48 lines
1.8 KiB
Markdown
48 lines
1.8 KiB
Markdown
# okarin
|
||
|
||
## Hardware
|
||
|
||
[Ionos Cloud VPS](https://cloud.ionos.de/server/vps) S (1 Xeon Gold Gold 5120 vCPU, “512 MB” = 443 MiB RAM, 10 GB SSD).
|
||
|
||
## Purpose
|
||
|
||
It will host services I want to have separated from the rest of my infrastructure.
|
||
|
||
## Name
|
||
|
||
Okabe Rintaro is a mad scientist from *Steins;Gate*
|
||
|
||
## Setup
|
||
|
||
Much like the namesake,
|
||
this server requires a “mad scientist” approach to set up.
|
||
|
||
Ionos does not offer any NixOS installation media.
|
||
I could only choose between a Debian installation media, Knoppix and GParted.
|
||
Also, installing with a very low amount of memory is quite hard.
|
||
|
||
I therefore created a VM locally with a disk image exactly 10737418240 Bytes in size.
|
||
On there, I installed NixOS.
|
||
Because encryption with `argon2id` as PBKDF is quite memory intensive, I had to tune the parameters some.
|
||
What I settled on was
|
||
`cryptsetup luksFormat --pbkdf argon2id --iter-time 10000 --pbkdf-memory 250000 /dev/sda3`.
|
||
|
||
To make btrfs use its SSD optimizations,
|
||
I had to force the kernel to see the device as non-rotational:
|
||
`echo 0 > /sys/block/dm-0/queue/rotational`
|
||
|
||
Another problem was the usage of VMware by Ionos.
|
||
The VM I set this up with was obviously using KVM/QEMU,
|
||
so it needed different kernel modules at boot.
|
||
What worked was setting it up in the local VM with both libvirt and vmware modules,
|
||
and then removing the libvirt modules once it was installed on the target.
|
||
|
||
Getting the disk image onto the server was done
|
||
by first `rsync`ing the image to another server (to allow for incremental iterations),
|
||
which then provided it via HTTP.
|
||
Using the Knoppix live image (booted with `knoppix 2` to avoid starting the gui),
|
||
it was possible to just `curl http://server/okarin.img > /dev/sda`.
|
||
|
||
Because of all the pitfalls of this,
|
||
you probably need more than one try.
|