[07:41] <lolek> alkisg: hi, last time you gave the link to a repo with scripts to have working vlan with dropbear during boot. I'm reading the readme and checking the scripts yet I'm not sure with one thing. After boot I should also properly configure the networking so the network scripts etc to have vlans and so on?
[07:43] <alkisg> Hi lolek , I haven't actually used dropbear but from a quick glance I did last time, it seems to me it brings down networking on exit; so yes you're supposed to properly configure networking using netplan, vlans etc later on
[07:43] <lolek> ok, that's awsome
[07:43] <lolek> but hmm you said you haven't used it so you're using something else?
[07:44] <alkisg> lolek: I'm very familiar with initramfs-tools because I'm developing ltsp.org, but no, I'm not using full disk encryption
[07:45] <lolek> oh ok
[07:45] <alkisg> Well actually I do need to unlock home automatically on some servers, but I'm using home-grown scripts to ask data from nearby servers and make sure the server is still onsite, and then I unlock it automatically, not manually
[07:45] <alkisg> *encrypted home
[07:46] <lolek> alkisg: the ltsp... nice... well καλημέρα then ;) 
[07:46] <alkisg> Καλημέρα! :D
[07:46] <alkisg> I.e. each server provides an md5sum of its hardware (even asks some from remote locations), then they are xor'ed, then the result unlocks a gpg encoded secret, which unlocks home
[07:47] <alkisg> So attackers would need to steal all servers from multiple sites to get the unlocking to work
[07:50] <lolek> interesting approach 
[07:54] <arraybolt3[m]> alkisg: md5? I mean it should be enough, but I'd want to use SHA256 to avoid spoofing.
[07:55] <alkisg> arraybolt3: the key is that they don't know the md5sum
[07:55] <alkisg> Spoofing works if they know it and they want to generate a source for it
[07:55] <arraybolt3[m]> Ah, makes sense. I must be tired :)