From fc7cf42b394eb99d032d0e6d71ab55bd1d3a13f4 Mon Sep 17 00:00:00 2001 From: Gabe Venberg Date: Sun, 16 Jul 2023 01:02:24 -0500 Subject: [PATCH] adressed typos found in most recent laptop install. --- content/posts/archInstall.adoc | 99 ++++++++++--------- .../posts/autologinNextcloudClientOnArch.adoc | 18 ++-- content/posts/capsToCtrl.adoc | 22 ++--- 3 files changed, 71 insertions(+), 68 deletions(-) diff --git a/content/posts/archInstall.adoc b/content/posts/archInstall.adoc index c4f7142..bf6d176 100644 --- a/content/posts/archInstall.adoc +++ b/content/posts/archInstall.adoc @@ -11,7 +11,7 @@ draft = false :toc: :toclevels: 6 -Ive been using archlinux for several years now. +Ive been using Arch Linux for several years now. Of course, my first installs were... blunderous, as i wanted to do full disk encryption from the get-go, and I didnt know what I was doing. After those first one or two installs, I generally settled on LVM on LUKS with a GRUB bootloader and my swap on an LVM volume, mostly because it makes it much easier to setup hibernation/suspend to disk vs, say, a swap file. @@ -20,7 +20,7 @@ mostly because it makes it much easier to setup hibernation/suspend to disk vs, With my newest laptop, I decided to try out btrfs, in large part due to its snapshot system and ability to transfer those snapshots over a network. (Im hoping to make a lightweight filesystem backup using this, on top of the data-level backups I currently use.) -However, suspend-to-disk is also quite important to me, and the archwiki is really only clear on how to do that with unencrypted partitions, LVM on LUKS, and on swapfiles. +However, suspend-to-disk is also quite important to me, and the Arch Wiki is really only clear on how to do that with unencrypted partitions, LVM on LUKS, and on swapfiles. The archwiki has some info on how to do it for the encrypt hook with a custom mkinitcpio hook, or with sd-encrypt hooks by just specifying multiple devices, but I didnt want to be writing a ton of custom config for the encrypt hook, and the section on sd-encrypt was not very clear at all, so I decided to do some experimentation and write up what worked for me. == A note on security and risk profiles @@ -41,21 +41,21 @@ such as setting up a graphical environment. Also, some of the middle steps require some modification depending on what sort of final setup you want, and your hardware. I will call out those modifications in the relevant steps. -All this said, I would discourage you from blindly following this guide if its your first time installing arch (or a similarly diy distro like gentoo). +All this said, I would discourage you from blindly following this guide if its your first time installing arch (or a similarly diy distro like Gentoo). You should clearly understand what most of these commands do before typing them in. Anyway, start by booting up the arch ISO... == Installing via ssh -Sometimes, you dont want to be switching from the computer you are installing linux on and the computer with the documentation and a search engine on it, +Sometimes, you dont want to be switching from the computer you are installing Linux on and the computer with the documentation and a search engine on it, and Ive found the best way to avoid that is to set up a simple ssh session from the arch ISO to the computer with the documentation on it. [WARNING] -=== +==== On a normal, already installed machine, *NEVER* use just a password for SSH. *ESPECIALLY* if it is internet-facing or connected to a public network. We are only doing this because we are (hopefully) on a personal network, and the password-based SSH session only exists on the Arch ISO, so as soon as you boot into your fresh system, the SSH session will be gone. -=== +==== On the installee, make a password for the root account @@ -69,39 +69,39 @@ Enable SSH using $ systemctl start sshd.service {{}} -Find the ip adress with +Find the ip address with {{}} $ ip addr show {{}} -you are looking for a line like +You are looking for a line like {{}} inet 192.168.1.162/24 brd 192.168.1.255 scope global dynamic enp0s25 {{}} -in this case, my LAN IP is 192.168.1.162 +In this case, my LAN IP is 192.168.1.162 -now, on the pc you are going to be SSHing from, +Now, on the pc you are going to be SSHing from, {{}} $ ssh root@[ip we just found on installee] {{}} -and type in the password you set on the installee +And type in the password you set on the installee -now lets continue with the