Table of Contents

Build a Profitable Passive Income Box with Low-Powered Hardware: A Guide Many people these days are into crypto mining and low powered miners such as helium miners. These are great and all but they don’t earn all that much anymore and they are focused on one kind of earning. Today we’re going to be building a low powered passive income box that earns anywhere from $10-$20 a month per box and residential IP.

If you have the ability to set this box up on a guest network or, even better, a segregated VLAN, do so. While this is a security blog, we can’t assume everyone’s security concerns and risk tolerance.

Hardware Requirements:

One of the following is required. We basically just need any efficient and low powered computer we can get our hands on. Any Raspberry PI, Intel NUC, or similar will do. They don’t have to be all that powerful. However I will recommend you have at least 32g-64g of storage, 4g of ram, and at least 2 cpu threads. For this we will be targeting a budget of around $100-$200 for hardware but feel free to go higher if it suits your needs. Our power target is aprox. 25w average.

Raspberry Pi:

Hard to get ahold of these days but they are super low power and are quite customizable. For info on how to install raspian on your Raspberry PI

Intel Nuc:

Wide variety of models out there. Feel Free to choose a newer one.

Any USFF/Tiny/Mini/Micro PC:

Any Mini PC with Intel N5100 or similar

For super low power Raspberry Pi equivalent but on x64 platform.

OS Installation:

We won’t go into the technical details of how to install an operating system here. However here are some great resources to get you started.

Raspbian:

Ubuntu:

Software Installation:

This is going to be a longer section. We are going to set up docker and then through docker we will set up automatic docker container updates and install multiple docker containers. We also assume you’re using ubuntu server, however the commands for ubuntu server, ubuntu desktop, and raspbian should all be the same.

For this section we assume some basic technical experience and that you have installed your operating system already as well as know how to get into the terminal.

Installing Updates:

We first want to be sure that we have our system fully up to date:

sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y

Installing Docker:

We need to uninstall any existing versions that come prepackaged with the os and install the latest from Docker’s repo themselves.

sudo apt-get remove -y docker docker-engine docker.io containerd runc
sudo apt-get update
sudo apt-get install -y \
    ca-certificates \
    curl \
    gnupg \
    lsb-release
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Install Watchtower:

This docker container automatically updates all your docker containers to the latest images on a regular interval and cleans up old (stale) images.

docker run -d \
    --name watchtower \
    --restart unless-stopped \
    -v /var/run/docker.sock:/var/run/docker.sock \
    containrrr/watchtower -c \
    --schedule "0 0 2 * * *" \
    --cleanup

Install Bitping :

Bitping is a website monitoring and performance optimization solution that provides real-time, real user monitoring and instant feedback on downtime or degraded performance, with stress testing and benchmarking capabilities, dynamic rerouting and reprovisioning powered by a distributed network intelligence layer, and integration with existing workflows through webhooks.

Bitping offers you the ability to get paid out in Solana for providing a node for businesses to run lightweight network tests from your network. This averages about 0.1 Cents per day per node. Not a lot I know, but it has potential and payouts are easy.

Create an account:

Create an account at bitping.com

Install the docker container:

Step 1. Run these commands first as it walks you through setting up your container and asks you to sign in.

docker pull bitping/bitping-node
mkdir $HOME/.bitping/
docker run -it --mount type=bind,source="$HOME/.bitping/",target=/root/.bitping bitping/bitping-node:latest

Hit CTRL+C on your keyboard to escape the container following signing in with your bitping account.

Step 2. Run this command to persist the container in the background

docker run --net host --name bitping -td --mount type=bind,source="$HOME/.bitping/",target=/root/.bitping bitping/bitping-node:latest

Install Earn App :

Take advantage of the time your devices are left idle by getting paid for your device’s unused resources

Earn app lets you share your internet as a VPN service for a surprising amount of rewards. Averages about $5 month per node per residential IP. Offers payouts via paypal and amazon gift cards.

