./install
TODO
https://wiki.archlinux.org/title/systemd-resolved
# Enable systemd-resolved
sudo systemctl enable --now systemd-resolved
# Link systemd-resolved config to system resolv conf
ln -sf ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
# Create config directory for custom configs
mkdir -p /etc/systemd/resolved.conf.d/
Copy this to /etc/systemd/resolved.conf.d/dns_over_tls.conf
[Resolve]
DNS=8.8.8.8 8.8.4.4
DNSOverTLS=yes
Reload systemd-resolved to use new configuration
sudo systemctl restart systemd-resolved
https://wiki.archlinux.org/title/systemd-networkd
Wired network
Create /etc/systemd/network/20-wired.network
[Match]
Type=eth*
[Network]
DHCP=yes
[DHCPv4]
RouteMetric=100
[IPv6AcceptRA]
RouteMetric=100
Wireless network
Create /etc/systemd/network/25-wireless.network
[Match]
Type=wlan*
[Network]
DHCP=yes
IgnoreCarrierLoss=3s
[DHCPv4]
RouteMetric=200
[IPv6AcceptRA]
RouteMetric=200
Create a new file ~/.git-additional.config and add sensitive configurations there Sample:
[user]
email = [email protected]
name = your-username
signingkey = your-gpg-public-key
NOTE: If enabling WOL is available through BIOS then use that instead
https://wiki.archlinux.org/title/Wake-on-LAN#systemd.link
Create new file /etc/systemd/network/50-wired.link
[Match]
MACAddress=aa:bb:cc:dd:ee:ff
[Link]
NamePolicy=kernel database onboard slot path
MACAddressPolicy=persistent
WakeOnLan=magic
NOTE: Replace "aa:bb:cc:dd:ee:ff" with your ethernet card MACAddress. Use
ip addr
This host
# Add your users in `/etc/tigervnc/vncserver.users`
echo ":1=$USER" | sudo tee /etc/tigervnc/vncserver.users
# Enable virtual session (boot as well)
sudo systemctl enable --now vncserver@:1.service
NOTE: For more info vnc-server-virtual-doc
Host to access from
# Run this to forward your remote port to your local port 5901
ssh -N -L 5901:localhost:5901 -t your-server-host
Now connect using any vnc client. Recommended Remmina
ssh -L 5901:localhost:5900 -t your-server-host 'DISPLAY=:0 x0vncserver -localhost -SecurityTypes none'
Now connect using any vnc client. Recommended Remmina
After suspend https://github.com/betterlockscreen/betterlockscreen#systemd
systemctl enable --now betterlockscreen@$USER
https://wiki.archlinux.org/title/dm-crypt/Encrypting_an_entire_system#LUKS_on_a_partition
Why?
With seperate partition, we can decrypt and mount this after boot which is helpfull when we can't physically turn on the system. For eg: Using WOL or a friend turns on the system.
Create a separate partitions
- 10-100GB should be sufficient for most of the cases
- Check current uses by using dua or gdu or ncdu on your home directory.
Use for what?
- Sensitive applications
- Browsers (Heavy)
- Credentials (Light)
- AWS
- docker
- github
- gpg
- Project's secrets (Light)
- Database dumps (Heavy)
Assuming the new partition is /dev/sdb3
NOTE: Make sure update your current user password to better one
NOTE: Use you current password for the partition encyption to avoid forgeting or avoiding entering password twice faster login TODO: More notes
Create encrypted partition
# Enable encyption on the parition using cryptsetup
sudo cryptsetup -y -v luksFormat /dev/sda3
# Then map the parition as virtual parition using cryptsetup
sudo cryptsetup open /dev/sda3 root
# Format the mapped parition using mkfs.ext4
sudo mkfs.ext4 /dev/mapper/root
# Mount the new mapped partition
sudo mount --mkdir /dev/mapper/root /mnt/encrypted_data/
# Now check if all is okay
# -- Create a sample file
echo 'hi-there' | sudo tee /mnt/encrypted_data/test-file.txt
# -- Unmount
sudo umount /mnt/encrypted_data/
# -- Close encyption virtual partition
sudo cryptsetup close root
# -- Open again
sudo cryptsetup open /dev/sda3 root
# -- Mount again
sudo mount /dev/mapper/root /mnt/encrypted_data/
# -- Check the file content
sudo cat /mnt/encrypted_data/test-file.txt
Auto mount partition
NOTE: Not using fstab as it is needed before starting linux We will encrypt during login instead using PAM MAYBE NOT THIS ONE? Follow this
- https://wiki.archlinux.org/title/pam_mount [I am using this one]
- Maybe use configuration in dot file https://wiki.archlinux.org/title/pam_mount#Local_(per-user)_configuration
- https://wiki.archlinux.org/title/Dm-crypt/Mounting_at_login
Nothing here
https://wiki.archlinux.org/title/swap#Swap_file
TODO To read:
- https://borgbackup.readthedocs.io/en/stable/deployment/central-backup-server.html
- https://borgbackup.readthedocs.io/en/stable/deployment/hosting-repositories.html
Search for REPLACE
and replace the values accordingly
- /etc/modules-load.d/ddcutil.conf https://wiki.archlinux.org/title/backlight#External_monitors
i2c_dev ddcci
NOTE: ddcci is available using
ddcutil
package - /etc/modules-load.d/zfs.conf
zfs
- Browsers
# list using ls /usr/share/applications/ xdg-settings set default-web-browser firefoxdeveloperedition.desktop
X-server
yay -S xsettingsd
systemctl enable --now --user xsettingsd.service
NOTE: xdg-settings is available using
xsettingsd
package
https://wiki.archlinux.org/title/Power_management#ACPI_events
To make power button have sleep action.
Add HandlePowerKey=suspend
to /etc/systemd/logind.conf
then
sudo systemctl kill -s HUP systemd-logind
NOTE: This will kill all your sessions
https://www.nerdfonts.com/cheat-sheet
- MacOS
- GPG
- Ctrl+Space not working: zsh-users/zsh-autosuggestions#132 (comment)
- Encrypted DNS: https://github.com/paulmillr/encrypted-dns
- Alacritty unsigned error: alacritty/alacritty#4673 (comment)