Mikaela/mikaela.github.io
1
0
Fork 0
mirror of https://github.com/mikaela/mikaela.github.io/ synced 2024-11-17 01:19:26 +01:00
Code Issues Projects Releases Wiki Activity

essentialsoftware.md: too quick note

Browse Source
This commit is contained in:
Aminda Suomalainen 2024-08-30 09:33:10 +03:00
parent 5314856151
commit 5496d4b0c8
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
1 changed files with 117 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
n/essentialsoftware.md
View File

@ -29,6 +29,15 @@ _{{ page.excerpt }}_
- [Terminus on Arch Linux](#terminus-on-arch-linux) - [Terminus on Arch Linux](#terminus-on-arch-linux)
- [SSD](#ssd) - [SSD](#ssd)
- [BTRFS](#btrfs) - [BTRFS](#btrfs)
- [Swap](#swap)
- [sudo](#sudo)
- [Debian](#debian)
- [sources.list](#sourceslist)
- [`/etc/apt/preferences.d/whatever`](#etcaptpreferencesdwhatever)
- [sshd](#sshd)
- [Encrypted DNS](#encrypted-dns)
- [`/etc/xdg/autostart`](#etcxdgautostart)
- [`aminda-*.{service,socket]`](#aminda-servicesocket)
- [Remember!](#remember) - [Remember!](#remember)
- [Accessing UEFI setup without key smashing](#accessing-uefi-setup-without-key-smashing) - [Accessing UEFI setup without key smashing](#accessing-uefi-setup-without-key-smashing)
@ -71,7 +80,7 @@ _{{ page.excerpt }}_
## Usability ## Usability
- `nvim git tmux zsh` - good luck without these - `nvim git tmux zsh mosh` - good luck without these
- <del>if cryptographic operations are taking ages, consider something like - <del>if cryptographic operations are taking ages, consider something like
`haveged`. It's controversial, so if there are no issues, don't install a `haveged`. It's controversial, so if there are no issues, don't install a
random number generator.</del> random number generator.</del>
@ -81,6 +90,7 @@ _{{ page.excerpt }}_
- remember to `sudo systemctl enable --now earlyoom` - remember to `sudo systemctl enable --now earlyoom`
- `systemd-oomd` - `systemd-oomd`
- remember to `sudo systemctl enable --now systemd-oomd` - remember to `sudo systemctl enable --now systemd-oomd`
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/systemd/oomd.conf.d
- `zram-tools` - small compressed swap in RAM - `zram-tools` - small compressed swap in RAM
- Remember to check configs! Fedora: `/etc/zram.conf` - Remember to check configs! Fedora: `/etc/zram.conf`
- `sudo systemctl enable --now zramswap.service zram-swap.service` - `sudo systemctl enable --now zramswap.service zram-swap.service`
@ -145,6 +155,112 @@ See Fedora, but change the `FONT` to `"ter-132b"` instead.
- Test on Lumina: 20G free -> 24G free. - Test on Lumina: 20G free -> 24G free.
- The compression will happen either the next time the file is written or can - The compression will happen either the next time the file is written or can
be manually triggered through `sudo btrfs filesystem defragment -r "$PWD"` be manually triggered through `sudo btrfs filesystem defragment -r "$PWD"`
- For swapfiles on btrfs partition, e.g.
`btrfs filesystem mkswapfile --size 8G /swap`
### Swap
Zramswap is not enough. 8 GB everywhere may be enough,
[summarizing Gentoo](https://wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation#What_about_swap_space.3F).
No swap partition and swap file is acceptable (consider SSD)? See above for
btrfs or as root
```bash
fallocate -l 8G /swap
chmod 600 /swap
mkswap /swap
swapon /swap
```
The `/etc/fstab` rule is: `/swap none swap sw 0 0` and then it's
just a matter of `sudo swapon -a`
### sudo
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/sudoers.d
Consider these:
```sudoers
# Thanks Tails
Defaults timestamp_timeout=0
Defaults pwfeedback
Defaults lecture = always
```
Additionally Arch Linux should consider either
```sudoers
# Allow full sudo access to the group which is uncommented. The first is
# Debian.
#%sudoers ALL=(ALL:ALL) ALL
# Defaults to passwordless sudo on Debian.
#%wheel ALL=(ALL:ALL) ALL
```
### Debian
Remember to install `apt-transport-tor`!
#### sources.list
The mirror to use is `https://deb.debian.org/debian`.
#### `/etc/apt/preferences.d/whatever`
```apt
# Copied from https://www.wireguard.com/install/ (2020-01-11)
# Default priority appears to be 500, so 90 results to unstable being
# used when the package is not available anywhere else
Package: *
Pin: release a=unstable
Pin-Priority: 90
Package: *
Pin: release a=unstable-debug
Pin-Priority: 90
```
### sshd
If nothing else, **_please_** at least
```
# ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_ed25519_key
LogLevel VERBOSE
PermitRootLogin prohibit-password
PasswordAuthentication no
AuthenticationMethods publickey
```
### Encrypted DNS
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/systemd/resolved.conf.d
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/unbound/unbound.conf.d
### `/etc/xdg/autostart`
Not having terminal autostarting for all users is pain.
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/xdg/autostart/kgx-tmux.desktop
```desktop
[Desktop Entry]
Terminal=true
Exec=kgx --command="bash --norc -c tmux"
Name=Tmux in Console
Icon=org.gnome.Console
```
### `aminda-*.{service,socket]`
They workaround either me or the distribution messing things up. While at it,
don't forget `/etc/sysctl.d`
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/systemd/system
## Remember! ## Remember!