moved site to hugo.

This commit is contained in:
Gabe Venberg 2023-06-22 02:43:19 -05:00
parent 184dc9c713
commit 5bd850c0a1
7 changed files with 249 additions and 148 deletions

13
.gitignore vendored Normal file
View file

@ -0,0 +1,13 @@
# Generated files by hugo
/public/
/resources/_gen/
/assets/jsconfig.json
hugo_stats.json
# Executable may be added to repository
hugo.exe
hugo.darwin
hugo.linux
# Temporary lock file while building
/.hugo_build.lock

3
.gitmodules vendored Normal file
View file

@ -0,0 +1,3 @@
[submodule "themes/poison"]
path = themes/poison
url = https://github.com/lukeorth/poison.git

6
archetypes/default.md Normal file
View file

@ -0,0 +1,6 @@
---
title: "{{ replace .Name "-" " " | title }}"
date: {{ .Date }}
draft: true
---

View file

@ -1,4 +1,10 @@
= Installing btrfs, systemd-boot, and LUKS with suspend to disk on encrypted swap partition.
---
title: "ArchInstall"
date: 2023-06-22T00:19:51-05:00
draft: false
---
== Installing btrfs, systemd-boot, and LUKS with suspend to disk on encrypted swap partition.
Ive been using archlinux for several years now.
Of course, my first installs were... blunderous, as i wanted to do full disk encryption from the get-go, and I didnt know what I was doing.
@ -12,7 +18,7 @@ With my newest laptop, I decided to try out btrfs, in large part due to its snap
However, suspend-to-disk is also quite important to me, and the archwiki is really only clear on how to do that with unencrypted partitions, LVM on LUKS, and on swapfiles.
The archwiki has some info on how to do it for the encrypt hook with a custom mkinitcpio hook, or with sd-encrypt hooks by just specifying multiple devices, but I didnt want to be writing a ton of custom config for the encrypt hook, and the section on sd-encrypt was not very clear at all, so I decided to do some experimentation and write up what worked for me.
== A note on security and risk profiles
=== A note on security and risk profiles
The encryption schema I am setting up in this guide is only meant to protect your data from theft of your physical device when it is turned off or suspended to the disk.
Full disk encryption will not protect you from anything while you laptop is powered on. After boot, the encryption is completely transparent to userspace.
@ -22,7 +28,7 @@ This means that an attacker could hypothetically replace your boot partition or
To reiterate, this setup by itself only protect your data if your powered down machine is stolen. It does not protect you data from being stolen in any scenario where your laptop is powered on.
== Things you should do first
=== Things you should do first
Because some things are quite dependent on your system and network, as well as the type of system you end up with,
I will not be detailing some of the early setup steps, such as creating and booting from the arch ISO, or the final steps,
@ -35,7 +41,7 @@ You should clearly understand what most of these commands do before typing them
Anyway, start by booting up the arch ISO...
== Installing via ssh
=== Installing via ssh
Sometimes, you dont want to be switching from the computer you are installing linux on and the computer with the documentation and a search engine on it,
and Ive found the best way to avoid that is to set up a simple ssh session from the arch ISO to the computer with the documentation on it.
@ -47,55 +53,56 @@ We are only doing this because we are (hopefully) on a personal network, and the
====
On the installee, make a password for the root account
....
# passwd
....
{{<highlight console "linenos=false">}}
$ passwd
{{</highlight>}}
Enable SSH using
....
# systemctl start sshd.service
....
{{<highlight console "linenos=false">}}
$ systemctl start sshd.service
{{</highlight>}}
Find the ip adress with
....
# ip addr show
....
{{<highlight console "linenos=false">}}
$ ip addr show
{{</highlight>}}
you are looking for a line like
....
{{<highlight console "linenos=false">}}
inet 192.168.1.162/24 brd 192.168.1.255 scope global dynamic enp0s25
....
{{</highlight>}}
in this case, my LAN IP is 192.168.1.162
