Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
This has been on my mind, I have yet to do it but the implementation seems trivial.
You can use typical luks full disk encryption with a password. Luks actually has five password slots. Passwords do not have to be actual text, they can be a file or even part of a file.
So my idea is, buy some really cheap, low profile USB flash drives and store some seemingly innocuous data like cat pictures or public domain books, IDK and it doesn't matter what the actual data is. Use full disk encryption and set a regular password, then add a second password that is a file or part of a file that lives on the flash drives, and have it set up to look for that file on boot as an option for unlocking.
Now the disc is fully encrypted but will boot/reboot without interruption as long as the flash drive is installed. You can remove the flash drive when you're feeling paranoid, or even better only install it when you are going to be away for a while. If you leave with the machine having the flash drive but are feeling worried, you can remote into the machine and edit / delete the file or just clear the key slot from Luks.
That's what's been on my mind, anyway. I think the typical suggestion/solution is to just use drop bear and remotely unlock using that, or don't use full disk encryption and selectively encrypt your data instead (partitions or userspace encryption).
I'm not going to proofread this so I hope it makes sense
I like this, and I suppose it's a shame a Rasp Pi can't be WOL'ed.
But could another SFF single use/secured device on the same network that doesn't have FDE, also provide that key only if and when you wake it up (manually decrypt the file after ssh'ing into it too?) instead of having a USB drive directly plugged into the main server so, if a nefarious person does have away with the main bounty they're fugged without said second hidden device on the same network?
ninjaedit: I also at one point in the past did Wireless WOL (wireless NIC's with WOL were prohibitively expensive at the time of me playing) via a Travel router that was acting as an Access Point, simply to wake up forward the magic packet. You could really hide that thing 😇
I just bought some PoE hats for my rpis, and have a managed PoE switch; rumor is, this combo basically translates to rPi WoL.
(Not meaning to ignore the rest of your comment, but not in a position to respond fully)