Create an Earn App Account:

Create an account at earnapp.com . Warning, requires a google account

Install the non docker version of the app to get your UUID:

Be sure to uninstall after you get your UUID otherwise you’ll end up running it twice on the same host and without automatic updates

Install the docker container:

Modify the string before pasting into your terminal. You need to specify your earn app UUID.

mkdir $HOME/earnapp-data
docker run -td --name earnapp --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v $HOME/earnapp-data:/etc/earnapp -e "EARNAPP_UUID"="" -e 'PUID'='99' -e 'PGID'='100' --name earnapp fazalfarhan01/earnapp:lite

Install Honey Gain :

Passive Income – Effortlessly with Honeygain, you can make money by simply sharing your Internet. Start earning now.

Honey Gain lets you share your internet as a VPN service for a surprising amount of rewards. Averages about $5 month per node per residential IP. Payouts can be complicated. Read into it further before deciding to use this container

Create a Honey Gain Account:

Create an account at honeygain.com

Install the Docker Container:

Modify the string with the obvious email, password, and device name before pasting into the terminal

docker run --name honeygain -td honeygain/honeygain -tou-accept -email ACCOUNT_EMAIL -pass ACCOUNT_PASSWORD -device DEVICE_NAME

Alternate instructions for Raspberry Pi

Install PawnsApp :

*Make passive money online by completing surveys and sharing your internet * Pawns app, again similar to the others listed here offer to pay you for sharing your internet. Minimum payout is $5. Average payout is $0.50 per month per node per IP.

Create a PawnsApp Account:

Create an account at https://pawns.app

Install the Docker Container:

Modify the following with your email, password, device name, and device id before copying to your terminal.

docker pull iproyal/pawns-cli:latest
docker run -td --name pawnsapp --restart=on-failure:5 iproyal/pawns-cli:latest -email=[email protected] -password=change_me -device-name=raspberrypi -device-id=raspberrypi1 -accept-tos

Install Repocket :

Get Paid For Your Unused Internet

Similar to other offerings here. Minimum $20 Payout. Payouts can be complicated. Research for yourself to see if you want to use this service. Payouts average about $1 per node per box a month.

Create a Repocket Account:

Create an account at repocket.co and grab your api key from your dashboard.

Install the Docker Container:

Modify the following line with your email and api key before pasting into your terminal.

docker run -td --name repocket -e RP_EMAIL=[email protected] -e RP_API_KEY=yourapikey -d --restart=always repocket/repocket

Install Traff Monetizer :

Share your internet connection and make money online

Similar to EarnApp and HoneyGain, TraffMonetizer pays you to share your internet. Averages about $2 a month per node per IP. Only offers payouts in BTC.

Create your Traff Monetizer Account:

Create your account at https://traffmonetizer.com Once you get into the dashboard, make note of your application token.

Install the Docker Container:

Copy the following string and append your token that you got from the dashboard before pasting into your terminal.

docker run -td --name traffmonetizer traffmonetizer/cli_v2 start accept --token

Install ProxyLite:

Monetizing your Internet traffic by giving verified organizations the use of your Internet bandwidth

Similar to EarnApp and HoneyGain, ProxyLite pays you to share your internet. Averages about $3 a month per node per IP. Offers payouts in BTC/PayPal/QIWI/Payeer.

Create your Traff Monetizer Account:

Create your account at https://proxylite.ru Once you get into the dashboard, make note of your userid.

Install the Docker Container:

Copy the following string and replace $PROXYLITE_USER_ID with your USERID that you got from the dashboard before pasting into your terminal.

docker rm -f proxylite && docker run -de "USER_ID=$PROXYLITE_USER_ID" --restart unless-stopped  --name proxylite proxylite/proxyservice

Install ProxyRack:

Similar to EarnApp, HoneyGain, and Proxylite, ProxyRack pays you to share your internet. Averages about $1 a month per node per IP. Payout methods vary.

Create your Traff Monetizer Account:

Create your account at https://proxyrack.com Once you get into the dashboard, make note of your userid.

Install the Docker Container:

Copy the following string and replace $PROXYLITE_USER_ID with your USERID that you got from the dashboard before pasting into your terminal.