now, on the pc you are going to be SSHing from,
....
# ssh root@[ip we just found on installee]
....
{{<highlight console "linenos=false">}}
$ ssh root@[ip we just found on installee]
{{</highlight>}}
and type in the password you set on the installee
now lets continue with the installation.
== inital setup
=== inital setup
verify you are connected to the internet
....
# ping 1.1.1.1
....
{{<highlight console "linenos=false">}}
$ ping 1.1.1.1
{{</highlight>}}
turn on ntp
....
# timedatectl set-ntp true
....
{{<highlight console "linenos=false">}}
$ timedatectl set-ntp true
{{</highlight>}}
== Partitioning
=== Partitioning
create partitions using the tools of your choice. I will be using the following partition map.
@ -105,243 +112,244 @@ a swap partition with a size equal to your RAM.
a btrfs partition containing the rest of the space.
== Encryption
=== Encryption
Encrypt the btrfs parition with
....
# cryptsetup luksFormat /dev/sda3
{{<highlight console "linenos=false">}}
$ cryptsetup luksFormat /dev/sda3
# cryptsetup config --label="btrfs" /dev/sda3
....
$ cryptsetup config --label="btrfs" /dev/sda3
{{</highlight>}}
and enter the encryption passkey. I recommend making it a full sentence for security.
Encrypt the swap partition. Use the same password as last time.
....
# cryptsetup luksFormat /dev/sda2
{{<highlight console "linenos=false">}}
$ cryptsetup luksFormat /dev/sda2
# cryptsetup config --label="swap" /dev/sda2
....
$ cryptsetup config --label="swap" /dev/sda2
{{</highlight>}}
now open the newly encrypted partitions
....
# cryptsetup open /dev/sda2 swap
{{<highlight console "linenos=false">}}
$ cryptsetup open /dev/sda2 swap
# cryptsetup open /dev/sda3 btrfs
....
$ cryptsetup open /dev/sda3 btrfs
{{</highlight>}}
== Filesystem creation
=== Filesystem creation
format the EFI partition with FAT32 and give it the label EFI (label can be something else.)
....
# mkfs.vfat -F32 -n EFI /dev/sda1
....
{{<highlight console "linenos=false">}}
$ mkfs.vfat -F32 -n EFI /dev/sda1
{{</highlight>}}
format the swap partition as swap
....
# mkswap /dev/mapper/swap
....
{{<highlight console "linenos=false">}}
$ mkswap /dev/mapper/swap
{{</highlight>}}
format the root partition with btrfs and give the label root (label can be something else.)
....
# mkfs.btrfs -L btrfs /dev/mapper/btrfs
....
{{<highlight console "linenos=false">}}
$ mkfs.btrfs -L btrfs /dev/mapper/btrfs
{{</highlight>}}
== Creating and mounting subvolumes
=== Creating and mounting subvolumes
....
# mount /dev/mapper/btrfs /mnt
{{<highlight console "linenos=false">}}
$ mount /dev/mapper/btrfs /mnt
# btrfs subvolume create /mnt/root
$ btrfs subvolume create /mnt/root
# btrfs subvolume create /mnt/home
$ btrfs subvolume create /mnt/home
# umount /mnt
....
$ umount /mnt
{{</highlight>}}
mount subvols and EFI partition
....
# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=root /dev/mapper/btrfs /mnt
{{<highlight console "linenos=false">}}
$ mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=root /dev/mapper/btrfs /mnt
# mkdir /mnt/home
$ mkdir /mnt/home
# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=home /dev/mapper/btrfs /mnt/home
$ mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=home /dev/mapper/btrfs /mnt/home
# mkdir /mnt/boot
$ mkdir /mnt/boot
# mount /dev/sda1 /mnt/boot
$ mount /dev/sda1 /mnt/boot
# swapon /dev/mapper/swap
....
$ swapon /dev/mapper/swap
{{</highlight>}}
== installing base system, generating *stab
=== installing base system, generating *stab
install the base packages. ajust the package list to suit your needs. change intel-ucode to amd-ucode if using an AMD processor.
....
# pacstrap /mnt linux linux-firmware base base-devel btrfs-progs zsh neovim git stow tmux connman wpa_supplicant openvpn fzf htop rsync tig tree xdg-user-dirs units python tree openssh w3m curl intel-ucode
....
{{<highlight console "linenos=false">}}
$ pacstrap /mnt linux linux-firmware base base-devel btrfs-progs zsh neovim git stow tmux connman wpa_supplicant openvpn fzf htop rsync tig tree xdg-user-dirs units python tree openssh w3m curl intel-ucode
