Systemd-homed will change the way we manage users and their home directories on . "Outside of including a much-improved security, systemd-homed will finally enable a truly portable home directory."

Interesting stuff, I'm assessing how this will impact our setup.

@Gina I expect a lot of ranting "systemd is bloated!" and other "systemd is not KISS!".

@AugierLe42e I've never known anything else than systemd, so for me it's all fine. 🤷‍♀️

@Gina Me neither. But I'm really happy not having to write service's scripts in Bash 😍

@AugierLe42e @Gina ye… there are two ways to deal with new tech :-)

Fun thing, both sentences are true and I still like systemd. It's so much more than just "Run stuff".

@Gina @AugierLe42e …or sandbox :) …or record /limit resource consumption :) …or write way more efficient timer jobs :) …or write conditional script execution :) …or report script results straight back to monitoring :) …or run "init" like stuff for user :) …or

There is a lot to it and the deeper I dig the more sense it makes.

Also a lot of specialized tools that had to be installed and configured additionally for the usual must-have jobs are obsolete.

@bekopharm @AugierLe42e damnnnn and here I thought I was SuperSysadmin just for using systemctl status on a daily basis.

@Gina @AugierLe42e Here is an example I'm currently checking. One of our servers killed it's restic prune process tonight by oom-killer. There are _plenty_ of not so important fpm-jobs it could kill but please leave the backup alone.

It's run by systemd. Did you know there is OOMScoreAdjust?

@bekopharm @AugierLe42e Yeah I think I just realized how much of a noob sysadmin I still am.

@Gina @AugierLe42e nah, don't worry. Read into the topic - like you already do - and you'll be fine. I learn new stuff every day _because_ IT is changing every day. We will never catch up on everything.

IPv6 anyone? :)

@bekopharm @Gina @AugierLe42e One of these days I'll be administering something that os actually connected to the internet over IPv6 and I'll finally get around to leaning any of that! One of these days . . .

@keithzg Sounds like these resolutions you take at the beginning of the year and you never respect 😅
@Gina @bekopharm

@keithzg @Gina @bekopharm Here is a motivation: people say that there's so many addresses on IPv6 space that it will never get to exhaustion. We need to connect ad many shit to the Internet as we can to prove them wrong 💪

@keithzg @AugierLe42e @Gina Been there, done that :)

Not that I totally understand it but it's part of the process.

The only real issue for me so far was to learn that any previous firewalling was made obsolete because any rules configured only applied for ipv4. Keep that in mind. Whatever you use has to know about ipv6 as well our you'll be in for a surprise.

…and change that VARCHAR field in your DB for ip log 🤪

@Gina @bekopharm @AugierLe42e System administration is so wide that you can't know everything, you don't really have to worry about being a noob
The most important is to stay curious and to discover new things and improve
Don't be a tech grumpy cat

@bekopharm Funny enough, systemd is an interesting case of two FOSS moto conflicting : KISS and Don't Repeat Yourself. systemd service scripts are insanely simple when syvinit scripts are only about repeating the same scripts over and over 🤔

@Gina ooooohh!!! this looks like it'll be a major breakthrough. just hopefully not a major break in the process.

@Gina although at this point i'm hesitant cuz of worries that it'll break network directory users. with any luck that won't be a problem -- and maybe this will actually fix some of the network user problems... (i can see how it would make roaming profiles easier, for instance)

@lindsays Exactly, I was thinking about that last part too.

@Gina Actually you can do a lot of the "encrypting/decrypting" at logon/logoff with pam_mount already. The portable $USER stuff sounds interesting though.


Holy crap. Systemd is 10 years old?!

Now I feel old ... again.


I'm sure I'll soon be seeing Blogs-o'-Plenty explaining all the many ways that homed sucks ... but until then, this sounds pretty sweet.

I especially like the on-the-fly, no-need-to-think-about-it, integrated LUKS encryption.

@Gina Really hope that'll work some day - and preferably with nixos. every step closer to "I just want to use this arbitrary device to enter my personal cyber" that isn't "everything cloud" is good in my book :) sounds like gold for business adminstration as well

BTW: Systemd 245 has been available on Debian since 11 March 2020; systemd-homed has not yet been enabled though.

Maybe it's because I'm one of those people critical of systemd, but the author makes it sound way more 'revolutionary' then it actually is.
Replacing /etc/passwd and /etc/shadow with a JSON file *mind blown*
Encrypted home directories? Available for quite some time already. Disk quotas? Nothing new either.
Using it could be made simpler though.

@Gina some of the stuff sounds interesting, except breaking SSH keys, sysadmins fixing/checking stuff in users homedirs, and stuff that references/serves content out of them which all sounds like a pain.

I wonder if we'll see a public/private home space split to fix some of that and if it could be transparently mixed from the users point of view.


30. Apr.
Gina @Gina wrote:

Interesting stuff, I'm assessing how this will impact our setup.
Linux home directory management is about to undergo major change

1) smb offers this feature for decades so do we need this refurbised idea ?

2) only local home works when the server is down

using ~ for shared data is a terrible idea in large networks anyway.

why should I want more systemd in my machine than necessary? why rely on unreliable connetions?

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.