From 64bc1f9d57fe3e1cf3c475f2930d984b6c2adf12 Mon Sep 17 00:00:00 2001
From: z3rOR0ne <z3rOR0ne@protonmail.com>
Date: Mon, 23 Sep 2024 01:03:37 -0700
Subject: [PATCH] :wrench: Installed and configured i2pd

---
 .config/i2pd/i2pd.conf    | 289 ++++++++++++++++++++++++++++++++++++++
 .config/i2pd/tunnels.conf |  33 +++++
 .config/privoxy/config    |   1 +
 updates.txt               |  12 ++
 4 files changed, 335 insertions(+)
 create mode 100644 .config/i2pd/i2pd.conf
 create mode 100644 .config/i2pd/tunnels.conf

diff --git a/.config/i2pd/i2pd.conf b/.config/i2pd/i2pd.conf
new file mode 100644
index 00000000..4cc4bb96
--- /dev/null
+++ b/.config/i2pd/i2pd.conf
@@ -0,0 +1,289 @@
+## Configuration file for a typical i2pd user
+## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
+## for more options you can use in this file.
+
+## Lines that begin with "## " try to explain what's going on. Lines
+## that begin with just "#" are disabled commands: you can enable them
+## by removing the "#" symbol.
+
+## Tunnels config file
+## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf
+## Note: /var/lib/i2pd/tunnels.conf is a symlink to /etc/i2pd/tunnels.conf (use the latter)
+# tunconf = /var/lib/i2pd/tunnels.conf
+
+## Tunnels config files path
+## Use that path to store separated tunnels in different config files.
+## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d
+## Note: /var/lib/i2pd/tunnels.d is a symlink to /etc/i2pd/tunnels.d (use the latter)
+# tunnelsdir = /var/lib/i2pd/tunnels.d
+
+## Path to certificates used for verifying .su3, families
+## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates
+## Note: /var/lib/i2pd/certificates is a symlink to /usr/share/i2pd/certificates (use the latter)
+# certsdir = /var/lib/i2pd/certificates
+
+## Where to write pidfile (default: /run/i2pd.pid, not used in Windows)
+# pidfile = /run/i2pd/i2pd.pid
+
+## Logging configuration section
+## By default logs go to stdout with level 'info' and higher
+## For Windows OS by default logs go to file with level 'warn' and higher
+##
+## Logs destination (valid values: stdout, file, syslog)
+##  * stdout - print log entries to stdout
+##  * file - log entries to a file
+##  * syslog - use syslog, see man 3 syslog
+# log = file
+## Path to logfile (default: autodetect)
+logfile = /var/log/i2pd/i2pd.log
+## Log messages above this level (debug, info, *warn, error, critical, none)
+## If you set it to none, logging will be disabled
+# loglevel = warn
+## Write full CLF-formatted date and time to log (default: write only time)
+# logclftime = true
+
+## Daemon mode. Router will go to background after start. Ignored on Windows
+## (default: true)
+# daemon = true
+
+## Specify a family, router belongs to (default - none)
+# family =
+
+## Network interface to bind to
+## Updates address4/6 options if they are not set
+# ifname =
+## You can specify different interfaces for IPv4 and IPv6
+# ifname4 =
+# ifname6 =
+
+## Local address to bind transport sockets to
+## Overrides host option if:
+## For ipv4: if ipv4 = true and nat = false
+## For ipv6: if 'host' is not set or ipv4 = true
+# address4 =
+# address6 =
+
+## External IPv4 or IPv6 address to listen for connections
+## By default i2pd sets IP automatically
+## Sets published NTCP2v4/SSUv4 address to 'host' value if nat = true
+## Sets published NTCP2v6/SSUv6 address to 'host' value if ipv4 = false
+# host = 1.2.3.4
+
+## Port to listen for connections
+## By default i2pd picks random port. You MUST pick a random number too,
+## don't just uncomment this
+# port = 4567
+
+## Enable communication through ipv4 (default: true)
+ipv4 = true
+## Enable communication through ipv6 (default: false)
+ipv6 = false
+
+## Bandwidth configuration
+## L limit bandwidth to 32 KB/sec, O - to 256 KB/sec, P - to 2048 KB/sec,
+## X - unlimited
+## Default is L (regular node) and X if floodfill mode enabled.
+## If you want to share more bandwidth without floodfill mode, uncomment
+## that line and adjust value to your possibilities. Value can be set to
+## integer in kilobytes, it will apply that limit and flag will be used
+## from next upper limit (example: if you set 4096 flag will be X, but real
+## limit will be 4096 KB/s). Same can be done when floodfill mode is used,
+## but keep in mind that low values may be negatively evaluated by Java
+## router algorithms.
