README h3 -> h2
This commit is contained in:
parent
bb0514469d
commit
50c56ad5f7
10
README.md
10
README.md
@ -6,7 +6,7 @@
|
|||||||
|
|
||||||
Secure AlmaLinux (RHEL) Server setup with LUKS encryption, Tang, TPM and RAID1 for Hetzner Dedicated Servers.
|
Secure AlmaLinux (RHEL) Server setup with LUKS encryption, Tang, TPM and RAID1 for Hetzner Dedicated Servers.
|
||||||
|
|
||||||
### Features
|
## Features
|
||||||
|
|
||||||
- AlmaLinux Server base
|
- AlmaLinux Server base
|
||||||
- Full disk encryption with LUKS
|
- Full disk encryption with LUKS
|
||||||
@ -16,7 +16,7 @@ Secure AlmaLinux (RHEL) Server setup with LUKS encryption, Tang, TPM and RAID1 f
|
|||||||
- SSH key-only access with early boot SSH via dropbear
|
- SSH key-only access with early boot SSH via dropbear
|
||||||
- Best-in-class terminal: zsh + powerlevel10k + evil tmux
|
- Best-in-class terminal: zsh + powerlevel10k + evil tmux
|
||||||
|
|
||||||
### Unlock Strategy
|
## Unlock Strategy
|
||||||
|
|
||||||
1. **Automatic unlock via Tang/TPM** (default):
|
1. **Automatic unlock via Tang/TPM** (default):
|
||||||
- Configure TPM2 and/or Tang servers in post-install.sh
|
- Configure TPM2 and/or Tang servers in post-install.sh
|
||||||
@ -28,7 +28,7 @@ Secure AlmaLinux (RHEL) Server setup with LUKS encryption, Tang, TPM and RAID1 f
|
|||||||
- Enter LUKS passphrase when prompted (twice, once per disk)
|
- Enter LUKS passphrase when prompted (twice, once per disk)
|
||||||
- Used when automatic unlock fails or is not configured
|
- Used when automatic unlock fails or is not configured
|
||||||
|
|
||||||
### Install
|
## Install
|
||||||
|
|
||||||
Boot your Hetzner server into rescue mode and run:
|
Boot your Hetzner server into rescue mode and run:
|
||||||
|
|
||||||
@ -53,14 +53,14 @@ The installer will:
|
|||||||
|
|
||||||
Encrypted network and storage pool using [Nebula](https://github.com/slackhq/nebula) mesh VPN and [GlusterFS](https://www.gluster.org/) distributed filesystem.
|
Encrypted network and storage pool using [Nebula](https://github.com/slackhq/nebula) mesh VPN and [GlusterFS](https://www.gluster.org/) distributed filesystem.
|
||||||
|
|
||||||
### Features
|
## Features
|
||||||
|
|
||||||
- **Encrypted mesh network** - All traffic encrypted via Nebula overlay (192.168.100.0/24)
|
- **Encrypted mesh network** - All traffic encrypted via Nebula overlay (192.168.100.0/24)
|
||||||
- **Distributed storage** - Data replicated across all storage nodes
|
- **Distributed storage** - Data replicated across all storage nodes
|
||||||
- **Simple joining** - Single preshared secret + lighthouse endpoint
|
- **Simple joining** - Single preshared secret + lighthouse endpoint
|
||||||
- **Flexible nodes** - Full nodes (replicate data) or remote nodes (no storage)
|
- **Flexible nodes** - Full nodes (replicate data) or remote nodes (no storage)
|
||||||
|
|
||||||
### Setup
|
## Setup
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
wget -qO- https://git.dominik-roth.eu/dodox/nullpoint/raw/branch/master/cluster-setup.sh | sudo bash
|
wget -qO- https://git.dominik-roth.eu/dodox/nullpoint/raw/branch/master/cluster-setup.sh | sudo bash
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user