ramroot
wireguard-initramfs
ramroot | wireguard-initramfs | |
---|---|---|
5 | 10 | |
265 | 289 | |
- | - | |
0.0 | 7.0 | |
about 2 years ago | 3 months ago | |
Shell | Shell | |
GNU General Public License v3.0 only | The Unlicense |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ramroot
-
Arch Linux done right
Now I can use ramroot and run the whole OS on RAM.
-
Linux install to a USB
Anyway, I wrote and maintain a guide to make this setup: https://mags.zone/help/arch-usb.html. I also made a package to optionally load everything to RAM during boot: https://github.com/arcmags/ramroot.
-
Tips on: Arch linux on usb as a daily driver
I wrote a tool to load root entirely into RAM on Arch. It checks available RAM and prompts on boot.
- How to make rescue/recovery partition that copies into RAM (live cd)?
-
USB stick longevity as a boot drive
You could also use the Arch Linux guide above and install Arch Linux on the USB drive, making sure the boot and root partition sizes are less than the amount of ram in the machine you are booting on. Then install ramroot which will load up your system into ram on boot. This will mean the system runs off ram and not USB. If you need to make changes, install applications or update, you could boot it normally so it runs off USB as any changes won't be saved if it is booted into ram. If your home folder is on another partition on the USB, I don't think that is loaded into ram on boot so you can still save files to it and any personalisations should also be kept between boots.
wireguard-initramfs
- How to avoid typing password of LUKS encrypted server every boot?
-
Fedora Workstation Aiming To Improve Encryption, Possibly Encrypted Disk By Default In The Future
Some other interesting things are providing keys over the network, or leveraging Wireguard and SSH to remotely unlock.
-
Encrypt Raspberry Pi?
For vulnerabilities: even if dropbear was vulnerable in some way, itโs running in a pre-boot initramfs with a restricted shell which can be locked down even further to prevent escalation. To add another layer of security, you can run Wireguard in initramfs and have dropbear configured to be accessible from only the vpn network: https://github.com/r-pufky/wireguard-initramfs
-
I self host on my desktop, but it likes to crash. Any advice on remotely resetting a frozen system?
Once you manage to reset the system, wireguard-initramfs should work if you need to SSH into it from outside the LAN, though the project is only currently supported on Debian. Within the LAN, dropbear in your initramfs should be enough.
-
How can I encrypt the whole disk on cloud hosts to prevent them from seeing my data in backups/snapshots?
There are other initramfs packages available that expand features such as wireguard capability: https://github.com/r-pufky/wireguard-initramfs
- Connect to remote encrypted SSH Client
- r-pufky/wireguard-initramfs - Enables wireguard networking during kernel boot, before encrypted partitions are mounted. Combined with dropbear this can enable FULLY ENCRYPTED remote booting without storing key material or exposing ports on the remote network.
-
wireguard-initramfs for debian bullseye (e.g. dropbear over wireguard) [working]
FYI, this is now the case. 2021-07-04
Just posted the first rev of wireguard-initramfs for debian bullseye.
What are some alternatives?
zfsbootmenu - ZFS Bootloader for root-on-ZFS systems with support for snapshots and native full disk encryption
dracut-sshd - Provide SSH access to initramfs early user space on Fedora and other systems that use Dracut
dracut - dracut the event driven initramfs infrastructure
yubikey-full-disk-encryption - Use YubiKey to unlock a LUKS partition
zram-init - A wrapper script for the zram linux kernel module with zsh and openrc support
auto-zram - Automatically configure zram as swap on a machine, using sensible defaults, with the ability to tweak it to your needs.
initramfs-tools-tailscale - Tailscale enabled initramfs
zfsUnlocker - A modular zfs unlocker hook for mkinitcpio on Archlinux.
pi-encrypted-boot-ssh - ๐ Raspberry Pi Encrypted Boot with Remote SSH