I am very tempted to switch my personal server from systemd to any other init. Question is, can docker be used without systemd?.. :thounking:

Devuan seems to work well enough for me to consider just migrating my Debian stretch server to Devuan ASCII: devuan.org/os/documentation/de

Looks pretty duable, and since I already installed sysvinit-core, I'm kind of halfway there.

But perhaps I should not start it at 4AM. :blobnom:

Aaand the server is dead. :D

Time to dive into the rescue system and see what went down.

· · Web · 1 · 0 · 3

Downgraded back to Debian stretch, with some funky commandline-fu giving me the list of packages to downgrade/reinstall:
dpkg -l | grep devuan | awk '{ print $2 }' | xargs apt-cache policy | egrep '(^[a-z]| 500$)' | tr -d '\n' | sed -r -e 's/: /=/g' -r -e 's/ 500/ /g'

I guess Devuan and my private server don't mix, at least as an upgrade/migration. Will stick to systemd-less Debian for the time being.

But moving my VMs to . Way easier to debug if something goes wrong.

So this worked: rabexc.org/posts/p9-setup-in-l

Exciting. Now I can start setting up the services in the VMs, etc.

Spent the last 2.5h setting up and testing single packet authorization with fwknop, using GPG keys. Pretty neat:
cipherdyne.org/fwknop/docs/fwk

Pitfalls:remember that the GPG keys cannot be longer than RSA 2048bit, otherwise encrypted data won't fit into a single packet.

So now I can SSH into my server either after GPG-based SPA, or through Wireguard. All other traffic is dropped.

Another ToDo off my list.

@taziden with a bit more testing I might roll it out in production.

I love the idea of having pretty exact control (based on GPG keys) of who even gets access to an open port.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!