I am very tempted to switch my personal server from systemd to any other init. Question is, can docker be used without systemd?.. :thounking:

Devuan seems to work well enough for me to consider just migrating my Debian stretch server to Devuan ASCII: devuan.org/os/documentation/de

Looks pretty duable, and since I already installed sysvinit-core, I'm kind of halfway there.

But perhaps I should not start it at 4AM. :blobnom:

Aaand the server is dead. :D

Time to dive into the rescue system and see what went down.

Downgraded back to Debian stretch, with some funky commandline-fu giving me the list of packages to downgrade/reinstall:
dpkg -l | grep devuan | awk '{ print $2 }' | xargs apt-cache policy | egrep '(^[a-z]| 500$)' | tr -d '\n' | sed -r -e 's/: /=/g' -r -e 's/ 500/ /g'

I guess Devuan and my private server don't mix, at least as an upgrade/migration. Will stick to systemd-less Debian for the time being.

But moving my VMs to . Way easier to debug if something goes wrong.

So this worked: rabexc.org/posts/p9-setup-in-l

Exciting. Now I can start setting up the services in the VMs, etc.

Spent the last 2.5h setting up and testing single packet authorization with fwknop, using GPG keys. Pretty neat:
cipherdyne.org/fwknop/docs/fwk

Pitfalls:remember that the GPG keys cannot be longer than RSA 2048bit, otherwise encrypted data won't fit into a single packet.

So now I can SSH into my server either after GPG-based SPA, or through Wireguard. All other traffic is dropped.

Another ToDo off my list.

@taziden with a bit more testing I might roll it out in production.

I love the idea of having pretty exact control (based on GPG keys) of who even gets access to an open port.

· · Web · 0 · 0 · 0
Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!