doc: documented encrypting /var/lib/libvirt on a VPS

This commit is contained in:
missytake 2024-12-04 14:42:53 +01:00
parent 43ac0f3ac2
commit aebff70524
Signed by: missytake
GPG key ID: 04CC6658320518DF

View file

@ -66,3 +66,34 @@ as copy-pasting your public SSH key into the console doesn't work really.
Make sure the SSH config allows this Make sure the SSH config allows this
(and turn passwort root access off afterwards). (and turn passwort root access off afterwards).
## Encrypting /var/lib/libvirt partition
**Status: tested with Hetzner VPS, not deployed in production yet**
Messing with file systems and partitions
should not be done by automation scripts,
so I created the LUKS-encrypted /dev/sdb partition manually.
(So far, /dev/sdb was added via a Hetzner volume,
but it can be any partition actually)
To create a partition in the VPS volume
(which was formatted to ext4 originally),
- I ran `fdisk /dev/sdb`,
- entered `o` to create a DOS partition table,
- added `n` to add a new primary partition, using all available space,
- and `w` to save to disk and exit.
Then I ran `cryptsetup luksFormat /dev/sdb1`
and entered the passphrase from `pass 0x90/ararat/sdb-crypt`
to create a LUKS volume.
Now I could decrypt the new volume with
`cryptsetup luksOpen /dev/sdb1 sdb_crypt`
and entering the passphrase from `pass 0x90/ararat/sdb-crypt`.
Finally, I ran `mkfs.ext4`
to create an ext4 file system
in the encrypted partition.