Patrick Schleizer: > I didn't notice this thread until now. > > Interesting! > > Now reference here: > https://www.whonix.org/wiki/Monero > > > I am wondering how to save users from as many manual steps as possible. > > > To save users from having to edit /rw/config/rc.local... > >> socat TCP-LISTEN:18081,fork,bind=127.0.0.1 EXEC:"qrexec-client-vm > monerod-ws user.monerod" > > Could maybe replaced by file: > > /etc/anon-ws-disable-stacked-tor.d/40_monero.conf > > content: > > $pre_command socat TCP-LISTEN:18081,fork,bind=127.0.0.1 > EXEC:"qrexec-client-vm monerod-ws user.monerod" > > Should work after reboot (or after "sudo systemctl restart > anon-ws-disable-stacked-tor"). > > Untested. > > Reference: > https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/etc/anon-ws-disable-stacked-tor.d/30_anon-dist.conf >
Tested, works on Whonix 14/Qubes 4.0. Would you consider shipping this as a default Whonix file, or maybe part of a package? If not, the user will have to put this on the TemplateVM or config bind-dirs; which are both additional steps. > > > /etc/qubes-rpc/policy/user.monerod could maybe become: > /etc/qubes-rpc/policy/whonix.monerod > > To have users from manually creating it, could be dropped here: > > https://github.com/QubesOS/qubes-core-admin-addon-whonix/tree/master/qubes-rpc-policy > > If you like, create a pull request and see what Marek thinks. > This would be useful. It's on my radar. > > > /home/user/monerod.service would be better in /rw so only root can write > to it. Even better perhaps systemd user services? > > https://www.brendanlong.com/systemd-user-services-are-amazing.html > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820111 > > Interesting, I didn't know about this. I don't see how moving the file from /home/user/ to /home/user/.config/systemd/user is more secure, though. I think moving it to /rw may be slightly better, but passwordless sudo kind of negates that. The best would be to put it on the TemplateVM in /lib/systemd/system/, but, again, this is more steps for the user. In regards to monero being in stretch-backports now, I think it might be an equal number of steps or more than there is now, and more confusing for the user, to add stretch-backports to the TemplateVM's sources and install via apt. If it were in stretch this would be no question. -- - 0xB44EFD8751077F97 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/06085167-da28-600e-c55b-5063215b112d%40firemail.cc. For more options, visit https://groups.google.com/d/optout.
