This commit is contained in:
gabe venberg 2021-05-23 12:54:36 -05:00
parent 2fd81b4692
commit fbb7a518b2
3 changed files with 109 additions and 27 deletions

7
TODO
View file

@ -1,6 +1,7 @@
host this thing with gatsby, jekyll, hugo, or antora
write about interacting with nextcloud instance via cli with cadaver, rclone, maybye lftp?
nextcloud webdav adress is https://gabevenberg.com/nextcloud/remote.php/webdav/
write about synthing, talk about cli program syncthingmanager
@ -11,3 +12,9 @@ write about how static site is generated
write about w3ms featurs. Many people dont realize it has tabs and bookmarks.
write about magic-wormhole
write about rebinding caps lock to ctrl in terminal, if you get that working.
write about email with mutt-wizard
write about nextcloud contacts/todo/calander with vdirsyncer, khal, khard, and todoman

View file

@ -4,32 +4,23 @@ Ive been using archlinux for several years now.
Of course, my first installs were... blunderous, as i wanted to do full disk encryption from the get-go, and I didnt know what I was doing.
After those first one or two installs, I generally settled on LVM on LUKS with a GRUB bootloader and my swap on an LVM volume,
mostly because it makes it much easier to setup hibernation/suspend to disk vs, say, a swap file.
(with a swap file, you have to deal with file offsets, and I have never gotten a satisfactory awnser as to whether its possible for the filesystem to just *move* a file to a different disk sector in the process of, say, defragging with a very full hard drive.)
(with a swap file, you have to deal with file offsets, and I have never gotten a satisfactory answer as to whether its possible for the filesystem to just *move* a file to a different disk sector in the process of, say, defragging with a very full hard drive.)
Anyway, with my newest laptop,
(I tend through them more than normal, as I buy them used off windows users once they become slow, but they are plenty fast for X11 less use or even light X11 use)
I decided to try out btrfs, in large part due to its snapshot system and ability to transfer those snapshots over a network.
With my newest laptop, I decided to try out btrfs, in large part due to its snapshot system and ability to transfer those snapshots over a network.
(Im hoping to make a lightweight filesystem backup using this, on top of the data-level backups I currently use.)
However, suspend-to-disk is also quite important to me, and the archwiki is really only clear on how to do that with unencrypted partitions, LVM on LUKS, and on swapfiles.
The archwiki has some info on how to do it for the encrypt hook with a custom mkinitcpio hook, or with sd-encrytp hooks by just specifying multiple devices, but I didnt want to be writing a ton of custom config for the encrypt hook, and the section on sd-encrypt left some important quesions unawnsered.
////
I awnsered some of these questions:
//TODO: prettify this list.
- Does it matter if you use the kernel command line aurguments or /etc/crypttab.initramfs for suspend-to-disk support? no, but only use one or the other, not both.
- Does using /etc/crypttab.initramfs work when resuming from hibernate? yes.
- sd-encrypt caches your pw so that if multiple volumes can be unlocked with the same password, does that work with cryptab? yes.
- Is it safe to use the filesystem label when using /etc/cryptab.initramfs? yes. The filesystem label is persistent between boots and is stored in the FS header, along with the FS UUID you normaly use. It is exactly as persistent as the FS UUID.
////
The archwiki has some info on how to do it for the encrypt hook with a custom mkinitcpio hook, or with sd-encrypt hooks by just specifying multiple devices, but I didnt want to be writing a ton of custom config for the encrypt hook, and the section on sd-encrypt was not very clear at all, so I decided to do some experimentation and write up what worked for me.
== A note on security and risk profiles
TODO
The encryption schema I am setting up in this guide is only meant to protect your data from theft of your physical device when it is turned off or suspended to the disk.
Full disk encryption will not protect you from anything while you laptop is powered on. After boot, the encryption is completely transparent to userspace.
Also, I did am not encrypting the boot partition, and Im not setting up any sort of secure boot.
This means that an attacker could hypothetically replace your boot partition or firmware and keylog your password, so if you suspect your computer has been tampered with, *DONT* boot it up.
To reiterate, this setup by itself only protect your data if your powered down machine is stolen. It does not protect you data from being stolen in any scenario where your laptop is powered on.
== Things you should do first
@ -39,14 +30,14 @@ such as setting up a graphical environment.
Also, some of the middle steps require some modification depending on what sort of final setup you want, and your hardware.
I will call out those modifications in the relevant steps.
All this said, I would discorage you from blindly following this guide if its your first time installing arch (or a similarly diy distro like gentoo).
All this said, I would discourage you from blindly following this guide if its your first time installing arch (or a similarly diy distro like gentoo).
You should clearly understand what most of these commands do before typing them in.
Anyway, start by booting up the arch ISO...
== Installing via ssh
Sometimes, you dont want to be switching from the computer you are installing linux on and the computer wtih the documentatoin and google on it,
Sometimes, you dont want to be switching from the computer you are installing linux on and the computer with the documentation and a search engine on it,
and Ive found the best way to avoid that is to set up a simple ssh session from the arch ISO to the computer with the documentation on it.
[IMPORTANT]
@ -106,7 +97,7 @@ turn on ntp
== Partitioning
create paritions using the tools of your choice. I will be using the following partition map. If you use a different one, then
create partitions using the tools of your choice. I will be using the following partition map.
an EFI partition of 512M
@ -124,7 +115,7 @@ Encrypt the btrfs parition with
# cryptsetup config --label="btrfs" /dev/sda3
....
and enter the encryption passkey. I reccomend making it a full sentence for security.
and enter the encryption passkey. I recommend making it a full sentence for security.
Encrypt the swap partition. Use the same password as last time.
@ -144,13 +135,13 @@ now open the newly encrypted partitions
== Filesystem creation
format the EFI poartion with FAT32 and give it the label EFI (label can be something else.)
format the EFI partition with FAT32 and give it the label EFI (label can be something else.)
....
# mkfs.vfat -F32 -n EFI /dev/sda1
....
format the swap partiton as swap
format the swap partition as swap
....
# mkswap /dev/mapper/swap
@ -192,7 +183,7 @@ mount subvols and EFI partition
== installing base system, generating *stab
install arch (ajust this to suit your needs), change intel-ucode to amd-ucode if using an AMD processor.
install the base packages. ajust the package list to suit your needs. change intel-ucode to amd-ucode if using an AMD processor.
....
# pacstrap /mnt linux linux-firmware base base-devel btrfs-progs zsh neovim git stow tmux connman wpa_supplicant openvpn fzf htop rsync tig tree xdg-user-dirs units python tree openssh w3m curl intel-ucode
@ -254,7 +245,7 @@ create the hostname file
# echo '[myhostname]' > /etc/hostname
....
and add maching entries to /etc/hosts, like so (if static ip, use that. if dynamic, use 127)
and add matching entries to /etc/hosts, like so (if static ip, use that. if dynamic, use 127)
....
127.0.0.1 localhost