  1. First, Generate a Device ID You can run this command to generate a device ID that you will need to copy and save to use in the future.
cat /dev/urandom | LC_ALL=C tr -dc 'A-F0-9' | dd bs=1 count=64 2>/dev/null

Example output 393889FD3A7AB796A3846423B1AC3AD73100508ADD9375AA24489A1D7C6AD713

  1. Run Proxyrack, edit Insert your Device ID after UUID. You can use this example command:
sudo docker run -td --name proxyrack --restart always -e UUID="" --restart unless-stopped  proxyrack/pop
  1. Add this Device ID to your device list in your Peer account

Wait 5-10 minutes after running the Docker container with the UUID

Using the string you just generated above add this to your devices https://peer.proxyrack.com/devices You can add a “friendly” name to help you remember what this Device ID is associated with

Install Mysterium :

Mysterium is a decentralized VPN and webscraping service built on the Etherium and Polygon blockchains. Payments average anywhere from $1-$20 a month depending on multiple factors per node per IP. Costs $1.XX to setup a node for activation. Payouts in MYST token.

Create an account at mystnodes.co

First, create an account at mystnodes.co . You’ll use this to manage your mysterium node(s).

Install the Docker Container: 

docker volume create myst_data
docker run -td --cpus=1 --dns 8.8.8.8 --dns 8.8.4.4 --dns 1.1.1.1 --dns 1.0.0.1 --dns 9.9.9.9 --hostname myst --cap-add NET_ADMIN --network=host -p 4449:4449 -p 59850-60000:59850-60000 --name myst --device=/dev/net/tun  -v myst_data:/var/lib/mysterium-node mysteriumnetwork/myst:latest --udp.ports=59850:60000 service --agreed-terms-and-conditions
ufw allow 4449
ufw allow 59850:60000/tcp

Setup the Docker Container:

Go to http://"nodeip":4449/#/dashboard by replacing “nodeip” with the IP address of your node. You can find this by typing “ifconfig” in the terminal.

Click “start node setup”.

Past the address of the ERC20 wallet you want to receive rewards in and click “next”. You can use a standard Ethereum address like one of your MetaMask addresses.

Type in a password you’ll use to access this node dashboard in the future. DO check the checkbox to claim the node in your network.

Click the “Get it here” link and find your API key. Copy it. Go back and paste it. Click “Save & Continue”.

Port Forwarding:

We can not describe how to port forward for everyone’s specific hardware. Here are some resources to learn how to port forward.

Auto Restart Docker Containers on Boot: 

sudo docker update --restart unless-stopped $(docker ps -q)

Optional Configurations:

Increase security by blocking malware and trackers.

Force all dns requests to Cloudflares malware and tracking protection dns. Also, block DNS/HTTPS requests. If you have more advanced of a router or firewall on the network you can even use packages like snort/securita to create more advanced rules to block known bad acting IPs, tor access, torrents, p2p traffic in general, etc. This is highly suggested but not required.

# Allow ssh still
sudo ufw allow 22
# Allow dns out
sudo ufw allow out 53/tcp
sudo ufw allow out 53/udp
# Redirect all dns back to 1.1.1.2 or 1.0.0.2
sudo iptables -t nat -A OUTPUT -p udp --dport 53 ! -d 1.0.0.2 -j DNAT --to-destination 1.1.1.2
sudo iptables -t nat -A OUTPUT -p udp --dport 53 ! -d 1.1.1.2 -j DNAT --to-destination 1.0.0.2
# Block DNS over HTTPS
sudo ufw deny out 853/tcp
sudo ufw deny out 853/udp 
iptables -A FORWARD -m string --string "get_peers" --algo bm -j LOGDROP
iptables -A FORWARD -m string --string "announce_peer" --algo bm -j LOGDROP
iptables -A FORWARD -m string --string "find_node" --algo bm -j LOGDROP
# Block Default ToR Ports
sudo ufw deny out 9050/tcp
sudo ufw deny out 9050/udp
sudo ufw deny out 9051/tcp
sudo ufw deny out 9051/udp
# Block Torrents
sudo ufw deny out 6881/tcp
sudo ufw deny out 6881/udp
sudo ufw deny out 6882-6999/tcp
sudo ufw deny out 6882-6999/udp
iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j DROP
iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j DROP
iptables -A FORWARD -m string --algo bm --string "peer_id=" -j DROP
iptables -A FORWARD -m string --algo bm --string ".torrent" -j DROP
iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j DROP
iptables -A FORWARD -m string --algo bm --string "torrent" -j DROP
iptables -A FORWARD -m string --algo bm --string "announce" -j DROP
iptables -A FORWARD -m string --algo bm --string "info_hash" -j DROP
# Save the Changes and Enable the Firewall
sudo iptables-save
sudo ufw enable

