This session launches a two‑part deep dive into building a resilient, secure, and remotely accessible Raspberry Pi platform. Part I focuses on preparing a Raspberry Pi to operate from an external SSD using an encrypted LVM layout, establishing a solid foundation for containerized services in Part II.
The presentation walks through installing Debian 12 (Bookworm) onto the SSD, applying practical hardening measures, and structuring the system so that both the root filesystem and future container volumes reside within an encrypted partition. An unencrypted boot partition completes the setup, ensuring compatibility with the Pi’s firmware while maintaining strong data protection.
From there, the session moves into remote‑unlock and secure‑access workflows. Attendees will see how Dropbear is integrated into the initramfs to allow remote SSH access for unlocking the encrypted volume. The talk then introduces Cloudflare Zero Trust (formerly Cloudflare Tunnel), demonstrating how cloudflared can provide authenticated, firewall‑friendly access to both SSH and HTTP services without exposing the Pi directly to the internet. The session concludes with an introduction to Incus, the modern fork of LXC, preparing the ground for containerized feeder services in Part II.
Gordo is doing a second session on March 14th.
Where: Quality Foods, View Royal, 27 Helmcken Rd #110
When: 9:30-10a Beverages & Conversation
10a Presentation
This is a Hybrid meeting (in-person and on Jitsi)
NOTE: The online server is only available during meeting times, so if you click on the link below and it doesn’t work then there is no meeting and this is normal.
Join Us Online here: