Starfall's dotfiles setup.

This is ["the best way to store your dotfiles"](https://www.atlassian.com/git/tutorials/dotfiles).

## Prerequisites
* git

## Starting your own
```zsh
git init --bare $HOME/.dotfiles
alias config='git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME'
config config --local status.showUntrackedFiles no
echo "alias config='git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME'" >> .bashrc
```

## Checking out on a new machine
```zsh
git clone --bare https://git.starfall.systems/dots $HOME/.dotfiles
alias config='git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME'
config checkout
config config --local status.showUntrackedFiles no
```

## Other new machine setup

### minimal
* base-devel
* fzf
* git
* mandoc
* openssh
* pass (needs --asdep xclip)
* p7zip
* unzip
* tree
* vim
* zsh (remember to `chsh -s $(which zsh)`)

### paru for AUR
(pulls down rust)
```
git clone https://aur.archlinux.org/paru.git ~/devil/external
cad !$
makepkg -si
```

### monitoring and system info
* htop
* neofetch

### tool replacements
* bat
* exa

### sshd config
```zsh
echo <<END
PermitRootLogin no
PasswordAuthentication no
END >> /etc/ssh/sshd_config
ssh-keygen -A
systemctl enable sshd
```

### network
* magic-wormhole (pulls down python)
* ntp (be sure to `systemctl start ntpd`)
* ufw (if needed)

#### iwd
```zsh
systemctl disable systemd-networkd

pacman -S iwd
echo <<END
[General]
EnableNetworkConfiguration=true
END >> /etc/iwd/main.conf
systemctl enable iwd
```

#### manual dns
```zsh
systemctl disable systemd-resolved

echo <<END
nameserver 9.9.9.9
nameserver 149.112.112.112
nameserver 2620:fe::fe
END > /etc/resolv.conf
```

#### avahi
per [arch wiki](https://wiki.archlinux.org/title/Avahi):
```zsh
pacman -S avahi nss-mdns
systemctl enable avahi-daemon
systemctl start avahi-daemon
# in /etc/nsswitch.conf, add `mdns_minimal [NOTFOUND=return]` before `resolve`
```

### dev
* docker
* docker-buildx

### desktop environment
* xorg-server
* xfce4
* ttf-dejavu
* wqy-zenhei

AUR:
* delft-icon-theme
* ttf-iosevka-term-curly

#### sound
* pipewire
* pipewire-alsa
* pipewire-pulse
* pavucontrol

#### media
* inkscape
* nomacs
* strawberry
* vlc
* yt-dlp

#### web applications
* element-desktop (need a better client)
* discord
* firefox
* thunderbird
* mumble

### sound
* pavucontrol
* pipewire-alsa
* pipewire-pulse
* wireplumber
* xfce4-pulseaudio-plugin

### to describe
* gvfs
* x and xfce
* fortune
* autoupdates
* krita and tablet support
* gvfs (if still needed)
* sound: pipewire, wireplumber
* gpg, gpg-agent
* turn all of this stuff into an ansible playbook or something else automatable
* printing with cups

## T430s full setup walkthrough
Boot into live image

Connect to wifi:
```
iwctl
[iwd] station wlan0 scan
[iwd] station wlan0 get-networks
[iwd] station wlan0 connect <SSID>
[iwd] exit
```

Encrypted disk setup:
```bash
parted /dev/sda
(parted) mklabel gpt
(parted) mkpart "EFI" fat32 0% 500M
(parted) set 1 esp on
(parted) mkpart "linux" ext4 500M 100%
(parted) quit
mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI
cryptsetup luksFormat /dev/disk/by-partlabel/linux
cryptsetup luksOpen /dev/disk/by-partlabel/linux root
mkfs.ext4 -L linux /dev/mapper/root
```

Install Arch:
```bash
mount /dev/mapper/root /mnt
mount --mkdir /dev/disk/by-partlabel/EFI /mnt/boot

# optimize mirrors list now
reflector --save /etc/pacman.d/mirrorlist --protocol https --latest 5 --sort rate

# install base system
pacstrap -K /mnt base linux linux-lts linux-firmware intel-ucode dracut vim
arch-chroot /mnt

# locale setup
ln -sf /usr/share/zoneinfo/America/Chicago /etc/localtime
hwclock --systohc
echo en_US.UTF-8 UTF-8 >> /etc/locale.gen
echo en_US.UTF-8 > /etc/locale.conf
echo dziban > /etc/hostname
echo <<END
127.0.0.1 localhost
::1       localhost
127.0.0.1 dziban
END >> /etc/hosts
locale-gen

# create root password
[minnow@regulus] pass generate machines/dziban
[minnow@regulus] pass git push
passwd

# generate unified kernel images with dracut
pacman -S --asdeps binutils elfutils

uuid=`cryptsetup luksDump /dev/disk/by-partlabel/linux | grep UUID | awk '{print $2}'`
echo kernel_cmdline="rd.luks.name=$uuid=root rd.luks.options=no-read-workqueue,no-write-workqueue,discard root=/dev/mapper/root rw" > /etc/dracut.conf.d/luks.conf
# remove rd.luks.options for a spinning disk

for kernel in /lib/modules/*
    do dracut --verbose --force --uefi --kver "${kernel##*/}"
done

# boot loader
bootctl install
```

And continue as usual:
```
visudo
# relevant config line is only this, absolutely no env_keep. can consider secure_path in the future:
# %wheel ALL=(ALL:ALL) ALL

useradd -m -G wheel -s /bin/zsh minnow
passwd minnow

exit
umount -R /mnt
reboot

systemctl enable systemd-timesyncd
```

## Pinebook Pro specific setup

### Optimize mirrors list
Default mirrors were really slow for me. `sudo pacman-mirrors --fasttrack && sudo pacman -Syyu` bumped up the download speed from 30 kbps to 300kbps; still not the full connection but livable.

### Flash keyboard firmware
`git clone https://github.com/jackhumbert/pinebook-pro-keyboard-updater` and follow the instructions. Have an external keyboard handy after step 1.

### Configure ZRAM
Manjaro 20.06 appears to come with a /dev/zram0 preconfigured.