For more advanced ToR blocking you can do the following:

#https://gist.github.com/jkullick/62695266273608a968d0d7d03a2c4185
sudo apt-get -y install ipset
ipset create tor iphash
curl -sSL "https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$(curl icanhazip.com)" | sed '/^#/d' | while read IP; do
  ipset -q -A tor $IP
done
iptables -A INPUT -m set --match-set tor src -j DROP

Docker Compose:

To run all of these containers in one go, assuming you have all of your accounts and ids notated, you can update the following docker-compose.yml :

version: '3.5'

services:
    #Start of Portainer section :
    # Container management and monitoring : connect to your device port 9000 (Portainer)
    Portainer:
        image: portainer/portainer-ce:latest
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - portainer_data:/data
        ports:
            - 8000:8000
            - 9000:9000
            - 9443:9443
        restart: always
        networks:
            default:
                ipv4_address: 172.106.0.11
    #End of Portainer + Webserver section
    
    mysterium:
    image: mysteriumnetwork/myst:latest
    container_name: mysterium
    restart: unless-stopped
    cpus: 1
    dns:
      - 8.8.8.8
      - 8.8.4.4
      - 1.1.1.1
      - 1.0.0.1
      - 9.9.9.9
    hostname: myst
    cap_add:
      - NET_ADMIN
    network_mode: host
    ports:
      - "4449:4449"
      - "59850-60000:59850-60000"
    volumes:
      - myst_data:/var/lib/mysterium-node
    command: --udp.ports=59850:60000 service --agreed-terms-and-conditions

    #Start of Earnapp section (remove this if Earnapp not wanted)
    # variables to define in .env file :
    # EARNAPP_DEVICE_ID : Your node id : sdk-node-<md5sum>
    #                     <md5sum> is a 32 char string containing a-z and 0-9 range : 
    #                       ex : Easy way to generate one :  echo "random string" | md5sum 
    #                            This will print 9f33ffbb8a9dcedb28ea909775a6b0d3  -
    #                            In that case use : sdk-node-9f33ffbb8a9dcedb28ea909775a6b0d3
    Earnapp:
        depends_on:
            - Portainer

        image: fazalfarhan01/earnapp:lite
        volumes:
            - earnapp-data:/etc/earnapp
        restart: always
        environment:
            - EARNAPP_UUID=$EARNAPP_DEVICE_ID
        networks:
            default:
                ipv4_address: 172.106.0.20
    #End of Earnapp section

    #Start of HoneyGain section (remove this if HoneyGain not wanted)
    # variables to define in .env file :
    # HONEYGAIN_EMAIL : Your Honeygain account email
    # HONEYGAIN_PASSWD : Your Honeygain account password 
    # DEVICE_NAME : This computer name (for display on dashboard)
    Honeygain:
        depends_on:
            - Portainer
        image: honeygain/honeygain
        command: -tou-accept -email $HONEYGAIN_EMAIL -pass '$HONEYGAIN_PASSWD' -device $DEVICE_NAME
        restart: always
        networks:
            default:
                ipv4_address: 172.106.0.30
    #End of HoneyGain section

