• 0 Posts
  • 7 Comments
Joined 2 years ago
Cake day: July 1st, 2023
  • hietsu@sopuli.xyztoLinux@lemmy.mlI maked a maymay. I mint fan.
    3·
    6 hours ago

    Not my text but here’s what Gemini laid out, apparently projects like WubiUEFI do something like this but with caveats.

    ” Project: “One-Click Linux” Installer Objective: A simple .exe for non-technical users to install a full Linux distribution from Windows 10/11. The process will be fully automated after a single click.

    Core Technologies & Components

    1. The Windows Application (.exe)
    • GUI Framework: .NET (C#) to build a minimal user interface and leverage deep Windows integration.
    • Disk Partitioner: Script the built-in Windows diskpart.exe utility to automatically shrink the existing Windows partition and create a new one for Linux. Requires Administrator privileges.
    • Installer Preparation: Download a pre-selected Linux distribution (e.g., Linux Mint) and extract its core files.
    1. The Bridge from Windows to Linux
    • Boot Configuration: Use Windows bcdedit.exe to create a temporary, one-time boot entry that points directly to the Linux installer, bypassing the normal Windows boot.
    • Automated Installation: Generate a preseed or kickstart script. This file will provide all the answers to the Linux installer automatically (language, keyboard, and instructions to use the partition created earlier).
    1. The Modern Boot Solution (Post-Installation)
    • Boot Manager: rEFInd. The automated Linux install will install rEFInd. It is chosen for its superior auto-detection of both Windows and Linux, and its user-friendly graphical interface. It will automatically provide a clean, icon-based menu to choose an OS on startup.
    • Boot Method: EFI Stub. The Linux kernel will be launched directly by rEFInd as a bootable EFI application. This is a fast, clean, and modern method that avoids the complexity of older bootloaders. rEFInd will handle discovering the kernel and presenting it as a boot option. ”
  • hietsu@sopuli.xyztoLinux@lemmy.mlI maked a maymay. I mint fan.
    7·
    10 hours ago

    Great effort and all but until we can get an .exe to run in windows to install the new system, this will not attract anybody but the 0.01%.

    Yes, for us in the know it’s no biggie to get an USB stick, play with Rufus or the kind, fiddle with ”BIOS” but for the average user even the first step is just too much.

    Windows can install new Windows and modify EFI stuff, and macOS can install new macOS so why can’t Linux use the same mechanisms? Especially as in the history there used to be some projects that could do this…

    Best chance in decades to bring Linux to desktop and it looks like we blew it by being too accustomed to difficulty, not being united behind the effort and whatnot :(

  • hietsu@sopuli.xyztoSelfhosted@lemmy.world[SOLVED] ELI5: How to put several servers on one external IP?English
    4·
    4 days ago

    I have wrestled with the same thing as you and I think nginx reverse proxy and subdomains are reasonably good solution:

    • nothing answers from www.mydomain.com or mydomain.com or ip:port.
    • I have subdomains like service.mydomain.com and letsencrypt gives them certs.
    • some services even use a dir, so only service.mydomain.com/something will get you there but nothing else.
    • keep the services updated and using good passwords & non-default usernames.
    • Planned: instant IP ban to anything that touches port 80/443 without using proper subdomain (whitelisting letsencrypt ofc), same with ssh port and other commonly scanner ones. Using fail2ban reading nginx logs for example.
    • Planned: geofencing some ip ranges, auto-updating from public botnet lists.
    • Planned: wildcard TLS cert (*.mydomain.com) so that the subdomains are not listed anywhere maybe even Cloudflare tunnel with this.

    Only fault I’ve discovered are some public ledgers of TLS certs, where the certs given by letsencrypt spill out those semi-secret subdomains to the world. I seem to get very little to no bots knocking my services though so maybe those are not being scraped that much.