monero inheritance merged

opsec/index.html

@@ -222,13 +222,13 @@
                 <li><a href="monero2024/index.html">✅ How to setup a Monero Wallet </a><img src="logos/monero.png" class="logo"></li>
                 <li><a href="chainalysisattempts/index.html">✅ Why can't I trust Centralised Exchanges, and random Monero nodes ?</a><img src="logos/monero.png" class="logo"><img src="logos/ce2.png" class="logo"></li>
 				<li><a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/50">❌ How to get your first Monero ? (xmrbazaar.com, crypto swaps, p2p chats, or work)  </a><img src="logos/monero.png" class="logo"></li>
-				<li><a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/48">❌ Monero Inheritence Management (Threshold encryption (2of3)+ PGP)</a><img src="logos/monero.png" class="logo"></li>
                 <li><a href="haveno-client-f2f/index.html">✅ Haveno Decentralised Exchange direct Fiat -> XMR transaction ⭐</a><img src="logos/haveno.png" class="logo"><img src="logos/monero.png" class="logo"></li>
                 <li><a href="haveno-arbitrator/index.html">✅ Haveno DEX Dispute resolution (Fiat -> XMR) </a><img src="logos/haveno.png" class="logo"><img src="logos/monero.png" class="logo"></li>
                 <li><a href="haveno-sepa/index.html">✅ Haveno DEX Bank Transfer (ex: SEPA) -> XMR transaction </a><img src="logos/haveno.png" class="logo"><img src="logos/monero.png" class="logo"><img src="logos/bank.png" class="logo"></li>
                 <li><a href="haveno-cashbymail/index.html">✅ Haveno DEX Cash By Mail -> XMR transaction ⭐</a><img src="logos/haveno.png" class="logo"><img src="logos/monero.png" class="logo"><img src="logos/cash.png" class="logo"></li>
 				<li><a href="http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/64">❌ Convert Monero into other Cryptos Anonymously  (XMR -> BTC w/ BasicSwap DEX)</a><img src="logos/monero.png" class="logo"><img src="logos/basicswap.png" class="logo"><img src="logos/btc.png" class="logo"></li>
         <li><a href="anoncreditcard/index.html">✅ How to get a credit card anonymously (Credit cards as a service)</a><img src="logos/monero.png" class="logo"><img src="logos/creditcard.png" class="logo"></li>
+				<li><a href="moneroinheritance/index.html">✅ Monero Inheritence Management (VaultWarden Emergency Contacts)</a><img src="logos/monero.png" class="logo"></li>
         </ol></br>
 
 

opsec/moneroinheritance/index.html

@@ -8,7 +8,7 @@
     <meta name="author" content="">
     <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
 
-    <title>Monero Inheritance</title>
+    <title>Monero Inheritence Management (VaultWarden Emergency Contacts)</title>
 
     <!-- Bootstrap core CSS -->
     <link href="../../assets/css/bootstrap.css" rel="stylesheet">
@@ -60,14 +60,11 @@
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
-  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>Prism Breaker</ba></p>
-<h1>How to setup a trustless inheritance plan for your monero </h1>
-<p>If you make a lot of money in monero, and unluckily you are about to reach the end of your life, and again luckily you have someone you care and want them to have your money after your death, this tutorial is for you.</p>
-
-<p>Let's do not ask why you do not handle them your coins or convert to fiat when you are still alive, maybe you want some sort of mysterious surprise for your relative who never heard of monero, and carries on to execute your evil plan with it.</p>
-<img src="coffin.png" class="imgRz" style="width: 700px">
-
-</div>
+  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>XMRONLY - 2025 / 01 / 29</ba></p>
+<h1>Monero Inheritence Management (VaultWarden Emergency Contacts)</h1>
+<img src="0.png" style="width:100px">
+          
+	       </div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /grey -->
@@ -77,149 +74,763 @@
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
-          <h2><b>Theory and setup</b></h2>
-		  <p>The plan is to setup a plan when your family find out you died, <b>they can recover your crypto</b>. You will need <b>2 lawyers</b> to setup this plan. But our plan will utilize some cryptography tools so <b>neither your lawyer or your family members</b> can access your crypto not as you intended.</p>
-		  <img src="whole_process.png" class="imgRz">
-          <p></p>
-		  <p>To achieve what we want, we need <b>threshold encryption</b>, where we need to encrypt containers and make sure that we need at least 2 out of the 3 existing keys to open them, we can use veracrypt <a href="https://blog.nowhere.moe/opsec/veracrypt/index.html">https://blog.nowhere.moe/opsec/veracrypt/index.html</a>, but instead of only using passwords, we'll use keyfiles</p>		  
-		  <p>We will setup a container with password and keyfile, for these kind of container you will need both password and keyfile to open, if one of them is lost, it is impossible to decrypt</p>
-		  <img src="keyfile.png" class="imgRz" style="width: 500px">
+          <h2><b>Introduction</b></h2>
+<br>
+<br>
+<p>
+Uncle Rich has worked hard his entire life and has managed to save a large amount of Monero. Now approaching the later years of his life, he is worried about what will become of his financial legacy. Having no kids of his own, he decides he wants to pass on his wealth to the closest thing to a son he has, his Nephew Nick. Uncle Rich figures the easiest way to do this is by giving Nephew Nick the seedphrase to his wallet but Uncle Rich wants to transfer his wealth only after he passes away. The critical question thus becomes "How does one securely share a secret from beyond the grave?" In this article we will see how to do exactly that, specifically using <b>Vaultwarden</b>, and its <b>Emergency Contacts</b> feature. 
