chevy9294

joined 1 year ago
MODERATOR OF
degoogle
sorted by: new top controversial old
Confused about Podman in c/[email protected]
[–] [email protected] 1 points 2 months ago (1 children)

Yes but you have to do that for each service if I understand correctly.

Confused about Podman in c/[email protected]
[–] [email protected] -1 points 2 months ago (4 children)

I switched from Docker to Podman, because Podman is more secure (if rootless) but it was just hard to autostart containars. You have to start one by one because they don't have a central service like docker. And watchtower and nextcloud AIO don't work on Podman. So I switched back to docker.

What is this? (Its OC!) in c/[email protected]
[–] [email protected] 2 points 2 months ago

I'm running a Raspberry Pi 4 with 4gb of ram and 32gb of storage:

  • pihole
  • nginx proxy manager
  • vaultwarden
  • ntfy server
  • mollysocket
  • fmd server
  • wireguard server
  • cloudflare ddns
  • my website
  • watchtower

All that and load average is 0.05%, ram usage is at 450MB and disk usage at 6.4GB.

I don't think I'll continue using Arch, btw in c/[email protected]
[–] [email protected] 3 points 2 months ago

Arch Linux with 2 kernels ;)

What are your favorite open-source games? in c/[email protected]
[–] [email protected] 9 points 2 months ago

Veloren!

What is happening in Norway, and how do we spread it? in c/[email protected]
[–] [email protected] 4 points 2 months ago

Then atleast fake it until you make it!

"they say this house is haunted. I've been living here for the past 430 years and haven't seen a ghost yet" in c/[email protected]
[–] [email protected] 1 points 2 months ago (1 children)

Quit what? Life? I can't, I'm addicted to living :(

Venomous in c/[email protected]
[–] [email protected] 18 points 2 months ago

Can please someone turns this Linux meme to GNU/Linux meme?

know this company? in c/[email protected]
[–] [email protected] 3 points 2 months ago

Personaly I would trust Nitrokey, but I don't have to.

What's on your personal server? in c/[email protected]
[–] [email protected] 1 points 2 months ago

No problem ;)

What's on your personal server? in c/[email protected]
[–] [email protected] 4 points 2 months ago (2 children)

That was really hard to do. I created a note for myself and I will also publish it on my website. You can also decrypt the sd using fido2 hardware key (I have a nitrokey). If you don't need that just skip steps that are for fido2.

The note:

Download the image.

Format SD card to new DOS table:

  • Boot: 512M 0c W95 FAT32 (LBA)
  • Root: 83 Linux

As root:

xz -d 2023-12-11-raspios-bookworm-arm64-lite.img.xz
losetup -fP 2023-12-11-raspios-bookworm-arm64-lite.img
dd if=/dev/loop0p1 of=/dev/mmcblk0p1 bs=1M
cryptsetup luksFormat --type=luks2 --cipher=xchacha20,aes-adiantum-plain64 /dev/mmcblk0p2
systemd-cryptenroll --fido2-device=auto /dev/mmcblk0p2
cryptsetup open /dev/mmcblk0p2 root
dd if=/dev/loop0p2 of=/dev/mapper/root bs=1M
e2fsck -f /dev/mapper/root
resize2fs -f /dev/mapper/root
mount /dev/mapper/root /mnt
mount /dev/mmcblk0p1 /mnt/boot/firmware
arch-chroot /mnt

In chroot:

apt update && apt full-upgrade -y && apt autoremove -y && apt install cryptsetup-initramfs fido2-tools jq debhelper git vim -y
git clone https://github.com/bertogg/fido2luks && cd fido2luks
fakeroot debian/rules binary && sudo apt install ../fido2luks*.deb
cd .. && rm -rf fido2luks*

Edit /etc/crypttab:

root            /dev/mmcblk0p2          none            luks,keyscript=/lib/fido2luks/keyscript.sh

Edit /etc/fstab:

/dev/mmcblk0p1    /boot/firmware  vfat    defaults          0       2
/dev/mapper/root  /               ext4    defaults,noatime  0       1

Change root to /dev/mapper/root and add cryptdevice=/dev/mmcblk0p2:root to /boot/firmware/cmdline.txt.

PATH="$PATH:/sbin"
update-initramfs -u

Exit chroot and finish!

umount -R /mnt
My Privacy Setup in c/[email protected]
[–] [email protected] 1 points 2 months ago

I'm already building the website ;)

view more: ‹ prev next ›