dodox/nullpoint
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3dec31c52e
nullpoint/README.md
Dominik Roth 3dec31c52e Make cluster setup more generic and flexible 
- Accept list of lighthouse endpoints (DNS names or IPs)
- Remove specific HA setup references from README
- Add recommendation for redundant DNS in script prompts
- Add links to Nebula and GlusterFS documentation
- Support multiple lighthouse endpoints separated by commas
- More generic language suitable for any infrastructure setup
2025-08-24 18:21:50 +02:00

59 lines
2.0 KiB
Markdown
Raw Blame History

<div align="center">
<img src='./icon.svg' width="150px">
<h2>nullpoint</h2>
<br>
</div>
Secure AlmaLinux (RHEL) Server setup with LUKS encryption, Tang, TPM and RAID1 for Hetzner Dedicated Servers.
## Features
- AlmaLinux Server base
- Full disk encryption with LUKS
- Remote unlock via Tang server
- TPM-based boot verification
- mdadm RAID1 + XFS (RHEL standard)
- SSH key-only access with early boot SSH via dropbear
- Best-in-class terminal: zsh + powerlevel10k + evil tmux
## Unlock Strategy
1. **Automatic unlock via Tang/TPM** (default):
- Configure TPM2 and/or Tang servers in post-install.sh
- System unlocks automatically if conditions are met
- No manual intervention required
2. **Manual unlock via SSH** (fallback):
- SSH to server on port 22 (dropbear in early boot)
- Enter LUKS passphrase when prompted (twice, once per disk)
- Used when automatic unlock fails or is not configured
## Install
Boot your Hetzner server into rescue mode and run:
```bash
wget -qO- https://git.dominik-roth.eu/dodox/nullpoint/raw/branch/master/get.sh | bash
```
The installer will:
- Detect your SSH key from the current session
- Ask for hostname and username
- Generate a secure LUKS passphrase (SAVE IT!)
- Download and configure everything
- Run Hetzner's installimage automatically
## Nullpoint Cluster
Create or join a distributed storage cluster with [Nebula](https://github.com/slackhq/nebula) mesh networking and [GlusterFS](https://www.gluster.org/). Start with a single node and scale up by adding more servers.
```bash
wget -qO- https://git.dominik-roth.eu/dodox/nullpoint/raw/branch/master/cluster-setup.sh | sudo bash
```
- **Storage mounted at**: `/data/storage/` - all data replicated to all nodes
- **Encrypted mesh network** - certificate-based trust with Nebula overlay
- **Flexible lighthouse setup** - use DNS names or direct IPs
- **All nodes are lighthouses** - full redundancy by default
- **Simple secret sharing** - just share lighthouse endpoints and CA cert to join
Reference in New Issue View Git Blame Copy Permalink