netgoat reverse proxy – "seriously messed up code"
- 0 Followers
- 0 Following
- 1 Posts
oidc-based remote luks decryption – bad idea?
oidc-based remote luks decryption – bad idea? - Lemmy.World
Hey everyone, here’s an idea, what do you think? (Please stop me…) I have a few remote servers where disk encryption is only a moderately important measure; I definitely want to keep it but I’m also annoyed by having to ssh into it during the initrd-phase to provide a passkey on every reboot. What I would like is to get a notification with a link to my idp for some device flow, allowing me to authorize the server to obtain the secrets necessary for decryption. As far as I can tell, this hasn’t been done before, or have I missed something? A naive idea would be to have custom oidc-claims for the different servers where the value is the luks-passphrase. Feels like a bad idea, though. Any ideas on the details as to how? I obviously don’t want to bloat my initrd-image, so a bash script using curl would be ideal.
How do you pronounce runc?
The purpose of podman quadlets?
The purpose of podman quadlets? - Lemmy.World
I’m afraid this is going to attract the “why use podman when docker exists”-folks, so let me put this under the supposition that you’re already sold on (considering) using podman for whatever reason. (For me, it has been the existence of pods, to be used in situations where pods make sense, but in a non-redundant, single-node setup.) Now, I was trying to understand the purpose of quadlets and, frankly, I don’t get it. It seems to me that as soon as I want a pod with more than one container, what I’ll be writing is effectively a kubernetes configuration plus some systemd unit-like file, whereas with podman compose I just have the (arguably) simpler compose file and a systemd file (which works for all pod setups). I would get that it’s sort of simpler, more streamlined and possibly more stable using quadlets to let systemd manage single containers instead of putting podman run commands in systemd service files. Is that all there is to it, or do people utilise quadlets as a kind of lightweight almost-kubernetes distro which leverages systemd in a supposedly reasonable way? (Why would you want to do that if lightweight, fully compliant kubernetes distros are a thing, nowadays?) Am I missing or misunderstanding something?