installation. +Now lets continue with the installation. -== inital setup +== initial setup -verify you are connected to the internet +Verify you are connected to the internet {{}} $ ping 1.1.1.1 {{}} -turn on ntp +Turn on ntp {{}} $ timedatectl set-ntp true @@ -109,7 +109,7 @@ $ timedatectl set-ntp true == Partitioning -create partitions using the tools of your choice. I will be using the following partition map. +Create partitions using the tools of your choice. I will be using the following partition map. an EFI partition of 512M @@ -119,7 +119,7 @@ a btrfs partition containing the rest of the space. == Encryption -Encrypt the btrfs parition with +Encrypt the btrfs partition with {{}} $ cryptsetup luksFormat /dev/sda3 @@ -147,19 +147,19 @@ $ cryptsetup open /dev/sda3 btrfs == Filesystem creation -format the EFI partition with FAT32 and give it the label EFI (label can be something else.) +Format the EFI partition with FAT32 and give it the label EFI (label can be something else.) {{}} $ mkfs.vfat -F32 -n EFI /dev/sda1 {{}} -format the swap partition as swap +Format the swap partition as swap {{}} $ mkswap /dev/mapper/swap {{}} -format the root partition with btrfs and give the label root (label can be something else.) +Format the root partition with btrfs and give the label root (label can be something else.) {{}} $ mkfs.btrfs -L btrfs /dev/mapper/btrfs @@ -177,7 +177,7 @@ $ btrfs subvolume create /mnt/home $ umount /mnt {{}} -mount subvols and EFI partition +Mount subvols and EFI partition {{}} $ mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=root /dev/mapper/btrfs /mnt @@ -195,69 +195,69 @@ $ swapon /dev/mapper/swap == installing base system, generating *stab -install the base packages. ajust the package list to suit your needs. change intel-ucode to amd-ucode if using an AMD processor. +Install the base packages. Adjust the package list to suit your needs. change intel-ucode to amd-ucode if using an AMD processor. {{}} -$ pacstrap /mnt linux linux-firmware base base-devel btrfs-progs zsh neovim git stow tmux connman wpa_supplicant openvpn fzf htop rsync tig tree xdg-user-dirs units python tree openssh w3m curl intel-ucode +$ pacstrap /mnt linux linux-firmware base base-devel btrfs-progs zsh neovim git stow tmux connman wpa_supplicant openvpn fzf htop rsync tree xdg-user-dirs python tree openssh w3m curl intel-ucode {{}} -generate an fstab +Generate an fstab {{}} $ genfstab -U /mnt > /mnt/etc/fstab {{}} -make /mnt/etc/crypttab.initramfs containing: +Make /mnt/etc/crypttab.initramfs containing: {{}} -$our swap device +#our swap device swap LABEL=swap -$our main device +#our main device btrfs LABEL=btrfs {{}} == system config -chroot into the new system +Chroot into the new system {{}} $ arch-chroot /mnt/ {{}} -set time zone. +Set time zone. {{}} $ ln -sf /usr/share/zoneinfo/Region/City /etc/localtime {{}} -run hwclock +Run hwclock {{}} $ hwclock --systohc {{}} -uncomment needed locales in /etc/locale.gen (you always need to at least uncomment en_US.UTF-8 UTF-8.) +Uncomment needed locales in /etc/locale.gen (you always need to at least uncomment en_US.UTF-8 UTF-8.) -gen locales +Gen locales {{}} $ locale-gen {{}} -set LANG variable +Set LANG variable {{}} $ echo 'LANG=en_US.UTF-8' > /etc/locale.conf {{}} -create the hostname file +Create the hostname file {{}} $ echo '[myhostname]' > /etc/hostname {{}} -and add matching entries to /etc/hosts, like so (if static ip, use that. if dynamic, use 127) +And add matching entries to /etc/hosts, like so (if static ip, use that. if dynamic, use 127) {{}} 127.0.0.1 localhost @@ -267,25 +267,25 @@ and add matching entries to /etc/hosts, like so (if static ip, use that. if dyna == installing the boot loader -edit /etc/mkinitcpio.conf so the HOOKS line looks like this: +Edit /etc/mkinitcpio.conf so the HOOKS line looks like this: {{}} HOOKS=(base systemd udev autodetect modconf block sd-encrypt btrfs resume filesystems keyboard fsck) {{}} -and regen the initramfs +And regen the initramfs {{}} $ mkinitcpio -p linux {{}} -install systemd-boot +Install systemd-boot {{}} $ bootctl install {{}} -create /boot/loader/entries/arch.conf containing: +Create /boot/loader/entries/arch.conf containing: {{}} title Arch Linux @@ -306,13 +306,13 @@ editor no == system config -set root password +Set root password {{}} $ passwd {{}} -exit and shutdown the system +Exit and shutdown the system {{}} $ exit @@ -320,41 +320,44 @@ $ exit $ shutdown now {{}} -remove the install