./installArch - README
Create a new file ~/.git-additional.config and add sensitive configurations there Sample:
[user]
email = [email protected]
name = your-username
signingkey = your-gpg-public-keyCreate a new file ~/.zsh-additional-rc add sensitive and overwrite configurations there Sample:
export VimGPGDefaultRecipients="[email protected]"
export VIM_DAY_THEME="base16-catppuccin-latte"
export VIM_NIGHT_THEME="base16-summerfruit-dark"NOTE: If enabling WOL is available through BIOS then use that instead
https://wiki.archlinux.org/title/Wake-on-LAN#systemd.link
Create new file /etc/systemd/network/50-wired.link
[Match]
MACAddress=aa:bb:cc:dd:ee:ff
[Link]
NamePolicy=kernel database onboard slot path
MACAddressPolicy=persistent
WakeOnLan=magic
NOTE: Replace "aa:bb:cc:dd:ee:ff" with your ethernet card MACAddress. Use
ip addr
This host
# Add your users in `/etc/tigervnc/vncserver.users`
echo ":1=$USER" | sudo tee /etc/tigervnc/vncserver.users
# Enable virtual session (boot as well)
sudo systemctl enable --now vncserver@:1.serviceNOTE: For more info vnc-server-virtual-doc
Host to access from
# Run this to forward your remote port to your local port 5901
ssh -N -L 5901:localhost:5901 -t your-server-hostNow connect using any vnc client. Recommended Remmina
ssh -L 5901:localhost:5900 -t your-server-host 'DISPLAY=:0 x0vncserver -localhost -SecurityTypes none'Now connect using any vnc client. Recommended Remmina
https://wiki.archlinux.org/title/dm-crypt/Encrypting_an_entire_system#LUKS_on_a_partition
Why?
With seperate partition, we can decrypt and mount this after boot which is helpfull when we can't physically turn on the system. For eg: Using WOL or a friend turns on the system.
Create a separate partitions
- 10-100GB should be sufficient for most of the cases
- Check current uses by using dua or gdu or ncdu on your home directory.
Use for what?
- Sensitive applications
- Browsers (Heavy)
- Credentials (Light)
- AWS
- docker
- github
- gpg
- Project's secrets (Light)
- Database dumps (Heavy)
Assuming the new partition is /dev/sdb3
NOTE: Make sure update your current user password to better one
NOTE: Use you current password for the partition encyption to avoid forgeting or avoiding entering password twice faster login TODO: More notes
Create encrypted partition
# Enable encyption on the parition using cryptsetup
sudo cryptsetup -y -v luksFormat /dev/sda3
# Then map the parition as virtual parition using cryptsetup
sudo cryptsetup open /dev/sda3 root
# Format the mapped parition using mkfs.ext4
sudo mkfs.ext4 /dev/mapper/root
# Mount the new mapped partition
sudo mount --mkdir /dev/mapper/root /mnt/encrypted_data/
# Now check if all is okay
# -- Create a sample file
echo 'hi-there' | sudo tee /mnt/encrypted_data/test-file.txt
# -- Unmount
sudo umount /mnt/encrypted_data/
# -- Close encyption virtual partition
sudo cryptsetup close root
# -- Open again
sudo cryptsetup open /dev/sda3 root
# -- Mount again
sudo mount /dev/mapper/root /mnt/encrypted_data/
# -- Check the file content
sudo cat /mnt/encrypted_data/test-file.txtAuto mount partition
NOTE: Not using fstab as it is needed before starting linux We will encrypt during login instead using PAM MAYBE NOT THIS ONE? Follow this
- https://wiki.archlinux.org/title/pam_mount [I am using this one]
- Maybe use configuration in dot file https://wiki.archlinux.org/title/pam_mount#Local_(per-user)_configuration
- https://wiki.archlinux.org/title/Dm-crypt/Mounting_at_login
Nothing here
TODO To read:
- https://borgbackup.readthedocs.io/en/stable/deployment/central-backup-server.html
- https://borgbackup.readthedocs.io/en/stable/deployment/hosting-repositories.html
https://wiki.archlinux.org/title/Power_management#ACPI_events
To make power button have sleep action.
Add HandlePowerKey=suspend to /etc/systemd/logind.conf
then
sudo systemctl kill -s HUP systemd-logindNOTE: This will kill all your sessions
https://www.nerdfonts.com/cheat-sheet
- MacOS
- GPG
- Ctrl+Space not working: zsh-users/zsh-autosuggestions#132 (comment)
- Encrypted DNS: https://github.com/paulmillr/encrypted-dns
- Alacritty unsigned error: alacritty/alacritty#4673 (comment)