Good to hear. This will be going on a Debian server too.
I just set up tailscale on the RPi that controls my printer so I've got a jump host on the LAN now... Just need to make time to setup dropbear (and keys) on the server.
I'd imagine that if you have physical access and don't mind plugging in a USB then that's the easier route.
My personal goal is to be able to unlock it remotely in two main scenarios :
- I'm lazy and don't want to have to awkwardly fumble at plugging in something. So, SSH to it from the same room and unlock it from my desktop.
- Server got rebooted while I'm away from home but I would really like it to be up and running again for something I need but I don't have physical access at the time.
Both of those situations lean towards a remote unlock with no USB. The first one is absolutely doable because I have local access and could plug a device in, it's just awkward. On the second, physical access is impossible so it must be done remotely.
I mentioned it in another comment but the remote unlock while away from home presents extra challenges for me because I access my server externally via Tailscale. Since Tailscale isn't available at boot (pre-decrypt), then I'll have to tailnet+ssh to another machine on the LAN (that doesn't require a boot password/unlock) and then SSH from that machine to the server to enter the LUKS password to allow boot to continue. Sounds feasible, though perhaps a little clunky. That's my current plan and hoping to try it out this weekend if time permits.
Great, thanks for checking my understanding of it.
If I'm reading the docs correctly, Clevis can rely on a separate Tang server for retrieving the decryption key, right? So in that scenario I'd need to have another machine for Tang that can also auto-boot without entering a boot/LUKS password. Otherwise, if both machines (server+clevis and Tang server) were in the same room and restarted due to power loss, neither would be able to boot if both were encrypted... or did I misunderstand something important?
And I don't think I actually want "automatic" unlocking. I just want to be perform the unlock (enter LUKS password) remotely. I realize that comes with manual intervention (entering the password remotely) but I'm okay with that. I should probably have clarified that by "home server" I mean a machine the serves nice to have stuff, nothing mission critical. Plus I'm really the only one who uses it currently so I'll notice it's down when something doesn't work and can then initiate the remote unlock/boot : D
Clevis is interesting but I don't think it matches my specific situation. Glad I know about it now though, thanks for the info.
This is interesting, another one I hadn't heard of yet. And, the server is running Debian : )
I enjoy the intro too :
You know how it is. You’ve heard of it happening. The Man comes and takes away your servers, your friends’ servers, the servers of everybody in the same hosting facility. The servers of their neighbors, and their neighbors’ friends. The servers of people who owe them money. And like that, they’re gone. And you doubt you’ll ever see them again. That is why your servers have encrypted root file systems
Exactly this. The chances of my server/drives getting stolen is extremely low but I like to take all the precautions I can even if it's just an exercise in "I can, so I will". That and the "peace of mind" you mentioned.
I think this is the first time I've heard of dracut. I'll take a look - thanks for the info.
Sounds like something fun to research either way - thanks
O, I fully intend to. Just wanted to ask for opinions who have done it or have tried other things while I'm sitting here waiting for an appointment.
Plus content... Lemmy... Engagement. If nobody posts then there's nothing here
Thanks!
I don't get to game much but have Satisfactory in my library, not Factorio. Every time I go to launch "that factory game" I look under the Fs and am always confused why I can't find it. 10 min later I'll realize I was thinking of Satisfactory... :P
My Buff Orpington laid this one yesterday. She often lays "oddly" textured ones but this is the weirdest by far.
I've got several of these empty steel propane tanks from heating the chicken coop during the recent cold weather before I got an adapter to run the heater off of a larger refillable tank. Any ideas on what they could be repurposed for?
Seems like there should be some use for them besides tossing them in the recycling. I'd assume I'd need to poke a hole in them before recycling since they are/were pressure vessels.
I know there are adapters out there to refill them but now that I can use a larger, more easily refillable, tank I don't really have any inclination to do so.
My only thought so far was to cut the top off, drill some holes, and make a little stick burning camp stove. But, that's not something I'll ever use.
I've got a fairly extensive workshop and metal working tools so pretty much everything is on the table. I can even do really shitty welding if required.
We showing odd eggs now? Here's mine.
EDIT: Fixing post so the image is in the post instead of in the body. I'm dumb, sorry.
view more: next ›
Just one... For now :)
It's a Lenovo Tiny refurb and came with a 1TB NVMe which is plenty for playing around but I'll have to expand if I move my Jellyfin instance to it.