From b29c45ef07aaac02ad490b96ee928015323edc65 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 10 Oct 2024 16:19:55 +0900 Subject: [PATCH] add new blog entry about encryption --- ...enable-encrypted-swap-in-alpine-linux.mdwn | 59 +++++++++++++++++++ ikiwiki.setup | 12 ++-- 2 files changed, 65 insertions(+), 6 deletions(-) create mode 100644 blog/2024-10-10-how-to-enable-encrypted-swap-in-alpine-linux.mdwn diff --git a/blog/2024-10-10-how-to-enable-encrypted-swap-in-alpine-linux.mdwn b/blog/2024-10-10-how-to-enable-encrypted-swap-in-alpine-linux.mdwn new file mode 100644 index 00000000..1f5cf14f --- /dev/null +++ b/blog/2024-10-10-how-to-enable-encrypted-swap-in-alpine-linux.mdwn @@ -0,0 +1,59 @@ +[[!meta title="How to enable encrypted swap in Alpine Linux"]] + +## TL;DR + +There is no TL;DR, because it is so easy that any summary would be too +long. + +The steps are so simple: + +### Edit /etc/conf.d/dmcrypt + +Checkout the samples and enable swap like this: + + swap=crypt-swap + source='/dev/nvme0nXXX' + +(obviously set the correct *source* device) + +### Start dmcrypt + +Run + + /etc/init.d/dmcrypt start + +### Enable swap + + swapon /dev/mapper/crypt-swap + + +### Make it persistent + + # Enable automatic start + rc-update add dmcrypt + + # Enable automatic swapon + echo /dev/mapper/crypt-swap swap swap defaults 0 0 >> /etc/fstab + +## Background + +Until today I did not know (or care) how to enable swap in Alpine +Linux. As firefox (sic!) is killing my system more often these days, I +decided to enable swap using a partition I left for it some years ago. + +As I did not know how it works, I grep'ed for crypt through +/etc/init.d, found the dmcrypt init script quickly which references +/etc/conf.d/dmcrypt. I opened the config file and within minutes my +encrypted swap was up. + +Note that above instructions will reset/re-encrypt swap on every boot +and thus no suspend to disk works with it. That's fine with me, as +that is not a feature I am ever going to use. + +The point I need to make is that at the moment there is no single +other Linux distribution out there that I know off that is allowing me +to make changes, even those which I don't know yet how to, that easily +and I want to say many thanks for keeping Alpine Linux as simple as +other Linux distributions used to be in the 90's. + +[[!tag alpinelinux security]] diff --git a/ikiwiki.setup b/ikiwiki.setup index a2ad1388..23077a8e 100644 --- a/ikiwiki.setup +++ b/ikiwiki.setup @@ -16,9 +16,9 @@ use IkiWiki::Setup::Standard { # users who are banned from the wiki banned_users => [], # where the source of the wiki is located - srcdir => '/home/nico/nico.schottelius.org', + srcdir => '/home/nico/vcs/www.nico.schottelius.org', # where to build the wiki - destdir => '/home/services/www/nico/www.nico.schottelius.org/www', + destdir => '/tmp/www.nico.schottelius.org', # base url to the wiki url => 'https://www.nico.schottelius.org/', # url to the ikiwiki.cgi @@ -284,9 +284,9 @@ use IkiWiki::Setup::Standard { # extra template directories to add #add_templates => [qw{/home/users/nico/.ikiwiki/templates}], - git_wrapper => '/home/services/git/nico.schottelius.org/hooks/post-update', - git_wrappermode => '06755', - gitorigin_branch => 'origin', - gitmaster_branch => 'master', + # git_wrapper => '/home/services/git/nico.schottelius.org/hooks/post-update', + # git_wrappermode => '06755', + # gitorigin_branch => 'origin', + # gitmaster_branch => 'master', }