From 8d5373f1cb129866b3aabbc53c8d78f6ae8a8f6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20Sch=C3=A4ferdiek?= Date: Fri, 21 Apr 2023 17:18:59 +0200 Subject: [PATCH] Manual backup: 2023-04-21 17:18:58 --- .obsidian/workspace.json | 22 +++++++++++----------- KB/Linux/Server/Docker Volume Migration.md | 5 +++++ KB/Linux/Server/Security hardening.md | 11 ++++++++++- KB/Linux/Wireguard.md | 4 +++- 4 files changed, 29 insertions(+), 13 deletions(-) diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index a85a78d..3bf501c 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -4,11 +4,11 @@ "type": "split", "children": [ { - "id": "b461b618901c3a19", + "id": "361626eed2d9956f", "type": "tabs", "children": [ { - "id": "396bb06b78652441", + "id": "567dab3f11f34f53", "type": "leaf", "state": { "type": "empty", @@ -44,7 +44,7 @@ "state": { "type": "search", "state": { - "query": "", + "query": "tag:#docker", "matchingCase": false, "explainSearch": false, "collapseAll": false, @@ -65,7 +65,7 @@ } ], "direction": "horizontal", - "width": 280.5 + "width": 310.5 }, "right": { "id": "899055bb84f9c389", @@ -120,19 +120,23 @@ "templater-obsidian:Templater": false } }, - "active": "396bb06b78652441", + "active": "567dab3f11f34f53", "lastOpenFiles": [ + "KB/Linux/Server/Docker Volume Migration.md", + "KB/Linux/Server/Security hardening.md", + "KB/Linux/Migrate to rootless docker 1.md", + "KB/Linux/Migrate to rootless docker.md", + "KB/Linux/Wireguard.md", + "KB/Linux/GNOME.md", "KB/Linux/Desktop/Firewall.md", "KB/Linux/Desktop/Archinstall.md", "KB/Linux/Server/SSH Guard.md", "KB/Linux/Server/Bootstrap.md", "KB/Linux/Server/DNS.md", - "KB/Linux/Server/Docker Volume Migration.md", "KB/Linux/Server/Hetzner/Storagebox.md", "KB/Linux/Server/Hetzner/Upgrades.md", "KB/Linux/Pacman.md", "KB/Linux/Kernel.md", - "KB/Linux/GNOME.md", "KB/Linux/DNS.md", "KB/Linux/Disk Speed.md", "KB/Linux/AMD.md", @@ -144,10 +148,6 @@ "KB/Linux/Desktop/Fonts.md", "KB/Linux/Desktop/GPG - PGP.md", "KB/Linux/Desktop/i3.md", - "KB/Linux/Desktop/Steam.md", - "KB/Linux/Desktop/Surface.md", - "KB/Linux/Desktop/sway.md", - "KB/Linux/Desktop/systemd.md", "KB/Linux/Desktop/Firewall" ] } \ No newline at end of file diff --git a/KB/Linux/Server/Docker Volume Migration.md b/KB/Linux/Server/Docker Volume Migration.md index 1230f1c..0a0807c 100644 --- a/KB/Linux/Server/Docker Volume Migration.md +++ b/KB/Linux/Server/Docker Volume Migration.md @@ -1,4 +1,9 @@ +--- +creation date: 2022-09-03 +tags: [docker,volume,operations,migration] +--- + 1. Stop existing deployment 2. Create a dedicated named docker volume with `docker volume create target-vol` 3. Copy existing contents diff --git a/KB/Linux/Server/Security hardening.md b/KB/Linux/Server/Security hardening.md index a73ea4d..0190557 100644 --- a/KB/Linux/Server/Security hardening.md +++ b/KB/Linux/Server/Security hardening.md @@ -1,8 +1,17 @@ --- creation date: 2022-01-08 -tags: [note,linux,archlinux,security,hardening] +tags: [note,linux,archlinux,security,hardening,docker] --- +## OS + +See https://wiki.archlinux.org/title/Security + +1. Use `sudo` for everything and disable root with `passwd --lock root` +2. Install `linux-hardened` and set as default + +If using rootless #docker, enable `CONFIG_USER_NS_UNPRIVILEGED`. + ## ssh `ssh-guard` allowed. diff --git a/KB/Linux/Wireguard.md b/KB/Linux/Wireguard.md index b01bafd..3d9e044 100644 --- a/KB/Linux/Wireguard.md +++ b/KB/Linux/Wireguard.md @@ -1,10 +1,12 @@ --- creation date: 2022-09-05 -tags: [note,linux,wireguard,wg] +tags: [note,linux,wireguard,wg,docker] --- `wireguard-tools` is required. +*Be aware that any additional setup will change `iptables` and might be against docker's default rules when running as `root`!* + ## Forwarding When forwarding should be allowed, the "host" needs to set the following via `sysctl` or in a `PostUp` / `PostDown` hook of WireGuard.