I'd like to create a setup where the boot is from a read-only USB drive.
It should boot into a minimal environment that has a dropbear SSH server, it gets its init command / encryption password through SSH, and with that it stops. (Maybe it also starts a nebula node).
The init command will decrypt disks (using LUKS), setup the raid-5 over them, and then mount the volume.
It should then chroot into a directory on that volume, starting local services (cron, docker, ...).
Is there an issue with this plan? Besides the USB is a SPOF (though I can mirror it), and not setup overall not terribly convenient (but I'm fine with that)...
Has anybody automated parts of this setup (like dockerized build to create the USB image)?
It should boot into a minimal environment that has a dropbear SSH server, it gets its init command / encryption password through SSH, and with that it stops. (Maybe it also starts a nebula node).
The init command will decrypt disks (using LUKS), setup the raid-5 over them, and then mount the volume.
It should then chroot into a directory on that volume, starting local services (cron, docker, ...).
Is there an issue with this plan? Besides the USB is a SPOF (though I can mirror it), and not setup overall not terribly convenient (but I'm fine with that)...
Has anybody automated parts of this setup (like dockerized build to create the USB image)?
Statistics: Posted by syntern — 2025-01-19 09:07 — Replies 0 — Views 29