diff options
| -rw-r--r-- | src/app.css | 57 | ||||
| -rw-r--r-- | src/routes/blog/posts/alpine-ssh-early-initfs.svx | 69 |
2 files changed, 101 insertions, 25 deletions
diff --git a/src/app.css b/src/app.css index 4b1b53d..81a7926 100644 --- a/src/app.css +++ b/src/app.css @@ -71,15 +71,32 @@ &:not(:is(p)) { @apply text-white/95; } - &:is(blockquote) { - &::before { - background-color: var(--colour-full); - } - } &::after { @apply -ml-3 bg-gray-200/50; } } + +@utility blockquote-* { + @apply pl-4 p-2 relative my-1; + &::before { + @apply absolute w-1 transition-opacity left-0 top-[10%] h-[80%] opacity-50; + content: ''; + background-color: --value(--color-*); + } + &:hover::before { + @apply opacity-100; + } + p { + &::after { + @apply hidden; + } + } +} +@utility md-card-* { + @apply p-4 rounded-lg bg-neutral-950 border-[1.8px] my-4 sticky top-4 z-50; + border-color: --value(--color-*); +} + #postmd { @apply font-sans; a { @@ -97,22 +114,24 @@ h4 { @apply my-1 text-lg; } - h1,h2,h3,h4,h5,h6,p { + h1,h2,h3,h4,h5,h6,p,blockquote:not(.no-at-a-glance) { @apply relative text-white/90 hover:text-white; &::after { content: ""; @apply absolute top-[20%] left-0 h-[60%] w-0.5 -ml-4 rounded-full transition-all; } - &:is(p)::after { + &:is(p)::after, + &:is(blockquote)::after { @apply bg-gray-200/5; } - &:not(:is(p))::after { + &:not(:is(p)):not(:is(blockquote))::after { @apply bg-gray-200/15; } &:hover::after { @apply -ml-3 bg-gray-200/75; } - &:hover ~ p:is(p)::after { + &:hover ~ p::after, + &:hover ~ blockquote::after { @apply bg-gray-200/4; } } @@ -136,12 +155,13 @@ @apply internal-header-active; } } - h5,h6,p { + h5,h6,p,blockquote:not(.no-at-a-glance) { &:not(:hover):has(~*:hover):not(:has(~h1~*:hover,~h2~*:hover,~h3~*:hover,~h4~*:hover,~h5~*:hover,~h1:hover,~h2:hover,~h3:hover,~h4:hover,~h5:hover)) { @apply internal-header-active; } } - p::after { + p::after, + blockquote:not(.no-at-a-glance)::after { @apply h-[90%] top-[5%]; } p { @@ -195,20 +215,7 @@ } } blockquote:not(.default-blockquote) { - @apply -ml-1 pl-4 p-2 relative my-1; - &::before { - @apply absolute w-1 bg-violet-500/50 transition-colors left-0 top-[10%] h-[80%]; - content: ''; - --colour-full: var(--color-violet-500); - } - &:hover::before { - background-color: var(--colour-full); - } - p { - &::after { - @apply hidden; - } - } + @apply blockquote-violet-500; } } diff --git a/src/routes/blog/posts/alpine-ssh-early-initfs.svx b/src/routes/blog/posts/alpine-ssh-early-initfs.svx index a9296b7..1e18126 100644 --- a/src/routes/blog/posts/alpine-ssh-early-initfs.svx +++ b/src/routes/blog/posts/alpine-ssh-early-initfs.svx @@ -11,6 +11,19 @@ updated: "2026-01-14T15:53:57Z" published: false --- +<blockquote class="default-blockquote blockquote-red-400"> + + **Warning**<br/> + This post talks about operations that may lead the reader's system + unbootable, including modifying it's initramfs. + Do not follow along if the reader is not prepared to fix it's own + systems from potentially infuriating bugs. + + <p><small class="text-sm opacity-50 hover:opacity-70 transition-opacity">Maybe avoid following along on the friday + before the reader's vacation.</small></p> + +</blockquote> + For a while, this one's been meaning to setup an early-boot SSH environment for Alpine Linux on systems that are using a [System Disk](https://wiki.alpinelinux.org/wiki/System_Disk_Mode) installation @@ -37,6 +50,62 @@ staying close to the intended upstream Alpine installation Alpine's [mkinitfs](https://gitlab.alpinelinux.org/alpine/mkinitfs/) allows us to do things like including files or kernel modules in the image, via their [features.d](https://gitlab.alpinelinux.org/alpine/mkinitfs/-/tree/master/features.d). + This is nice and all, but on it's own, we can only really give the kernel a module, or a file we manually call by spamming enter through the encryption password prompts and running via the 'Emergency Shell'. + + +### approach 1: patching + +The easiest solution this one thought of was to just directly modify +`/usr/share/mkinitfs/initramfs-init` and be happy, then deal with it when +upstream modifies things. + +This is, however, very not "set, make a blog post, and forget". So we skipped +that idea. + +### approach 2: fork the upstream + +The second, and nicest to upstream solution it thought of was modify +[initramfs-init.in](https://gitlab.alpinelinux.org/alpine/mkinitfs/-/blob/cc4954bc73cf55833b48624232b9c42ca3abc390/initramfs-init.in) + - which gets built into `/init` in the initfs. + +This would've worked very well, but would require maintaining one's own +`/init`, for which the distro provides few guarantees that the rest of the +tooling will forever accomodate an old version forked off. + +#### upstreaming + +It also thought about upstreaming this, for which this would've been the only +viable approach. However, with this, comes the challenge of cleaning up the +sshd during early openrc, cleanly, without any use-case edge-cases. + +> **For Alpine Maintainers**<br/> +> If beings involved in the mkinitfs project want something like this, this +> one's willing to, with some guidance on avoiding user edge-cases, contribute +> this. + +### approach 3: third approach's the charm + +The third approach was wrapping +[nlplug-findfs](https://gitlab.alpinelinux.org/alpine/mkinitfs/-/blob/cc4954bc73cf55833b48624232b9c42ca3abc390/nlplug-findfs.1.in), +replacing the system-wide binary, regenerating the initramfs, and then spawning +SSH from there and directly interacting via libssh. + +Whilst this would be sensible in theory, this has a high maintenance burden if +nlplug-findfs is modified substantially (or, worse, entirely removed). This is +heavily in no guarantees provided land. + +So this one opted against it. + +### approach 4: a kernel module + +A kernel module could start a userspace process early, which would not involve +touching any of the existing tooling's code (and just needs one file added). + +But also, no. + +## starting ssh before `initramfs-init.in` + +> "it's like LogoFAIL for your initfs" - somebeing, probably |