Unlock encrypted root filesystem via SSH

As I wrote in my last posts I want to use my ROCK Pi 4 as a home server. I installed a libre bootloader and then Debian with an encrypted root filesystem. Here I wrote down how I managed to be able to unlock my encrypted partition via SSH.

Dropbear is a small SSH server (and client). The idea is to integrate it in my initial RAM file system only to be able to connect to my ROCK Pi 4 via SSH at boot time to type in my dm-crypt passphrase. After that the SSH connection will be closed and the boot process will proceed as expected.

„Unlock encrypted root filesystem via SSH“ weiterlesen

ROCK Pi 4: Software RAID & encrypted LVM

I want to use my ROCK Pi 4, among other things, for a web server, a mail server and a cloud storage, so reliability is quite important. In the setup I use up until now I only have a backup, so if the SSD with my root file system would fail all these services would be down – and I would be really stressed out – for several hours (until I manage to get home, install Debian and restore the system). That’s why I decided to make use of data mirroring (RAID 1) for my new home server.

I also want to strengthen security, so I encrypt all partitions (dm-crypt) except my boot partition. And since I’m not entirely convinced of my chosen partitioning scheme I make use of the Logical Volume Manager to be able to manage my partitions more flexible.

Here I wrote down how I managed to encrypt all partitions (except my boot partition), mirror my whole file system (including the boot partition) and ensure that my boot loader U-Boot can read the files necessary to boot the system.

„ROCK Pi 4: Software RAID & encrypted LVM“ weiterlesen

ROCK Pi 4: M.2 Extension Board & Aluminum Housing Assembly

I’m planning to use my ROCK Pi 4 as a home server with an NVMe M.2 SSD for the root file system. Therefore I bought an M.2 extension board v1.6 and an ecoPI PRO HP aluminum housing. Here I want to share some pictures of the assembly.

At first I connected the ribbon cable with the small PCB which came with the extension board.

Then I inserted the small PCB into the M.2 slot of the ROCK Pi 4 and used the two longest of the included hex standoff bolts to screw it on.

„ROCK Pi 4: M.2 Extension Board & Aluminum Housing Assembly“ weiterlesen

WordPress & Google Fonts

Ich verwende für diese Website die freie Weblog-Software WordPress mit dem aktuellsten der drei vorinstallierten Standard-Themes, genannt Twenty Seventeen. Der Einsatz jedes dieser drei inkludierten Themes hat – wenn man nichts dagegen unternimmt, siehe unten – folgenden Nebeneffekt: sie bringen die Browser der Besucherinnen dazu, der Google Corporation Bescheid zu geben, dass sie sich gerade die Website ansehen.

Wie heute allgemein üblich, setzen diese Themes Web-Fonts ein. Das heißt nichts anderes, als dass die auf der jeweiligen Website eingesetzten Schriftarten beim Aufruf derselben mit heruntergeladen werden und so dafür gesorgt ist, dass das Schriftbild über alle Betriebssysteme und Browser hinweg gleich aussieht. Das ist an sich großartig – problematisch ist nur, dass die Fonts nicht vom jeweils eigenen Server, sondern von Google-Servern geladen werden.

„WordPress & Google Fonts“ weiterlesen