(Question) How can I stop Cloudron from starting automatically?
-
For context, I am planning to manually mount encrypted volumes (/home, /backups) and would like to prevent Cloudron from starting until I have done so. I am unsure if there is a service to disable or anything else?
Related: https://forum.cloudron.io/topic/2939/optional-full-disc-encryption/19?_=1650817812249, https://forum.cloudron.io/post/21878
-
Hi @3246,
I have not tested it, but the heart of cloudron is as far as I know the "box" service. So I'd suggest disabling this service through systemd. Or even better mount your volumes as a systemd unit and make the box service dependent on it.
-
@3246 Interesting question!
Doesn't ubuntu ask for some password in the boot sequence when trying to decrypt home already? If so, we should try to latch on to that ideally. As @fbartels said, there's a whole bunch of things here - docker, box, unbound, nginx, log service etc which all depend on "home".
-
Apparently, ubuntu does not support encrypting part of a disk anymore per https://www.linuxuprising.com/2018/04/how-to-encrypt-home-folder-in-ubuntu.html since
eCryptfs
isbuggy, under-maintained
and they recommend full disk encryption. Of course, if you use full disk encryption, you don't need to worry about systemd service ordering since it will ask you the password on boot.Can you tell me how you have setup the encryption ?
-
@fbartels @girish thank you. I have not build it yet but am planning to next week if time permits
That's a bummer to hear that encrypting just /home is no longer recommended. I am not sure how I will be able to enter my password at boot, although I will give it a try using Scaleway's(1) console.
I also need to see if I can install Ubuntu using an ISO.
(1) I am planning to give their new "Elastic Metal" a try
-
@girish it does, yes. They also have a KVM style one for their "elastic metal" service. I'll give this a try and report back. My main question is whether I can install the OS from an image or if I have to use one of theirs. Otherwise, I may have to find another host