On Fri, Aug 11, 2017 at 07:04:54PM +0200, Christian Seiler wrote: > Hi there, > > On 08/11/2017 04:42 AM, Gregory Seidman wrote: > > I'm trying to recreate under systemd something I had previously cobbled > > together with shell scripts and init levels under sysvinit. > > > > Only a few services ran under init 2, the default set in /etc/inittab, > > including privoxy and ssh; the rest of the services I wanted running, such > > as fetchmail, exim4, courier-imap, apache2, etc. would be started at init > > level 3. Those services required an encrypted volume (actually a RAID that > > was an encrypted LVM PV for a VG with several volumes) to be configured and > > mounted before they could be started. > > I've blogged about this very scenario a while back: > https://blog.iwakd.de/headless-luks-decryption-via-ssh > > Note that I wrote that mainly to explain some details about > systemd using a specific example, I personally am not actually > using that kind of setup. For a headless server of mine I use > full disk encryption (LUKS) for everything except /boot and > unlock the entire system in the initramfs. I also mention that > approach in my blog post, but wanted to stress it here again > because I think that the initramfs-based decryption is the > better way to do this. For that alternative take a look at: > https://projectgus.com/2013/05/encrypted-rootfs-over-ssh-with-debian-wheezy/
This not only gave me the understanding I was looking for, but a new perspective on it as well. Thank you! > Regards, > Christian --Greg