    #Start of IproyalPawns section (remove this if IproyalPawns not wanted)
    # variables to define in .env file :
    # IPROYALPAWNS_EMAIL : Your IproyalPawns account email
    # IPROYALPAWNS_PASSWD : Your IproyalPawns account password 
    # DEVICE_NAME : This computer name (for display on dashboard)
    IproyalPawns:
        depends_on:
            - Portainer
        image: iproyal/pawns-cli:latest
        command: -email=$IPROYALPAWNS_EMAIL -password='$IPROYALPAWNS_PASSWD' -device-name=$DEVICE_NAME -accept-tos
        restart: always
        networks:
            default:
                ipv4_address: 172.106.0.40
    #End of IproyalPawns section

    #Start of Packetstream section (remove this if Packetstream not wanted)
    # variables to define in .env file :
    # PACKETSTREAM_CID : Your Packetstream CID (available in packetstream dashboard)
    Packetstream_PsClient:
        depends_on:
            - Portainer
        image: packetstream/psclient:latest
        restart: always
        environment:
            - CID=$PACKETSTREAM_CID
        networks:
            default:
                ipv4_address: 172.106.0.60
    Packetstream_Watchtower:
        depends_on:
            - Portainer
            - Packetstream_PsClient
        image: containrrr/watchtower
        command: --cleanup --include-stopped --revive-stopped --interval 60 ${_COMPOSE_PROJECT_NAME}_Packetstream_PsClient_${_COMPOSE_PROJECT_STACK_ID}
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
        restart: always
        networks:
            default:
                ipv4_address: 172.106.0.61
    #End of Packetstream section
    
    #Start of Bitping section (remove this if Bitping not wanted)
    Bitping:
        depends_on:
            - Portainer
        image: bitping/bitping-node:latest
        restart: always
        volumes:
            - ./data/bitping:/root/.bitping
        networks:
            default:
                ipv4_address: 172.106.0.70
    #End of Bitping section     

    #Start of TraffMonetizer section (remove this if TraffMonetizer not wanted)
    # variables to define in .env file :
    # TRAFFMONETIZER_TOKEN : Your application token (available in TraffMonetizer dashboard)
    TraffMonetizer:
        depends_on:
            - Portainer
        image: traffmonetizer/cli_v2:latest
        restart: always
        command: start accept --token ${TRAFFMONETIZER_TOKEN}
        networks:
            default:
                ipv4_address: 172.106.0.80
    #End of Packetstream section   
    
    #Start of Repocket section (remove this if Repocket not wanted)
    # variables to define in .env file :
    # RP_EMAIL : Your application mail 
    # RP_API_KEY : Your application api key (available in repocket dashboard)
    Repocket:
        depends_on:
            - Portainer
        image: repocket/repocket:latest
        restart: always
        environment:
          - RP_EMAIL
          - RP_API_KEY
        networks:
            default:
                ipv4_address: 172.106.0.90
    #End of Repocket section    

    #Start of Proxylite section (remove this if Proxylite not wanted)
    # variables to define in .env file :
    # PROXYLITE_USER_ID : Your application use id (available in proxylite dashboard)
    Proxylite:
        depends_on:
            - Portainer

        image: proxylite/proxyservice:latest
        restart: always
        environment:
          - USER_ID=$PROXYLITE_USER_ID
        networks:
            default:
                ipv4_address: 172.106.0.100
    #End of Proxylite section 

    #Start of Proxyrack section (remove this if Proxyrack not wanted)
    # variables to define in .env file :
    # PROXYRACK_API_KEY : Your application api key (available in proxyrack dashboard -> profile -> generate API key (keep same for all devices))
    Proxyrack:
        depends_on:
            - Portainer

        image: proxyrack/pop:latest
        restart: always
        environment:
          - api_key=$PROXYRACK_API_KEY
          - device_name=$DEVICE_NAME
        networks:
            default:
                ipv4_address: 172.106.0.110
    #End of Proxyrack section 


volumes:
    portainer_data:
    earnapp-data:
    myst_data:

networks:
    default:
        driver: bridge
        ipam:
            driver: default
            config:
                - subnet: 172.106.0.0/16

Profit?