{{</highlight>}}
generate an fstab
....
# genfstab -U /mnt > /mnt/etc/fstab
....
{{<highlight console "linenos=false">}}
$ genfstab -U /mnt > /mnt/etc/fstab
{{</highlight>}}
make /mnt/etc/crypttab.initramfs containing:
....
#our swap device
{{<highlight console "linenos=false">}}
$our swap device
swap LABEL=swap
#our main device
$our main device
btrfs LABEL=btrfs
....
{{</highlight>}}
== system config
=== system config
chroot into the new system
....
# arch-chroot /mnt/
....
{{<highlight console "linenos=false">}}
$ arch-chroot /mnt/
{{</highlight>}}
set time zone.
....
# ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
....
{{<highlight console "linenos=false">}}
$ ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
{{</highlight>}}
run hwclock
....
# hwclock --systohc
....
{{<highlight console "linenos=false">}}
$ hwclock --systohc
{{</highlight>}}
uncomment needed locales in /etc/locale.gen (you always need to at least uncomment en_US.UTF-8 UTF-8.)
gen locales
....
# locale-gen
....
{{<highlight console "linenos=false">}}
$ locale-gen
{{</highlight>}}
set LANG variable
....
# echo 'LANG=en_US.UTF-8' > /etc/locale.conf
....
{{<highlight console "linenos=false">}}
$ echo 'LANG=en_US.UTF-8' > /etc/locale.conf
{{</highlight>}}
create the hostname file
....
# echo '[myhostname]' > /etc/hostname
....
{{<highlight console "linenos=false">}}
$ echo '[myhostname]' > /etc/hostname
{{</highlight>}}
and add matching entries to /etc/hosts, like so (if static ip, use that. if dynamic, use 127)
....
{{<highlight console "linenos=false">}}
127.0.0.1 localhost
::1 localhost
127.0.1.1 myhostname.localdomain myhostname
....
{{</highlight>}}
== installing the boot loader
=== installing the boot loader
edit /etc/mkinitcpio.conf so the HOOKS line looks like this:
....
{{<highlight console "linenos=false">}}
HOOKS=(base systemd udev autodetect modconf block sd-encrypt btrfs resume filesystems keyboard fsck)
....
{{</highlight>}}
and regen the initramfs
....
# mkinitcpio -p linux
....
{{<highlight console "linenos=false">}}
$ mkinitcpio -p linux
{{</highlight>}}
install systemd-boot
....
# bootctl install
....
{{<highlight console "linenos=false">}}
$ bootctl install
{{</highlight>}}
create /boot/loader/entries/arch.conf containing:
....
{{<highlight console "linenos=false">}}
title Arch Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options root=/dev/mapper/btrfs rootflags=subvol=/root resume=/dev/mapper/swap
....
{{</highlight>}}
edit /boot/loader/loader.conf and add:
....
{{<highlight console "linenos=false">}}
default arch.conf
timeout 2
console-mode max
editor no
....
{{</highlight>}}
== system config
=== system config
set root password
....
# passwd
....
{{<highlight console "linenos=false">}}
$ passwd
{{</highlight>}}
exit and shutdown the system
....
# exit
{{<highlight console "linenos=false">}}
$ exit
# shutdown now
....
$ shutdown now
{{</highlight>}}
remove the install media, and boot back up. make sure everythign boots. from now on, configure the system as normal.
== configuring userspace
=== configuring userspace
add a non-root user
....
# useradd -m -G wheel -s /bin/sh your_username
# passwd your_username
....
{{<highlight console "linenos=false">}}
$ useradd -m -G wheel -s /bin/sh your_username
$ passwd your_username
{{</highlight>}}
symlink neovim to vi (assuming you installed neovim but not vi. modify as your installed packages call for.)
....
# ln -s /usr/bin/nvim /usr/bin/vi
....
{{<highlight console "linenos=false">}}
$ ln -s /usr/bin/nvim /usr/bin/vi
{{</highlight>}}
configure sudo
....
# visudo
....
{{<highlight console "linenos=false">}}
$ visudo
{{</highlight>}}
uncomment the line that reads
....
{{<highlight console "linenos=false">}}
%wheel ALL=(ALL) ALL
....
{{</highlight>}}
enable multilib: uncomment the following lines in /ec/pacman.conf
....
{{<highlight console "linenos=false">}}
[multilib]
Include = /etc/pacman.d/mirrorlist
....
{{</highlight>}}
Congrats! you now have a barebones, but functional, encrypted arch install!

