View previous topic :: View next topic |
Author |
Message |
nokilli Apprentice
Joined: 25 Feb 2004 Posts: 196
|
Posted: Sun Oct 15, 2017 2:35 am Post subject: |
|
|
Tom_ wrote: | @nokilli, could you tell us more about your lvm / disk setup ? How do you use isolate your data? I'm curious... |
A 1TB 3.5 HD as backing device with a 128GB SSD that's 32GB swap and the rest as a caching device for bcache. lvm on top of that, and then each lv gets its own dm-crypt layer.
My lvs looks something like this (edited for clarity):
Code: |
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
hodl.home vg -wi-a----- 8.00g
hodl.root.1 vg -wi-a----- 8.00g
hodl.root.2 vg -wi-a----- 8.00g
hodl.root.3 vg -wi-a----- 8.00g
hodl.root.4 vg -wi-a----- 8.00g
meta.home vg -wi-a----- 8.00g
meta.portage vg -wi-a----- 4.00g
meta.root.1 vg -wi-a----- 8.00g
meta.root.2 vg -wi-a----- 8.00g
meta.root.3 vg -wi-a----- 8.00g
meta.root.4 vg -wi-a----- 8.00g
meta.src vg -wi-a----- 8.00g
play.home vg -wi-ao---- 8.00g
play.portage vg -wi-a----- 4.00g
play.root.2 vg -wi-a----- 8.00g
play.root.3 vg -wi-a----- 8.00g
play.root.4 vg -wi-a----- 8.00g
play.root.5 vg -wi-ao---- 8.00g
work.home vg -wi-a----- 8.00g
work.root.1 vg -wi-a----- 8.00g
work.root.2 vg -wi-a----- 8.00g
work.root.3 vg -wi-a----- 8.00g
work.root.4 vg -wi-a----- 8.00g
|
I basically create four systems; meta, hodl, work and play (hodl is a crypto-currency term, it just means "hold" but is used here just as a name). Each system has its own key and has at least a root and a home volume. meta and hodl are fully airgapped, work is on the net but for work only, and then play which is on the net and where I goof around. All logical volumes within a system share the same key, so for instance my meta key opens meta.portage, meta.src, meta.home and all of the meta.roots. I boot from USB stick and so from the grub menu get to pick which system to boot into by specifying a combination of the logical volume to use as root and the initramfs to be used, which may either contain the key for that system or an executable which can be run to let me enter a passphrase that is used to create the key (or both, in which case the passphrase decrypts the key in the initramfs and that is used). In any case the USB stick gets yanked as soon as the initramfs has loaded, and I maintain custody of the USB stick at all times.
So I run portage on meta and then use lvm snapshots and rsync to copy meta.root over to hodl.root and work.root. This is to minimize leakage; the only thing that leaks from meta is Gentoo Linux stuff. That's important because I have to bring in distfiles using an external USB drive which would otherwise provide a means for data to leak out. hodl is just where I keep wallets and private keys for crypto-currencies. It needs to be a running system because different clients need to be run to do offline signing of transactions. It needs to be airgapped because of course I want to protect those keys. I never ever mount any other storage device while I'm booted into hodl. There should be no way of data leaking out of here and I only boot into it when I need to do crypto stuff, which pretty much means, rarely.
There is of course the BIOS vulnerability but here obfuscation can be quite effective. My home partition for hodl is 8GB. I have many wallets. Only a few actually contain anything useful and there are no atimes, so enjoy! And then of course, there is another layer of encryption here as well and I've gotten good at memorizing long passphrases.
I plan to soon create a peer to hodl so that I can securely administer the USB stick. Right now I do it via meta, but that means there's a chance that keys can leak out of the stick and then get copied when I populate work.root. I have a lot of stuff sitting there that's used to create initramfs's and that'll go there too. I hope to have it so that one day I can have something like a ubuntu.root or a fedora.root or *cough* openbsd.root(?) that can co-exist with my Gentoo stuff in this vg and it's possible but it's a fair bit of work cause you got to get into their initramfs, see what modules they put there, get their kernel config, etc.
work and play are where I spend my time. I try to be disciplined with my browsing habits on work (no porn or mainstream news media sites), whitelisted javascript only, no binary-only executables (except icedtea-bin! grrr) and certainly no torrents or any kind of p2p. And on play of course I just do whatever. play isn't even based on meta it's multilib and the most I have to risk here is somebody maybe getting my browsing history or knowing what games I play, shows I watch, music I listen to. If somebody gets into my system it'll almost certainly be through play, but since all of the other systems use different keys they should be safe.
