Hi there, On 08/11/2017 04:42 AM, Gregory Seidman wrote: > I'm trying to recreate under systemd something I had previously cobbled > together with shell scripts and init levels under sysvinit. > > Only a few services ran under init 2, the default set in /etc/inittab, > including privoxy and ssh; the rest of the services I wanted running, such > as fetchmail, exim4, courier-imap, apache2, etc. would be started at init > level 3. Those services required an encrypted volume (actually a RAID that > was an encrypted LVM PV for a VG with several volumes) to be configured and > mounted before they could be started.
I've blogged about this very scenario a while back: https://blog.iwakd.de/headless-luks-decryption-via-ssh Note that I wrote that mainly to explain some details about systemd using a specific example, I personally am not actually using that kind of setup. For a headless server of mine I use full disk encryption (LUKS) for everything except /boot and unlock the entire system in the initramfs. I also mention that approach in my blog post, but wanted to stress it here again because I think that the initramfs-based decryption is the better way to do this. For that alternative take a look at: https://projectgus.com/2013/05/encrypted-rootfs-over-ssh-with-debian-wheezy/ Regards, Christian