Manual backup: 2023-03-29 18:16:29
This commit is contained in:
parent
f27cc1c017
commit
504e0d5ff1
25 changed files with 69 additions and 100 deletions
29
.obsidian/workspace.json
vendored
29
.obsidian/workspace.json
vendored
|
@ -4,11 +4,11 @@
|
||||||
"type": "split",
|
"type": "split",
|
||||||
"children": [
|
"children": [
|
||||||
{
|
{
|
||||||
"id": "021e344303bcc5ab",
|
"id": "69404306ef47591b",
|
||||||
"type": "tabs",
|
"type": "tabs",
|
||||||
"children": [
|
"children": [
|
||||||
{
|
{
|
||||||
"id": "cd2f7f5f4235c327",
|
"id": "3020d37493983f72",
|
||||||
"type": "leaf",
|
"type": "leaf",
|
||||||
"state": {
|
"state": {
|
||||||
"type": "empty",
|
"type": "empty",
|
||||||
|
@ -120,20 +120,33 @@
|
||||||
"templater-obsidian:Templater": false
|
"templater-obsidian:Templater": false
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"active": "cd2f7f5f4235c327",
|
"active": "3020d37493983f72",
|
||||||
"lastOpenFiles": [
|
"lastOpenFiles": [
|
||||||
"KB/Linux/Server/Hetzner/Storagebox.md",
|
|
||||||
"README.md",
|
"README.md",
|
||||||
"KB/Linux/Disk Speed.md",
|
"KB/Android/ADB Backup.md",
|
||||||
"KB/Linux/AMD.md",
|
|
||||||
"KB/Linux/Desktop/Audio/EQ.md",
|
|
||||||
"KB/Linux/Desktop/Audio/aptx and pulseaudio.md",
|
"KB/Linux/Desktop/Audio/aptx and pulseaudio.md",
|
||||||
|
"KB/Linux/Desktop/Audio/EQ.md",
|
||||||
|
"KB/Linux/Desktop/KDE/KDE.md",
|
||||||
"KB/Linux/Desktop/KDE/KDE Tiling.md",
|
"KB/Linux/Desktop/KDE/KDE Tiling.md",
|
||||||
"KB/Linux/Desktop/Archinstall.md",
|
"KB/Linux/Desktop/Archinstall.md",
|
||||||
|
"KB/Linux/Desktop/Fonts.md",
|
||||||
|
"KB/Linux/Desktop/GPG - PGP.md",
|
||||||
|
"KB/Linux/Desktop/i3.md",
|
||||||
"KB/Linux/Desktop/Steam.md",
|
"KB/Linux/Desktop/Steam.md",
|
||||||
|
"KB/Linux/Desktop/Surface.md",
|
||||||
|
"KB/Linux/Desktop/sway.md",
|
||||||
|
"KB/Linux/Desktop/systemd.md",
|
||||||
|
"KB/Linux/Desktop/Theming Qt and Gtk.md",
|
||||||
|
"KB/Linux/Desktop/Tweaks.md",
|
||||||
|
"KB/Linux/Server/Hetzner/Storagebox.md",
|
||||||
|
"KB/Linux/Server/Hetzner/Upgrades.md",
|
||||||
|
"KB/Linux/Server/Bootstrap.md",
|
||||||
"KB/Linux/Server/DNS.md",
|
"KB/Linux/Server/DNS.md",
|
||||||
"KB/Linux/Server/Domains.md",
|
"KB/Linux/Server/Domains.md",
|
||||||
"KB/Linux/Server/PostgreSQL.md",
|
"KB/Linux/Server/PostgreSQL.md",
|
||||||
"KB/Linux/Server/Remote unlocking at boot.md"
|
"KB/Linux/Server/Security hardening.md",
|
||||||
|
"KB/Linux/Server/SSH Guard, iptables.md",
|
||||||
|
"KB/Linux/Server/Remote unlocking at boot.md",
|
||||||
|
"_Templates/Note Template.md"
|
||||||
]
|
]
|
||||||
}
|
}
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-08
|
||||||
tags: [note,android,adb,backup]
|
tags: [note,android,adb,backup]
|
||||||
---
|
---
|
||||||
|
|
||||||
# ADB Backup
|
|
||||||
|
|
||||||
A small tutorial on how to backup Android _application data_ via the `adb` tool. Currently, this is the only mechanism to backup the _entire_ device.
