Whonix on KVM in Linux containers
This repository contains a collection of Nix expressions and shell scripts for running Whonix virtual machines on KVM via libvirt inside of Docker containers. Docker serves to simplify the configuration and management of the network and filesystem resources associated with Whonix virtual machines.
!!! WARNING !!!
This repository includes a patch [1] to the Whonix-Gateway firewall to work
around an unresolved libvirt-related networking issue.
Do not use this repository for anonymization unless you understand the
consequences of both this patch and the mere fact of its presence.
[1] ./nix/whonix.nix#80
No need to clone this repository.
First, install Nix.
Then, run:
echo "FROM scratch" | docker build --label whonix-now-demo -t whonix-now-demo -f - /var/empty
docker run --rm -it --name whonix-now-demo --label whonix-now-demo \
--cap-add=NET_ADMIN \
--device /dev/kvm \
--device /dev/net/tun \
--mount type=bind,src=/nix/store,dst=/nix/store,ro \
--mount type=bind,src=/tmp/.X11-unix,dst=/tmp/.X11-unix,ro \
--mount type=bind,src=$XAUTHORITY,dst=/host.Xauthority,ro \
--env KVM_GID=$(stat -c '%g' /dev/kvm) \
--env DISPLAY \
whonix-now-demo \
$(nix build 'github:nspin/whonix-now?dir=nix#entryScript' --print-out-paths \
--extra-experimental-features nix-command --extra-experimental-features flakes)See ./Makefile and ./nix/whonix.nix for more features such as shared directories, audio support, and support for Kali Linux as an alternative to the Whonix Workstation.