+# bandwidth = L
+## Max % of bandwidth limit for transit. 0-100 (default: 100)
+# share = 100
+
+## Router will not accept transit tunnels, disabling transit traffic completely
+## (default: false)
+# notransit = true
+
+## Router will be floodfill (default: false)
+## Note: that mode uses much more network connections and CPU!
+# floodfill = true
+
+[ntcp2]
+## Enable NTCP2 transport (default: true)
+# enabled = true
+## Publish address in RouterInfo (default: true)
+# published = true
+## Port for incoming connections (default is global port option value)
+# port = 4567
+
+[ssu2]
+## Enable SSU2 transport (default: true)
+# enabled = true
+## Publish address in RouterInfo (default: true)
+# published = true
+## Port for incoming connections (default is global port option value)
+# port = 4567
+
+[http]
+## Web Console settings
+## Enable the Web Console (default: true)
+# enabled = true
+## Address and port service will listen on (default: 127.0.0.1:7070)
+# address = 127.0.0.1
+# port = 7070
+## Path to web console (default: /)
+# webroot = /
+## Enable Web Console authentication (default: false)
+## You should not use Web Console via public networks without additional encryption.
+## HTTP authentication is not encryption layer!
+# auth = true
+# user = i2pd
+# pass = changeme
+## Select webconsole language
+## Currently supported english (default), afrikaans, armenian, chinese, czech, french,
+## german, italian, polish, portuguese, russian, spanish, turkish, turkmen, ukrainian
+## and uzbek languages
+# lang = english
+
+[httpproxy]
+## Enable the HTTP proxy (default: true)
+# enabled = true
+## Address and port service will listen on (default: 127.0.0.1:4444)
+# address = 127.0.0.1
+# port = 4444
+## Optional keys file for proxy local destination (default: http-proxy-keys.dat)
+# keys = http-proxy-keys.dat
+## Enable address helper for adding .i2p domains with "jump URLs" (default: true)
+## You should disable this feature if your i2pd HTTP Proxy is public,
+## because anyone could spoof the short domain via addresshelper and forward other users to phishing links
+# addresshelper = true
+## Address of a proxy server inside I2P, which is used to visit regular Internet
+# outproxy = http://false.i2p
+## httpproxy section also accepts I2CP parameters, like "inbound.length" etc.
+
+[socksproxy]
+## Enable the SOCKS proxy (default: true)
+# enabled = true
+## Address and port service will listen on (default: 127.0.0.1:4447)
+# address = 127.0.0.1
+# port = 4447
+## Optional keys file for proxy local destination (default: socks-proxy-keys.dat)
+# keys = socks-proxy-keys.dat
+## Socks outproxy. Example below is set to use Tor for all connections except i2p
+## Enable using of SOCKS outproxy (works only with SOCKS4, default: false)
+# outproxy.enabled = false
+## Address and port of outproxy
+# outproxy = 127.0.0.1
+# outproxyport = 9050
+## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
+
+[sam]
+## Enable the SAM bridge (default: true)
+# enabled = false
+## Address and ports service will listen on (default: 127.0.0.1:7656, udp: 7655)
+# address = 127.0.0.1
+# port = 7656
+# portudp = 7655
+
+[bob]
+## Enable the BOB command channel (default: false)
+# enabled = false
+## Address and port service will listen on (default: 127.0.0.1:2827)
+# address = 127.0.0.1
+# port = 2827
+
+[i2cp]
+## Enable the I2CP protocol (default: false)
+# enabled = false
+## Address and port service will listen on (default: 127.0.0.1:7654)
+# address = 127.0.0.1
+# port = 7654
+
+[i2pcontrol]
+## Enable the I2PControl protocol (default: false)
+# enabled = false
+## Address and port service will listen on (default: 127.0.0.1:7650)
+# address = 127.0.0.1
+# port = 7650
+## Authentication password (default: itoopie)
+# password = itoopie
+
+[precomputation]
+## Enable or disable elgamal precomputation table
+## By default, enabled on i386 hosts
+# elgamal = true
+
+[upnp]
+## Enable or disable UPnP: automatic port forwarding (enabled by default in WINDOWS, ANDROID)
+# enabled = false
+## Name i2pd appears in UPnP forwardings list (default: I2Pd)
+# name = I2Pd
+
+[meshnets]
+## Enable connectivity over the Yggdrasil network  (default: false)
+# yggdrasil = false
+## You can bind address from your Yggdrasil subnet 300::/64
+## The address must first be added to the network interface
+# yggaddress =
+
+[reseed]
+## Options for bootstrapping into I2P network, aka reseeding
+## Enable reseed data verification (default: true)
+verify = true
+## URLs to request reseed data from, separated by comma
+## Default: "mainline" I2P Network reseeds
+# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
+## Reseed URLs through the Yggdrasil, separated by comma
+# yggurls = http://[324:71e:281a:9ed3::ace]:7070/
+## Path to local reseed data file (.su3) for manual reseeding
+# file = /path/to/i2pseeds.su3
+## or HTTPS URL to reseed from
+# file = https://legit-website.com/i2pseeds.su3
+## Path to local ZIP file or HTTPS URL to reseed from
+# zipfile = /path/to/netDb.zip
+## If you run i2pd behind a proxy server, set proxy server for reseeding here
+## Should be http://address:port or socks://address:port
+# proxy = http://127.0.0.1:8118
+## Minimum number of known routers, below which i2pd triggers reseeding (default: 25)
+# threshold = 25
+
+[addressbook]
+## AddressBook subscription URL for initial setup
+## Default: reg.i2p at "mainline" I2P Network
+# defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
+## Optional subscriptions URLs, separated by comma
+subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt
+
+
+[limits]
+## Maximum active transit sessions (default: 5000)
+## This value is doubled if floodfill mode is enabled!
