Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won

  • Feedback


buzzkillb last won the day on September 14

buzzkillb had the most liked content!

Community Reputation

196 Excellent


About buzzkillb

  • Rank
    Senior Denarian

Personal Information

  • D Address

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. useful references https://github.com/cloudflare/python-cloudflare https://github.com/cloudflare/python-cloudflare/blob/master/cli4/cli4.man https://github.com/cloudflare/python-cloudflare/blob/master/examples/example_delete_zone_entry.py https://shapeshed.com/jq-json/
  2. Spent some time with the DNS seeders and there is very little info so I was playing with cloudflare and wondered if I could automate the DNS seeds somehow. I assume this works on any coins that has a peer list with minor tweaks. The basic idea is getpeerinfo from the daemon into a json file and then send line by line of that into an A record on your seeder domain name. I am hopeful some others will see this and have a better idea how to automate this by making it easier to setup and run on generic coin. Make a cloudflare account and point your domain denarius.pro at the cloudflare nameservers from your domain host control panel. Now we can edit records on cloudflare and the changes are almost immediate. #Install Python Cloudflare sudo apt install python-pip git clone https://github.com/cloudflare/python-cloudflare cd python-cloudflare ./setup.py build sudo ./setup.py install #Create a config file for your cloudflare API, change email and token (API KEY) mkdir ~/.cloudflare nano ~/.cloudflare/cloudflare.cfg [CloudFlare] email = <[email protected]> token = <API KEY> certtoken = v1.0-... extras = #test this works. change the ipv4 and denarius.pro to your stuff. dnsseed.denarius.pro is what my example will show. cli4 --post name="dnsseed" type="A" content="" /zones/:denarius.pro/dns_records now we want to store a couple text files somewhere. you choose this for now I will use /root/ #create seed.sh and edit denarius.pro to your domain name. still using dnsseed.denarius.pro for this example. #!/bin/sh grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' "${1:?}" | while read IP do echo "$IP" cli4 --post name="dnsseed" type="A" content="$IP" /zones/:denarius.pro/dns_records done make this file executable chmod +x seed.sh now how to grab and put the ipv4's into the domain A records. denariusd daemon send peerinfo into a json file. then jq parses the json for the addr array and then we remove some junk and put that into peers.txt. From there the bash file uses regex to make the ipv4's pretty. denariusd getpeerinfo > peer.json jq '.[] | .addr' -r peer.json | sed 's/[][]//g' > peers.txt ./seed.sh peers.txt This can be updated as much as the cloudflare API limits gives. But how to remove A records and try to keep this list fresh? Lets make a delete file from python cloudflare examples. https://github.com/cloudflare/python-cloudflare/blob/master/examples/example_delete_zone_entry.py #create delete.py and chmod+x this, and then put this inside. #!/usr/bin/env python """Cloudflare API code - example""" from __future__ import print_function import os import sys import re import json import requests sys.path.insert(0, os.path.abspath('..')) import CloudFlare def main(): """Cloudflare API code - example""" try: zone_name = sys.argv[1] dns_name = sys.argv[2] except IndexError: exit('usage: example_delete_zone_entry.py zone dns_record') cf = CloudFlare.CloudFlare() # grab the zone identifier try: params = {'name':zone_name} zones = cf.zones.get(params=params) except CloudFlare.exceptions.CloudFlareAPIError as e: exit('/zones %d %s - api call failed' % (e, e)) except Exception as e: exit('/zones.get - %s - api call failed' % (e)) if len(zones) == 0: exit('/zones.get - %s - zone not found' % (zone_name)) if len(zones) != 1: exit('/zones.get - %s - api call returned %d items' % (zone_name, len(zones))) zone = zones[0] zone_id = zone['id'] zone_name = zone['name'] print('ZONE:', zone_id, zone_name) try: params = {'name':dns_name + '.' + zone_name} dns_records = cf.zones.dns_records.get(zone_id, params=params) except CloudFlare.exceptions.CloudFlareAPIError as e: exit('/zones/dns_records %s - %d %s - api call failed' % (dns_name, e, e)) found = False for dns_record in