Doubling what Klaymore said, I’ve seen this “just work” as long as all partitions have the same password, no key files necessary.

That said, if you needed to use a key file for some reason, that should work too, especially if your root directory is one big partition. Keep in mind too that the luks commands for creating a password-based encrypted partition vs a keyfile-based encrypted partition are different, so you can’t, for example, put your plaintext password into a file and expect that to unlock a LUKS partition that was setup with a password.

But the kernel should be trying to mount your root partition first at boot time where it will prompt for the password. After that it would look to any /etc/crypttab entries for information about unlocking the other partitions. In that file you can provide a path to your key file, and as long as it’s on the same partition as the crypttab it should be able to unlock any other partitions you have at boot time.

It is also possible, as one of your links shows, to automatically unlock even the root partition by putting a key file and custom /etc/crypttab into your initramfs (first thing mounted at boot time), but it’s not secure to do so since the initramfs isn’t (and can’t be) encrypted - it’s kind of the digital equivalent of hiding the house key under the door mat.

Found a blog post that gives a quick overview of how to do git via email in general: https://peter.eisentraut.org/blog/2023/05/09/how-to-submit-a-patch-by-email-2023-edition

So at least from my understanding you’d make your changes, email the contents of the patch to the maintainer, and then they’d apply it on their side, do code review, email you comments, etc. until it was in an acceptable state.

There’s also the full kernel development wiki that goes into all the specifics: https://www.kernel.org/doc/html/v4.16/process/howto.html

(I never got through the whole thing)

I’ll also throw out: aging infrastructure, build systems, coding practices, etc.

I looked into contributing to the kernel - it’s already an uphill battle to understand such a large, complex piece of software written almost entirely in C - but then you also need to subscribe to busy mailing lists and contribute code via email, something I’ve never done at 30 and I’m betting most of the younger generation doesn’t even know is possible. I know it “works” but I’m really doubting it’s the most efficient way to be doing things in 2024 - there’s a reason so many infrastructure tools have been developed over the years.

The barriers to entry for a lot of projects is way too high, and IMO a lot of existing “grey” maintainers, somewhat understandably, have no interest in changing their processes after so much time. But if you make it too hard to contribute, no one will bother.

Out of curiosity, what switch are you using for your setup?

Last time I looked, I struggled to find any brand of “home tier” router / switch that supported things like configuring vlans, etc.

Maybe I am not thinking of the access control capability of VLANs correctly (I am thinking in terms of port based iptables: port X has only incoming+established and no outgoing for example).

I think of it like this: grouping several physical switch ports together into a private network, effectively like each group of ports is it’s own isolated switch. I assume there are routers which allows you to assign vlans to different Wi-Fi access points as well, so it doesn’t need to be literally physical.

Obviously the benefits of vlans over something actually physical is that you can have as many as you like, and there are ways to trunk the data if one client needs access to multiple vlans at once.

In your setup, you may or may not benefit, organizationally. Obviously other commenters have pointed out some of the security benefits. If you were using vlans I think you’d have at a minimum a private and public vlan, separating out the items that don’t need Internet access from the Internet at all. Your server would probably need access to both vlans in that scenario. But certainly as you say, you can probably accomplish a lot of this without vlans, if you can aggressively setup your firewall rules. The benefit of vlans is you would only really need to setup firewall rules on whatever vlan(s) have Internet access.

I ran into the same thing. I’ve always just worked around it, but I believe I did find the solution at one point (can’t find the link now).

But if I am remembering right, I believe you need to manually create a bridge between the two networks - by default it isolates the VMs from TrueNAS itself for security reasons.

Sorry I can’t link the exact fix right now, but hopefully this will help you Google the post I found on the subject.

I ran into this exact situation at work - though for me it was more the case that getting approvals for new software / installing new dependencies in our system is a massive pain.

So I went with Python since it’s already installed on basically any Linux system. It was fine - I mean Python is a good language and can certainly handle string processing and data manipulation with relative ease.

I still think the Python docs are pretty bad, and I wasn’t thrilled with the options for calling a subprocess in Python - they all felt kinda clunky, though I was barred from using the newest versions since I had to run an older version of Python.

But I ultimately got something that worked and it was certainly better executed / shorter than the bash equivalent it was replacing.

I had a bunch of friends up and was gifted Cosmic Encounter.

I had seen it played on YouTube, but this was the first time I got to play it myself. We had a great time! The game can feel a little bit overwhelming at first with all it’s stages and card-decks, but once you get past it it’s a really good time.

If you’ve never played it, the super short version is that you are trying to get colonies on other players planets by drawing cards against each other. But what makes it fun is that every player also gets to draw an (initially secret) civilization/character card, which typically has abilities that completely turn the game on its head. We had lots of hilarious moments stemming from the character reveals. I would definitely recommend checking it out!

I also got to play Radlands with my S/O. Not at all the kind of game either of us have really played before, but we had a blast. It’s a card-dueling game, and all the cards feel very powerful with some cool synergies. It’s pretty simple to teach, especially if you use table-top sim or spring for the edition that comes with play-mats.

You offered a lot of suggestions, and I’m sure people will disagree over the specifics, but I think your overall point is excellent and not talked about enough. I wonder if anyone has ever even attempted a survey on the ages of maintainers/contributors? I bet it’s skewing older fast.

Nothing wrong with that of course, especially given the project’s age, complexity, and being written in C - but you’re right, at some point you have to attract new talent - people can’t maintain forever.

I’m a 29 year old developer - I didn’t even know you could do git patches via email until recently. And while it’s super cool, it also sounds kinda terrible, especially at the volume they must be receiving? Their own docs are saying the mailing lists receive some 500 emails per day and I can’t imagine the merge process is fun.

So many doc pages are dedicated to how to submit a patch - which is great that it’s documented, and I’m sure it will always be somewhat complicated for a large project - but it also feels like things that are all automatically handled by newer tools / bots which can automatically enforce style checks, etc.

I guess they could argue that the complicated process acts as a filter to people submitting PRs who don’t know what they are doing, but I’d argue it also shuts out talented engineers who don’t have 40 hours to learn how to submit a patch to a project on top of also learning the kernel and also fixing the bug in question.

From what little I read of their git process, does anyone know if there’s anything preventing the maintainer of a subsystem from setting up a more modern method for receiving patches? As long as the upstream artifact to the kernel has the expected format?

Oh man, I actually like the language, but you made me think of my own hot take:

Python has inexcusably poor docs.

Just a smattering of examples, which aren’t even that good, while failing to report key information like all the parameters a function can take, or all the exceptions it can throw. Any other popular language I can think of has this locked down and it makes things so much easier.