| === drunkencoder is now known as kushal | ||
| === alkisg1 is now known as alkisg | ||
| === l0tuspsychj3 is now known as lotuspsychje | ||
| integrity-boot | so, I've used integritysetup on 3x disks that I used mdadm/RAID5, and then I stuck a btrfs partition on that. Mounted it, used it, rebooted, and they're gone. I need to somehow 'integritysetup open --integrity sha256 /dev/sda sda' these disks on boot so mdadm will RAID5 it and fstab will mount it. Any tips? | 20:12 |
|---|---|---|
| integrity-boot | 22.04.1 | 20:12 |
| * integrity-boot makes genii a stronk mug of coffee | 20:14 | |
| integrity-boot | I mean, I manually open those with "integritysetup" and /dev/md0 shows up, I can uncomment my line in fstab, and sudo mount -a and it comes back, but I don't want to have to do this every reboot. | 20:15 |
| genii | yay caffeine | 20:16 |
| === jgee11869 is now known as jgee1186 | ||
| sdeziel | integrity-boot: that's not what you asked for but maybe a simpler version would be to go with btrfs with SHA256 checksums with raid1c3 | 20:23 |
| sdeziel | integrity-boot: that'd be directly on your 3 disks or 3 partitions | 20:23 |
| integrity-boot | sdeziel: I'd *prefer* not to because it's more of a capacity thing at this point :( I didn't want to naked btrfs it because it's 2022 and it still can't safely R5 | 20:25 |
| integrity-boot | I found this but cannot figure out how to make it do what I want: https://www.freedesktop.org/software/systemd/man/integritytab.html | 20:27 |
| sdeziel | integrity-boot: yeah, the RAID-5 story with btrfs is getting better but apparently not there yet :/ | 20:47 |
| integrity-boot | sdezielyeah, I haven't looked in a number of years and was hopeful.... | 20:47 |
| integrity-boot | but...dm-integrity will get me just a smidge better safety. ended up checking this out: https://unixsheikh.com/articles/battle-testing-zfs-btrfs-and-mdadm-dm.html | 20:48 |
| integrity-boot | "If you combine dm-integrity with a mdadm RAID (RAID-1/mirror, RAID-5, or any other setup) you now have disk redundancy and error checking and error correction. dm-integrity will cause checksum errors when it encounters invalid data which mdadm notices and then repairs with correct data." | 20:49 |
| integrity-boot | so, it'd be great if I could somehow automatically mount those disks on boot. | 20:49 |
| g4mbit | hey all | 23:27 |
| g4mbit | I have a yubikey I would like to set up with a server for 2FA, but I'm wondering if there's a way to only set it up when accessing it through its public IP ? | 23:28 |
| g4mbit | if it's access through LAN do not ask for 2FA, can that be done? | 23:28 |
| JanC | SSH, web, ...? | 23:42 |
| JanC | obviously there are ways | 23:42 |
| g4mbit | JanC SSH logins | 23:42 |
| JanC | I suppose you can do it with Match blocks | 23:46 |
| JanC | g4mbit: ^ | 23:46 |
| JanC | see sshd_config manual | 23:47 |
| JanC | as an alternative, you could run a separate SSH daemon with a different configuration on the LAN IP, of course | 23:50 |
| JanC | but try Match blocks first | 23:51 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!