Damn it. I’ve been following bun for a long time and using it casually… Guess it’s good I didn’t get too far into it

Mine runs on my desktop that I built in 2016. So yes. I also tested it on a Lenovo tiny (similar to a NUC) that I’m using as a self host “server” and it seemed fine but I didn’t try any heavy transcoding yet.

Not sure about availability or price in AU, but I like “hoplark” non alcoholic beer. Their IPAs are awesome.

Grok here: computers are fine, humans were a mistake

They got really REALLY good at a particular niche. They suck at everything else.

I say this as a loving python parent.

This tracks with my experience. “get really high… Fall off”

Lil goobers.

Not an engineer but I took calculus 1, 2, 3, discrete math, linear algebra, statics, dynamics, and probably others I’m forgetting.

Since school, I needed one trig function for calculating distance between lat/long coordinates that I looked up on Wikipedia and plugged in to a program.

… Statics was fucking cool though.

I still type ifconfig by habit. Some kid the other day told me that you can judge a person’s age and Linux experience by whether they expect ifconfig and netstat vs ip and ss.

… I’m just glad they kept the parameters the same in ss

I’m with you…

Cut the lock shackle, remove lock from brake and ring… Nothing happens??

Or if you’re paranoid, cut the grenade ring first, then cut the lock.

I am not a smart person and it wasn’t the right tool for my job so I didn’t research it further once that was established. Maybe if somebody told me one more time it’d stick.

EDIT : In case anyone is curious : https://github.com/latchset/clevis

I hadn’t heard of Dropbear until I started researching this… cool project. That seems to be the ticket if you’re wanting manual intervention to unlock the disk. If you want automatic unlock via another server on the network, sounds like Clevis may be the thing.

EXIF data?

https://en.wikipedia.org/wiki/Exif

Just one… For now :)

It’s a Lenovo Tiny refurb and came with a 1TB NVMe which is plenty for playing around but I’ll have to expand if I move my Jellyfin instance to it.

Good to hear. This will be going on a Debian server too.

I just set up tailscale on the RPi that controls my printer so I’ve got a jump host on the LAN now… Just need to make time to setup dropbear (and keys) on the server.

I’d imagine that if you have physical access and don’t mind plugging in a USB then that’s the easier route.

My personal goal is to be able to unlock it remotely in two main scenarios :

1. I’m lazy and don’t want to have to awkwardly fumble at plugging in something. So, SSH to it from the same room and unlock it from my desktop.
2. Server got rebooted while I’m away from home but I would really like it to be up and running again for something I need but I don’t have physical access at the time.

Both of those situations lean towards a remote unlock with no USB. The first one is absolutely doable because I have local access and could plug a device in, it’s just awkward. On the second, physical access is impossible so it must be done remotely.

I mentioned it in another comment but the remote unlock while away from home presents extra challenges for me because I access my server externally via Tailscale. Since Tailscale isn’t available at boot (pre-decrypt), then I’ll have to tailnet+ssh to another machine on the LAN (that doesn’t require a boot password/unlock) and then SSH from that machine to the server to enter the LUKS password to allow boot to continue. Sounds feasible, though perhaps a little clunky. That’s my current plan and hoping to try it out this weekend if time permits.

Great, thanks for checking my understanding of it.

If I’m reading the docs correctly, Clevis can rely on a separate Tang server for retrieving the decryption key, right? So in that scenario I’d need to have another machine for Tang that can also auto-boot without entering a boot/LUKS password. Otherwise, if both machines (server+clevis and Tang server) were in the same room and restarted due to power loss, neither would be able to boot if both were encrypted… or did I misunderstand something important?

And I don’t think I actually want “automatic” unlocking. I just want to be perform the unlock (enter LUKS password) remotely. I realize that comes with manual intervention (entering the password remotely) but I’m okay with that. I should probably have clarified that by “home server” I mean a machine the serves nice to have stuff, nothing mission critical. Plus I’m really the only one who uses it currently so I’ll notice it’s down when something doesn’t work and can then initiate the remote unlock/boot : D

Clevis is interesting but I don’t think it matches my specific situation. Glad I know about it now though, thanks for the info.

This is interesting, another one I hadn’t heard of yet. And, the server is running Debian : )

I enjoy the intro too :

You know how it is. You’ve heard of it happening. The Man comes and takes away your servers, your friends’ servers, the servers of everybody in the same hosting facility. The servers of their neighbors, and their neighbors’ friends. The servers of people who owe them money. And like that, they’re gone. And you doubt you’ll ever see them again. That is why your servers have encrypted root file systems

Exactly this. The chances of my server/drives getting stolen is extremely low but I like to take all the precautions I can even if it’s just an exercise in “I can, so I will”. That and the “peace of mind” you mentioned.