Oh and I do share an external USB drive that holds media between work and play, which is a potential leak. Mounting it read-only from work helps, but still I gotta figure out something better. It used to be hard drives had jumper switches that let you lock the sucker into read-only mode... what happened to that? Or a really big DVD-R would be work too. But lately I've discovered my A/V Receiver has a USB port and I can play music through that while on work, albeit it's a little clunky... when there's low-hanging fruit, take it! _________________ Today is the first day of the rest of your Gentoo installation. |
|
Back to top |
|
|
devilheart l33t
Joined: 17 Mar 2005 Posts: 848 Location: Villach, Austria
|
Posted: Fri Oct 20, 2017 12:28 pm Post subject: |
|
|
Now I feel like an evangelizer. March 2016 I was the first with a gentoo box in my office. This May, I converted another user. Now, I convinced our IT to migrate everything from ubuntu to gentoo |
|
Back to top |
|
|
ChalkboardHero n00b
Joined: 11 Nov 2017 Posts: 5
|
Posted: Sat Nov 11, 2017 6:17 pm Post subject: |
|
|
I use my gentoo box for non .NET development (NodeJS, Clojure). The only thing is, I do .NET development for my work (bleh).
I'm considering converting my Windows server over to Gentoo and then VM'ing windows for my BlueIris cameras. The other 8-10 things I run are running in a RancherOS VM, so I could port that easily. |
|
Back to top |
|
|
JackHunt n00b
Joined: 21 Aug 2016 Posts: 47 Location: Oxfordshire, England
|
Posted: Mon Nov 13, 2017 11:02 am Post subject: |
|
|
Pretty much anything and everything. My main box at home is on Gentoo as is my Workstation in the lab. My old ThinkPad however is Debian. The thing overheats so badly when compiling for hours.
Most of my work is C++ and CUDA development. Hobbyist stuff I use the AVR toolchain and a little Haskell here and there. Oh, and Python3 for prototyping(I hate MATLAB).
Obviously the general PC use also; email, web browsing, chat etc.
Dual boot Windows 10 for games. |
|
Back to top |
|
|
cyrius n00b
Joined: 27 Jan 2007 Posts: 70 Location: France
|
Posted: Sun Jul 08, 2018 9:51 pm Post subject: |
|
|
Hi all,
I'm using it since 2003 to do quietly everything.
When windows is needed for professional stuff, i use VirtualBox....on gentoo |
|
Back to top |
|
|
Marcih Apprentice
Joined: 19 Feb 2018 Posts: 213
|
Posted: Mon Jul 09, 2018 7:28 pm Post subject: |
|
|
I use Gentoo to browse Gentoo Forums. _________________
Bones McCracker wrote: | It wouldn't be so bad, if it didn't suck. |
NeddySeagoon wrote: | The problem with leaving is that you can only do it once and it reduces your influence. |
|
|
Back to top |
|
|
pun_guin Apprentice
Joined: 06 Feb 2018 Posts: 204
|
Posted: Mon Jul 09, 2018 7:50 pm Post subject: |
|
|
I use Gentoo to fulfill my will to have something to break and fix. My other systems are predictable. _________________ I already use the new Genthree. |
|
Back to top |
|
|
saturnalia0 Tux's lil' helper
Joined: 13 Oct 2016 Posts: 136
|
Posted: Mon Jul 09, 2018 10:01 pm Post subject: |
|
|
It was my primary operating system at home for a few years, used it both for entertainment and work.
Last year I got a new job in which we only use Windows, and also a PC for gaming, so I'm using Windows as my main operating system now.
But... I still have Gentoo on my laptop, which I use to watch movies in bed, and when I travel, such as now.
I have a Debian VPS which I'm thinking about replacing with Gentoo, but it's good to have a binary-based distro laying around when you need something quick and dirty.
If I ever need a new Linux setup I'll probably go with Gentoo. |
|
Back to top |
|
|
jarlah n00b
Joined: 08 Jul 2018 Posts: 1
|
Posted: Tue Jul 10, 2018 5:04 pm Post subject: |
|
|
I use Gentoo for normal computer usage on laptop. Browsing, programming, virtualization. No special software. I almost never experiment with my linux installs. But I like the idea of not being tied to any special distro, so i just make sure to use standard cross platform software and I am home free. |
|
Back to top |
|
|
dasPaul Apprentice
Joined: 14 Feb 2012 Posts: 243 Location: Dresden
|
Posted: Tue Jul 17, 2018 7:47 am Post subject: |
|
|
I first came into contact with gentoo via pentoo. I used pentoo back in 2008 and wanted to add some features to it, so the pentoo devs told me, pentoo is a gentoo... use portage
But my desktop was still running Microsoft until ~2012. That was the point I was totally fed up with windows for a lot of reasons and I decided to change to gentoo because I exercised its installation over and over and there was absolutely no advantage left for Windows over Gentoo
Until yesterday I had an gentoo installation that lasted for 5 years without doing a complete reinstall! With windows you have a complete reinstall with every major update (and loosing various settings again and again, they just cant handle that)
Yesterday I did execute a stupid xargs rm ... command as root and there was a total mess in my lib64 folder. That was the point for a fresh gentoo and it took not 2 days as my first installation took, but just one half day
If I really need windows I've a windows installation (sometimes for games) on my gentoo desktop via pci-passthrough with my gtx1070 that works like a charm. _________________ -=human without Windows®=-
sorry for my bad english! |
|
Back to top |
|
|
pa4wdh l33t
Joined: 16 Dec 2005 Posts: 812
|
Posted: Tue Jul 17, 2018 3:09 pm Post subject: |
|
|
I use gentoo for everything i do that involves a computer No other OS's or distro's are alllowed
My router, a Soekris net5501-70, runs gentoo from a USB harddrive, from which i make initrd images which it can run without the HDD.