84
capsToCtrl.adoc Normal file
View file

@ -0,0 +1,84 @@
= Caps to Ctrl in tty
In the past 2 years or so, I have been using my caps lock key as a seperate ctrl key on my desktop keyboard.
This is very easy to do in X11 with a setxkmap command.
However, with my laptop, I try to run without X as much as possible. (Ive found it make a nice, distraction free environment, and it seems to be pretty good for battery life)
Obviously, without X, we cannot use setxkmap.
In order to do this without the tools in setxkbmap, we will have to edit the keymap used by the vitual console and set it as the keymap using localectl.
Now, according to the archwiki, we should be able to create a file contianing
....
keycode 58 = Control
.....
and be done with it.
However, if we do this, we will notice a somewhat odd bug.
When we hold down caps lock and press another key, the kernel starts sending control- keycodes.
However, when we release caps lock, the kernel continues to send control- keycodes.
From what I can tell, the only way to \'release\' control is to reboot.
In order to figure out why this is happening, we read the man page 'man keymaps'.
....
Note that you should be very careful when binding the modifier keys, otherwise you can end up with an unusable keyboard mapping.
If you for example define a key to have Control in its first column and leave the rest of the columns to be VoidSymbols, you're in trouble.
This is because pressing the key puts Control modifier in effect and the following actions are looked up from the fifth column (see the table above).
So, when you release the key, the action from the fifth column is taken.
It has VoidSymbol in it, so nothing happens.
This means that the Control modifier is still in effect, although you have released the key.
Re-pressing and releasing the key has no effect.
....
So what is happening seems to be that when we press caps lock, it looks for what keycode to send when no modifier keys are pressed.
Finding Control in the first column (the only column we specified), it activates the control modifier.
When we release caps lock, it looks for the key to [un]press when C-caps lock is released, and finds nothing.
This means that control is now stuck on.
But wait, if we read a bit further in the man page, we find that this shouldnt be happening!
....
For added convenience, you can usually get off with still more terse definitions.
If you enter a key definition line with only and exactly one action code after the equals sign, it has a special meaning.
If the code (numeric or symbolic) is not an ASCII letter, it means the code is implicitly replicated through all columns being defined.
....
Shouldnt this mean that our 'keycode 58 = Control' should be interpreted as 'keycode 58 = Control Control Control (and so on)'?
Well, it should!
However, there seems to be a bug in 'loadkeys', as the above only works when defining a complete keymap, not when overriding parts of default.map.
This means, that in order to correctly modify the keymap, we either have to define all columns manually, or we have to copy the default keymap, edit it, and load it as a complete keymap.
== Keymap patch
To continue overriding the default keymap, you can simply manually repeat the control command.
Now, technically, there are 256 columns in the keymap file, but, at least for latin keyboards, only the first 16 are used.
As sutch, our keymap patch looks like:
....
keycode 58 = Control Control Control Control Control Control Control Control Control Control Control Control Control Control Control Control
....
Now just put it in in '/usr/share/kbd/keymaps/', and set it as your keymap with 'sudo localectl set-keymap [filename without .map extention]'.
== Full keymap
In order to create a new full keymap, copy the keymap you want to edit from '/usr/share/kbd/keymaps/i386/[couple more folders here]' to somewhere in 'usr/share/kbd/keymaps/' and unzip it with 'sudo gzip -d [filename]'.
Edit it with sudoedit and replace
....
keycode 58 = Caps_Lock
....
with
....
keycode 58 = Control
....
Then you can (optionally) re-zip it with 'sudo gzip [filename]' and set it as your keymap with 'sudo localectl set-keymap [filename without .map extention]'.
There we go!
Our caps lock key is now a second control key! Not that with 'localectl', this has also set caps lock as a second control key for X as well!