dns_records: dns_record_id = dns_record['id'] dns_record_name = dns_record['name'] dns_record_type = dns_record['type'] dns_record_value = dns_record['content'] print('DNS RECORD:', dns_record_id, dns_record_name, dns_record_type, dns_record_value) try: dns_record = cf.zones.dns_records.delete(zone_id, dns_record_id) print('DELETED') except CloudFlare.exceptions.CloudFlareAPIError as e: exit('/zones.dns_records.delete %s - %d %s - api call failed' % (dns_name, e, e)) found = True if not found: print('RECORD NOT FOUND') exit(0) if __name__ == '__main__': main() to run the deleter, and it appears this only deletes 10-15 records at a time, so you might need to run this 5 times before sending a fresh list. This is only deleting records from dnsseed.denarius.pro. Nothing else on denarius.pro. Magical. ./delete.py denarius.pro dnsseed Right now I am trying to think how frequent to send new ip's and delete the list and start over. Once I get that down I will post a sample cronjob to use. Otherwise this should work with basically any bitcoin fork daemon, maybe minor tweaks. I also need a better regex to parse ipv6 so we can also make some on the fly AAAA records.
  3. TTL might need to be changed NS 7200 A 1800
  4. I am using Scaleway VPS which only allows Ubuntu 18.04 Bionic for the cheaper plans. systemd-resolve appears to take over port 53. lsof -i -P -n | grep LISTEN and we see port 53 what I did to remove this was sudo nano /etc/systemd/resolved.conf then edit resolved.conf to this DNS= DNSStubListener=no restart systemd-resolved sudo systemctl restart systemd-resolved save old symlink sudo mv /etc/resolv.conf /etc/resolv.conf.OLD create new symlink sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf lets check if port 53 is there anymore lsof -i -P -n | grep LISTEN its gone, now go run your seeder and wait for DNS records to propagate through the internet backbone
  5. I am using he.net free dns for the setup of nameservers. https://dns.he.net Get a domain like denarius.guide for our example. The dns seeder nameserver will be dnsseed.denarius.guide Go to your domain and point it to the given he.net servers so he.net is handling your records. Lets add the first part. This creates dnsseed.denarius.guide. 86400 IN NS seeder.denarius.guide. Now lets point seeder.denarius.guide to our vps ip. This creates seeder.denarius.guide. 86400 IN A Also can create an AAAA record because IPv6 is the future right? This creates seeder.denarius.guide. 86400 IN AAAA 2001:bc8:47a0:1933::1 On the vps side we need our dns seeder. Clone a seeder repo, get dependencies, and compile. This could vary depending on OS and VPS. git clone https://github.com/buzzkillb/d-seeder sudo apt-get install build-essential libboost-all-dev libssl-dev make -j2 Run the seeder for a while, and wait for the DNS to propagate. I also sudo apt install tor just because ./dnsseed -h dnsseed.denarius.guide -n seeder.denarius.guide -m buzz.denarius.io -o How to check if this is working. https://www.whatsmydns.net/#NS/dnsseed.denarius.guide
  6. If you get this error RAN: /usr/bin/gpg --keyserver pgp.mit.edu --recv-keys 0064428F455451B3EBE78A7F063938BA42CFA724 STDOUT: Change the server in the setup file. nano setup GPG_KEY_SERVER = 'ha.pool.sks-keyservers.net '
  7. A guide on how to setup Windows 10 in Qubes 4.0.2-rc1, and then how to login using RDP in a Fedora Qube for clipboard anf file sharing. If you are finding this tutorial, I am going to skip some of the basic how to install Windows 10 shenanigans, as that's a bit redundant. First read through the original guide a few times to get a feel for this. https://groups.google.com/d/msg/qubes-users/dB_OU87dJWA/X2WWa1y-BQAJ What I did was get the Win10 ISO from MS download tool and put that windows.ISO file on a usb drive. https://www.microsoft.com/en-us/software-download/windows10 I then took this file and put it inside a qube's download folder. Once there we use the official Qubes docs. Choose your qube and folder the ISO was placed in for the last step here. https://www.qubes-os.org/doc/windows-vm/ Create a new Qube: Name: Win10, Color: red Standalone Qube not based on a template Networking: sys-firewall (default) Launch settings after creation: check Click “OK”. Settings: Basic: System storage: 30000+ MB Advanced: Include in memory balancing: uncheck