A series of guides that use the Qubes security by isolation model, combined with Whonix for additional hardening and anonymity features, to give users a safer environment to use Bitcoin in multiple ways.

Each application will run in its own Whonix VM, and in the case of Electrum and JoinMarket, the wallets will have full functionality without any network connection. This is accomplished using Qubes' qrexec.

There are some things to consider before following the guides in this series. The first one is that these guides are not fast or necessarily easy to follow (copy/paste if possible to limit errors). Instead, they strive to thoroughly address security and privacy concerns where practically possible.

The next potential issue is that these guides are very narrow in scope. Each of the services are only set up for Bitcoin's mainnet, and provide only very specific features. There are also sacrifices made of computer resources (memory, processing, etc.) in order to provide more security.

The last shortcoming that should be made obvious is the fact that there is no update method described for any of these guides. For now the user is responsible to know if there are new versions (release pages are linked to) and figuring out how to upgrade. An effort is made to keep the guides up to date with current versions, but that fact can't always be relied on.

• 0_bitcoind.md
  • Build a Bitcoin Core full node configured to:
    • Allow other VMs to connect when given permission from dom0.
    • Communicate only over Tor.
    • Index all transactions.
    • Prefer Tor onion endpoints, use them exclusively if possible.
    • Use an ephemeral Tor onion address for serving peers.
    • Utilize Tor stream isolation.
• 1_electrs.md
  • Install an Electrs server configured to:
    • Allow a local Electrum wallet to connect from an offline VM.
    • Allow a remote Electrum wallet to connect via a Tor onion service.
    • Use the 0_bitcoind.md VM as its backend.
• 1_electrum-personal-server.md
  • Install an Electrum Personal Server configured to:
    • Allow a local Electrum wallet to connect from an offline VM.
    • Allow a remote Electrum wallet to connect via a Tor onion service.
    • Use the 0_bitcoind.md VM as its backend.
• 1_electrumx.md
  • Install an Electrumx server configured to:
    • Allow a local Electrum wallet to connect from an offline VM.
    • Allow a remote Electrum wallet to connect via a Tor onion address.
    • Deny peer discovery.
    • Keep Tor onion address private.
    • Use the 0_bitcoind.md VM as its backend.
• 1_joinmarket.md
  • Install JoinMarket configured to:
    • Daemon communicates only over Tor.
    • Provide full functionality for the wallet from an offline VM.
    • Use the 0_bitcoind.md VM to run the daemon.
    • Utilize Tor stream isolation.
• 2_electrum.md
  • Install the Electrum wallet configured to:
    • Connect to the 1_electrs.md, 1_electrum-personal-server.md, or 1_electrumx.md VM.
    • Provide full functionality from an offline VM.

• Paid/dedicated support: 1,000,000 sats per hour. Email me (you may encrypt to this key): qubenix+support at riseup dot net.
• Free support is available if you catch me when I have time on Freenode IRC (OTR: DFD1DA35 D74E775B 3E3DADB1 226282EE FB711).

• BTCPay Server
• c-Lightning
• LND

• https://github.com/qubenix/qubes-whonix-bitcoin
• http://qubenixibxoyldm3l3a5fobreaydmvdweqqojllutyyi4vgtbmugvhad.onion/qubenix/qubes-whonix-bitcoin