+</p>
 
-		  <p>We will assume you already know to create veracrypt containers and how to mount them</p>
-
-		  <p>The plan is to achieve a <b>2/3</b> multisig scheme. Which means we will have <b>3 keys</b>, and we should be able to access our wallet with <b>any 2 key</b>. It is like a council with 3 people, but you only need 2 people to agree to pass a law</p>
-		  <img src="multi_sig.jpg" class="imgRz" style="width: 500px">
-		  <p></p> 
-		  <p>Monero multi-sig feature is still experimental, and has vulnerability before, so we will use veracrypt to achieve this multi-sig feature. Veracrypt itself does not support multi-sig,so we have to use some little tricks to achieve that. In short, we will create <b>3 keys</b> and <b>3 containers</b>. </p> 
-		  <p>Let's do a simple math, there is 3 possible combinations for 3 keys</p> 
-		  <img src="key_combination.png" class="imgRz" style="width: 500px">
-		  <p></p>
-		  <p>Then you create 3 containers with idential content, but encrypted with 3 keyfile combinations, thus you can achieve a 2/3 multi-sig</p>
-		  <img src="containers.png" class="imgRz" style="width: 500px">
-          <p></p>
-		  <p>Finally you need to thing about a <b>password</b>, since this is also required for veracrypt to operate. You need to <b>remember</b> this, and you should notify your family members about this and make sure they also remember it.</p>
-		  <p>Then use veracrypt to generate <b>3 keyfiles</b>, keyfiles will be random files generated by veracrypt. They have size of 1024kb and is highly random, so your container is <b>impossible to open</b> without them. </p>
-		  <p>Choose to create a new volume, click next until you see the keyfiles option</p>
-		  <img src="10.png" class="imgRz" style="width: 600px">
-		  <p>We will try to generate 3 random keyfiles</p>
-          <img src="11.png" class="imgRz" style="width: 600px">
-          <p>Move your mouse to collect enough entropy, this is very important! The protection from cryptography will be significantly weakened if there is not enough randomness. Then set the key file size to maximum which is <b>1048576</b>. This is the maximum size utilized by veracrypt and we should use that.</p>
-          <img src="12.png" class="imgRz" style="width: 800px">
-		  <p></p>
-          <p>Name your keyfile as <b>key 1</b> and save it. And repeat this step to produce <b>key 2 and key 3</b>. You shoud have <b>3 keyfiles</b> now ready for being used to encrypt your containers.</p>
-		  <img src="Key_ready.png" class="imgRz" style="width: 300px">
-		  <p></p>
-
-		  <p>We will then continue to create 3 containers, you will create containers with the same password, but use a different combination of <b>2 keyfiles</b> for each container as planned</p>
-		  <p>As a remaider, 3 containers will have a encryption setup like this</p> 
-		  <p style="color: red;">Volume 1 : password + key file 1 + key file 2</p>
-		  <p style="color: red;">Volume 2 : password + key file 2 + key file 3</p>
-		  <p style="color: red;">Volume 3 : password + key file 1 + key file 3</p>
-		  <p>Add the keyfiles in keyfile option when creating a new volume</p> 
-		  <img src="16.png" class="imgRz" style="width: 600px">
-		  <p></p> 
-		  <p><b>You will always save three containers together, this means your family member can unlock 1 of the 3 container even one keyfile is lost.</b></p>
-		  <p>The last thing to do is to try to unlock your containers, if sucessful, put your seed text file into each container</p>
-		  <p>Prepare your seed and save it in a file, remember to do this in a <b>trusted</b> environment and destroy it later!</p> 
-		  <img src="seed.png" class="imgRz" style="width: 600px">
-		  <p>Then unlock each container, and make sure you <b>copy the seed into it</b></p>
-		  <img src="seed_store.png" class="imgRz" style="width: 600px">
-
-		  <p>Then you need to properly <b>distribute the keyfiles</b> as follows:</p>
-		  <p>1.You will keep key file 1, and the local copies of containers <b>at home</b></p>
-		  <p>2.Tell your family members about the plan, and most importantly <b>the password</b> they need to know because they still need that for container decryption.</p> 
-		  <p>3.Upload the containers to a <b>cloud storage</b> which is controlled by your family members as a backup. You better ask them which cloud service they use, like icloud or gdrive, and copy the containers to their devices and upload to the cloud, so they can easily find the containers through their most familiar method</p> 
-		  <img src="home_setup.png" class="imgRz" style="width: 600px">		
-		  <p>4.Handle a physical copy of keyfile 2 and keyfile 3 to two different lawyers in different countries, and ask them to send it to your family members when you die officially.</p>
-		  <p>In short there are <b>6 factors</b> that determine the sucess of inheritance, only the <b>keyfiles</b> allow <b>1 fault to happen</b>, so you should be really careful and make sure every part work as expected</p>
-		  <img src="notice.png" class="imgRz" style="width: 700px">
-
-		  <p>In this setup your monero can be safely inherited, and it is resistant against accidents. Different things can happen:</p> 
-		  <p>1.The best case is you died, your family member grab your <b>local copy</b> of containers and keyfile1, and receive keyfile 2 from one lawyer. Then sucessfully decrypt to get the seed, and recovered your monero</p>
