beansniffer

joined 2 years ago
[–] beansniffer@lemmy.ml 2 points 1 year ago* (last edited 1 year ago)

I'm glad you asked, its always good to learn new things! The idea behind having a drive that automatically decrypts on boot is so you have data protection at rest when the server is off but still are able to have the server start up and run the tasks it needs to do without having to input a password before the machine starts up. Encryption keys are stored in the TPM which is usually stored on the CPU and the data should still be protected by the login prompt unless there is some type of bug that bypasses the login prompt.

So imagine a scenario where the power goes out, even just for a small amount of time. The uninterruptible power supply connected to the server allows for clean unmounting of the filesystems and then shuts the server off. The server then comes back on when power is detected from the grid again. If an encrypted drive doesn't have automatic decryption and requires a passphrase before boot, the services that I'm self hosting aren't running. I'm wanting to run home assistant and a security camera NVR so that could mean that I'm stumbling around in the dark tripping over things to get to the server to type in a passphrase, or there could be a robbery and I now have no evidence of who the culprit might be.

Having the drives automatically decrypt in a safe manner helps ensure higher availability (without me spending a small fortune in additional hardware costs because you can usually throw money at a problem to fix it), and data protection in the event of a smash and grab robbery.

The alternative to automatically decrypting drives while ensuring my services work after power failure is to not encrypt the drives at all.

Let me know if you have anymore questions. Thank you for your post.

[–] beansniffer@lemmy.ml 0 points 1 year ago

It may be helpful to know that the former r/zfs community has migrated to a Discourse server at practicalzfs.com. Might be worth asking there for some expert advice.

I tried posting there, but the mods haven't been there in a couple of days to approve my post. I tried posting on reddit but since reddit is a garbage website that noone should ever visit, I was immediately shadowbanned and noone has seen my posts.

Thanks for your post.

 

I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure.

My desired setup:

  • 2 Sata SSDs boot drives in a ZFS mirror
  • 1 NVME SSD for L2ARC and VM storage
  • 3 HDDs in a RAIDz1 for backups and general large storage
  • 1 (maybe more added later) HDD for Camera NVR VM.

I'd prefer every drive encrypted with native ZFS encryption automatically decrypted by either TPM 2.0 or manually by a passphrase if needed as a backup.

Guide I found:

I found a general guide on how to do something similar but it honestly went over my head (I'm still learning) and didn't include much information about additional drives: Proxmox with Secure Boot and Native ZFS Encryption

If someone could adapt that post into a more noob friendly guide for the latest Proxmox version, with directions for decryption of multiple drives, that would be amazing and I'm sure it would make an excellent addition to the Proxmox wiki ;)

My 2nd preferred setup:

  • 2 Sata SSDs boot drives in a ZFS mirror with LUKS encryption and automatic decryption with clevis.
  • All other drives encrypted using ZFS native encryption with ZFS key (keys?) stored on LUKS boot drive partition.

With this arrangement, every drive could be encrypted at rest and decrypted on boot with native ZFS encryption on most drives but has the downsides of using LUKS on ZFS for the boot drives.

Is storing the ZFS keys in a LUKS partition insecure in some way? Would this result in undecryptable drives if something happened to ZFS keys on the boot drive or can they be also decrypted with a passphrase as a backup?

As it stands right now, I'm really stuck trying to figure this out so any help or well written guides are heavily appreciated. Thanks for reading!

 

I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure.

My desired setup:

  • 2 Sata SSDs boot drives in a ZFS mirror
  • 1 NVME SSD for L2ARC and VM storage
  • 3 HDDs in a RAIDz1 for backups and general large storage
  • 1 (maybe more added later) HDD for Camera NVR VM.

I'd prefer every drive encrypted with native ZFS encryption automatically decrypted by either TPM 2.0 or manually by a passphrase if needed as a backup.

Guide I found:

I found a general guide on how to do something similar but it honestly went over my head (I'm still learning) and didn't include much information about additional drives: Proxmox with Secure Boot and Native ZFS Encryption

If someone could adapt that post into a more noob friendly guide for the latest Proxmox version, with directions for decryption of multiple drives, that would be amazing and I'm sure it would make an excellent addition to the Proxmox wiki ;)

My 2nd preferred setup:

  • 2 Sata SSDs boot drives in a ZFS mirror with LUKS encryption and automatic decryption with clevis.
  • All other drives encrypted using ZFS native encryption with ZFS key (keys?) stored on LUKS boot drive partition.

With this arrangement, every drive could be encrypted at rest and decrypted on boot with native ZFS encryption on most drives but has the downsides of using LUKS on ZFS for the boot drives.

Is storing the ZFS keys in a LUKS partition insecure in some way? Would this result in undecryptable drives if something happened to ZFS keys on the boot drive or can they be also decrypted with a passphrase as a backup?

As it stands right now, I'm really stuck trying to figure this out so any help or well written guides are heavily appreciated. Thanks for reading!

 

I'm trying to install Proxmox on a server that is going to be running Home Assistant, a security camera NVR setup and other sensitive data, I need to have the drives be encrypted with automatic decryption of drives so the VMs can automatically resume after a power failure.

