mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2025-10-31 14:47:26 +01:00
Compare commits
2 Commits
f7dc6204d3
...
5496d4b0c8
| Author | SHA1 | Date | |
|---|---|---|---|
5496d4b0c8
|
|||
|
5314856151
|
@ -1,6 +1,8 @@
|
||||
---
|
||||
title: Essential software on my systems
|
||||
excerpt: This is just a quick personal reference so I don't have to guess.
|
||||
title: Essential software and configuration on my systems
|
||||
excerpt:
|
||||
This is just a quick personal reference so I don't have to guess and notice
|
||||
that I forgot something important.
|
||||
layout: mini
|
||||
permalink: /n/essentialsoftware.html
|
||||
sitemap: true
|
||||
@ -21,13 +23,23 @@ _{{ page.excerpt }}_
|
||||
|
||||
- [Security](#security)
|
||||
- [Usability](#usability)
|
||||
- [Offtopic system configuration](#offtopic-system-configuration)
|
||||
- [Debian-based](#debian-based)
|
||||
- [Terminus on Fedora](#terminus-on-fedora)
|
||||
- [Essential system configuration](#essential-system-configuration)
|
||||
- [Debian console](#debian-console)
|
||||
- [Terminus on Fedora](#terminus-on-fedora)
|
||||
- [Terminus on Arch Linux](#terminus-on-arch-linux)
|
||||
- [Accessing UEFI setup without key smashing](#accessing-uefi-setup-without-key-smashing)
|
||||
- [SSD](#ssd)
|
||||
- [BTRFS](#btrfs)
|
||||
- [Swap](#swap)
|
||||
- [sudo](#sudo)
|
||||
- [Debian](#debian)
|
||||
- [sources.list](#sourceslist)
|
||||
- [`/etc/apt/preferences.d/whatever`](#etcaptpreferencesdwhatever)
|
||||
- [sshd](#sshd)
|
||||
- [Encrypted DNS](#encrypted-dns)
|
||||
- [`/etc/xdg/autostart`](#etcxdgautostart)
|
||||
- [`aminda-*.{service,socket]`](#aminda-servicesocket)
|
||||
- [Remember!](#remember)
|
||||
- [Accessing UEFI setup without key smashing](#accessing-uefi-setup-without-key-smashing)
|
||||
|
||||
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
|
||||
|
||||
@ -68,7 +80,7 @@ _{{ page.excerpt }}_
|
||||
|
||||
## Usability
|
||||
|
||||
- `nvim git tmux zsh` - good luck without these
|
||||
- `nvim git tmux zsh mosh` - good luck without these
|
||||
- <del>if cryptographic operations are taking ages, consider something like
|
||||
`haveged`. It's controversial, so if there are no issues, don't install a
|
||||
random number generator.</del>
|
||||
@ -78,6 +90,7 @@ _{{ page.excerpt }}_
|
||||
- remember to `sudo systemctl enable --now earlyoom`
|
||||
- `systemd-oomd`
|
||||
- remember to `sudo systemctl enable --now systemd-oomd`
|
||||
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/systemd/oomd.conf.d
|
||||
- `zram-tools` - small compressed swap in RAM
|
||||
- Remember to check configs! Fedora: `/etc/zram.conf`
|
||||
- `sudo systemctl enable --now zramswap.service zram-swap.service`
|
||||
@ -90,19 +103,20 @@ _{{ page.excerpt }}_
|
||||
- `sudo tlp-stat | less`
|
||||
- `sudo systemctl enable --now tlp`
|
||||
|
||||
## Offtopic system configuration
|
||||
## Essential system configuration
|
||||
|
||||
This is just too close to not mention here (and was besides in my planning
|
||||
issue):
|
||||
Since software being present and doing nothing may not actually do anything.
