ungleich-public/ungleich-staticcms
6
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'master' of git+ssh://code.ungleich.ch/ungleich-public/ungleich-staticcms

Browse source
This commit is contained in:
sanghee 2020-10-21 12:44:59 +02:00
commit 7393be30c8
2 changed files with 228 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

171
content/u/blog/encrypted-rootfs-with-alpine-linux/contents.lr Normal file
View file

@ -0,0 +1,171 @@
title: Encrypted rootfs with Alpine Linux
---
pub_date: 2020-10-08
---
author: ungleich
---
twitter_handle: ungleich
---
_hidden: no
---
_discoverable: yes!
---
abstract:
How to encrypt your root filesystem with Alpine Linux
---
body:
## Introduction
This is a short guide on how to encrypt your root filesystem on Alpine
Linux. This article assumes an EFI based system.
## Booting Alpine Linux
Use the standard Alpine Linux installer to boot. Prepare networking
and and apkrepos:
```
setup-interfaces
```
If you are in an IPv6 only network, setup a nameserver. At the moment
Alpine Linux does not start rdnssd by default. The following works for
VMs on [Data Center Light](https://datacenterlight.ch)
```
echo nameserver 2a0a:e5c0:2:a::a
```
Then setup the repos:
```
setup-apkrepos
```
Optional, if you want to continue the installation remotely from
another computer via ssh:
```
setup-sshd
```
And then add your ssh key to /root/.ssh/authorized keys. We are using
the key.wf service for staff at ungleich:
```
mkdir -p /root/.ssh/
wget -O ~/.ssh/authorized_keys key.wf/nico
```
## Create partitions
In this guide we assume you create 3 partitions, based on gpt:
* /boot: a vfat partition usable for EFI boot (usually ~500MB)
* swap: the swap partition (usually ~half RAM)
* root: the partition containing the root filesystem
In the the following sections we assume your disk is **/dev/sda**. If you
are using NVMe, your disk might also be **/dev/nvme0n1** or similar.
```
apk add gptfdisk
gdisk /dev/sda
# create new partition table if it does not exist or you want to start clean
# create the partitions
```
## Format partitions
```
mkfs.vfat /dev/sda1
apk add cryptsetup
# Enter YES and your password twice
cryptsetup luksFormat /dev/sda3
# Create DM device
cryptsetup luksOpen /dev/sda3 rootfs
# Create filesystem
apk add e2fsprogs
mkfs.ext4 /dev/mapper/rootfs
# Mount filesytems
mount /dev/mapper/rootfs /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot
```
## Configure initramfs
We need to enable rootfs decryption on boot. For this we need to add
cryptsetup into the feature list of /etc/mkinitfs/mkinitfs.conf:
```
hike:/etc# cat /etc/mkinitfs/mkinitfs.conf
features="ata base ide scsi usb virtio ext4 cryptsetup"
```
Regenerate the initramfs:
```
mkinitfs
```
## Configure and install the bootloader
We will be using grub for booting:
```
apk add grub-efi efibootmgr
```
Update the /etc/default/grub to contain the cryptroot kernel
parameter in the GRUB_CMDLINE_LINUX_DEFAULT variable:
```
hike:/# cat /etc/default/grub
GRUB_DISTRIBUTOR="Alpine"
GRUB_TIMEOUT=2
GRUB_DISABLE_SUBMENU=y
GRUB_DISABLE_RECOVERY=true
GRUB_CMDLINE_LINUX_DEFAULT="cryptroot=/dev/sda3 cryptdm=root"
```
Regenerate the grub configuration:
```
grub-mkconfig -o /mnt/boot/grub/grub.cfg
```
Verify it has been added correctly:
```
hike:/# grep crypt /boot/grub/grub.cfg
linux /vmlinuz-lts root=UUID=fa67b307-e155-47d8-98a6-4930131b5cd3 ro modules=sd-mod,usb-storage,ext4 nomodeset quiet rootfstype=ext4 cryptroot=/dev/sda3 cryptdm=root
```
Install grub:
```
grub-install --efi-directory /mnt/boot
```
## Install to disk
All changes so far have been done in RAM. Let's persist them:
```
setup-disk /mnt
```
## Final step
If everything went well so far - it's time to reboot your fully
encrypted system. The usual steps like setting up the root password or
the hostname have been skipped for the sake brevity.
Enjoy your full encrypted [Alpine Linux](https://alpinelinux.org/)!

57
content/u/products/viirb-ipv6-box/contents.lr
View file

@ -141,6 +141,61 @@ to contribute to tech waste.
A free subscription for 1 year is included. This way you can plug in A free subscription for 1 year is included. This way you can plug in
the VIIRB and just get started with IPv6. the VIIRB and just get started with IPv6.
## VIIRB Add-Ons
The VIIRB comes with a variety of possible add-ons that can turn it
into an even more versatile device.
### Turning the VIIRB into an IPv6 camera
You can turn the VIIRB into an IPv6 streaming camera with
a compatible USB-Webcam. For **25 CHF** you can add a tested,
HD (1280x720) USB camera to your VIIRB order.
### Turning the VIIRB into an IPv6 thermometer
If you want to know how hot (or cold) it is,
you can use an USB temperature sensor to measure the temperature.
For **20 CHF** you can add a tested temperature sensor to your VIIRB
order.
### Turning the VIIRB into an LTE/4G router
Using an USB 4G Modem you can use the VIIRB to enable a network not
only with IPv6, but also with Internet connectivity in general.
For **70 CHF** you can add a 4G modem to your VIIRB order.
### Turning the VIIRB into a GPS tracker
The VIIRB is small and universal. What if you could use it to track
things? Like your car, your bike, your boat? And check where your
things are using IPv6?
You can add the USB GPS tracker add on for **25 CHF** as a single
device.
### Multiple Add-Ons via USB Hub
To connect more than one add-on to the VIIRB, you will need a
USB-Hub. For **25 CHF** you can add a verified,
4 Port USB hub to your VIIRB order.
### The VIIRB autonomous security system
The VIIRB can be turned into an autonomous security system with the
following add-ons:
* USB Hub (to support multiple add-ons)
* LTE/4G Router (Internet Uplink, excluding SIM card)
* GPS Tracker (To record where the VIIRB is)
* USB Camera (To stream what the VIIRB can see)
The autonomous security system set can be added to your VIIRB order
for **145 CHF** (203 CHF including the VIIRB).
## Ordering ## Ordering
To order the VIIRB, send an email with your shipping address and To order the VIIRB, send an email with your shipping address and
@ -155,6 +210,7 @@ for free. Outdoor resistant, can be put on a notebook, phone or car.
Additionally **the first 42 VIIRBs come in a limited edition** Additionally **the first 42 VIIRBs come in a limited edition**
that will carry its production number. that will carry its production number.
### Price ### Price
**The price of the VIIRB is 58 CHF**. **The price of the VIIRB is 58 CHF**.
@ -165,6 +221,7 @@ for 15 CHF.
All prices excluding VAT and shipping costs. All prices excluding VAT and shipping costs.
### Shipping costs ### Shipping costs
Below is a selection of shipping cost for various countries. Below is a selection of shipping cost for various countries.