-		  <p>2.<b>Your home is destroyed</b> in a disaster, but your family members and download the containers from the cloud. They wait until both lawyers deliver keyfile 2 and keyfile 3 to them. Then unlocked to recover your monero.</p> 
-		  <p>3.<b>One of the lawyer</b> died in earthquake, plus his office also destroyed. Your family member still have your local copy of containers and keyfile 1, and receive another keyfile from the survived lawyer. They unlocked and recovered your monero.</p>
-		  <p>You should find lawyers in <b>different cities</b> to reduce the risk.</p>
-		  <p>You can also print this down as a reference for your family</p>		
-		  <img src="Recovery.png" class="imgRz" style="width: 900px">
-		  <p>This plan prevents your lawyers to steal crypto, because they do not have the containers plus the password. Your family members also cannot access your crypto, because they only have one key.</p>
-		</div>
+				</div>
 			</div><!-- /row -->
 	    </div> <!-- /container -->
 	</div><!-- /white -->
 
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Overview</b></h2> </br> </br>
+<p>
+In order to avoid relying on third parties, we need a sovereign solution that is FOSS, self-hostable, end-to-end encrypted and that stores data in a zero-knowledge environment. Vaultwarden is the ideal candidate for this task as it is an alternative server implementation of Bitwarden that is written in Rust and is memory-safe. It is more light-weight than the full Bitwarden stack and can be easily deployed on a VPS for less than €5 per month. 
+</p>
+<p>
+<img src="1.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+<p>
+Nephew Nick will start by setting up a self-hosted instance where both Uncle Rich and him will create an account. After setting up a reliable notification system, Uncle Rich will grant Nephew Nick Emergency Access to his account, where he has his seedphrase stored. After Nephew Nick accepts Emergency Access, everything will be set in place. In the future, when Nephew Nick requests access to Uncle Rich's vault, Uncle Rich will receive a notification and have a predetermined amount of time to reject the Emergency Access request. If Uncle Rich is still alive at this point, that is trivially easy to do. If Uncle Rich is no longer with us, he will not be able to reject the Emergency Access request. As a result, after the allotted time has expired, Nephew Nick will be notified his request has been granted and will be able to access Uncle Rich's vault where the seedphrase lies. 
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
   <!-- +++++ Second Post +++++ -->
+	<div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Prerequisites</b></h2> </br> </br>
+<p>
+Starting from Nephew Nick's perspective:
+</p>
+
+<p>
+<img src="nick.png"> 
+</p>
+
+<p>
+Prerequisites:
+<br>
+- A <a href=http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anondomain/index.html target=_blank>domain name</a> - Nephew Nick purchased one anonymously using Monero on <b>Njalla</b> using their onion link.
+<br>
+- A <a href=http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/anonymousremoteserver/index.html target=_blank>VPS</a> - Nephew Nick purchased one anonymously using Monero on <b>Kyun</b> using their onion link. Specs consisting of 1 core and 2 GB of memory are more than enough to self-host everything needed for the setup. 
+<br>
+<br>
+<img src="2.png" style="display: block; margin-left: auto; margin-right: auto;">
+<br>
+Nephew Nick knows that Uncle Rich is getting quite old. Uncle Rich is still capable of using a computer but in order for this setup to work it must provide as little friction as possible. As such, we will keep things simple and use email notifications from a self-hosted server. While not overtly private, email is a suitable option in this case given its ease of use and because it is being used strictly for notifications with no sensitive information is being transmitted. Setting up a self-hosted mail server has been <a href=http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec/mailprivate/index.html target=_blank>covered before</a>, however, in this article we will do things a little different in line with running all of our services independently as docker containers. All publicly accessible services will be protected by SSL and we will use Traefik reverse proxy both to automatically procure wildcard SSL certificates and renew them, and also to route traffic to each respective subdomain. Let's get started. 
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>DNS Setup</b></h2> </br> </br>
+<p>
+Nephew Nick will start by setting up DNS records on Njalla (note: no trailing dot is needed). Required are A records pointing to the VPS IP address for xmronly.com, *.xmronly.com, and mail.xmronly.com. An MX record for mail.xmronly.com is also required as shown.
+</p>
+<p>
+<img src="3.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+<p>
+Over on Kyun, Nephew Nick will set a reverse DNS to point to mail.xmronly.com.
+</p>
+<p>
+<img src="4.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+<p>
+With this complete, Nephew Nick can test the DNS records to make sure they are set up correctly and have propagated. With the expected outputs as shown below, we're ready to move on.
