LUKS2 + YubiKey Bio

2023-07-16 08:17:49 +0200

Recently I got myself a YubiKey Bio which I wanted to replace the YubiKey 5 with in terms of unlocking my LUKS2 encrypted drive(s). In this setup you can then simply use your fingerprint to unlock the drive, which I consider more secure than entering a PIN. I’m not sure if it’s a good idea to add multiple FIDO2 keys to systemd’s cryptsetup - I read about some issues - so I removed the YubiKey 5 first.



Installing Nextcloud All-in-One docker image in rootless mode

2023-06-04 19:26:17 +0200

Running your own instance of Nextcloud is probably one of the best solutions for reclaiming some privacy and avoiding services hosted by Google, Apple or Microsoft. I tried to cover the task of installing Nextcloud on a Synology NAS here by using the archive file provided by Nextcloud. However, they also offer some very handy “AIO - all-in-one docker image” which will pretty much take care of everything.



Fedora 38

2023-05-06 18:49:26 +0200

With version 38 just being released I decided to give Fedora a try again. From time to time I’d like to check out how things are going with other distributions. And sometimes it’s nice to have really current versions of your favorite applications. ;-) So I replaced my beloved Debian 11 with Fedora 38.



Creating your own custom CA

2023-02-21 18:12:26 +0100

As the constant security warnings displayed by my browser when accessing my local infrastructure annoyed me already for a long time I decided to look into the task of creating my own custom CA (“certificate authority”). There is not a lot of “local infrastructure” to be honest, basically my router and NAS drive. Anyway, I tend to access those via https and thus generating a warning by my browser telling me this site has no valid certificate. Of course, devices like this run with self-signed certificates, unknown to any browser.




2022-11-13 14:48:50 +0100

Recently this post about Keyoxide came up in my Mastodon timeline and of course made me curious. Turns out Keyoxide is a little like Keybase: based on GPG you can claim an identitiy and have to add a prove then. At first it might be a little confusing because in Keyoxide you cannot just sign up for profile but in fact it’s pretty straight forward and simple - I really like this approach!