Initial memory: 4096+ MB Kernel: None Mode: HVM Click “Apply”. Click “Boot from CDROM”: “from file in qube”: Select the qube that has the ISO. Select ISO by clicking “…”. Click “OK” to boot into the windows installer. Setup Windows 10 as usual, each time the Qube resets the VM will close, keep starting up again until you get to the login screen. Make sure to put some type of password in as we will use this username and password to login through RDP later in the guide. Setup RDP in Windows 10. Enable Remote Desktop in Settings > System Next we need a Fedora qube running freerdp and a firewall qube. I cloned the Fedora 30 template and sys-firewall templates. Because sys-firewall is based off of the Fedora 30 template lets install freerdp in there, I also installed nano since I prefer that to edit files. open up terminal in fedora-30 templateVM. sudo dnf --refresh install freerdp sudo dnf install nano Clone the sys-firewall qube and I called mine sys-firewall-RDP so I knew which one to mess around with. Clone fedora-30 templateVM and use sys-firewall-RDP for your network, call it whatever, fedora-RDP for eaxmple. Lets get the firewall to talk between Win10 qube and our new fedora-RDP qube. We need the IP addresses of both of these qubes for the next step. Open a terminal in sys-firewall-RDP qube. Example Qube A - fedora-RDP ( Qube B - Win10 ( sudo nano /rw/config/qubes-firewall-user-script iptables -I FORWARD 2 -s -d -j ACCEPT iptables -I FORWARD 2 -s -d -j ACCEPT save this and next file to edit sudo nano /rw/config/rc.local iptables -I INPUT -s -j ACCEPT iptables -I INPUT -s -j ACCEPT Restart the sys-firewall-RDP qube. Open fedora-RDP terminal and Win10 qubes. I was able to ping from fedora-RDP and now we are getting close. a sample run of freerdp xfreerdp /u:<USERNAME> /p:<PASSWORD> /v:<WIN10 QUBE IP>:3389 or xfreerdp /u:buzzkillb /p:denariusrocks /v: Some magic should happen and now you RDP'd into Windows 10. Lets add clipboard sharing and file sharing. xfreerdp /u:buzzkillb /p:denariusrocks /v: /drive:software,/home/user/Downloads /clipboard this will create a Windows shared folder called software in the fedora-RDP qube and share with /home/user/Downloads and also allow copy and paste text. lets just show some extra power of this. regedit this to 1 in your Windows 10 Qube. https://getadmx.com/?Category=Windows_10_2016&Policy=Microsoft.Policies.TerminalServer-Server::TS_ALLOW_APPS xfreerdp /u:buzzkillb /p:denariusrocks /v: /drive:software,/home/user/Downloads /clipboard /app:"C:\Windows\explorer.exe" This line will open a windows of just the Windows File Explorer. I ended up creating a start.sh file with these lines like this. start.sh #!/bin/sh xfreerdp /u:buzzkillb /p:denariusrocks /v: /drive:software,/home/user/Downloads /clipboard /app:"C:\Windows\explorer.exe" What would be sweet is putting start.sh into /usr/local/bin and creating a desktop icon in the fedora-RDP qube, to pull these things up like they are in typical Qubes format. I will add more as I play around with this. Next will also be how to run a GPU for games.
  8. How to install bionic-builder template for Ubuntu 18.04 in Qubes OS 4.0.2-rc1, Qbuntu Clone your fedora-30 vanilla template into a temporary 'builder' we will use to create Ubuntu templates. Top left button -> Terminal Emulator [[email protected] ~]$ qvm-clone fedora-30 ubuntu-builder go into the bionic-builder template and pick your network (sys-firewall), and give yourself 30gb for private storage. Open the terminal for this template and begin. [[email protected] ~]$ gpg I missed the receive keys screenshot [[email protected] ~]$ gpg --recv-keys 0x36879494 [[email protected] ~]$ gpg --edit-key 36879494 gpg> trust >Your decision? 