+</p>
+<p>
+<pre><code class="nim">
+~ ❯ dig @1.1.1.1 +short MX xmronly.com
+10 mail.xmronly.com.
+~ ❯ dig @1.1.1.1 +short A mail.xmronly.com
+65.87.7.101
+~ ❯ dig @1.1.1.1 +short -x 65.87.7.101
+mail.xmronly.com.
+</code></pre>
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+	<div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Infrastructure Setup</b></h2> </br> </br>
+<p>
+Nephew Nick will SSH into the VPS and install docker. Note: the commands have been stylized for ease of copy/pasting.
+</p>
+
+<pre><code class="nim">
+~ ❯ torsocks ssh root@65.87.7.101
+
+The authenticity of host '65.87.7.101 (65.87.7.101)' can't be established.
+ED25519 key fingerprint is SHA256:QAP2txmiectXuYnTD7LIcd3RMo5cuA8h0kO2gG0RFX.
+This key is not known by any other names.
+Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
+Warning: Permanently added '65.87.7.101' (ED25519) to the list of known hosts.
+root@65.87.7.101's password:
+Linux danbo-0565a7 6.1.0-28-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.119-1 (2024-12-16) x86_64
+
+The programs included with the Debian GNU/Linux system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+permitted by applicable law.
+root@VPS:~#
+
+# Add Docker's official GPG key:
+apt-get update
+apt-get install ca-certificates curl gpg -y
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+
+# Add the repository to Apt sources:
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+  tee /etc/apt/sources.list.d/docker.list > /dev/null
+apt-get update
+
+# Install docker
+apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
+
+# Verify installation was successful
+docker run hello-world
+</code></pre>
+</p>
+<p>
+With docker successfully installed, let's specify a docker network for our containers to use and let's create the required directories to segregate each service we'll be using.
+<pre><code class="nim">
+# Create a docker network
+docker network create proxy
+
+# Create directories for each separate service
+mkdir -p docker/{traefik,mailserver,vaultwarden}
+</code></pre>
+</p>
+<p>
+Next we'll set up a docker-compose file (<b>traefik.yml</b>) in /docker/traefik and tell it to grab an SSL certificate for our mail subdomain mail.xmronly.com. We'll deploy a tiny container (whoami) at this subdomain to test it works correctly. Note: a DNS challenge is required for Traefik to obtain wildcard SSL certificates, and any of a <a href=https://doc.traefik.io/traefik/https/acme/#providers target=_blank>number of DNS providers</a> will suffice with an access token obtained from your account with that provider.
+
+<pre><code class="nim">
+services:
+  traefik:
+    image: docker.io/traefik:latest
+    container_name: traefik
+    ports:
+      - '80:80'
+      - '443:443'
+    command:
+      - '--api=true'
+      - '--api.dashboard=false' 
+      - '--providers.docker=true'
+      - '--providers.docker.exposedbydefault=false'
+      - '--certificatesresolvers.letsencrypt.acme.dnschallenge=true'
+      - '--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=njalla'
+      - '--certificatesresolvers.letsencrypt.acme.email=email_goes_here'
+      - '--certificatesresolvers.letsencrypt.acme.dnschallenge.delayBeforeCheck=2s'
+      - '--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53'
+      - '--certificatesresolvers.letsencrypt.acme.storage=/acme/acme.json'
+      - '--entrypoints.web.address=:80'
+      - '--entrypoints.web.http.redirections.entrypoint.to=websecure'
+      - '--entrypoints.web.http.redirections.entrypoint.scheme=https'
+      - '--entrypoints.websecure.address=:443'
+      - '--entrypoints.websecure.http.tls=true'
+      - '--entrypoints.websecure.http.tls.certResolver=letsencrypt'
+      - '--entrypoints.websecure.http.tls.domains[0].main=xmronly.com'
+      - '--entrypoints.websecure.http.tls.domains[0].sans=*.xmronly.com'
+    environment:
+      - 'NJALLA_TOKEN=token_goes_here'
+    volumes:
+      - ./acme/:/acme
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.traefik.entryPoints=websecure'
+      - 'traefik.http.routers.traefik.service=api@internal'
+    restart: unless-stopped
+    networks: 
+    - 'proxy'
+
+  whoami:
+    image: docker.io/traefik/whoami:latest
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.whoami.entrypoints=websecure'
+      - 'traefik.http.routers.whoami.rule=Host(`mail.xmronly.com`)'
+    restart: unless-stopped
+    networks:
+      - proxy
+
+networks:
+  proxy:
+    external: true
+</code></pre>
+</p>
+
+<p>
+Start the containers with <b>docker compose -f traefik.yml up -d</b> then navigate to https://mail.xmronly.com and verify the SSL certificate is present. 
+</p>
+<p>
+<img src="5.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+<p>
+Next we'll set up a docker-compose file (<b>mailserver.yml</b>) in /docker/mailserver.
