Installing and configuring an unprivileged lxc container with uid/gid offset.

LANG=C SUITE=bookworm MIRROR=https://ftp.debian.org/debian/ lxc-create --name=unprivileged-lxc --template=debian

Let’s add additional subuids/subgids for the root user.

usermod --add-subuids 200000-265535 root
usermod --add-subgids 200000-265535 root
# to remove subgroups
# usermod --del-subuids 200000-265535 root
# usermod --del-subgids 200000-265535 root

Storing cryptsetup headers separately has some advantages, firstly, without them, the block device itself is a set of Entropy, from which it is impossible to determine the type of partition / encryption / device.
Secondly, it is a small file that can be easily backed up without using dd.

Simple cheat sheet

Generate a password.

cat /dev/urandom | tr -dc '[[:print:]]' | fold -w 256 | sed 's/ //g' | fold -w128 | head -n 1

Required packages apt install fontforge и pip install fonttools.

Let’s decide on the necessary glyphs: we need Latin, Cyrillic, special characters, including some Greek symbols (ΣΩαβγμ), Greek analogues that are similar in style but have different codes (∆∑µ), and a few more that can be used somewhere in the text or as elements to replace graphics (♪♫♬).

Why are there multiple variants of similar glyphs with different codes?

Because the µ (mu U+00b5) symbol and the Greek letter μ (mu U+03bc) in extended fonts can have their own glyph with different shapes, or, conversely, a common glyph, where similar characters in shape refer to the same glyph. Or, for example, the Greek Σ (Sigma U+03a3) is not the same as the symbol ∑ (summation U+2211).
But perhaps these symbols look the same on your screen.

Basic example of openvpn settings

cd /etc/openvpn
mkdir ccd
mkdir crl
mkdir keys
mkdir secret
chmod 700 keys secret
printf '00' > serial
touch index.txt

As an example.
Organization Name: OVPN-NET
Common Name: OVPN-SERVER

nano openssl.cnf