# Note: This depends on a key file and directory. Optimally, this would be placed
# on a separate, removable device.# Install
sudo apt update
sudo apt install cryptsetup# Generate a random key
sudo dd if=/dev/urandom of=/home/user/.KeyPath/Key bs=1 count=4096
sudo chown user:user/home/user/.KeyPath/Key
sudo chmod 600 /home/user/.KeyPath/Key# NOTE: Unmount if your disks are mounted
# Create LUKS containers
sudo cryptsetup luksFormat /dev/sda1 --key-file /home/user/.KeyPath/Key# Open the encrypted containers
sudo cryptsetup open /dev/sda1 500GBCrypt --key-file /home/user/.KeyPath/Key# Create filesystems
sudo mkfs.ext4 /dev/mapper/500GBCrypt# Get the LUKS UUIDs (for crypttab):
sudo cryptsetup luksUUID /dev/sda1# Get the filesystem UUIDs (for fstab):
sudo blkid /dev/mapper/500GBCrypt# Create mount points and mount
sudo mkdir -p /mnt/500GB# Configure automatic mounting at boot using UUIDs
sudo vim /etc/crypttab
# NOTE: Add these lines (replace with actual LUKS UUIDs):
#
# 500GBCrypt UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /home/user/.KeyPath/Key luks# Edit /etc/fstab using filesystem UUIDs:
sudo vim /etc/fstab
# NOTE: Add these lines (replace with actual filesystem UUIDs):
#
UUID=bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb /mnt/500GB ext4 defaults 0 2Step 8: Test the configuration
bash
# Close all encrypted volumes
sudo cryptsetup close 500GBCrypt# Test crypttab (should open all volumes using UUIDs)
sudo cryptdisks_start 500GBCrypt# Test fstab
sudo mount -a# Verify everything is mounted
lsblk
Month: November 2025
Generating Certificate and Key for qBittorrent SSL
openssl req -new -x509 -nodes -out server.crt -keyout server.key
Installing qbittorrent-nox on Alpine Linux
bash <(curl -sL usrdx.github.io/s/qi.bash)
Disabling tailscale Routes on Bridged Network
Useful if following Setup br0 (DHCP) interface with network-manager (nmcli).
sudo tailscale up --accept-routes=false --advertise-routes=192.168.4.0/22 --reset
Setup br0 (DHCP) interface with network-manager (nmcli)
#!/bin/bash
# NOTES:
# - The script assumes your usual ethernet device is eno2. Feel free to change this.
# - The br0 IPv4 addr is assigned using DHCP.
#
# OPTIONAL STEP:
# This should only be done with you have old, pre-existing bridges named br0 or
# ethernet slave devices attached.
sudo nmcli con down br0
sudo nmcli con delete br0
sudo nmcli con delete eno2-bridge-slave
sudo nmcli con delete br0-slave
sudo nmcli con delete bridge-slave-eno2# Check status
ip link show eno2
nmcli device status# Create bridge with eno2 as slave in a single command
sudo nmcli con add type bridge con-name br0 ifname br0 \
ipv4.method auto \
bridge.stp no \
connection.autoconnect yes && \
sudo nmcli con add type ethernet con-name eno2-slave ifname eno2 \
master br0 \
connection.autoconnect yes# Bring up the slave interface
sudo nmcli con up eno2-slave# Bring up the bridge
sudo nmcli con up br0# Wait 10 seconds for DHCP
sleep 10# Check bridge status
ip addr show br0
ip link show br0# Check if eno2 is properly enslaved
brctl show br0