2025-06-26 00:27:25 +02:00
1 changed files with 31 additions and 158 deletions
--- a/n/essentialsoftware.md
+++ b/n/essentialsoftware.md
@ -1,8 +1,6 @@
 ---
-title: Essential software and configuration on my systems
+title: Essential software on my systems
-excerpt:
+excerpt: This is just a quick personal reference so I don't have to guess.
  This is just a quick personal reference so I don't have to guess and notice
  that I forgot something important.
 layout: mini
 permalink: /n/essentialsoftware.html
 sitemap: true
@ -23,23 +21,13 @@ _{{ page.excerpt }}_
 - [Security](#security)
 - [Usability](#usability)
- [Essential system configuration](#essential-system-configuration)
+- [Offtopic system configuration](#offtopic-system-configuration)
-  - [Debian console](#debian-console)
+  - [Debian-based](#debian-based)
-  - [Terminus on Fedora](#terminus-on-fedora)
+    - [Terminus on Fedora](#terminus-on-fedora)
    - [Terminus on Arch Linux](#terminus-on-arch-linux)
  - [Accessing UEFI setup without key smashing](#accessing-uefi-setup-without-key-smashing)
  - [SSD](#ssd)
  - [BTRFS](#btrfs)
  - [Swap](#swap)
  - [sudo](#sudo)
  - [Debian](#debian)
    - [sources.list](#sourceslist)
    - [`/etc/apt/preferences.d/whatever`](#etcaptpreferencesdwhatever)
  - [sshd](#sshd)
  - [Encrypted DNS](#encrypted-dns)
  - [`/etc/xdg/autostart`](#etcxdgautostart)
  - [`aminda-*.{service,socket]`](#aminda-servicesocket)
 - [Remember!](#remember)
  - [Accessing UEFI setup without key smashing](#accessing-uefi-setup-without-key-smashing)
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
@ -80,7 +68,7 @@ _{{ page.excerpt }}_
 ## Usability
- `nvim git tmux zsh mosh` - good luck without these
+- `nvim git tmux zsh` - good luck without these
 - <del>if cryptographic operations are taking ages, consider something like
  `haveged`. It's controversial, so if there are no issues, don't install a
  random number generator.</del>
@ -90,7 +78,6 @@ _{{ page.excerpt }}_
    - remember to `sudo systemctl enable --now earlyoom`
  - `systemd-oomd`
    - remember to `sudo systemctl enable --now systemd-oomd`
    - https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/systemd/oomd.conf.d
 - `zram-tools` - small compressed swap in RAM
  - Remember to check configs! Fedora: `/etc/zram.conf`
  - `sudo systemctl enable --now zramswap.service zram-swap.service`
@ -103,20 +90,19 @@ _{{ page.excerpt }}_
  - `sudo tlp-stat | less`
  - `sudo systemctl enable --now tlp`
-## Essential system configuration
+## Offtopic system configuration
-Since software being present and doing nothing may not actually do anything.
+This is just too close to not mention here (and was besides in my planning
 issue):
-### Debian console
+### Debian-based
 - `sudo dpkg-reconfigure console-setup`
  - ensure UTF-8 and select Terminus
 - `sudo dpkg-reconfigure keyboard-configuration`
  - compose key
-### Terminus on Fedora
+#### Terminus on Fedora
 <!-- Don't move this, as it's the same as Debian above -->
 After installing the package, adjust `/etc/vconsole.conf` e.g.:
@ -129,10 +115,27 @@ Maybe `sudo updatedb` and `locate ter-v16v` at first though?
 #### Terminus on Arch Linux
 <!-- Don't move this, as it's the same as Debian and Fedora above -->
 See Fedora, but change the `FONT` to `"ter-132b"` instead.
 ### Accessing UEFI setup without key smashing
 - systemd: there is a `systemctl reboot --firmware-setup`
  ([spotted here](https://toot.io/@ProfessorCode@fosstodon.org/113009727720521254))
 - Plasma: in `systemsettings` section `desktop session` there is a checkbox to
  _after next boot, enter UEFI settings_ (via
  [reply to that](https://sauna.social/@justin@toot.io/113011195378808998))
 - Windows allows access to UEFI by pressing Shift while reboot
  ([said here](https://sauna.social/@halva@wetdry.world/113011439141055477)) or
  simply `shutdown -r -t 1 -fw` twice
  ([said here](https://infosec.exchange/@jernej__s/113012094181641667)).
 - GNOME: in the reboot after 60 seconds menu, hold alt to get into boot options
  ([said here](https://chaos.social/@keywan/113012020348714057))
 - In boot loader the command `fwsetup` should take you there
  ([said here](https://fedi.absturztau.be/notice/AlGqYz5GeJOQw9dfNo)). And
  anyone using either grub or systemd-bootd has probably seen the menu entry.
