Manual backup: 2023-04-21 17:18:58

.obsidian/workspace.json

@@ -4,11 +4,11 @@
     "type": "split",
     "children": [
       {
-        "id": "b461b618901c3a19",
+        "id": "361626eed2d9956f",
         "type": "tabs",
         "children": [
           {
-            "id": "396bb06b78652441",
+            "id": "567dab3f11f34f53",
             "type": "leaf",
             "state": {
               "type": "empty",
@@ -44,7 +44,7 @@
             "state": {
               "type": "search",
               "state": {
-                "query": "",
+                "query": "tag:#docker",
                 "matchingCase": false,
                 "explainSearch": false,
                 "collapseAll": false,
@@ -65,7 +65,7 @@
       }
     ],
     "direction": "horizontal",
-    "width": 280.5
+    "width": 310.5
   },
   "right": {
     "id": "899055bb84f9c389",
@@ -120,19 +120,23 @@
       "templater-obsidian:Templater": false
     }
   },
-  "active": "396bb06b78652441",
+  "active": "567dab3f11f34f53",
   "lastOpenFiles": [
+    "KB/Linux/Server/Docker Volume Migration.md",
+    "KB/Linux/Server/Security hardening.md",
+    "KB/Linux/Migrate to rootless docker 1.md",
+    "KB/Linux/Migrate to rootless docker.md",
+    "KB/Linux/Wireguard.md",
+    "KB/Linux/GNOME.md",
     "KB/Linux/Desktop/Firewall.md",
     "KB/Linux/Desktop/Archinstall.md",
     "KB/Linux/Server/SSH Guard.md",
     "KB/Linux/Server/Bootstrap.md",
     "KB/Linux/Server/DNS.md",
-    "KB/Linux/Server/Docker Volume Migration.md",
     "KB/Linux/Server/Hetzner/Storagebox.md",
     "KB/Linux/Server/Hetzner/Upgrades.md",
     "KB/Linux/Pacman.md",
     "KB/Linux/Kernel.md",
-    "KB/Linux/GNOME.md",
     "KB/Linux/DNS.md",
     "KB/Linux/Disk Speed.md",
     "KB/Linux/AMD.md",
@@ -144,10 +148,6 @@
     "KB/Linux/Desktop/Fonts.md",
     "KB/Linux/Desktop/GPG - PGP.md",
     "KB/Linux/Desktop/i3.md",
-    "KB/Linux/Desktop/Steam.md",
-    "KB/Linux/Desktop/Surface.md",
-    "KB/Linux/Desktop/sway.md",
-    "KB/Linux/Desktop/systemd.md",
     "KB/Linux/Desktop/Firewall"
   ]
 }

KB/Linux/Server/Docker Volume Migration.md

@@ -1,4 +1,9 @@
 
+---
+creation date: 2022-09-03
+tags: [docker,volume,operations,migration]
+---
+
 1. Stop existing deployment
 2. Create a dedicated named docker volume with `docker volume create target-vol`
 3. Copy existing contents

KB/Linux/Server/Security hardening.md

@@ -1,8 +1,17 @@
 ---
 creation date: 2022-01-08
-tags: [note,linux,archlinux,security,hardening]
+tags: [note,linux,archlinux,security,hardening,docker]
 ---
 
+## OS
+
+See https://wiki.archlinux.org/title/Security
+
+1. Use `sudo` for everything and disable root with `passwd --lock root`
+2. Install `linux-hardened` and set as default
+
+If using rootless #docker, enable `CONFIG_USER_NS_UNPRIVILEGED`.
+
 ## ssh
 `ssh-guard` allowed.
 

KB/Linux/Wireguard.md

@@ -1,10 +1,12 @@
 ---
 creation date: 2022-09-05
-tags: [note,linux,wireguard,wg]
+tags: [note,linux,wireguard,wg,docker]
 ---
 
 `wireguard-tools` is required.
 
+*Be aware that any additional setup will change `iptables` and might be against docker's default rules when running as `root`!*
+
 ## Forwarding
 
 When forwarding should be allowed, the "host" needs to set the following via `sysctl` or in a `PostUp` / `PostDown` hook of WireGuard.