Simon Bruder
10b8d432d5
This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually.
54 lines
1.9 KiB
Markdown
54 lines
1.9 KiB
Markdown
<!--
|
||
SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
|
||
|
||
SPDX-License-Identifier: CC-BY-SA-4.0
|
||
-->
|
||
|
||
# okarin
|
||
|
||
## Hardware
|
||
|
||
[Ionos Cloud VPS](https://cloud.ionos.de/server/vps) S (1 Xeon Gold Gold 5120 vCPU, “512 MB” = 443 MiB RAM, 10 GB SSD).
|
||
|
||
## Purpose
|
||
|
||
It will host services I want to have separated from the rest of my infrastructure.
|
||
|
||
## Name
|
||
|
||
Okabe Rintaro is a mad scientist from *Steins;Gate*
|
||
|
||
## Setup
|
||
|
||
Much like the namesake,
|
||
this server requires a “mad scientist” approach to set up.
|
||
|
||
Ionos does not offer any NixOS installation media.
|
||
I could only choose between a Debian installation media, Knoppix and GParted.
|
||
Also, installing with a very low amount of memory is quite hard.
|
||
|
||
I therefore created a VM locally with a disk image exactly 10737418240 Bytes in size.
|
||
On there, I installed NixOS.
|
||
Because encryption with `argon2id` as PBKDF is quite memory intensive, I had to tune the parameters some.
|
||
What I settled on was
|
||
`cryptsetup luksFormat --pbkdf argon2id --iter-time 10000 --pbkdf-memory 250000 /dev/sda3`.
|
||
|
||
To make btrfs use its SSD optimizations,
|
||
I had to force the kernel to see the device as non-rotational:
|
||
`echo 0 > /sys/block/dm-0/queue/rotational`
|
||
|
||
Another problem was the usage of VMware by Ionos.
|
||
The VM I set this up with was obviously using KVM/QEMU,
|
||
so it needed different kernel modules at boot.
|
||
What worked was setting it up in the local VM with both libvirt and vmware modules,
|
||
and then removing the libvirt modules once it was installed on the target.
|
||
|
||
Getting the disk image onto the server was done
|
||
by first `rsync`ing the image to another server (to allow for incremental iterations),
|
||
which then provided it via HTTP.
|
||
Using the Knoppix live image (booted with `knoppix 2` to avoid starting the gui),
|
||
it was possible to just `curl http://server/okarin.img > /dev/sda`.
|
||
|
||
Because of all the pitfalls of this,
|
||
you probably need more than one try.
|