[20:12] <integrity-boot> so, I've used integritysetup on 3x disks that I used mdadm/RAID5, and then I stuck a btrfs partition on that. Mounted it, used it, rebooted, and they're gone. I need to somehow 'integritysetup open --integrity sha256 /dev/sda sda' these disks on boot so mdadm will RAID5 it and fstab will mount it. Any tips?
[20:12] <integrity-boot> 22.04.1
[20:14]  * integrity-boot makes genii a stronk mug of coffee
[20:15] <integrity-boot> I mean, I manually open those with "integritysetup" and /dev/md0 shows up, I can uncomment my line in fstab, and sudo mount -a and it comes back, but I don't want to have to do this every reboot.
[20:16] <genii> yay caffeine
[20:23] <sdeziel> integrity-boot: that's not what you asked for but maybe a simpler version would be to go with btrfs with SHA256 checksums with raid1c3
[20:23] <sdeziel> integrity-boot: that'd be directly on your 3 disks or 3 partitions
[20:25] <integrity-boot> sdeziel: I'd *prefer* not to because it's more of a capacity thing at this point :(  I didn't want to naked btrfs it because it's 2022 and it still can't safely R5
[20:27] <integrity-boot> I found this but cannot figure out how to make it do what I want: https://www.freedesktop.org/software/systemd/man/integritytab.html
[20:47] <sdeziel> integrity-boot: yeah, the RAID-5 story with btrfs is getting better but apparently not there yet :/
[20:47] <integrity-boot> sdezielyeah, I haven't looked in a number of years and was hopeful....
[20:48] <integrity-boot> but...dm-integrity will get me just a smidge better safety. ended up checking this out: https://unixsheikh.com/articles/battle-testing-zfs-btrfs-and-mdadm-dm.html
[20:49] <integrity-boot> "If you combine dm-integrity with a mdadm RAID (RAID-1/mirror, RAID-5, or any other setup) you now have disk redundancy and error checking and error correction. dm-integrity will cause checksum errors when it encounters invalid data which mdadm notices and then repairs with correct data."
[20:49] <integrity-boot> so, it'd be great if I could somehow automatically mount those disks on boot.
[23:27] <g4mbit> hey all
[23:28] <g4mbit> I have a yubikey I would like to set up with a server for 2FA, but I'm wondering if there's a way to only set it up when accessing it through its public IP ?
[23:28] <g4mbit> if it's access through LAN do not ask for 2FA, can that be done?
[23:42] <JanC> SSH, web, ...?
[23:42] <JanC> obviously there are ways
[23:42] <g4mbit> JanC SSH logins
[23:46] <JanC> I suppose you can do it with Match blocks
[23:46] <JanC> g4mbit: ^
[23:47] <JanC> see sshd_config manual
[23:50] <JanC> as an alternative, you could run a separate SSH daemon with a different configuration on the LAN IP, of course
[23:51] <JanC> but try Match blocks first