+<pre><code class="nim">
+services:
+  mailserver:
+    image: ghcr.io/docker-mailserver/docker-mailserver:latest
+    container_name: mailserver
+    hostname: mail.xmronly.com
+    ports:
+      - "25:25"    # SMTP  (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
+      - "143:143"  # IMAP4 (explicit TLS => STARTTLS)
+      - "465:465"  # ESMTP (implicit TLS)
+      - "587:587"  # ESMTP (explicit TLS => STARTTLS)
+      - "993:993"  # IMAP4 (implicit TLS)
+    volumes:
+      - ./data/mailserver/mail-data/:/var/mail/
+      - ./data/mailserver/mail-state/:/var/mail-state/
+      - ./data/mailserver/mail-logs/:/var/log/mail/
+      - ./data/mailserver/config/:/tmp/docker-mailserver/
+      - /etc/localtime:/etc/localtime:ro
+      - /root/docker/traefik/acme/acme.json:/etc/letsencrypt/acme.json:ro #specify path
+    environment:
+      - "SSL_TYPE=letsencrypt"
+      - "SSL_DOMAIN=mail.xmronly.com"
+      - "ENABLE_FAIL2BAN=1"
+    restart: unless-stopped
+    stop_grace_period: 1m
+    cap_add:
+      - NET_ADMIN
+    healthcheck:
+      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
+      timeout: 3s
+      retries: 0
+    networks: 
+    - 'proxy'
+
+networks:
+  proxy:
+    external: true
+</code></pre>
+</p>
+
+<p>
+Start the container with <b>docker compose -f mailserver.yml up -d</b>, then add a user and configure the DKIM settings.
+<pre><code class="nim">
+# Add a user
+docker exec mailserver setup email add no-reply@xmronly.com password_goes_here
+
+# Generate the DKIM configuration
+docker exec mailserver setup config dkim
+</code></pre>
+</p>
+
+<p>
+To obtain the DKIM info, navigate to docker/mailserver/data/dms/config/opendkim/keys/xmronly.com/mail.txt and copy the info removing all quotes/punctuation such that you are left with an output (that you will need to copy later) that looks like this:
+<pre><code class="nim">
+v=DKIM1; k=rsa; p=MIIBIjANBgkqhkifHSvSJUf3e17tNhF1lPPsNfEGtrwywCmXS5GvAuzsP29n9k/Tp5sUKFnT63o0Z9r3pC7sSuAWo3x9N38XmYlSwoztODvM5WEfHSvSJUf3e17tNhF1lPPsNfEGtrwywCmXS5GvAuzsP29n9k/Tp5sUKFnT63o0Z9r3pC7
+</code></pre>
+</p>
+
+<p>
+Back on Njalla, add a TXT record using the following:
+<pre><code class="nim">
+Name: @
+Content: v=spf1 mx ~all
+</code></pre>
+</p>
+
+<p>
+Add another TXT record using the following:
+<pre><code class="nim">
+Name: _dmarc
+Content: v=DMARC1; p=none; sp=none; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; rua=mailto:dmarc.report@xmronly.com; ruf=mailto:dmarc.report@xmronly.com
+</code></pre>
+</p>
+
+<p>
+Finally, add a TXT record using the DKIM information from above:
+<pre><code class="nim">
+Name: mail._domainkey
+Content: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkifHSvSJUf3...
+</code></pre>
+</p>
+
+<p>
+With everything complete, your DNS should look like this:
+</p>
+<p>
+<img src="6.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+Finally, restart the mailserver for these changes to take effect.
+</p>
+<p>
+<pre><code class="nim">
+docker compose -f mailserver.yml down
+docker compose -f mailserver.yml up -d
+</code></pre>
+</p>
+
+<p>
+You can confirm everything is working correctly by configuring Thunderbird to use your mail server and sending out a test email on <b>https://mail-tester.com</b>.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="7.png" style="margin: 10px;" width="400">
+    <img src="8.png" style="margin: 10px;" width="400">
+</p>
+
+<p>
+The last step is to set up a docker-compose file (<b>vaultwarden.yml</b>) in /docker/vaultwarden. 
+</p>
+
+<p>
+<pre><code class="nim">
+services:
+  vaultwarden:
+    image: vaultwarden/server:latest
+    container_name: vaultwarden
+    volumes:
+      - ./data/:/data/
+    labels:
+      - 'traefik.enable=true'
+      - 'traefik.http.routers.vaultwarden.entryPoints=websecure'
+      - 'traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.xmronly.com`)'
+    environment:
+      - 'DOMAIN=https://vaultwarden.xmronly.com'
+      - 'SIGNUPS_ALLOWED=true'
+      - 'SMTP_HOST=mail.xmronly.com'
+      - 'SMTP_FROM=no-reply@xmronly.com'
+      - 'SMTP_SECURITY=starttls'
+      - 'SMTP_USERNAME=no-reply@xmronly.com'
+      - 'SMTP_PASSWORD=password_goes_here'
+    restart: unless-stopped
+    networks:
+      - proxy
+
+networks:
+  proxy:
+    external: true
+</code></pre>
+</p>
+
+<p>
+Start the container with <b>docker compose -f vaultwarden.yml up -d</b>. With the final piece of the infrastructure in place, Nephew Nick and Uncle Rich can now proceed to creating their accounts.
