diff options
-rw-r--r-- | README.md | 133 |
1 files changed, 118 insertions, 15 deletions
diff --git a/README.md b/README.md index 2062ca1..a7f3de4 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ This is ["the best way to store your dotfiles"](https://www.atlassian.com/git/tu * git ## Starting your own -```bash +```zsh git init --bare $HOME/.dotfiles alias config='git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME' config config --local status.showUntrackedFiles no @@ -14,7 +14,7 @@ echo "alias config='git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME'" >> .bashr ``` ## Checking out on a new machine -```bash +```zsh git clone --bare https://git.starfall.systems/dots $HOME/.dotfiles alias config='git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME' config checkout @@ -23,34 +23,47 @@ config config --local status.showUntrackedFiles no ## Other new machine setup -### minimal desktop +### minimal * base-devel -* firefox * fzf * git -* htop +* openssh * pass * vim * zsh (remember to `chsh -s $(which zsh)`) -### minimal services -* sshd -* ntpd +### monitoring and system info +* htop +* neofetch -#### sshd config -```bash +### sshd config +```zsh echo <<END PermitRootLogin no PasswordAuthentication no END >> /etc/ssh/sshd_config +ssh-keygen -A +systemctl enable sshd ``` ### network -todo: -* iwd -* systemd-networkd -```bash +#### iwd +```zsh +systemctl disable systemd-networkd + +pacman -S iwd +echo <<END +[General] +EnableNetworkConfiguration=true +END >> /etc/iwd/main.conf +systemctl enable iwd +``` + +#### manual dns +```zsh +systemctl disable systemd-resolved + echo <<END nameserver 9.9.9.9 nameserver 149.112.112.112 @@ -60,13 +73,16 @@ END > /etc/resolv.conf #### avahi per [arch wiki](https://wiki.archlinux.org/title/Avahi): -```bash +```zsh pacman -S avahi nss-mdns systemctl enable avahi-daemon systemctl start avahi-daemon # in /etc/nsswitch.conf, add `mdns_minimal [NOTFOUND=return]` before `resolve` ``` +### desktop environment +* firefox + ### to describe * x and xfce * fortune @@ -77,6 +93,93 @@ systemctl start avahi-daemon * gpg, gpg-agent * turn all of this stuff into an ansible playbook or something else automatable +## T430s full setup walkthrough +Boot into live image + +Connect to wifi: +``` +iwctl +[iwd] station wlan0 scan +[iwd] station wlan0 get-networks +[iwd] station wlan0 connect <SSID> +[iwd] exit +``` + +Encrypted disk setup: +```bash +parted /dev/sda +(parted) mklabel gpt +(parted) mkpart "EFI" fat32 0% 500M +(parted) set 1 esp on +(parted) mkpart "linux" ext4 500M 100% +(parted) quit +mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI +cryptsetup luksFormat /dev/disk/by-partlabel/linux +cryptsetup luksOpen /dev/disk/by-partlabel/linux root +mkfs.ext4 -L linux /dev/mapper/root +``` + +Install Arch: +```bash +mount /dev/mapper/root /mnt +mount --mkdir /dev/disk/by-partlabel/EFI /mnt/boot + +# optimize mirrors list now +reflector --save /etc/pacman.d/mirrorlist --protocol https --latest 5 --sort rate + +# install base system +pacstrap -K /mnt base linux linux-lts linux-firmware intel-ucode dracut vim +arch-chroot /mnt + +# locale setup +ln -sf /usr/share/zoneinfo/America/Chicago /etc/localtime +hwclock --systohc +echo en_US.UTF-8 UTF-8 >> /etc/locale.gen +echo en_US.UTF-8 > /etc/locale.conf +echo dziban > /etc/hostname +echo <<END +127.0.0.1 localhost +::1 localhost +127.0.0.1 dziban +END >> /etc/hosts +locale-gen + +# create root password +[minnow@regulus] pass generate machines/dziban +[minnow@regulus] pass git push +passwd + +# generate unified kernel images with dracut +pacman -S --asdeps binutils elfutils + +uuid=`cryptsetup luksDump /dev/disk/by-partlabel/linux | grep UUID | awk '{print $2}'` +echo kernel_cmdline="rd.luks.name=$uuid=root rd.luks.options=no-read-workqueue,no-write-workqueue,discard root=/dev/mapper/root rw" > /etc/dracut.conf.d/luks.conf +# remove rd.luks.options for a spinning disk + +for kernel in /lib/modules/* + do dracut --verbose --force --uefi --kver "${kernel##*/}" +done + +# boot loader +bootctl install +``` + +And continue as usual: +``` +visudo +# relevant config line is only this, absolutely no env_keep. can consider secure_path in the future: +# %wheel ALL=(ALL:ALL) ALL + +useradd -m -G wheel -s /bin/zsh minnow +passwd minnow + +exit +umount -R /mnt +reboot + +systemctl enable systemd-timesyncd +``` + ## Pinebook Pro specific setup ### Optimize mirrors list |