+# transittunnels = 5000
+## Limit number of open file descriptors (0 - use system limit)
+# openfiles = 0
+## Maximum size of corefile in Kb (0 - use system limit)
+# coresize = 0
+
+[trust]
+## Enable explicit trust options. (default: false)
+# enabled = true
+## Make direct I2P connections only to routers in specified Family.
+# family = MyFamily
+## Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
+# routers =
+## Should we hide our router from other routers? (default: false)
+# hidden = true
+
+[exploratory]
+## Exploratory tunnels settings with default values
+# inbound.length = 2
+# inbound.quantity = 3
+# outbound.length = 2
+# outbound.quantity = 3
+
+[persist]
+## Save peer profiles on disk (default: true)
+# profiles = true
+## Save full addresses on disk (default: true)
+# addressbook = true
+
+[cpuext]
+## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
+# aesni = true
+## Force usage of CPU instructions set, even if they not found (default: false)
+## DO NOT TOUCH that option if you really don't know what are you doing!
+# force = false
diff --git a/.config/i2pd/tunnels.conf b/.config/i2pd/tunnels.conf
new file mode 100644
index 00000000..55723c43
--- /dev/null
+++ b/.config/i2pd/tunnels.conf
@@ -0,0 +1,33 @@
+[IRC-ILITA]
+type = client
+address = 127.0.0.1
+port = 6668
+destination = irc.ilita.i2p
+destinationport = 6667
+keys = irc-keys.dat
+
+#[IRC-IRC2P]
+#type = client
+#address = 127.0.0.1
+#port = 6669
+#destination = irc.postman.i2p
+#destinationport = 6667
+#keys = irc-keys.dat
+
+#[SMTP]
+#type = client
+#address = 127.0.0.1
+#port = 7659
+#destination = smtp.postman.i2p
+#destinationport = 25
+#keys = smtp-keys.dat
+
+#[POP3]
+#type = client
+#address = 127.0.0.1
+#port = 7660
+#destination = pop.postman.i2p
+#destinationport = 110
+#keys = pop3-keys.dat
+
+# see more examples at https://i2pd.readthedocs.io/en/latest/user-guide/tunnels/
diff --git a/.config/privoxy/config b/.config/privoxy/config
index 874051ea..0a677016 100644
--- a/.config/privoxy/config
+++ b/.config/privoxy/config
@@ -1455,6 +1455,7 @@ enable-proxy-authentication-forwarding 0
 #      would use something like:
 #
         forward-socks5t   /               127.0.0.1:9050 .
+        forward .i2p / 127.0.0.1:4444
 #
 #      Note that if you got Tor through one of the bundles, you may
 #      have to change the port from 9050 to 9150 (or even another
diff --git a/updates.txt b/updates.txt
index fdd5b8ec..0f9d5148 100755
--- a/updates.txt
+++ b/updates.txt
@@ -596,3 +596,15 @@ Install duf (alternative for df):
 paru duf-git
 Install doggo (alternative for dig):
 paru doggo-bin
+Install i2pd and i2pd-runit:
+doas pacman -S i2pd i2pd-runit
+doas ln -s /etc/runit/sv/i2pd /run/runit/service/i2pd
+Make sure ufw enables i2p:
+doas ufw allow 4444
+And make sure that you forward i2p traffic through privoxy
+(note: must be beneath all other forwards in /etc/privoxy/config):
+forward .i2p localhost:4444
+To access i2p sites, you'll need to modify the /etc/i2pd/i2pd.conf file:
+[addressbook]
+subscriptions= http://add2here.i2p/hosts.txt
+(note: the hosts.txt is how i2p resolves)