My desired setup:

  • 2 Sata SSDs boot drives in a ZFS mirror
  • 1 NVME SSD for L2ARC and VM storage
  • 3 HDDs in a RAIDz1 for backups and general large storage
  • 1 (maybe more added later) HDD for Camera NVR VM.

I'd prefer every drive encrypted with native ZFS encryption automatically decrypted by either TPM 2.0 or manually by a passphrase if needed as a backup.

Guide I found:

I found a general guide on how to do something similar but it honestly went over my head (I'm still learning) and didn't include much information about additional drives: Proxmox with Secure Boot and Native ZFS Encryption

If someone could adapt that post into a more noob friendly guide for the latest Proxmox version, with directions for decryption of multiple drives, that would be amazing and I'm sure it would make an excellent addition to the Proxmox wiki ;)

My 2nd preferred setup:

  • 2 Sata SSDs boot drives in a ZFS mirror with LUKS encryption and automatic decryption with clevis.
  • All other drives encrypted using ZFS native encryption with ZFS key (keys?) stored on LUKS boot drive partition.

With this arrangement, every drive could be encrypted at rest and decrypted on boot with native ZFS encryption on most drives but has the downsides of using LUKS on ZFS for the boot drives.

Is storing the ZFS keys in a LUKS partition insecure in some way? Would this result in undecryptable drives if something happened to ZFS keys on the boot drive or can they be also decrypted with a passphrase as a backup?

As it stands right now, I'm really stuck trying to figure this out so any help or well written guides are heavily appreciated. Thanks for reading!

[–] beansniffer@lemmy.ml 2 points 2 years ago

"Anonymized" datasets aren't anonymous

[–] beansniffer@lemmy.ml 2 points 2 years ago* (last edited 2 years ago)

There is a subreddit you might find interesting r/prepperfileshare

Beyond that, you could always just vacuum seal multiple low power SOC computers with portable solar panels, couple of USB hard drives, Blu-ray drives with archival blu-ray discs and then just bury it in an appropriate container. Adequate depth in the dirt can make an effective faraday cage. Store an archive of wikipedia and other useful information. I probably wouldn't bury any lithium batteries with the solar because they would likely be useless without receiving a charge underground for so long.

Work on getting prepared now so you're used to living that type of lifestyle before the bombs drop. It makes you more likely to survive unexpected circumstances while you still have civilization around to fall back upon while you're working out all of the unforeseen kinks. Ask me an questions you might have if you have questions.

Also the other advice in this thread is good too: prepare for the most likely disasters, and focus on strengthening your local community to local disasters.

[–] beansniffer@lemmy.ml 5 points 2 years ago

Check out Fedora SIlverblue and see if it fits your use case with toolbox.

[–] beansniffer@lemmy.ml 3 points 2 years ago

Thank you for your insightful comment.

[–] beansniffer@lemmy.ml 3 points 2 years ago (2 children)

What is your opinion of Framework's efforts to have their laptops be carbon neutral through carbon capture from Running Tide which uses kelp microforests to lock carbon away underwater for "hundreds or thousands of years"?

https://frame.work/products/carbon-capture https://www.runningtide.com/

[–] beansniffer@lemmy.ml 5 points 2 years ago (1 children)

I saw a video of something similar in Taiwan for electric mopeds where the people can just pick up a charged exchange battery at any time. AFAIK, the moped owners didn't even own the batteries and just rented them from the service. This would allow people to not have to worry about long term battery recharge cycle health of batteries that they own going down over time.

[–] beansniffer@lemmy.ml 4 points 2 years ago (1 children)

Neither have I, that's why I was asking. It would be nice for more activism to encourage building e-bike chargers.

[–] beansniffer@lemmy.ml 2 points 2 years ago (3 children)

Is there a map of where all the e-bike chargers are?

[–] beansniffer@lemmy.ml 3 points 2 years ago

Wouldn't test scores from the school go down from the pollution exposure of the car exhaust?

[–] beansniffer@lemmy.ml 2 points 2 years ago

No. What I mean is bribing courts to bypass the requirement to follow the license.

I'd fuckin riot

 

I've got to admit that when I first heard of the anti-cars community, I was a little skeptical. "Whats wrong with cars?" I thought. But the more I lurked, and the more I watched youtube channels like Not just bikes, the more I understood just how shitty the world is around us. Fuck Cars.

 

Now normally I would just setup radarr, sonarr and the like on a seedbox or something if I were looking for a setup for myself, but my friends and family members can't handle something like that. Stremio with torrent addons offers a user friendly netflix-like experience but its not entirely opensource and I can't self host it.

Jellyfin seems to be a popular suggestion for user friendly software with a netflix-like interface but from what I can tell, there isn't automatic torrenting to match the convenience of stremio.

If a family member has to open a webpage or an app to pick out content, then wait for it to download fully, then open up the jellyfin UI to watch content, that might be too complicated for some of my elderly family members to achieve.

Is there an open source/self-hosting torrent/piracy solution that is comparable to stremio in regards to being boomer friendly? Thanks for your comments.

 

Cargo e-bikes generally have a battery capacity limit of around 25 miles (which batteries aren't meant to be fully drained every time they're used anyway).

Any suggestions that don't include the use of cars in a carpool or moving?

Is "Fuck Cars" a pro-city/anti-rural philosophy?

view more: next ›