diff --git a/content/u/blog/encrypted-rootfs-with-alpine-linux/contents.lr b/content/u/blog/encrypted-rootfs-with-alpine-linux/contents.lr new file mode 100644 index 0000000..4462115 --- /dev/null +++ b/content/u/blog/encrypted-rootfs-with-alpine-linux/contents.lr @@ -0,0 +1,171 @@ +title: Encrypted rootfs with Alpine Linux +--- +pub_date: 2020-10-08 +--- +author: ungleich +--- +twitter_handle: ungleich +--- +_hidden: no +--- +_discoverable: yes! +--- +abstract: +How to encrypt your root filesystem with Alpine Linux +--- +body: + +## Introduction + +This is a short guide on how to encrypt your root filesystem on Alpine +Linux. This article assumes an EFI based system. + +## Booting Alpine Linux + +Use the standard Alpine Linux installer to boot. Prepare networking +and and apkrepos: + +``` +setup-interfaces +``` + +If you are in an IPv6 only network, setup a nameserver. At the moment +Alpine Linux does not start rdnssd by default. The following works for +VMs on [Data Center Light](https://datacenterlight.ch) + +``` +echo nameserver 2a0a:e5c0:2:a::a +``` + +Then setup the repos: + +``` +setup-apkrepos +``` + +Optional, if you want to continue the installation remotely from +another computer via ssh: + +``` +setup-sshd +``` + +And then add your ssh key to /root/.ssh/authorized keys. We are using +the key.wf service for staff at ungleich: + +``` +mkdir -p /root/.ssh/ +wget -O ~/.ssh/authorized_keys key.wf/nico +``` + +## Create partitions + +In this guide we assume you create 3 partitions, based on gpt: + +* /boot: a vfat partition usable for EFI boot (usually ~500MB) +* swap: the swap partition (usually ~half RAM) +* root: the partition containing the root filesystem + +In the the following sections we assume your disk is **/dev/sda**. If you +are using NVMe, your disk might also be **/dev/nvme0n1** or similar. + +``` +apk add gptfdisk +gdisk /dev/sda +# create new partition table if it does not exist or you want to start clean +# create the partitions +``` + +## Format partitions + +``` +mkfs.vfat /dev/sda1 +apk add cryptsetup + +# Enter YES and your password twice +cryptsetup luksFormat /dev/sda3 + +# Create DM device +cryptsetup luksOpen /dev/sda3 rootfs + +# Create filesystem +apk add e2fsprogs +mkfs.ext4 /dev/mapper/rootfs + +# Mount filesytems +mount /dev/mapper/rootfs /mnt +mkdir /mnt/boot +mount /dev/sda1 /mnt/boot + +``` + +## Configure initramfs + +We need to enable rootfs decryption on boot. For this we need to add +cryptsetup into the feature list of /etc/mkinitfs/mkinitfs.conf: + +``` +hike:/etc# cat /etc/mkinitfs/mkinitfs.conf +features="ata base ide scsi usb virtio ext4 cryptsetup" +``` + +Regenerate the initramfs: + +``` +mkinitfs +``` + +## Configure and install the bootloader + +We will be using grub for booting: + +``` +apk add grub-efi efibootmgr +``` + +Update the /etc/default/grub to contain the cryptroot kernel +parameter in the GRUB_CMDLINE_LINUX_DEFAULT variable: + +``` +hike:/# cat /etc/default/grub +GRUB_DISTRIBUTOR="Alpine" +GRUB_TIMEOUT=2 +GRUB_DISABLE_SUBMENU=y +GRUB_DISABLE_RECOVERY=true +GRUB_CMDLINE_LINUX_DEFAULT="cryptroot=/dev/sda3 cryptdm=root" +``` + +Regenerate the grub configuration: + +``` +grub-mkconfig -o /mnt/boot/grub/grub.cfg +``` + +Verify it has been added correctly: + +``` +hike:/# grep crypt /boot/grub/grub.cfg + linux /vmlinuz-lts root=UUID=fa67b307-e155-47d8-98a6-4930131b5cd3 ro modules=sd-mod,usb-storage,ext4 nomodeset quiet rootfstype=ext4 cryptroot=/dev/sda3 cryptdm=root +``` + +Install grub: + +``` +grub-install --efi-directory /mnt/boot +``` + +## Install to disk + +All changes so far have been done in RAM. Let's persist them: + +``` +setup-disk /mnt +``` + +## Final step + +If everything went well so far - it's time to reboot your fully +encrypted system. The usual steps like setting up the root password or +the hostname have been skipped for the sake brevity. + +Enjoy your full encrypted [Alpine Linux](https://alpinelinux.org/)! diff --git a/content/u/products/viirb-ipv6-box/contents.lr b/content/u/products/viirb-ipv6-box/contents.lr index 09f21e7..fffb070 100644 --- a/content/u/products/viirb-ipv6-box/contents.lr +++ b/content/u/products/viirb-ipv6-box/contents.lr @@ -141,6 +141,61 @@ to contribute to tech waste. A free subscription for 1 year is included. This way you can plug in the VIIRB and just get started with IPv6. +## VIIRB Add-Ons + +The VIIRB comes with a variety of possible add-ons that can turn it +into an even more versatile device. + +### Turning the VIIRB into an IPv6 camera + +You can turn the VIIRB into an IPv6 streaming camera with +a compatible USB-Webcam. For **25 CHF** you can add a tested, +HD (1280x720) USB camera to your VIIRB order. + +### Turning the VIIRB into an IPv6 thermometer + +If you want to know how hot (or cold) it is, +you can use an USB temperature sensor to measure the temperature. +For **20 CHF** you can add a tested temperature sensor to your VIIRB +order. + +### Turning the VIIRB into an LTE/4G router + +Using an USB 4G Modem you can use the VIIRB to enable a network not +only with IPv6, but also with Internet connectivity in general. + +For **70 CHF** you can add a 4G modem to your VIIRB order. + +### Turning the VIIRB into a GPS tracker + +The VIIRB is small and universal. What if you could use it to track +things? Like your car, your bike, your boat? And check where your +things are using IPv6? + +You can add the USB GPS tracker add on for **25 CHF** as a single +device. + + +### Multiple Add-Ons via USB Hub + +To connect more than one add-on to the VIIRB, you will need a +USB-Hub. For **25 CHF** you can add a verified, +4 Port USB hub to your VIIRB order. + + +### The VIIRB autonomous security system + +The VIIRB can be turned into an autonomous security system with the +following add-ons: + +* USB Hub (to support multiple add-ons) +* LTE/4G Router (Internet Uplink, excluding SIM card) +* GPS Tracker (To record where the VIIRB is) +* USB Camera (To stream what the VIIRB can see) + +The autonomous security system set can be added to your VIIRB order +for **145 CHF** (203 CHF including the VIIRB). + ## Ordering To order the VIIRB, send an email with your shipping address and @@ -155,6 +210,7 @@ for free. Outdoor resistant, can be put on a notebook, phone or car. Additionally **the first 42 VIIRBs come in a limited edition** that will carry its production number. + ### Price **The price of the VIIRB is 58 CHF**. @@ -165,6 +221,7 @@ for 15 CHF. All prices excluding VAT and shipping costs. + ### Shipping costs Below is a selection of shipping cost for various countries.