dodox/nullpoint
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1a58f63c7f
nullpoint/README.md
Dominik Roth 34761a1cdd Upd ROADMAP
2025-07-26 21:53:33 +02:00

72 lines
2.0 KiB
Markdown
Raw Blame History

<div align="center">
<img src='./icon.svg' width="150px">
<h2>nullpoint</h2>
<br>
</div>
Secure AlmaLinux Server setup with LUKS encryption, TPM, and mdadm RAID1 for Hetzner Dedicated Servers.
## Features
- AlmaLinux Server base
- Full disk encryption with LUKS
- Remote unlock via Tang server
- TPM-based boot verification
- mdadm RAID1 + XFS (RHEL standard)
- SSH key-only access with early boot SSH via dropbear
- Best-in-class terminal: zsh + powerlevel10k + evil tmux
If you need a dead man's switch to go along with it check out [raven](https://git.dominik-roth.eu/dodox/raven).
## Unlock Strategy
1. **Automatic unlock via Tang/TPM** (default):
- Configure TPM2 and/or Tang servers in post-install.sh
- System unlocks automatically if conditions are met
- No manual intervention required
2. **Manual unlock via SSH** (fallback):
- SSH to server on port 22 (dropbear in early boot)
- Enter LUKS passphrase when prompted (twice, once per disk)
- Used when automatic unlock fails or is not configured
## Quick Install
Boot your Hetzner server into rescue mode and run:
```bash
wget -qO- https://git.dominik-roth.eu/dodox/nullpoint/raw/branch/master/install.sh | bash
```
The installer will:
- Detect your SSH key from the current session
- Ask for hostname and username
- Generate a secure LUKS passphrase (SAVE IT!)
- Download and configure everything
- Run Hetzner's installimage automatically
## Manual Setup
If you prefer to configure manually:
1. **Boot into Hetzner Rescue Mode**
- Log into Hetzner Robot
- Select your server → Rescue tab
- Choose "Linux 64 bit" and activate
- SSH into rescue system
2. **Download Configuration**
```bash
git clone https://git.dominik-roth.eu/dodox/nullpoint.git
cd nullpoint
```
3. **Configure**
- Edit `install.conf` and change `CRYPTPASSWORD`
- Edit `post-install.sh` and set your SSH key (REQUIRED!)
- Optionally configure Tang servers and TPM settings
4. **Install**
```bash
installimage -a -c install.conf -s post-install.sh
Reference in New Issue View Git Blame Copy Permalink