English Chinese (Traditional)
Qubes gives the flexibility to easily create separate VMs for different purposes. First you will create a Whonix workstation for the wallet with no networking. Next, another Whonix workstation for the @daemon which will use your Whonix gateway as it's NetVM. For communication between the wallet and daemon you can make use of Qubes [qrexec](https://www.qubes-os.org/doc/qrexec3/).
Restart=always PrivateTmp=true
[Service] User=user Group=user
+ Shutdown `monerod-ws`.
+ Shutdown `monero-wallet-ws`.
``` socat STDIO TCP:localhost:18081 ```
``` socat TCP-LISTEN:18081,fork,bind=127.0.0.1 EXEC:"qrexec-client-vm monerod-ws user.monerod" ```
The first workstation will be used for your wallet, it will referred to as `monero-wallet-ws`. You will have `NetVM` set to `none`.
The second workstation will be for the `monerod` daemon, it will be referred to as `monerod-ws`. You will have `NetVM` set to the Whonix gateway `sys-whonix`. Before moving on, make sure this workstation has enough private storage. You can estimate how much space you need by checking the size of the [raw blockchain]({{ site.baseurl }}/downloads/#blockchain). Keep in mind that the blockchain will take up more space with time.
This is safer than other approaches which route the wallets rpc over a Tor hidden service, or that use physical isolation but still have networking to connect to the daemon. In this way you don't need any network connection on the wallet, you preserve resources of the Tor network, and there is less latency.
Type=forking PIDFile=/home/user/.bitmonero/monerod.pid
``` [Unit] Description=Monero Full Node After=network.target
``` [[email protected] ~]$ sudo nano /etc/qubes-rpc/policy/user.monerod ```
``` [email protected]:~$ sudo chmod +x /rw/config/rc.local ```
``` [email protected]:~$ sudo mkdir /rw/usrlocal/etc/qubes-rpc [email protected]:~$ sudo nano /rw/usrlocal/etc/qubes-rpc/user.monerod ```
``` [email protected]:~$ sudo nano /home/user/monerod.service ```
``` [email protected]:~$ sudo nano /rw/config/rc.local ```
+ Using a Whonix workstation template, create two workstations as follows:
With [Qubes](https://qubes-os.org) + [Whonix](https://whonix.org) you can have a Monero wallet that is without networking and running on a virtually isolated system from the Monero daemon which has all of its traffic forced over [Tor](https://torproject.org).