ +

Then allow the ports you want from ufw:

+

+root@XMR:~# sudo ufw allow 18080
+Rules updated
+Rules updated (v6)
+
+root@XMR:~# sudo ufw allow 18081
+Rules updated
+Rules updated (v6)
+
+
+

Once you've finished setting up your monero instance, make sure you have it listed on https://monero.fail or on https://xmr.datura.network.

+
+
+
+
+
+
+
+
+

Onion Setup

+

Once your monero node is synchronized, you can allow tor users to access it via a .onion link like so:

+

+[ Wonderland ] [ /dev/pts/9 ] [~]
+→ apt install tor
+
+[ Wonderland ] [ /dev/pts/9 ] [~]
+→ cat /etc/tor/torrc
+HiddenServiceDir /var/lib/tor/monero-service/
+HiddenServicePort 18080 127.0.0.1:18080
+HiddenServicePort 18081 127.0.0.1:18081
+
+
+[ Wonderland ] [ /dev/pts/9 ] [~]
+→ systemctl restart tor@default
+
+
+

Then find your onion link right here:

+

+[ Wonderland ] [ /dev/pts/9 ] [~]
+→ cat /var/lib/tor/monero-service/hostname
+uyjehlovjudh2wlvkp5a2seme5vgqc4o463atkv2ulsovloqrqw2icyd.onion
+
+
+

And then you can use it to connect to it via your monero wallet. as shown here

+

+apt install monero -y
+
+monero-wallet-cli
+#follow the instructions to create your wallet
+#synchronize it with this command:
+set_daemon http://uyjehlovjudh2wlvkp5a2seme5vgqc4o463atkv2ulsovloqrqw2icyd.onion:18081 trusted
+#then wait for the daemon to finish synchronizing, and type "refresh" regularly to make sure that it synchronizes with the node, expect to type that command a few times as tor connections are unstable at times.
+refresh
+status
+
+
+
+
+
+
+ + + +
+
+
+
+

Nihilism

+

+ Until there is Nothing left. + +

+
+ +
+

My Links

+

+ + RSS Feed
Matrix Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8


Contact: nihilist@nihilism.network (PGP)

+
+ +
+ +
+
+ + + + + + + diff --git a/servers/nonkycdomains/0.png b/servers/nonkycdomains/0.png new file mode 100644 index 0000000..33041af --- /dev/null +++ b/servers/nonkycdomains/0.png @@ -0,0 +1 @@ +