media, and boot back up. make sure everything boots. from now on, configure the system as normal. +Remove the install media, and boot back up. +Make sure everything boots. +From now on, configure the system as normal. == configuring userspace -add a non-root user +Add a non-root user {{}} $ useradd -m -G wheel -s /bin/sh your_username $ passwd your_username {{}} -symlink neovim to vi (assuming you installed neovim but not vi. modify as your installed packages call for.) +Symlink neovim to vi (assuming you installed neovim but not vi. +Modify as your installed packages call for.) {{}} $ ln -s /usr/bin/nvim /usr/bin/vi {{}} -configure sudo +Configure sudo {{}} $ visudo {{}} -uncomment the line that reads +Uncomment the line that reads {{}} %wheel ALL=(ALL) ALL {{}} -enable multilib: uncomment the following lines in /ec/pacman.conf +Enable multilib: uncomment the following lines in /etc/pacman.conf {{}} [multilib] Include = /etc/pacman.d/mirrorlist {{}} -Congrats! you now have a barebones, but functional, encrypted arch install! +Congrats! You now have a barebones, but functional, encrypted arch install! diff --git a/content/posts/autologinNextcloudClientOnArch.adoc b/content/posts/autologinNextcloudClientOnArch.adoc index 68163d4..3a8a25a 100644 --- a/content/posts/autologinNextcloudClientOnArch.adoc +++ b/content/posts/autologinNextcloudClientOnArch.adoc @@ -11,20 +11,20 @@ draft = false :toc: :toclevels: 6 -During the 5 or so years ive had nextcloud, ive always been quite happy with the webclient, but the device clients... need some work. -I recently figured out how to resolve one of my biggest pain points on the linux desktop client, and am recording it here, mostly so I dont forget next time I setup a new computer, -and to save others with the same problem from endless forum post and github issue crawling. +During the 5 or so years Ive had nextcloud, Ive always been quite happy with the webclient, but the device clients... need some work. +I recently figured out how to resolve one of my biggest pain points on the Linux desktop client, and am recording it here, mostly so I dont forget next time I setup a new computer, +and to save others with the same problem from endless forum post and GitHub issue crawling. == The cause -Nextcloud expects the environment it is running in to have a 'keychain manager' installed and acessible by libsecret. -However, curretnly, the archlinx nextcloud package does not list libsecret nor any keychain manager as a dependency. -This does not cause a problem if you are using a desktop environment, as they will come with one in their own depenency cloud, but if you are just using a window manager, you may very well not have one installed. +Nextcloud expects the environment it is running in to have a 'keychain manager' installed and accessible by libsecret. +However, currently, the Arch Linx nextcloud package does not list libsecret nor any keychain manager as a dependency. +This does not cause a problem if you are using a desktop environment, as they will come with one in their own dependency cloud, but if you are just using a window manager, you may very well not have one installed. -(as a side note, this also seems to cause a significant delay in the client starting up, probably some sort of timeout waiting to acess the keyring +(as a side note, this also seems to cause a significant delay in the client starting up, probably some sort of timeout waiting to access the keyring == The solution -The solution is... suprisingly simple. You just need to install the `+gnome-keyring+` and `+libsecret+` packages, and set them up to autostart. In order to autostart them properly, adding these 2 lines to your `+.xinitrc+` is enough. +The solution is... surprisingly simple. You just need to install the `+gnome-keyring+` and `+libsecret+` packages, and set them up to autostart. In order to autostart them properly, adding these 2 lines to your `+.xinitrc+` is enough. {{}} #get gnome-keyring running @@ -32,4 +32,4 @@ dbus-update-activation-environment --all gnome-keyring-daemon --start --components=secrets {{}} -(yes, you do need `+dbus-update-activiation-environment+`, as `+gnome-keyring+` seemingly relies on certian environment variables to start properly.) +(yes, you do need `+dbus-update-activiation-environment+`, as `+gnome-keyring+` seemingly relies on certain environment variables to start properly.) diff --git a/content/posts/capsToCtrl.adoc b/content/posts/capsToCtrl.adoc index