+</p>
+
+
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Vaultwarden Setup (Nephew Nick)</b></h2> </br> </br>
+<p>
+Continuing with the same perspective, Nephew Nick will head to <b>https://vaultwarden.xmronly.com</b> and start by creating an account then using it to sign in.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="9.png" style="margin: 10px;" width="400">
+    <img src="10.png" style="margin: 10px;" width="400">
+</p>
+
+<p>
+When prompted, Nephew Nick will verify his email address.
+</p>
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="11.png" style="margin: 10px;" height="100">
+    <img src="12.png" style="margin: 10px;" width="600">
+</p>
+
+<p>
+With verification complete, Nephew Nick will confirm his account fingerprint phrase as this information will be needed for a future step. This is located on the sidebar under Settings -> My account.
+</p>
+
+<p>
+<img src="13.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
   <div id="anon1">
-	<div class="container">
-		<div class="row">
-			<div class="col-lg-8 col-lg-offset-2">
-	  <h2><b>Inheritance process</b></h2> </br> </br>
-<p>This section describes how the actual inheritance process is going to like, it assume no technique background for its reader</p>
-<p>There is some crypto left from your gifter, you need below steps to recover them:</p>
-<p>First you need to find your gifter's safe, it should contain some storage device with some files called <b>"container" and "key"</b>, plus a <b>password</b></p>
-<p>Some step below require participation of your gifter's <b>lawyer</b>, but we will continue your technical setup first</p>
-<p>First open your lovely windows, and we open the veracrypt website <a href="https://www.veracrypt.fr">https://www.veracrypt.fr</a> in browser</p>
-<img src="./container_decrypt/1.PNG" class="imgRz" style="width: 800px">
-<p>Download veracrypt as showed</p>
-<p>Find the downloaded veracrypt installed, right click on it and click property, choose <b>digital signature</b> as showed in picture</p>
-<img src="./container_decrypt/2.PNG" class="imgRz" style="width: 800px">
-<p><b>Make sure the digital signature is displayed as "ok", otherwise do not use!!!</b></p>
-<img src="./container_decrypt/3.PNG" class="imgRz" style="width: 800px">
-<p>Now install it, do not change any setting and install in default setup</p>
-<img src="./container_decrypt/4.PNG" class="imgRz" style="width: 800px">
-<p>Click next</p>
-<img src="./container_decrypt/5.PNG" class="imgRz" style="width: 800px">
-<p>And Install</p>
-<p>After you see this warning, click yes</p>
-<img src="./container_decrypt/6.PNG" class="imgRz" style="width: 800px">
-<p>Next you should find a hard drive or cd, which is left by the people who gift you money. It should look like something like this</p>
-<img src="./container_decrypt/hdd.png" class="imgRz" style="width: 500px">
-<p>Or this</p>
-<img src="./container_decrypt/cd.jpg" class="imgRz" style="width: 500px">
-<p>You should fild three files called <b>container 1, container 2 and container 3</b> inside, if not search your own cloud drive with name "container". For example your microsoft onedrive</p>
-<img src="./container_decrypt/3containers.PNG" class="imgRz" style="width: 800px">
-<p>Seach on your own microsoft, google and apple cloud storage</p>
-<img src="./container_decrypt/7.PNG" class="imgRz" style="width: 800px">
-<p>If you searched all the cloud storage but cannot find any files named container, and you are sure the physical copy of the container at home is also lost, then the money is <b>gone forever!</b> I am sorry.</p>
-<p>You should also find a file called <b>key1</b> from storage devices in your gifter's safe, if somehow this is lost due to disaster or mistake, you are in trouble but it is still fixable, continue reading</p>
-<img src="./container_decrypt/9.PNG" class="imgRz" style="width: 800px">
-<p>If you have found the keyfile 1 and containers, you should now wait for a lawyer to contact you, if your gifter has properly setup the procedure with lawyers, you should receive their message and the keys in mail or in person</p>
-<img src="./container_decrypt/10.jpg" class="imgRz" style="width: 400px">
-<p>Now let's assume you have received another key, named key2 from the lawyer, now we have two keys and we can decrypt the container for getting your money!</p>
-<img src="./container_decrypt/11.PNG" class="imgRz" style="width: 800px">
-<p>Open veracrypt and click the "select file" button, select file called container 1</p>
-<img src="./container_decrypt/12.PNG" class="imgRz" style="width: 700px">
-<p>Choose a drive and click mount</p>
-<img src="./container_decrypt/13.PNG" class="imgRz" style="width: 700px">
-<p>Enter the password you found in the safe, or find a family member that knows the password. Next choose keyfile tickbox, and click the button on the right</p>
-<img src="./container_decrypt/14.PNG" class="imgRz" style="width: 700px">
-<p>Choose add files and select key1 and key2 you received</p>
-<p>Click ok and decrypt the container!</p>
-<img src="./container_decrypt/15.PNG" class="imgRz" style="width: 700px">
-<p>If everything worked correctly, you should see a new mounted disk on your file explorer</p>
-<img src="./container_decrypt/16.PNG" class="imgRz" style="width: 700px">
-<p>You got the seed! <b>Do not tell that anybody</b>, restore it in a monero wallet, for example download cake wallet on your phone, input the seed for the money!</p>
-<p>If you get key3 from another lawyer, don't panic, it also works if you have key1</p>
-<img src="./container_decrypt/17.PNG" class="imgRz" style="width: 700px">
-<p>But choose <b>container 3</b> instead of container 1 in veracrypt before decryption, and use <b>key1 and key3</b> in the keyfile section</p>
