Skip to content

Latest commit

 

History

History
42 lines (30 loc) · 1.73 KB

README.md

File metadata and controls

42 lines (30 loc) · 1.73 KB

Whonix on KVM in Linux containers

This repository contains a collection of Nix expressions and shell scripts for running Whonix virtual machines on KVM via libvirt inside of Docker containers. Docker serves to simplify the configuration and management of the network and filesystem resources associated with Whonix virtual machines.

!!! WARNING !!!

This repository includes a patch [1] to the Whonix-Gateway firewall to work
around an unresolved libvirt-related networking issue.

Do not use this repository for anonymization unless you understand the
consequences of both this patch and the mere fact of its presence.

[1] ./nix/whonix.nix#80

Quickstart

No need to clone this repository.

First, install Nix.

Then, run:

echo "FROM scratch" | docker build --label whonix-now-demo -t whonix-now-demo -f - /var/empty

docker run --rm -it --name whonix-now-demo --label whonix-now-demo \
    --cap-add=NET_ADMIN \
    --device /dev/kvm \
    --device /dev/net/tun \
    --mount type=bind,src=/nix/store,dst=/nix/store,ro \
    --mount type=bind,src=/tmp/.X11-unix,dst=/tmp/.X11-unix,ro \
    --mount type=bind,src=$XAUTHORITY,dst=/host.Xauthority,ro \
    --env KVM_GID=$(stat -c '%g' /dev/kvm) \
    --env DISPLAY \
    whonix-now-demo \
    $(nix build 'github:nspin/whonix-now?dir=nix#entryScript' --print-out-paths \
        --extra-experimental-features nix-command --extra-experimental-features flakes)

See ./Makefile and ./nix/whonix.nix for more features such as shared directories, audio support, and support for Kali Linux as an alternative to the Whonix Workstation.