Encrypting system HD#

See Encrypt SSD with LUKS and LVM

RAID1 encrypted data partition with LVM#


Change LAN device name#

Edit /etc/udev/rules.d/10-network.rules:

SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="<YOUR MAC ADDRESS GOES HERE>", NAME="lan0"

Remote SSH shell into initram to unlock encrypted devices#

Requirements: install yaourt package from AUR

Install the following packages: - dropbear - (AUR) - (AUR) - (AUR)

Copy your SSH pubkey to /etc/dropbear/root_key.

Add the netconf, dropbear and encryptssh hooks before filesystems within the "HOOKS" array in /etc/mkinitcpio.conf (the encryptssh can be used to replace the encrypt hook).

# /etc/mkinitcpio.conf
MODULES="dm_mod dm_crypt ext4 aes_x86_64 sha256 sha512 r8169 i915"
HOOKS="base udev autodetect modconf block mdadm lvm2 netconf dropbear encryptssh filesystems keyboard fsck"

Rebuild with mkinitcpio -p linux.

Provide networking by adding ip kernel parameter to GRUB config /etc/default/grub:

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:vgroup:allow-discards ip=:::::eth0:dhcp"

Rebuild grub config: grub-mkconfig -o /boot/grub/grub.cfg

Reboot and login as root user to unlock encrypted devices.


Network Plan#

See Network Plan.

Power management#

List of applications and services#


  • GitLab
  • Mail: IMAP, SMTP, spamassassin...
  • DHCP, DNS/dnsec
  • firewall / DMZ


  • ownCloud

Containers: Docker, LXC, systemd-nspawn#

  • Detailed Homeserver tut based on slackware: