add new blog entry about encryption
This commit is contained in:
Nico Schottelius
parent
3adc6ed393
commit
b29c45ef07
2 changed files with 65 additions and 6 deletions
|
|
@ -0,0 +1,59 @@
|
||||||
|
[[!meta title="How to enable encrypted swap in Alpine Linux"]]
|
||||||
|
|
||||||
|
## TL;DR
|
||||||
|
|
||||||
|
There is no TL;DR, because it is so easy that any summary would be too
|
||||||
|
long.
|
||||||
|
|
||||||
|
The steps are so simple:
|
||||||
|
|
||||||
|
### Edit /etc/conf.d/dmcrypt
|
||||||
|
|
||||||
|
Checkout the samples and enable swap like this:
|
||||||
|
|
||||||
|
swap=crypt-swap
|
||||||
|
source='/dev/nvme0nXXX'
|
||||||
|
|
||||||
|
(obviously set the correct *source* device)
|
||||||
|
|
||||||
|
### Start dmcrypt
|
||||||
|
|
||||||
|
Run
|
||||||
|
|
||||||
|
/etc/init.d/dmcrypt start
|
||||||
|
|
||||||
|
### Enable swap
|
||||||
|
|
||||||
|
swapon /dev/mapper/crypt-swap
|
||||||
|
|
||||||
|
|
||||||
|
### Make it persistent
|
||||||
|
|
||||||
|
# Enable automatic start
|
||||||
|
rc-update add dmcrypt
|
||||||
|
|
||||||
|
# Enable automatic swapon
|
||||||
|
echo /dev/mapper/crypt-swap swap swap defaults 0 0 >> /etc/fstab
|
||||||
|
|
||||||
|
## Background
|
||||||
|
|
||||||
|
Until today I did not know (or care) how to enable swap in Alpine
|
||||||
|
Linux. As firefox (sic!) is killing my system more often these days, I
|
||||||
|
decided to enable swap using a partition I left for it some years ago.
|
||||||
|
|
||||||
|
As I did not know how it works, I grep'ed for crypt through
|
||||||
|
/etc/init.d, found the dmcrypt init script quickly which references
|
||||||
|
/etc/conf.d/dmcrypt. I opened the config file and within minutes my
|
||||||
|
encrypted swap was up.
|
||||||
|
|
||||||
|
Note that above instructions will reset/re-encrypt swap on every boot
|
||||||
|
and thus no suspend to disk works with it. That's fine with me, as
|
||||||
|
that is not a feature I am ever going to use.
|
||||||
|
|
||||||
|
The point I need to make is that at the moment there is no single
|
||||||
|
other Linux distribution out there that I know off that is allowing me
|
||||||
|
to make changes, even those which I don't know yet how to, that easily
|
||||||
|
and I want to say many thanks for keeping Alpine Linux as simple as
|
||||||
|
other Linux distributions used to be in the 90's.
|
||||||
|
|
||||||
|
[[!tag alpinelinux security]]
|
||||||
|
|
@ -16,9 +16,9 @@ use IkiWiki::Setup::Standard {
|
||||||
# users who are banned from the wiki
|
# users who are banned from the wiki
|
||||||
banned_users => [],
|
banned_users => [],
|
||||||
# where the source of the wiki is located
|
# where the source of the wiki is located
|
||||||
srcdir => '/home/nico/nico.schottelius.org',
|
srcdir => '/home/nico/vcs/www.nico.schottelius.org',
|
||||||
# where to build the wiki
|
# where to build the wiki
|
||||||
destdir => '/home/services/www/nico/www.nico.schottelius.org/www',
|
destdir => '/tmp/www.nico.schottelius.org',
|
||||||
# base url to the wiki
|
# base url to the wiki
|
||||||
url => 'https://www.nico.schottelius.org/',
|
url => 'https://www.nico.schottelius.org/',
|
||||||
# url to the ikiwiki.cgi
|
# url to the ikiwiki.cgi
|
||||||
|
|
@ -284,9 +284,9 @@ use IkiWiki::Setup::Standard {
|
||||||
# extra template directories to add
|
# extra template directories to add
|
||||||
#add_templates => [qw{/home/users/nico/.ikiwiki/templates}],
|
#add_templates => [qw{/home/users/nico/.ikiwiki/templates}],
|
||||||
|
|
||||||
git_wrapper => '/home/services/git/nico.schottelius.org/hooks/post-update',
|
# git_wrapper => '/home/services/git/nico.schottelius.org/hooks/post-update',
|
||||||
git_wrappermode => '06755',
|
# git_wrappermode => '06755',
|
||||||
gitorigin_branch => 'origin',
|
# gitorigin_branch => 'origin',
|
||||||
gitmaster_branch => 'master',
|
# gitmaster_branch => 'master',
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue