-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LUKS encryption plugin #1
Comments
Thank you for your insights. Have you tried to get this as a pull request into the official plugin? |
haven't tried as PR request yet. This is because in the forum luks thread i offered to test it no one showed interested but i know there is an issue using encrypted disks in omv, especially related to services. The heavy intervention is done properly IMO, first adding the parameter to the fstab db (via omv-confdbadm), then regenerating fstab. These interventions can be reverted as the mkconf script also removes the noauto from db and fstab when the decrypt target is deactivated. |
I would vote for it :-) The easy usage of encryption is something that should be taken care of. IMHO |
Sorry my mistake, it was the docker plugin cleanup i offered, is also in my github. The idea came after discussing the issue in this thread https://forum.openmediavault.org/index.php/Thread/18158-LUKS-KeyFile-AutoMount-SOLVED/?pageNo=1 But i haven't yet asked for testing. |
I just saw your guide in the forum, i ended up here.
Like two months ago i did some sort of enhancement of the luks encryption plugin. The source is here
https://github.com/subzero79/openmediavault-luksencryption/tree/advsettings
This was based on this work
https://blog.iwakd.de/headless-luks-decryption-via-ssh
What this fork of the plugin does:
Feel free to test it or add more features.
The plugin does some heavy interventions in the /etc/fstab and db omv lines to work properly, especially if the before-decrypt target is activated. It will add noauto,nofail as this essential to not delay boot. Also deactivates sharedfolders systemd units.
The fstab drives and sharedfolders units are mounted once the drives are decrypted and multi-user target reached (just look at mkconf/luks.d/03systemd folder). The idea of the plugin was not to boot omv and have numerous services failing to start because the un-decrypted drives were not available.
This plugin doesn't handle the rootfs encryption. If you think you can add the feature somehow let me know
The text was updated successfully, but these errors were encountered: