chevy9294 @ chevy9294 @monero.town

Posts

20

Comments

234

Joined

2 yr. ago

Not with Molly (hardened signal fork)

I'm using Arch because you start with nothing and you can make any system you want. I have disk encryption, btrfs as a filesystem, secure boot with my own custom keys, I'm running self-build kernel, I'm using apparmor and I can use any program from AUR, etc. Thats my personality. Things that you can't see but are important to me.

On other distros some of these things would be very hard to do. Especially without Arch Wiki.

Yes but you have to do that for each service if I understand correctly.

I switched from Docker to Podman, because Podman is more secure (if rootless) but it was just hard to autostart containars. You have to start one by one because they don't have a central service like docker. And watchtower and nextcloud AIO don't work on Podman. So I switched back to docker.

I'm running a Raspberry Pi 4 with 4gb of ram and 32gb of storage:

• pihole
• nginx proxy manager
• vaultwarden
• ntfy server
• mollysocket
• fmd server
• wireguard server
• cloudflare ddns
• my website
• watchtower

All that and load average is 0.05%, ram usage is at 450MB and disk usage at 6.4GB.

Arch Linux with 2 kernels ;)

Veloren!

Then atleast fake it until you make it!

Quit what? Life? I can't, I'm addicted to living :(

No it's not :(

RiMusic is great, but I think it's YT Music client and not Spotify. You should give it a go anyway!

To 3d print something you need to convert a model (.stl or something else) to gcode. A slicer will do this for you. I use Cura (it's open source) and works great on Linux. Then you have to send that gcode to the printer. You can do that with micro SD card which is what I noramlly do or you can connect to the printer using USB cable and send the gcode using a slicer.

Can please someone turns this Linux meme to GNU/Linux meme?

Personaly I would trust Nitrokey, but I don't have to.

That was my schoolmate...

Yep, he announced his AI.

Looks nice, I'll try it!

No problem ;)

That was really hard to do. I created a note for myself and I will also publish it on my website. You can also decrypt the sd using fido2 hardware key (I have a nitrokey). If you don't need that just skip steps that are for fido2.

The note:

Download the image.

Format SD card to new DOS table:

• Boot: 512M 0c W95 FAT32 (LBA)
• Root: 83 Linux

As root:

    
xz -d 2023-12-11-raspios-bookworm-arm64-lite.img.xz
losetup -fP 2023-12-11-raspios-bookworm-arm64-lite.img
dd if=/dev/loop0p1 of=/dev/mmcblk0p1 bs=1M
cryptsetup luksFormat --type=luks2 --cipher=xchacha20,aes-adiantum-plain64 /dev/mmcblk0p2
systemd-cryptenroll --fido2-device=auto /dev/mmcblk0p2
cryptsetup open /dev/mmcblk0p2 root
dd if=/dev/loop0p2 of=/dev/mapper/root bs=1M
e2fsck -f /dev/mapper/root
resize2fs -f /dev/mapper/root
mount /dev/mapper/root /mnt
mount /dev/mmcblk0p1 /mnt/boot/firmware
arch-chroot /mnt

  

In chroot:

    
apt update && apt full-upgrade -y && apt autoremove -y && apt install cryptsetup-initramfs fido2-tools jq debhelper git vim -y
git clone https://github.com/bertogg/fido2luks && cd fido2luks
fakeroot debian/rules binary && sudo apt install ../fido2luks*.deb
cd .. && rm -rf fido2luks*

  

Edit /etc/crypttab:

    
root            /dev/mmcblk0p2          none            luks,keyscript=/lib/fido2luks/keyscript.sh

  

Edit /etc/fstab:

    
/dev/mmcblk0p1    /boot/firmware  vfat    defaults          0       2
/dev/mapper/root  /               ext4    defaults,noatime  0       1

  

Change root to /dev/mapper/root and add cryptdevice=/dev/mmcblk0p2:root to /boot/firmware/cmdline.txt.

    
PATH="$PATH:/sbin"
update-initramfs -u

  

Exit chroot and finish!

    
umount -R /mnt

  

I'm already building the website ;)