=== drunkencoder is now known as kushal
=== alkisg1 is now known as alkisg
=== l0tuspsychj3 is now known as lotuspsychje
integrity-bootso, I've used integritysetup on 3x disks that I used mdadm/RAID5, and then I stuck a btrfs partition on that. Mounted it, used it, rebooted, and they're gone. I need to somehow 'integritysetup open --integrity sha256 /dev/sda sda' these disks on boot so mdadm will RAID5 it and fstab will mount it. Any tips?20:12
* integrity-boot makes genii a stronk mug of coffee20:14
integrity-bootI mean, I manually open those with "integritysetup" and /dev/md0 shows up, I can uncomment my line in fstab, and sudo mount -a and it comes back, but I don't want to have to do this every reboot.20:15
geniiyay caffeine20:16
=== jgee11869 is now known as jgee1186
sdezielintegrity-boot: that's not what you asked for but maybe a simpler version would be to go with btrfs with SHA256 checksums with raid1c320:23
sdezielintegrity-boot: that'd be directly on your 3 disks or 3 partitions20:23
integrity-bootsdeziel: I'd *prefer* not to because it's more of a capacity thing at this point :(  I didn't want to naked btrfs it because it's 2022 and it still can't safely R520:25
integrity-bootI found this but cannot figure out how to make it do what I want: https://www.freedesktop.org/software/systemd/man/integritytab.html20:27
sdezielintegrity-boot: yeah, the RAID-5 story with btrfs is getting better but apparently not there yet :/20:47
integrity-bootsdezielyeah, I haven't looked in a number of years and was hopeful....20:47
integrity-bootbut...dm-integrity will get me just a smidge better safety. ended up checking this out: https://unixsheikh.com/articles/battle-testing-zfs-btrfs-and-mdadm-dm.html20:48
integrity-boot"If you combine dm-integrity with a mdadm RAID (RAID-1/mirror, RAID-5, or any other setup) you now have disk redundancy and error checking and error correction. dm-integrity will cause checksum errors when it encounters invalid data which mdadm notices and then repairs with correct data."20:49
integrity-bootso, it'd be great if I could somehow automatically mount those disks on boot.20:49
g4mbithey all23:27
g4mbitI have a yubikey I would like to set up with a server for 2FA, but I'm wondering if there's a way to only set it up when accessing it through its public IP ?23:28
g4mbitif it's access through LAN do not ask for 2FA, can that be done?23:28
JanCSSH, web, ...?23:42
JanCobviously there are ways23:42
g4mbitJanC SSH logins23:42
JanCI suppose you can do it with Match blocks23:46
JanCg4mbit: ^23:46
JanCsee sshd_config manual23:47
JanCas an alternative, you could run a separate SSH daemon with a different configuration on the LAN IP, of course23:50
JanCbut try Match blocks first23:51

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!