search

HidingCherry / ansible-archlinux-encrypted-root

ansible script to install a fully encrypted archlinux system
GNU Affero General Public License v3.0
1 stars 0 forks source link

add tags or roles for different server capabilities #30

Open MartinX3 opened 2 years ago

MartinX3 commented 2 years ago

Different server cababilities allows different feature-sets If we assume that the basic server has less than 6GB ram, on top of the basic features a 6GB ram server could handle:

If we assume that the basic server has AES-NI, but not a different server:

If the server has UEFI

HidingCherry commented 2 years ago 
* `~/.cache` in `tmpfs`

variable flag -> RAM_for_caching ?

* use `serpent-xts` with `512b`

This really depends on the intention. Some (paranoid) might consider that aes shall never be used - thus I let them decide all parameters with variables. 

* Add uefi (partition) support with `systemd-boot` and `xbootldr` partition and it's hook

dupe -> https://github.com/MartinX3-AdministrativeDevelopment/ansible-archlinux-encrypted-root/issues/2

MartinX3 commented 2 years ago

Yes, documented variables with listed parameters I could insert would be nice.

MartinX3 commented 2 years ago

About the cache change

# /etc/environment
#
# This file is parsed by pam_env module
#
# Syntax: simple "KEY=VAL" pairs on separate lines
#

# https://wiki.archlinux.org/index.php/XDG_Base_Directory
# .cache should be in tmpfs in the RAM
XDG_CACHE_HOME="/tmp/${USER}/.cache"

and

# /etc/profile.d/xdg-base-directory.sh
# https://wiki.archlinux.org/index.php/XDG_Base_Directory
# .cache should be in tmpfs in the RAM
if [ $USER ]; then
  export XDG_CACHE_HOME="/tmp/${USER}/.cache"
fi
HidingCherry commented 2 years ago

Isn't this pretty complicated and it could also make issues with programs which have .cache hardcoded? (yes - I know, the correct way is to use the variable)

My way would be to mount .cache as tmpfs, without touching any variable.

MartinX3 commented 2 years ago

Hardcoded apps still use ~/.cache/which isn't forbidden, so no error would happen.

HidingCherry commented 2 years ago

then maybe a symlink from ~/.cache to /tmp/${USER}/.cache?

MartinX3 commented 2 years ago

Maybe this solution was too easy and I didn't try it or it didn't work because after a restart the path /tmp/${USER}/.cache doesn't exist anymore in the tmpfs.