Web lists-archives.com

Re: customizing systemd config




Hi there,

On 08/11/2017 04:42 AM, Gregory Seidman wrote:
> I'm trying to recreate under systemd something I had previously cobbled
> together with shell scripts and init levels under sysvinit.
> 
> Only a few services ran under init 2, the default set in /etc/inittab,
> including privoxy and ssh; the rest of the services I wanted running, such
> as fetchmail, exim4, courier-imap, apache2, etc. would be started at init
> level 3. Those services required an encrypted volume (actually a RAID that
> was an encrypted LVM PV for a VG with several volumes) to be configured and
> mounted before they could be started.

I've blogged about this very scenario a while back:
https://blog.iwakd.de/headless-luks-decryption-via-ssh

Note that I wrote that mainly to explain some details about
systemd using a specific example, I personally am not actually
using that kind of setup. For a headless server of mine I use
full disk encryption (LUKS) for everything except /boot and
unlock the entire system in the initramfs. I also mention that
approach in my blog post, but wanted to stress it here again
because I think that the initramfs-based decryption is the
better way to do this. For that alternative take a look at:
https://projectgus.com/2013/05/encrypted-rootfs-over-ssh-with-debian-wheezy/

Regards,
Christian