-<img src="./container_decrypt/18.PNG" class="imgRz" style="width: 700px">
-<p>At last is the worst situation, if key 1 is lost like your house is destroyed in fire, you need to contact both lawyers to recover the money. You have to find them both to get key2 and key3</p>
-<img src="./container_decrypt/19.PNG" class="imgRz" style="width: 700px">
-<p>If you are lucky and get the keys from both lawyer, choose <b>container 2</b> in veracrypt, use <b>key 2 and key 3 </b>for decryption</p>
-<img src="./container_decrypt/20.PNG" class="imgRz" style="width: 700px">
-<p>You can now also access your money!</p>
-</div>
-		</div><!-- /row -->
-	</div> <!-- /container -->
-</div><!-- /white -->
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Vaultwarden Setup (Uncle Rich)</b></h2> </br> </br>
+<p>
+Switching over to Uncle Rich's perspective now:
+</p>
+
+<p>
+<img src="rich.png"> 
+</p>
+
+<p>
+Uncle Rich will start by creating an account and then using it to sign in.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="9.png" style="margin: 10px;" height="400">
+    <img src="14.png" style="margin: 10px;" width="400">
+</p>
+
+<p>
+When prompted, Uncle Rich will verify his email address.
+</p>
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="11.png" style="margin: 10px;" height="100">
+    <img src="15.png" style="margin: 10px;" width="600">
+</p>
+
+<p>
+With verification complete, Uncle Rich can proceed to set up an entry containing his seedphrase.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="16.png" style="margin: 10px;" height="200">
+    <img src="17.png" style="margin: 10px;" width="600">
+</p>
+
+<p>
+Next, Uncle Rich will add Nephew Nick as an Emergency Contact. This is found on the sidebar under Settings -> Emergency access.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="18.png" style="margin: 10px;" height="350">
+    <img src="19.png" style="margin: 10px;" width="450">
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Vaultwarden Setup (Accepting Emergency Access)</b></h2> </br> </br>
+<p>
+Switching back to Nephew Nick's perspective now:
+</p>
+
+<p>
+<img src="nick.png"> 
+</p>
+
+<p>
+Nephew Nick receives an email notification that Uncle Rich has invited him to be an Emergency Contact. Clicking the link prompts a log in, automatically accepting the request.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="20.png" style="margin: 10px;" height="400">
+    <img src="21.png" style="margin: 10px;" width="400">
+</p>
+
+<p>
+Upon signing in, there is a notification indicating that the invitation has been accepted and that Nephew Nick's identity must be confirmed (by Uncle Rich). Nephew Nick can see the status of his designation as an Emergency Contact under Settings -> Emergency access on the sidebar.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="22.png" style="margin: 10px;" height="200">
+    <img src="23.png" style="margin: 10px;" height="400">
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Vaultwarden Setup (Confirming Identity)</b></h2> </br> </br>
+<p>
+Switching back to Uncle Rich's perspective now:
+</p>
+
+<p>
+<img src="rich.png"> 
+</p>
+
+<p>
+Uncle Rich receives an email notification that Nephew Nick has accepted the invitation to become an Emergency Contact and that Uncle Rich must confirm his identity.
+</p>
+
+<p>
+<img src="24.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+Uncle Rich logs in and navigates to Settings -> Emergency access on the sidebar. Next he clicks on Options -> Confirm to make Nephew Nick a Trusted Emergency Contact. Lastly, Uncle Rich confirms with Nephew Nick that his account fingerprint phrase matches from the previous step and clicks Confirm.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="25.png" style="margin: 10px;" height="350">
+    <img src="26.png" style="margin: 10px;" width="500">
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Vaultwarden Setup (Requesting Access)</b></h2> </br> </br>
+<p>
+Switching back to Nephew Nick's perspective now:
+</p>
+
+<p>
+<img src="nick.png"> 
+</p>
+
+<p>
+Nephew Nick receives an email notification that he has been confirmed as an Emergency Contact for Uncle Rich.
+</p>
+
+<p>
+<img src="27.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+With that, the setup is fully complete. Nephew Nick is able to request Emergency Access and Uncle Rich can reject it according to his wishes as long as he is still alive.
+</p>
+
+<br>
+<br>
+<br>
+<p style="text-align: center">
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+-------------------------------------------------------------------------------------------------------------- Some times passes ----------------------------------------------------------------------------------------------------
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+</p>
+<br>
+<br>
+<br>
+
+<p>
+Nephew Nick has not heard from Uncle Rich in a long time and fears the worst has happened. After signing in, he navigates to Settings -> Emergency access on the sidebar and requests Emergency Access to Uncle Rich's vault.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="28.png" style="margin: 10px;" height="350">
+    <img src="29.png" style="margin: 10px;" width="400">
+</p>
+
+
+
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Obtaining Access (Scenario 1: Rejection)</b></h2> </br> </br>
+<p>
+Switching back to Uncle Rich's perspective now:
+</p>
+
+<p>
+<img src="rich.png"> 
+</p>
+
+<p>
+Uncle Rich receives an email notification that Nephew Nick has requested Emergency Access. Being that Uncle Rich is still alive and doesn't want access to his Monero seedphrase to be granted until he has passed away, he will reject the request. 