View file

@ -1,3 +1,9 @@
---
title: "CapsToCtrl"
date: 2023-06-22T01:59:28-05:00
draft: true
---
= Caps to Ctrl in tty
In the past 2 years or so, I have been using my caps lock key as a seperate ctrl key on my desktop keyboard.
@ -9,9 +15,9 @@ In order to do this without the tools in setxkbmap, we will have to edit the key
Now, according to the archwiki, we should be able to create a file contianing
....
{{<highlight console "linenos=false">}}
keycode 58 = Control
.....
{{</highlight>}}
and be done with it.
@ -22,15 +28,16 @@ From what I can tell, the only way to \'release\' control is to reboot.
In order to figure out why this is happening, we read the man page 'man keymaps'.
....
Note that you should be very careful when binding the modifier keys, otherwise you can end up with an unusable keyboard mapping.
[NOTE]
====
You should be very careful when binding the modifier keys, otherwise you can end up with an unusable keyboard mapping.
If you for example define a key to have Control in its first column and leave the rest of the columns to be VoidSymbols, you're in trouble.
This is because pressing the key puts Control modifier in effect and the following actions are looked up from the fifth column (see the table above).
So, when you release the key, the action from the fifth column is taken.
It has VoidSymbol in it, so nothing happens.
This means that the Control modifier is still in effect, although you have released the key.
Re-pressing and releasing the key has no effect.
....
====
So what is happening seems to be that when we press caps lock, it looks for what keycode to send when no modifier keys are pressed.
Finding Control in the first column (the only column we specified), it activates the control modifier.
@ -39,11 +46,11 @@ This means that control is now stuck on.
But wait, if we read a bit further in the man page, we find that this shouldnt be happening!
....
{{<highlight console "linenos=false">}}
For added convenience, you can usually get off with still more terse definitions.
If you enter a key definition line with only and exactly one action code after the equals sign, it has a special meaning.
If the code (numeric or symbolic) is not an ASCII letter, it means the code is implicitly replicated through all columns being defined.
....
{{</highlight>}}
Shouldnt this mean that our 'keycode 58 = Control' should be interpreted as 'keycode 58 = Control Control Control (and so on)'?
Well, it should!
@ -56,9 +63,9 @@ To continue overriding the default keymap, you can simply manually repeat the co
Now, technically, there are 256 columns in the keymap file, but, at least for latin keyboards, only the first 16 are used.
As sutch, our keymap patch looks like:
....
{{<highlight console "linenos=false">}}
keycode 58 = Control Control Control Control Control Control Control Control Control Control Control Control Control Control Control Control
....
{{</highlight>}}
Now just put it in in '/usr/share/kbd/keymaps/', and set it as your keymap with 'sudo localectl set-keymap [filename without .map extention]'.
@ -68,15 +75,15 @@ Now just put it in in '/usr/share/kbd/keymaps/', and set it as your keymap with
In order to create a new full keymap, copy the keymap you want to edit from '/usr/share/kbd/keymaps/i386/[couple more folders here]' to somewhere in 'usr/share/kbd/keymaps/' and unzip it with 'sudo gzip -d [filename]'.
Edit it with sudoedit and replace
....
{{<highlight console "linenos=false">}}
keycode 58 = Caps_Lock
....
{{</highlight>}}
with
....
{{<highlight console "linenos=false">}}
keycode 58 = Control
....
{{</highlight>}}
Then you can (optionally) re-zip it with 'sudo gzip [filename]' and set it as your keymap with 'sudo localectl set-keymap [filename without .map extention]'.
@ -85,8 +92,9 @@ Our caps lock key is now a second control key!
Note that localectl does not seem to propogate our change to X11, unfortuanately.
To do it in X as well, simply run
....
{{<highlight console "linenos=false">}}
setxkbmap -option ctrl:nocaps
....
{{</highlight>}}
in your .xinitrc.
in your .xinitrc.

62
hugo.toml Normal file
View file

@ -0,0 +1,62 @@
baseURL = 'http://example.org/'
languageCode = 'en-us'
title = 'My New Hugo Site'
theme = 'poison'
[params]
brand = "Gabe Venberg" # name of your site - appears in the sidebar
# brand_image = "/images/test.jpg" # path to the image shown in the sidebar
description = "Technical projects I've been working on" # Used as default meta description if not specified in front matter
dark_mode = true # optional - defaults to false
# favicon = "favicon.png" # path to favicon (defaults to favicon.png)
# MENU PLACEHOLDER
# Menu dict keys:
# Name: The name to display on the menu.
# URL: The directory relative to the content directory.
# HasChildren: If the directory's files should be listed. Default is true.
# Limit: If the files should be listed, how many should be shown.
menu = [
{Name = "About", URL = "/about/", HasChildren = false},
{Name = "Posts", URL = "/posts/", Pre = "Recent", HasChildren = true, Limit = 3},
]
github_url = "https://github.com/gabevenberg"
# NOTE: If you don't want to use RSS, comment or delete the following lines
# Adds an RSS icon to the end of the socials which links to {{ .Site.BaseURL }}/index.xml
rss_icon = true
# Which section the RSS icon links to, defaults to all content. See https://gohugo.io/templates/rss/#section-rss
rss_section = "posts"
[markup]
[markup.highlight]
anchorLineNos = false
codeFences = true
guessSyntax = false
hl_Lines = ''
hl_inline = false
lineAnchors = ''
lineNoStart = 1
lineNos = true
lineNumbersInTable = true
noClasses = true
noHl = false
style = 'monokai'
tabWidth = 4
[security]
enableInlineShortcodes = false
[security.exec]
allow = ["^dart-sass-embedded$", "^go$", "^npx$", "^postcss$", "^asciidoctor$"]
osEnv = ["(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM|RUBYLIB)$"]
[security.funcs]
getenv = ["^HUGO_"]
[security.http]
methods = ["(?i)GET|POST"]
urls = [".*"]

1
themes/poison Submodule

@ -0,0 +1 @@
Subproject commit 962b04d220807f1059874787fc6b461a82af1ec9