Want BTRFS CoW snapshots but need to use Dropbox?

Update: Not sure when this happened but I was checking the requirements for FS on Linux at Dropbox.com and apparently they DO support BTRFS once again. So the process outlined in this post is no longer necessary.

See announcement: https://hardware.slashdot.org/story/19/07/22/1534200/dropbox-brings-back-support-for-zfs-xfs-btrfs-and-ecryptfs-on-linux

Old article: This is less of a write up and more of a PSA:

Want to put BTRFS on every device you have like me because you can’t get enough of CoW FS? Especially for operating systems? Because snapper? cgroups? timeshift? machinectl? The list goes on…

Use BTRFS to your heart’s content! Just create a separate partition formatted with EXT4 and mount it to your Dropbox-using user’s /home/username/Dropbox in /etc/fstab

This can be done while initially setting up your OS, which if you’re like me you’ll be doing all sorts of finagling with your partition layout anyway, or shrink one of your partitions after the fact (/home comes to mind, since that’s where Dropbox is usually located).

I’ve done this in several builds so I can have snapshot+rollback capabilities while working around the new(ish) Dropbox file system requirements in OS like OpenSUSE, Debian and Ubuntu. Admittedly, less of the VMs are in service now that Dropbox limits free accounts to 3 devices.

What about snapshots of your Dropbox folder, you ask? Well, Dropbox has its own file versioning system built-in that should keep your files safe from accidental deletion for at least 1 month. So if you delete anything from your EXT4 Dropbox folder, just get on the Dropbox website and click “deleted files” before it’s too late (!)

In another post, I’ll have to explain how I set up a Dropbox+Syncthing VM to share files across platforms and then propagate those files to other machines using Syncthing so as to skirt the 3-device limit.

I only use about 2GB on Dropbox in the form of PDFs and text files for work – I don’t need a $10/mo 1TB of storage, but I still have LOTS of devices I like to use. Thankfully Syncthing doesn’t have any high-falutin’ requirements for underlying file system types like Dropbox does [insert pointed stink-eye at Dropbox developers].

I’ve done this specifically to retain Dropbox notifications (changed/added file, etc.) which are easily connected to IFTTT for push notifications on cell phones. It’s not a functionality I’ve found easy to recreate using other methods.

If you want to delve deeper into the partitioning issue, here’s a thread in the BTRFS subreddit about the original topic – with an interesting alternative to creating a separate partition, a loop device!

Nerd out.

Quick and dirty SSH key for pfSense / OPNsense gateway

PSA: Stop using password login for root on your router! NOW!!!

OK, now that I got your attention, here’s how I did it in Git Bash (MINGW64) on Windows LTSC. I promise this is QUICK and EASY, so there’s NO EXCUSE not to do it.

Open your terminal and run ssh-keygen – you don’t need a passphrase unless you want one (just hit enter).

Navigate to ~/.ssh/ and display your id_rsa.pub file:

avery@winsalad MINGW64 /c/users/avery/.ssh
$ cat id_rsa.pub
ssh-rsa REDACTED ... REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ... = avery@winsalad

Copy the redacted portion above from ssh-rsa to the username@computername portion (get all of it)

Log into your gateway via SSH, drop to shell and run ssh-keygen (if you haven’t already):

avery@winsalad MINGW64 /c/users/avery/.ssh
$ ssh root@gateway
Last login: Mon Dec 16 21:21:17 2019 from 192.168.1.122
----------------------------------------------
|      Hello, this is OPNsense 19.7          |         @@@@@@@@@@@@@@@
|                                            |        @@@@         @@@@
| Website:      https://opnsense.org/        |         @@@\\\   ///@@@
| Handbook:     https://docs.opnsense.org/   |       ))))))))   ((((((((
| Forums:       https://forum.opnsense.org/  |         @@@///   \\\@@@
| Lists:        https://lists.opnsense.org/  |        @@@@         @@@@
| Code:         https://github.com/opnsense  |         @@@@@@@@@@@@@@@
----------------------------------------------
*** gateway.webtool.space: OPNsense 19.7.7 (amd64/OpenSSL) ***
 LAN (vmx0)      -> v4: 192.168.1.1/24
                    v6/t6: REDACTED ... REDACTED .../64
 WAN (em0)       -> v4/DHCP4: REDACTED ... /21
                    v6/DHCP6: REDACTED ... REDACTED .../128
 HTTPS: SHA256 REDACTED ... REDACTED ...REDACTED ... REDACTED ...
               REDACTED ... REDACTED ...REDACTED ... REDACTED ...
 SSH:   SHA256 REDACTED ... REDACTED ...  (ECDSA)
 SSH:   SHA256 REDACTED ... REDACTED ...  (ED25519)
 SSH:   SHA256 REDACTED ... REDACTED ...  (RSA)
  0) Logout                              7) Ping host
  1) Assign interfaces                   8) Shell
  2) Set interface IP address            9) pfTop
  3) Reset the root password            10) Firewall log
  4) Reset to factory defaults          11) Reload all services
  5) Power off system                   12) Update from console
  6) Reboot system                      13) Restore a backup
Enter an option: 8
root@gateway:~ # ssh-keygen

paste your id_rsa.pub to the end of ~/.ssh/authorized_keys :

root@gateway:~/.ssh # echo 'ssh-rsa  REDACTED ... REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ...REDACTED ... = avery@winsalad' >> authorized_keys

Navigate to your web UI and de-select “Permit password login” under SSH section (or similar – depending on your gateway of preference, I’m using OPNsense):

OPNsense gateway used as example

Note: You should probably create a new user and su to root once you’re connected via SSH, but this is the “quick and dirty” version, so we’ll save that for another day.

Open A NEW TERMINAL instance or tab (don’t log out of SSH yet!) and try logging into your gateway. I’ve found it good practice to always try things that effect SSH login in a new instance because you never know when your settings alterations will lock you out. It’s not such a big deal in this example, but it’s a good practice to be in the habit of.

If you’ve gone through these steps properly, you should be able to log into your gateway without a password now (unless you specified a passphrase using ssh-keygen).

Now you’ll be limited to connecting via SSH only with this one machine. For additional machines, there’s several things you could do:

  • Copy the contents of your ~/.ssh folder to other machines
  • repeat the ssh-keygen step for the next computer and copy the id_rsa.pub to the gateway’s authorized_keys again
  • My personal favorite, read this man page: https://www.ssh.com/ssh/copy-id

OK that’s all for now. Happy hashing!