Tor Browser in a Container: Difference between revisions
imported>Evrim mNo edit summary |
imported>Evrim mNo edit summary |
||
Line 1: | Line 1: | ||
Here are a few steps to run Tor Browser in NixOS Container w/ Pulse, Media Support. Most of the time, <code>ssh -X</code> would have sufficed. Nevertheless, to route audio the followings are needed. Prob. there is an easier way which I am not aware of. | |||
Need a few programs beforehand. Install the followings in your user profile. | Need a few programs beforehand. Install the followings in your user profile. | ||
Line 53: | Line 53: | ||
Now the container should be in a sane state to work on. Install the browser: | Now the container should be in a sane state to work on. Install the browser and apulse: | ||
<pre> | <pre> | ||
[root@browser:~]$ su - browser | [root@browser:~]$ su - browser | ||
Line 62: | Line 62: | ||
nix-repl> :i pkgs.callPackage <nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin> { mediaSupport = true; pulseaudioSupport = true; } | nix-repl> :i pkgs.callPackage <nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin> { mediaSupport = true; pulseaudioSupport = true; } | ||
installing 'tor-browser-bundle-bin-8.0.6.drv' | installing 'tor-browser-bundle-bin-8.0.6.drv' | ||
nix-repl> :i pkgs.callPackage <nixpkgs/pkgs/misc/apulse> {} | |||
installing 'apulse-0.1.11.1.drv' | |||
these paths will be fetched (0.04 MiB download, 0.20 MiB unpacked): | |||
/nix/store/mi6kyfjymb3bdpwic3hy9y64hv21hflc-apulse-0.1.11.1 | |||
copying path '/nix/store/mi6kyfjymb3bdpwic3hy9y64hv21hflc-apulse-0.1.11.1' from 'https://cache.nixos.org'... | |||
building '/nix/store/r00d47r40v7mhblly9rqas434x2d53js-user-environment.drv'... | |||
created 121 symlinks in user environment | |||
nix-repl> | nix-repl> | ||
</pre> | </pre> | ||
Line 71: | Line 78: | ||
#!/bin/sh | #!/bin/sh | ||
socat -d TCP-LISTEN:6000,fork,bind=192.168.7.10 UNIX-CONNECT:/tmp/.X11-unix/X0 & | socat -d TCP-LISTEN:6000,fork,bind=192.168.7.10 UNIX-CONNECT:/tmp/.X11-unix/X0 & | ||
xhost + | xhost + | ||
ssh -X browser@192.168.7.11 run-tor-browser.sh | ssh -X browser@192.168.7.11 run-tor-browser.sh | ||
</pre> | </pre> | ||
This <code>run-tor-browser.sh</code> is executed in the container (guest). | This <code>run-tor-browser.sh</code> is executed in the container (guest) by the previous one executed on the host. | ||
<pre> | <pre> | ||
#!/bin/sh | #!/bin/sh | ||
PULSE_SERVER=tcp:192.168.7.10:4713 XAUTHORITY="/home/browser/.Xauthority" DBUS_SESSION_BUS_ADDRESS="" DISPLAY=192.168.7.10:0.0 apulse tor-browser $@ | PULSE_SERVER=tcp:192.168.7.10:4713 XAUTHORITY="/home/browser/.Xauthority" DBUS_SESSION_BUS_ADDRESS="" DISPLAY=192.168.7.10:0.0 apulse tor-browser $@ | ||
</pre> | </pre> | ||
That's it. | |||
Now you should be able to run the browser in a container and have media and audio support. | |||
Have a nice day. |
Revision as of 12:26, 14 March 2019
Here are a few steps to run Tor Browser in NixOS Container w/ Pulse, Media Support. Most of the time, ssh -X
would have sufficed. Nevertheless, to route audio the followings are needed. Prob. there is an easier way which I am not aware of.
Need a few programs beforehand. Install the followings in your user profile.
nix-env -iA nixos.socat
Use the following container conf in configuration.nix
or derive your own.
containers.browser = { autoStart = false; privateNetwork = true; hostAddress = "192.168.7.10"; localAddress = "192.168.7.11"; config = {config, pkgs, ... }: { services.openssh = { enable = true; forwardX11 = true; }; users.extraUsers.browser = { isNormalUser = true; home = "/home/browser"; openssh.authorizedKeys.keys = [ SSH-KEYS-GO-HERE ]; extraGroups = ["audio" "video"]; }; }; };
Mind to fill the SSH keys in. Need to open up ports and pulse audio also:
networking.firewall.allowedTCPPorts = [ 4713 6000 ]; hardware.pulseaudio = { enable = true; systemWide = true; support32Bit = true; tcp = { enable = true; anonymousClients = { allowedIpRanges = ["127.0.0.1" "192.168.7.0/24"]; }; }; };
Then, follow the steps:
- Do a usual
nixos-rebuild switch
and container will be created. - Run the container
nixos-container start browser
. - Root login
nixos-container root-login browser
- Update
nix-channel --update
- Switch
nixos-rebuild switch
Now the container should be in a sane state to work on. Install the browser and apulse:
[root@browser:~]$ su - browser [browser@browser:~]$ nix repl Welcome to Nix version 2.2. Type :? for help. nix-repl> pkgs = import <nixpkgs> {} nix-repl> :i pkgs.callPackage <nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin> { mediaSupport = true; pulseaudioSupport = true; } installing 'tor-browser-bundle-bin-8.0.6.drv' nix-repl> :i pkgs.callPackage <nixpkgs/pkgs/misc/apulse> {} installing 'apulse-0.1.11.1.drv' these paths will be fetched (0.04 MiB download, 0.20 MiB unpacked): /nix/store/mi6kyfjymb3bdpwic3hy9y64hv21hflc-apulse-0.1.11.1 copying path '/nix/store/mi6kyfjymb3bdpwic3hy9y64hv21hflc-apulse-0.1.11.1' from 'https://cache.nixos.org'... building '/nix/store/r00d47r40v7mhblly9rqas434x2d53js-user-environment.drv'... created 121 symlinks in user environment nix-repl>
The following two scripts are needed. Put them in ~/bin
directories or any other directory included in the path.
This run-tor-browser.sh
is executed by the host.
#!/bin/sh socat -d TCP-LISTEN:6000,fork,bind=192.168.7.10 UNIX-CONNECT:/tmp/.X11-unix/X0 & xhost + ssh -X browser@192.168.7.11 run-tor-browser.sh
This run-tor-browser.sh
is executed in the container (guest) by the previous one executed on the host.
#!/bin/sh PULSE_SERVER=tcp:192.168.7.10:4713 XAUTHORITY="/home/browser/.Xauthority" DBUS_SESSION_BUS_ADDRESS="" DISPLAY=192.168.7.10:0.0 apulse tor-browser $@
That's it.
Now you should be able to run the browser in a container and have media and audio support.
Have a nice day.