 - efibootmgr: `efibootmgr —bootnext 0000 && reboot`
  ([said or implied here](https://infosec.exchange/@dodgybadger/113012265751917509))
 ### SSD
 - `sudo systemctl enable --now fstrim.timer`
@ -155,133 +158,3 @@ See Fedora, but change the `FONT` to `"ter-132b"` instead.
    - Test on Lumina: 20G free -> 24G free.
  - The compression will happen either the next time the file is written or can
    be manually triggered through `sudo btrfs filesystem defragment -r "$PWD"`
 - For swapfiles on btrfs partition, e.g.
  `btrfs filesystem mkswapfile --size 8G /swap`
 ### Swap
 Zramswap is not enough. 8 GB everywhere may be enough,
 [summarizing Gentoo](https://wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation#What_about_swap_space.3F).
 No swap partition and swap file is acceptable (consider SSD)? See above for
 btrfs or as root
 ```bash
 fallocate -l 8G /swap
 chmod 600 /swap
 mkswap /swap
 swapon /swap
 ```
 The `/etc/fstab` rule is: `/swap    none    swap    sw  0   0` and then it's
 just a matter of `sudo swapon -a`
 ### sudo
 - https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/sudoers.d
 Consider these:
 ```sudoers
 # Thanks Tails
 Defaults timestamp_timeout=0
 Defaults pwfeedback
 Defaults lecture = always
 ```
 Additionally Arch Linux should consider either
 ```sudoers
 # Allow full sudo access to the group which is uncommented. The first is
 # Debian.
 #%sudoers ALL=(ALL:ALL) ALL
 # Defaults to passwordless sudo on Debian.
 #%wheel ALL=(ALL:ALL) ALL
 ```
 ### Debian
 Remember to install `apt-transport-tor`!
 #### sources.list
 The mirror to use is `https://deb.debian.org/debian`.
 #### `/etc/apt/preferences.d/whatever`
 ```apt
 # Copied from https://www.wireguard.com/install/ (2020-01-11)
 # Default priority appears to be 500, so 90 results to unstable being
 # used when the package is not available anywhere else
 Package: *
 Pin: release a=unstable
 Pin-Priority: 90
 Package: *
 Pin: release a=unstable-debug
 Pin-Priority: 90
 ```
 ### sshd
 If nothing else, **_please_** at least
 ```
 # ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
 HostKey /etc/ssh/ssh_host_ed25519_key
 LogLevel VERBOSE
 PermitRootLogin prohibit-password
 PasswordAuthentication no
 AuthenticationMethods publickey
 ```
 ### Encrypted DNS
 - https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/systemd/resolved.conf.d
 - https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/unbound/unbound.conf.d
 ### `/etc/xdg/autostart`
 Not having terminal autostarting for all users is pain.
 - https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/xdg/autostart/kgx-tmux.desktop
 ```desktop
 [Desktop Entry]
 Terminal=true
 Exec=kgx --command="bash --norc -c tmux"
 Name=Tmux in Console
 Icon=org.gnome.Console
 ```
 ### `aminda-*.{service,socket]`
 They workaround either me or the distribution messing things up. While at it,
 don't forget `/etc/sysctl.d`
 - https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/systemd/system
 ## Remember!
 Not quite configuration, but I am not going to start inventing a new place for
 it.
 ### Accessing UEFI setup without key smashing
 - systemd: there is a `systemctl reboot --firmware-setup`
  ([spotted here](https://toot.io/@ProfessorCode@fosstodon.org/113009727720521254))
 - Plasma: in `systemsettings` section `desktop session` there is a checkbox to
  _after next boot, enter UEFI settings_ (via
  [reply to that](https://sauna.social/@justin@toot.io/113011195378808998))
 - Windows allows access to UEFI by pressing Shift while reboot
  ([said here](https://sauna.social/@halva@wetdry.world/113011439141055477)) or
  simply `shutdown -r -t 1 -fw` twice
  ([said here](https://infosec.exchange/@jernej__s/113012094181641667)).
 - GNOME: in the reboot after 60 seconds menu, hold alt to get into boot options
  ([said here](https://chaos.social/@keywan/113012020348714057))
 - In boot loader the command `fwsetup` should take you there
  ([said here](https://fedi.absturztau.be/notice/AlGqYz5GeJOQw9dfNo)). And
  anyone using either grub or systemd-bootd has probably seen the menu entry.
 - efibootmgr: `efibootmgr —bootnext 0000 && reboot`
  ([said or implied here](https://infosec.exchange/@dodgybadger/113012265751917509))