+</p>
+
+<p>
+<img src="30.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+After logging into his account, Uncle Rich navigates to Settings -> Emergency access in the side bar and rejects Nephew Nick's request.
+</p>
+
+<p>
+<img src="31.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+<img src="nick.png"> 
+</p>
+
+<p>
+From Nephew Nick's perspective, he will receive an email notification saying his request has been rejected by Uncle Rich. Nephew Nick can confidently conclude that Uncle Rich is therefore still alive and can try to visit him in person.
+</p>
+
+<p>
+<img src="32.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Obtaining Access (Scenario 2: Acceptance)</b></h2> </br> </br>
+<p>
+In this scenario, Uncle Rich indeed has passed away.
+</p>
+
+<p>
+<img src="nick.png"> 
+</p>
+
+<p>
+From Nephew Nick's perspective, there is nothing to do but wait for the 30 day interval to expire. After 30 days have passed, Nephew Nick receives an email. Note: the text of this notification is the confusingly same whether Uncle Rich has manually approved access or whether the timeframe has expired.
+</p>
+
+<p>
+<img src="33.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+Nephew Nick signs into his account and navigates to Settings -> Emergency access. He is now able to view Uncle Rich's vault.
+</p>
+
+<p style="display: flex; justify-content: center; align-items: center;">
+    <img src="34.png" style="margin: 10px;" height="350">
+    <img src="35.png" style="margin: 10px;" width="400">
+</p>
+
+<p>
+And just like that Nephew Nick has received Uncle Rich's seedphrase!
+</p>
+
+<p>
+<img src="36.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon3">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Restoring a Wallet from Seedphrase</b></h2> </br> </br>
+<p>
+Nephew Nick opens up his Monero Wallet GUI and navigates to "Restore wallet from keys or mnemonic seed"
+</p>
+
+<p>
+<img src="37.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+He gives the wallet a name and chooses a location to save it. Finally Nephew Nick input's Uncle Rich's seedphrase.
+</p>
+
+<p>
+<img src="38.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+Proceeding to the next screen, Nephew Nick inputs a strong password and saves it in his password manager.
+</p>
+
+<p>
+<img src="39.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+Finally, he selects a node for the connection. Connecting to your own node is recommended but in this example we will use a remote node.
+</p>
+
+<p>
+<img src="40.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+With the connection established, all that is left to do is to wait synchronization to finish.
+</p>
+
+<p>
+<img src="41.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+<p>
+Nephew Nick has successfully restored Uncle Rich's wallet using the seedphrase!
+</p>
+
+<p>
+<img src="42.png" style="display: block; margin-left: auto; margin-right: auto;">
+</p>
+
+
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+
+
+
 	<!-- +++++ Footer Section +++++ -->
 
 	<div id="anonb">
 		<div class="container">
 			<div class="row">
 				<div class="col-lg-4">
-					<h4>PrismBreaker</h4>
+					<h4>Nihilism</h4>
           <p>
-						Shatter the big brother.</p></br></br><p>Creative Commons Zero: No Rights Reserved</br><img src="\CC0.png">
+						Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
 						
 					</p>
 				</div><!-- /col-lg-4 -->
@@ -234,8 +845,14 @@
 				</div><!-- /col-lg-4 -->
 
 				<div class="col-lg-4">
-					<h4>About nihilist</h4>
-					<p style="word-wrap: break-word;"><u>Donate XMR:</u> 87iB34vdFvNULrAjyfVAZ7jMXc8vbq9tLGMLjo6WC8N9Xo2JFaa8Vkp6dwXBt8rK12Xpz5z1rTa9jSfgyRbNNjswHKTzFVh</p></br><p><u>Contact:</u> prismbreaker@waifu.club (<a href="https://keys.openpgp.org/vks/v1/by-fingerprint/735816B2B9E6F4660ECE44D983E602C4B6EA6AEE">PGP</a>)</p>
+					<h4 class="readable">About nihilist</h4>
+					<p style="word-wrap: break-word;"><u>Donate XMR:</u>
+						8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8
+					</p></br>
+					<p style="word-wrap: break-word;"><u>Donate XMR to the author:</u>
+						8AHNGepbz9844kfCqR4aVTCSyJvEKZhtxdyz6Qn8yhP2gLj5u541BqwXR7VTwYwMqbGc8ZGNj3RWMNQuboxnb1X4HobhSv3</p>
+					<p class="readable"><u>Contact:</u> nihilist@contact.nowhere.moe (<a
+							href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
 				</div><!-- /col-lg-4 -->
 
 			</div>
@@ -244,7 +861,6 @@
 	</div>
 
 
-
     <!-- Bootstrap core JavaScript
     ================================================== -->
     <!-- Placed at the end of the document so the pages load faster -->