Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
Encrypt the boot drive, and use dropbear ssh in initramfs to be able to unlock it over ssh during boot. Then set up your data drives however you want, and use a key file on your boot drive to unlock them, once you've unlocked it. All drives are encrypted when your machine is off, and you only need one password you can enter remotely to unlock the whole thing.
Here's a good resource on how to do the initramfs part https://www.arminpech.de/2019/12/23/debian-unlock-luks-root-partition-remotely-by-ssh-using-dropbear/
Also, when you update the kernel you have to rebuild the initramfs with sudo update-initramfs -k all -u, or it won't be able to boot to the new kernel.
I've found it to be a super reliable setup.
Have not looked through the setup steps of that link, but using FDE with luks and remote ssh unlock for years and have not had any problems.
Shouldn't that be automatically handled by apt? I dont remember that i have setup a hook for that and i never rebuild my initramfs manually.
I was a bit surprised at it as well, but it doesn't for me running Debian headless. If I reboot after a kernel update it'll try to boot into the new kernel and fail waiting for the initramfs, but it'll boot just fine into the previous kernel. Once I update the initramfs it works fine.
If you know what resources you used to set it up, I'd be curious to take a look and see if I missed something.
Steps are basically not more then this (Can not find the original blog i followed but this is the small write up i have made years ago)
For some reason i install busybox too in the personal write up. But i do not think it is necessary.
That's basically the same as my writeup from when I did it. Except I also had a -k all on update-initramfs. Not sure about the switches, so I'll look into them. Thanks.