/ mozey.co / blog

January 1, 0001

🔗 Install Ubuntu

Create Ubuntu bootable USB on macOS

Use encrypted volume

No automatic updates

Install OpenSSH server

Skip networking on install, set network interface to use Dynamic IP Address Assignment (DHCP Client). It’s advisable to give the server a static IP on the DHCP server

🔗 Automatic update not selected on install

ubuntu-automatic-updates

# Uncomment lines as per article
sudo vi /etc/apt/apt.conf.d/50unattended-upgrades
sudo vi /etc/apt/apt.conf.d/20auto-upgrades

sudo unattended-upgrades --dry-run --debug

# Wait a few days then check the logs
cat /var/log/unattended-upgrades/unattended-upgrades.log

🔗 Second encrypted volume

List block devices

lsblk

Create partition

# WARNING Make sure to partition the correct device!
sudo fdisk /dev/sda
g # create a new empty GPT partition table
w # write table to disk and exit

sudo fdisk /dev/sda
n # new partition
# accept all defaults
p # show partition info
w # write changes

# View all partitions
sudo fdisk -l

Encrypt the partition

sudo cryptsetup -y -v luksFormat /dev/sda1

Format the partition

sudo cryptsetup luksOpen /dev/sda1 sda1_crypt
sudo mkfs.ext4 /dev/mapper/sda1_crypt

Automatically mount and decrypt your second drive on startup

sudo cryptsetup luksAddKey /dev/sda1 /home/ubuntu/.ssh/id_rsa

Update crypttab

# Copy the UUID /dev/sda1, not the PARTUUID
sudo blkid

sudo vi /etc/crypttab
sda1_crypt UUID=5965ada3-a3e4-44a4-8fff-d79a9de9a25a /home/ubuntu/.ssh/id_rsa luks,discard

Update fstab

mkdir /home/ubuntu/data

sudo vi /etc/fstab
/dev/mapper/sda1_crypt  /home/ubuntu/data   ext4    defaults        0      2

Test mount

sudo mount -a
df -h
sudo reboot now

Change data volume permissions

sudo chown ubuntu:ubuntu /home/ubuntu/data -R

Note there might be some errors on the boot screen before entering the password, probably due to adding another drive. Originally the root volume was sda, but now the second HDD is. System should boot normally after typing the pass