|
||||
|
||||
### Debian-based
|
||||
### Debian console
|
||||
|
||||
- `sudo dpkg-reconfigure console-setup`
|
||||
- ensure UTF-8 and select Terminus
|
||||
- `sudo dpkg-reconfigure keyboard-configuration`
|
||||
- compose key
|
||||
|
||||
#### Terminus on Fedora
|
||||
### Terminus on Fedora
|
||||
|
||||
<!-- Don't move this, as it's the same as Debian above -->
|
||||
|
||||
After installing the package, adjust `/etc/vconsole.conf` e.g.:
|
||||
|
||||
@ -115,27 +129,10 @@ Maybe `sudo updatedb` and `locate ter-v16v` at first though?
|
||||
|
||||
#### Terminus on Arch Linux
|
||||
|
||||
<!-- Don't move this, as it's the same as Debian and Fedora above -->
|
||||
|
||||
See Fedora, but change the `FONT` to `"ter-132b"` instead.
|
||||
|
||||
### Accessing UEFI setup without key smashing
|
||||
|
||||
- systemd: there is a `systemctl reboot --firmware-setup`
|
||||
([spotted here](https://toot.io/@ProfessorCode@fosstodon.org/113009727720521254))
|
||||
- Plasma: in `systemsettings` section `desktop session` there is a checkbox to
|
||||
_after next boot, enter UEFI settings_ (via
|
||||
[reply to that](https://sauna.social/@justin@toot.io/113011195378808998))
|
||||
- Windows allows access to UEFI by pressing Shift while reboot
|
||||
([said here](https://sauna.social/@halva@wetdry.world/113011439141055477)) or
|
||||
simply `shutdown -r -t 1 -fw` twice
|
||||
([said here](https://infosec.exchange/@jernej__s/113012094181641667)).
|
||||
- GNOME: in the reboot after 60 seconds menu, hold alt to get into boot options
|
||||
([said here](https://chaos.social/@keywan/113012020348714057))
|
||||
- In boot loader the command `fwsetup` should take you there
|
||||
([said here](https://fedi.absturztau.be/notice/AlGqYz5GeJOQw9dfNo)). And
|
||||
anyone using either grub or systemd-bootd has probably seen the menu entry.
|
||||
- efibootmgr: `efibootmgr —bootnext 0000 && reboot`
|
||||
([said or implied here](https://infosec.exchange/@dodgybadger/113012265751917509))
|
||||
|
||||
### SSD
|
||||
|
||||
- `sudo systemctl enable --now fstrim.timer`
|
||||
@ -158,3 +155,133 @@ See Fedora, but change the `FONT` to `"ter-132b"` instead.
|
||||
- Test on Lumina: 20G free -> 24G free.
|
||||
- The compression will happen either the next time the file is written or can
|
||||
be manually triggered through `sudo btrfs filesystem defragment -r "$PWD"`
|
||||
- For swapfiles on btrfs partition, e.g.
|
||||
`btrfs filesystem mkswapfile --size 8G /swap`
|
||||
|
||||
### Swap
|
||||
|
||||
Zramswap is not enough. 8 GB everywhere may be enough,
|
||||
[summarizing Gentoo](https://wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation#What_about_swap_space.3F).
|
||||
|
||||
No swap partition and swap file is acceptable (consider SSD)? See above for
|
||||
btrfs or as root
|
||||
|
||||
```bash
|
||||
fallocate -l 8G /swap
|
||||
chmod 600 /swap
|
||||
mkswap /swap
|
||||
swapon /swap
|
||||
```
|
||||
|
||||
The `/etc/fstab` rule is: `/swap none swap sw 0 0` and then it's
|
||||
just a matter of `sudo swapon -a`
|
||||
|
||||
### sudo
|
||||
|
||||
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/sudoers.d
|
||||
|
||||
Consider these:
|
||||
|
||||
```sudoers
|
||||
# Thanks Tails
|
||||
Defaults timestamp_timeout=0
|
||||
Defaults pwfeedback
|
||||
Defaults lecture = always
|
||||
```
|
||||
|
||||
Additionally Arch Linux should consider either
|
||||
|
||||
```sudoers
|
||||
# Allow full sudo access to the group which is uncommented. The first is
|
||||
# Debian.
|
||||
#%sudoers ALL=(ALL:ALL) ALL
|
||||
# Defaults to passwordless sudo on Debian.
|
||||
#%wheel ALL=(ALL:ALL) ALL
|
||||
```
|
||||
|
||||
### Debian
|
||||
|
||||
Remember to install `apt-transport-tor`!