My desktop, where i use libreoffice, browsing, e-mail, a lot of shell scripting and commandline work and a bit of C programming using VI as my IDE
My NTP server is a raspberry 2B with the ultimate GPS Hat running gentoo.
My laptop is running gentoo, similar use as the desktop, and a VPN which connects me from anywhere to my home network.
My server, which used to be a Soekris net6501-70 is now replaced with a Supermicro A1SAi-2750F with 16GB of memory. It runs NFS, DNS, e-mail (postfix+dovecot), calendar (radicale), tor, CUPS, ssh honeypot and ping to keep my provider's IPv6 tunnel up and running . So separate these processes it runs 9 linux containers, of which 6 contain a complete gentoo system, others are containers with just single process.
The weirdest thing i'm running gentoo on is probably my Neo Freerunner.
I did try to run gentoo on a OYO e-reader, but failed to get it booting _________________ The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world
My shared code repository: https://code.pa4wdh.nl.eu.org
Music, Free as in Freedom: https://www.jamendo.com |
|
Back to top |
|
|
saderror256 n00b
Joined: 26 Jul 2018 Posts: 13 Location: Current Directory
|
Posted: Fri Jul 27, 2018 10:19 pm Post subject: |
|
|
I use gentoo for home use.
The reason I use gentoo is for the use of USE flags, CFlags, and more. Also to help me learn and thrive in GNU/Linux. Use flags give me the choice of weather I want this or that, should I compile with this feature or disable that? You get the point _________________ FreeBSD user, but still uses and loves himself some Gentoo!
I wont judge you based on what you use, newbie or inexperienced, you are still amazing for being here B) |
|
Back to top |
|
|
CasperVector Apprentice
Joined: 03 Apr 2012 Posts: 156
|
Posted: Mon Sep 03, 2018 3:00 pm Post subject: |
|
|
I switched from Gentoo to Void on my laptop, and Alpine on my server.
Gentoo is nice in many aspects, but it is bad at minimalism; even LFS does not seem to do it well.
For those who seek fully customised mimimalist systems, projects like mkroot and lh-bootstrap might be of particular interest.
Trivia #1: The toolchains provided by Laurent Bercot for use with lh-bootstrap are much smaller than those for mkroot; I might investigate the cause when I have some more time.
(Update: the owner of b.zv.io gave a nice explanation for this observation.)
Trivia #2: Rob Landley noted, about Aboriginal Linux (predecessor of mkroot), that:
https://landley.net/aboriginal/ wrote: | The original motivation of Aboriginal Linux was that back around 2002 Knoppix was the only Linux distro paying attention to the desktop, and Knoppix's 700 megabyte live CD included the same 100 megabytes of packages Linux From Scratch built, which provided a roughly equivalent command line experience as the 1.7 megabytes tomsrtbt which was based on busybox and uClibc. If I could free up an extra 100 megs of space on Knoppix's boot CD they'd work wonders with it, so I started work trying to build a fully functional Linux From Scratch with all the gnu bloatware replaced with busybox and uClibc. |
_________________ My current OpenPGP key:
RSA4096/0x227E8CAAB7AA186C (expires: 2020.10.19)
7077 7781 B859 5166 AE07 0286 227E 8CAA B7AA 186C |
|
Back to top |
|
|
Yamakuzure Advocate
Joined: 21 Jun 2006 Posts: 2284 Location: Adendorf, Germany
|
Posted: Tue Sep 04, 2018 6:52 am Post subject: |
|
|
I use Gentoo on my laptop to work on my own projects. Further I use a Gentoo prefix on Cygwin to make it suck less, and as a WSL installation as Cygwin is very slow in many places.
Most stuff I do there is using Git and pretty standard tools like grep, sed, cat, less, find and perl. But it is so much more convenient to have Konsole with multiple tabs open than multiple MinTTY or GitBash windows... And... well... Konsole on Windows 10 is just cool.
Having said that, the main purpose of Cygwin is to provide dbus, sshd, postfix and last but not least, X for WSL. Besides Konsole I regularly use kedit, kcalc and kate on windows.
Edit: Oh, and Pulseaudio, so WSL programs actually can use sound. Tried with media-sound/amarok-9999, and it works. _________________ Important German:- "Aha" - German reaction to pretend that you are really interested while giving no f*ck.
- "Tja" - German reaction to the apocalypse, nuclear war, an alien invasion or no bread in the house.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|