5 >Do you really want to set this key to ultimate trust? Y gpg> quit [[email protected] ~]$ wget http://keys.qubes-os.org/keys/qubes-developers-keys.asc [[email protected] ~]$ gpg --import qubes-developers-keys.asc [[email protected] ~]$ sudo dnf install nano [[email protected] ~]$ sudo dnf install git createrepo rpm-build rpm-sign make python-sh rpmdevtools rpm-sign dialog [[email protected] ~]$ git clone https://github.com/QubesOS/qubes-builder [[email protected] ~]$ cd qubes-builder [[email protected] qubes-builder]$ nano example-configs/qubes-os-r4.0.conf [[email protected] qubes-builder]$ ./setup select Y to anything missing Select Yes to keys that don't exist. Select Yes to add, this one glitches out for me, but worked first try writing this. Just keep rerunning ./setup over and over until this passes through. If this still won't work, change the pgp.mit.edu server to something else in the setup file. nano setup GPG_KEY_SERVER = 'ha.pool.sks-keyservers.net ' Select Qubes Release 4.0 Select Stable Select none of these options Build Template Only? Yes Select your OS template, this example is using Bionic+desktop Select builder-rpm and builder-debian Get Source? Yes Wait while this gets what the source files. This screen gives us what to do next. make install-deps make get-sources make qubes-vm make-template [[email protected] qubes-builder]$ ls -altr qubes-src/linux-template-builder/rpm Go to your dom0 terminal and move the install-templates.sh file over [[email protected] ~]$ qvm-run --pass-io ubuntu-builder 'cat /home/user/qubes-builder/qubes-src/linux-template-builder/rpm/install-templates.sh' > install-templates.sh [[email protected] ~]$ chmod +x install-templates.sh ./install-templates.sh After this was done, I cloned this into a crypto version to play around in. This is a cryptocurrency related site after all. qvm-clone bionic-desktop bionic-crypto After that, I then deleted the bionic-builder templateVM from Qube Manager to save some disk space.
  9. Setup VPN AppVM Specifically for PIA VPN. Based on https://github.com/tasket/Qubes-vpn-support #go into Debian 10 template and install openvpn #open debian 10 terminal sudo apt update sudo apt install openvpn #shutdown debian 10 template reference: https://www.qubes-os.org/doc/software-update-vm/ #create new Qube AppVM Name and Label: VPN Type: Qubes Based on a template (AppVM) Template: Debian 10 Networking: sys-net checkmark: provides network checkmark: launch settings after creation Next, add vpn-handler-openvpn to the ProxyVM's Settings / Services tab by typing it into the top line and clicking the plus icon. Do not add other network services such as Network Manager. open up a terminal in this AppVM sudo mkdir -p /rw/config/vpn cd /rw/config/vpn sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip sudo unzip openvpn.zip sudo cp 'US West.ovpn' vpn-client.conf cd ~ git clone https://github.com/tasket/Qubes-vpn-support cd Qubes-vpn-support #can either use the master branch or (git checkout 1.4.3) (git pull) sudo bash ./install Enter PIA username/password when prompted this is saved to /rw/config/vpn/userpassword.txt restart the AppVM and it should show the link is up in top right corner. Then connect an AppVM to this new VPN AppVM
  10. I am using the Ubuntu 16.04 template I created for this. https://denariustalk.org/index.php?/topic/305-guide-to-installing-qbuntu-ubuntu-1604-xenial-templatevm-in-qubes-402-rc1/ Now create an AppVM. Top left button -> Create Qubes VM. Name and Label: VerusCoin-Agama Type: Qubes based on a template (AppVM) template: whichever linux template you created to run Agama from networking: sys-firewall or sys-whonix checkmark launch settings after creation. Give this 2gb ram at least. Go to firefox from this AppVM and download the latest Agama wallet. Go to the Files from this AppVM and double click the appimage in the /Downloads folder. When it prompts to install, say yes. Go to the top left button and click Terminal Emulator because we want to configure dom0. In there type qvm-sync-appmenus VerusCoin-Agama now go back to your VerusCoin qube settings, go to the applications tab and then you can bring the Agama app to the right side so this gets added to the menu.
  11. To connect to tor nodes. Look at the IP address of your sys-whonix in Qube Manager. Go into denarius.conf and put tor=10.137.0.x:9050 and now you might be connecting to any onion nodes. Replace that IP obviously with the correct one.
  12. Thought Process Area so I don't clog chat I compile the denariusd wallet daemon into the denarius-crypto template. I then can run denariusd using sys-whonix and give this the network service tag AppVM. Then I run the QT and use that denarius service as the network and basically block everything except port 33369 and 9999 and in denarius.conf have connect=The denariusd Qube IP so the QT only see the daemon which has internet access.
  • Create New...