|
||||
|
||||
#### sources.list
|
||||
|
||||
The mirror to use is `https://deb.debian.org/debian`.
|
||||
|
||||
#### `/etc/apt/preferences.d/whatever`
|
||||
|
||||
```apt
|
||||
# Copied from https://www.wireguard.com/install/ (2020-01-11)
|
||||
# Default priority appears to be 500, so 90 results to unstable being
|
||||
# used when the package is not available anywhere else
|
||||
Package: *
|
||||
Pin: release a=unstable
|
||||
Pin-Priority: 90
|
||||
|
||||
Package: *
|
||||
Pin: release a=unstable-debug
|
||||
Pin-Priority: 90
|
||||
```
|
||||
|
||||
### sshd
|
||||
|
||||
If nothing else, **_please_** at least
|
||||
|
||||
```
|
||||
# ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
|
||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
|
||||
LogLevel VERBOSE
|
||||
PermitRootLogin prohibit-password
|
||||
PasswordAuthentication no
|
||||
AuthenticationMethods publickey
|
||||
```
|
||||
|
||||
### Encrypted DNS
|
||||
|
||||
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/systemd/resolved.conf.d
|
||||
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/unbound/unbound.conf.d
|
||||
|
||||
### `/etc/xdg/autostart`
|
||||
|
||||
Not having terminal autostarting for all users is pain.
|
||||
|
||||
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/xdg/autostart/kgx-tmux.desktop
|
||||
|
||||
```desktop
|
||||
[Desktop Entry]
|
||||
Terminal=true
|
||||
Exec=kgx --command="bash --norc -c tmux"
|
||||
Name=Tmux in Console
|
||||
Icon=org.gnome.Console
|
||||
```
|
||||
|
||||
### `aminda-*.{service,socket]`
|
||||
|
||||
They workaround either me or the distribution messing things up. While at it,
|
||||
don't forget `/etc/sysctl.d`
|
||||
|
||||
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/systemd/system
|
||||
|
||||
## Remember!
|
||||
|
||||
Not quite configuration, but I am not going to start inventing a new place for
|
||||
it.
|
||||
|
||||
### Accessing UEFI setup without key smashing
|
||||
|
||||
- systemd: there is a `systemctl reboot --firmware-setup`
|
||||
([spotted here](https://toot.io/@ProfessorCode@fosstodon.org/113009727720521254))
|
||||
- Plasma: in `systemsettings` section `desktop session` there is a checkbox to
|
||||
_after next boot, enter UEFI settings_ (via
|
||||
[reply to that](https://sauna.social/@justin@toot.io/113011195378808998))
|
||||
- Windows allows access to UEFI by pressing Shift while reboot
|
||||
([said here](https://sauna.social/@halva@wetdry.world/113011439141055477)) or
|
||||
simply `shutdown -r -t 1 -fw` twice
|
||||
([said here](https://infosec.exchange/@jernej__s/113012094181641667)).
|
||||
- GNOME: in the reboot after 60 seconds menu, hold alt to get into boot options
|
||||
([said here](https://chaos.social/@keywan/113012020348714057))
|
||||
- In boot loader the command `fwsetup` should take you there
|
||||
([said here](https://fedi.absturztau.be/notice/AlGqYz5GeJOQw9dfNo)). And
|
||||
anyone using either grub or systemd-bootd has probably seen the menu entry.
|
||||
- efibootmgr: `efibootmgr —bootnext 0000 && reboot`
|
||||
([said or implied here](https://infosec.exchange/@dodgybadger/113012265751917509))
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user