![]() ![]() ![]() # Test sending one email sudo mail-sysadmin-oneline "test!" # You should get an email. Sudo nano /usr /local /bin /mail-sysadmin-oneline /usr/local/bin/mail-sysadmin-oneline #!/bin/bash email=FIXME $1 body= $2 #cat <<ENDSYSADMINMAILĬhange the email value to your own email address and change tulip in the Subject to the name you've given your server. Sudo chmod +x /usr /local /bin /mail-sysadmin-oneline # Create a script to send a one-line email from CLI parameters sudo touch /usr /local /bin /mail-sysadmin-oneline Tls_trust_file /etc/ssl/certs/ca-certificates.crtĬhange the from value to your own email address. Sudo nano /root /.config /msmtp /config /root/.config/msmtp/config defaults Ignore that.) # Configure msmtp sudo mkdir -p /root /.config /msmtp # (You might get an error saying the profile doesn't exist. # Disable Apparmor's profile for msmtp sudo ln -s /etc /apparmor.d / /etc /apparmor.d /disable / sudo apparmor_parser -R /etc /apparmor.d / Check your email provider's documentation. You will need an email provider that provides SMTP access. If you use my encrypted storage setup, you'll want to be notified by email when the server has been rebooted, so that your services that depend on encrypted storage aren't stuck offline. Later on in this guide we'll create data folders for services and move them to the encrypted volume. Binding encrypted folders elsewhere in the filesystem Make sure the file permissions protect your data from unwanted access. To test it, reboot and then login and run unlock-priv sudo unlock-priv. # (To be filled in later when setting up individual services) echo. If ! findmnt /srv /priv >/dev /null then exit fi echo -Įcho - Binding encrypted folders elsewhere in the filesystem Sudo nano /usr /local /bin /unlock-priv /usr/local/bin/unlock-priv #!/bin/bash if findmnt /srv /priv >/dev /null then Sudo chmod +x /usr /local /bin /unlock-priv Įxit sudo nano /etc /systemd /system /decrypt.target /etc/systemd/system/decrypt.target Description = Decrypted System Requires = before-decrypt.target After = before-decrypt.target Conflicts = systemd-ask-password-console.path rvice systemd-ask-password-plymouth.path rvice Requires = srv-priv.mount rvice sudo nano /etc /systemd /system /rvice /etc/systemd/system/rvice Description = Start full system after decryption After = decrypt.target Type = oneshot ExecStartPre = /bin/systemctl is-active -quiet decrypt.target ExecStart = /bin/systemctl -no-block start multi-user.target sudo touch /usr /local /bin /unlock-priv Ln -s /lib /systemd /system /ssh.service. Sudo nano /etc /systemd /system /before-decrypt.target /etc/systemd/system/before-decrypt.target Description = System before Decryption Requires = basic.target Conflicts = rvice rescue.target After = basic.target rvice rescue.target AllowIsolate = yes # Setup symlinks to before-decrypt required services sudo su mkdir /etc /systemd /system /Ĭd /etc /systemd /system /įor i in /lib /systemd /system / /* do ln -s /lib /systemd /system /$ ( basename $i ). These steps assume that all of your service daemons (except for SSH) depend on encrypted storage.Īll of the daemon launches are deferred until after you login and unlock the encrypted storage. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |