I don’t have a suggestion but commenting so I’ll remember to follow. I’ve just been using the CLI but if there’s a nice management system I’m interested.

Though, I’m curious if a docker one would work… I have docker aliased to podman already

I definitely know that feeling.

Now that I’m at a keyboard, here’s the (Caddy) plugin I was referring to : https://github.com/caddy-dns/namecheap

Namecheap supports this according to docs. I just haven’t tested yet.

Doesn’t caddy support that (name cheap txt mod) via a plug-in?

I haven’t tried it yet, but the plugin made it sound possible. I’m planning to automate on next expiration… When I get to it ;)

I did already compile caddy with the plugin, just haven’t generated my name cheap token and tested.

I am not a smart person and it wasn’t the right tool for my job so I didn’t research it further once that was established. Maybe if somebody told me one more time it’d stick.

EDIT : In case anyone is curious : https://github.com/latchset/clevis

I hadn’t heard of Dropbear until I started researching this… cool project. That seems to be the ticket if you’re wanting manual intervention to unlock the disk. If you want automatic unlock via another server on the network, sounds like Clevis may be the thing.

One of our client support people told an angry client to open a Jira with urgent priority and we’d get right on it.

… the client support person knew full well that Jira was down too : D

At least, I think they knew. Either way, not shit we could do about it for that particular region until AWS fixed things.

Just one… For now :)

It’s a Lenovo Tiny refurb and came with a 1TB NVMe which is plenty for playing around but I’ll have to expand if I move my Jellyfin instance to it.

Good to hear. This will be going on a Debian server too.

I just set up tailscale on the RPi that controls my printer so I’ve got a jump host on the LAN now… Just need to make time to setup dropbear (and keys) on the server.

I’d imagine that if you have physical access and don’t mind plugging in a USB then that’s the easier route.

My personal goal is to be able to unlock it remotely in two main scenarios :

1. I’m lazy and don’t want to have to awkwardly fumble at plugging in something. So, SSH to it from the same room and unlock it from my desktop.
2. Server got rebooted while I’m away from home but I would really like it to be up and running again for something I need but I don’t have physical access at the time.

Both of those situations lean towards a remote unlock with no USB. The first one is absolutely doable because I have local access and could plug a device in, it’s just awkward. On the second, physical access is impossible so it must be done remotely.

I mentioned it in another comment but the remote unlock while away from home presents extra challenges for me because I access my server externally via Tailscale. Since Tailscale isn’t available at boot (pre-decrypt), then I’ll have to tailnet+ssh to another machine on the LAN (that doesn’t require a boot password/unlock) and then SSH from that machine to the server to enter the LUKS password to allow boot to continue. Sounds feasible, though perhaps a little clunky. That’s my current plan and hoping to try it out this weekend if time permits.

Great, thanks for checking my understanding of it.

If I’m reading the docs correctly, Clevis can rely on a separate Tang server for retrieving the decryption key, right? So in that scenario I’d need to have another machine for Tang that can also auto-boot without entering a boot/LUKS password. Otherwise, if both machines (server+clevis and Tang server) were in the same room and restarted due to power loss, neither would be able to boot if both were encrypted… or did I misunderstand something important?

And I don’t think I actually want “automatic” unlocking. I just want to be perform the unlock (enter LUKS password) remotely. I realize that comes with manual intervention (entering the password remotely) but I’m okay with that. I should probably have clarified that by “home server” I mean a machine the serves nice to have stuff, nothing mission critical. Plus I’m really the only one who uses it currently so I’ll notice it’s down when something doesn’t work and can then initiate the remote unlock/boot : D

Clevis is interesting but I don’t think it matches my specific situation. Glad I know about it now though, thanks for the info.

This is interesting, another one I hadn’t heard of yet. And, the server is running Debian : )

I enjoy the intro too :

You know how it is. You’ve heard of it happening. The Man comes and takes away your servers, your friends’ servers, the servers of everybody in the same hosting facility. The servers of their neighbors, and their neighbors’ friends. The servers of people who owe them money. And like that, they’re gone. And you doubt you’ll ever see them again. That is why your servers have encrypted root file systems

Exactly this. The chances of my server/drives getting stolen is extremely low but I like to take all the precautions I can even if it’s just an exercise in “I can, so I will”. That and the “peace of mind” you mentioned.

I think this is the first time I’ve heard of dracut. I’ll take a look - thanks for the info.

Sounds like something fun to research either way - thanks

O, I fully intend to. Just wanted to ask for opinions who have done it or have tried other things while I’m sitting here waiting for an appointment.

Plus content… Lemmy… Engagement. If nobody posts then there’s nothing here

I’ll never not upvote Veronica Explains. Excellent creator and excellent info on everything I’ve seen.

I forget that there are large centrifuges (somebody posted about Stuxnet further down).

Or, more accurately, I’m more familiar with the small ones (ThermoFisher calls them “Mini” and “Micro” centrifuges) for ~0.5mL samples and I had a hard time thinking that those would blow out a room. But the same link (ThermFisher) that I looked at to find the names also specifies 17,000g and 21,000g models which is just… fucking insane. I knew they spun fast, I didn’t know they spun 21,000g’s fast. Learn something new every day.