d7739d2..148e1eb 100644 --- a/content/posts/capsToCtrl.adoc +++ b/content/posts/capsToCtrl.adoc @@ -11,20 +11,20 @@ draft = false :toc: :toclevels: 4 -In the past 2 years or so, I have been using my caps lock key as a seperate ctrl key on my desktop keyboard. +In the past 2 years or so, I have been using my caps lock key as a separate ctrl key on my desktop keyboard. This is very easy to do in X11 with a setxkmap command. However, with my laptop, I try to run without X as much as possible. (Ive found it make a nice, distraction free environment, and it seems to be pretty good for battery life) Obviously, without X, we cannot use setxkmap. In order to do this without the tools in setxkbmap, we will have to edit the keymap used by the vitual console and set it as the keymap using localectl. -Now, according to the archwiki, we should be able to create a file contianing +Now, according to the Arch Wiki, we should be able to create a file containing {{}} keycode 58 = Control {{}} -and be done with it. +And be done with it. However, if we do this, we will notice a somewhat odd bug. When we hold down caps lock and press another key, the kernel starts sending control- keycodes. @@ -34,7 +34,7 @@ From what I can tell, the only way to 'release' control is to reboot. In order to figure out why this is happening, we read the man page 'man keymaps'. [NOTE] -=== +==== You should be very careful when binding the modifier keys, otherwise you can end up with an unusable keyboard mapping. If you for example define a key to have Control in its first column and leave the rest of the columns to be VoidSymbols, you're in trouble. This is because pressing the key puts Control modifier in effect and the following actions are looked up from the fifth column (see the table above). @@ -42,14 +42,14 @@ So, when you release the key, the action from the fifth column is taken. It has VoidSymbol in it, so nothing happens. This means that the Control modifier is still in effect, although you have released the key. Re-pressing and releasing the key has no effect. -=== +==== So what is happening seems to be that when we press caps lock, it looks for what keycode to send when no modifier keys are pressed. Finding Control in the first column (the only column we specified), it activates the control modifier. -When we release caps lock, it looks for the key to [un]press when C-caps lock is released, and finds nothing. +When we release caps lock, it looks for the key to [un]press when Caps lock is released, and finds nothing. This means that control is now stuck on. -But wait, if we read a bit further in the man page, we find that this shouldnt be happening! +But wait, if we read a bit further in the man page, we find that this shouldn't be happening! {{}} For added convenience, you can usually get off with still more terse definitions. @@ -57,7 +57,7 @@ If you enter a key definition line with only and exactly one action code after If the code (numeric or symbolic) is not an ASCII letter, it means the code is implicitly replicated through all columns being defined. {{}} -Shouldnt this mean that our 'keycode 58 = Control' should be interpreted as 'keycode 58 = Control Control Control (and so on)'? +Shouldn't this mean that our 'keycode 58 = Control' should be interpreted as 'keycode 58 = Control Control Control (and so on)'? Well, it should! However, there seems to be a bug in 'loadkeys', as the above only works when defining a complete keymap, not when overriding parts of default.map. This means, that in order to correctly modify the keymap, we either have to define all columns manually, or we have to copy the default keymap, edit it, and load it as a complete keymap. @@ -66,7 +66,7 @@ This means, that in order to correctly modify the keymap, we either have to defi To continue overriding the default keymap, you can simply manually repeat the control command. Now, technically, there are 256 columns in the keymap file, but, at least for latin keyboards, only the first 16 are used. -As sutch, our keymap patch looks like: +As such, our keymap patch looks like: {{}} keycode 58 = Control Control Control Control Control Control Control Control Control Control Control Control Control Control Control Control @@ -84,7 +84,7 @@ Edit it with sudoedit and replace keycode 58 = Caps_Lock {{}} -with +With {{}} keycode 58 = Control @@ -101,4 +101,4 @@ To do it in X as well, simply run setxkbmap -option ctrl:nocaps {{}} -in your .xinitrc. +In your .xinitrc.