|
A small tutorial on how to backup Android _application data_ via the `adb` tool. Currently, this is the only mechanism to backup the _entire_ device.
|
||||||
|
|
||||||
If defaults won't work for you, have a look at the options for `adb` in the scripts. Defaults are that only _app data_ of installed and systems apps will be backed up. **NOT THE STORAGE ITSELF!**
|
If defaults won't work for you, have a look at the options for `adb` in the scripts. Defaults are that only _app data_ of installed and systems apps will be backed up. **NOT THE STORAGE ITSELF!**
|
||||||
|
@ -38,7 +36,7 @@ You need the `adb` tools in order for this to work:
|
||||||
|
|
||||||
Currently there's no script provided for restoring a backup as this is a single command in your command line. When your device is connected and in debug mode, use the following command pointing to the backup file you like to restore:
|
Currently there's no script provided for restoring a backup as this is a single command in your command line. When your device is connected and in debug mode, use the following command pointing to the backup file you like to restore:
|
||||||
|
|
||||||
```
|
```shell
|
||||||
# Windows (<Super/Windows key> + r, type 'cmd', press ENTER)
|
# Windows (<Super/Windows key> + r, type 'cmd', press ENTER)
|
||||||
adb restore C:\Users\<your-username>\mybackup.ab
|
adb restore C:\Users\<your-username>\mybackup.ab
|
||||||
|
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-09-03
|
||||||
tags: [note,arch,linux,archlinux,install]
|
tags: [note,arch,linux,archlinux,install]
|
||||||
---
|
---
|
||||||
|
|
||||||
# Archinstall
|
|
||||||
|
|
||||||
It has never been easier to install arch. Simply use the `archinstall` command!
|
It has never been easier to install arch. Simply use the `archinstall` command!
|
||||||
|
|
||||||
* Make a bootable USB stick with `dd bs=4M if=path/to/archlinux-version-x86_64.iso of=/dev/sdx conv=fsync oflag=direct status=progress`
|
* Make a bootable USB stick with `dd bs=4M if=path/to/archlinux-version-x86_64.iso of=/dev/sdx conv=fsync oflag=direct status=progress`
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-08
|
||||||
tags: [note,audio,pipewire,pulse,pulseaudio,linux,archlinux]
|
tags: [note,audio,pipewire,pulse,pulseaudio,linux,archlinux]
|
||||||
---
|
---
|
||||||
|
|
||||||
# Audio - EQ
|
|
||||||
|
|
||||||
* See [[KB/Linux/Desktop/Audio/pipewire.txt]] for packages
|
* See [[KB/Linux/Desktop/Audio/pipewire.txt]] for packages
|
||||||
* See [[KB/Linux/Desktop/Audio/pulseaudio.txt]] for packages
|
* See [[KB/Linux/Desktop/Audio/pulseaudio.txt]] for packages
|
||||||
|
|
||||||
|
@ -29,14 +27,14 @@ There are some very convenient settings you probably want to set.
|
||||||
* In `/etc/pipewire/media-session.d/media-session.{conf|confpause}` comment out `suspend-node` to enable suspending feature
|
* In `/etc/pipewire/media-session.d/media-session.{conf|confpause}` comment out `suspend-node` to enable suspending feature
|
||||||
* In `/etc/pipewire/media-session.d/alsa-monitor.conf` set a timeout so that your DAC/output device is able to always receive a signal if you like.
|
* In `/etc/pipewire/media-session.d/alsa-monitor.conf` set a timeout so that your DAC/output device is able to always receive a signal if you like.
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
node.pause-on-idle = false
|
node.pause-on-idle = false
|
||||||
session.suspend-timeout-seconds = 0 # or any number as seconds
|
session.suspend-timeout-seconds = 0 # or any number as seconds
|
||||||
```
|
```
|
||||||
|
|
||||||
* If you like, set a default _sample rate_ in `/etc/pipewire/pipewire.conf`, e.g. for 44.1kHz
|
* If you like, set a default _sample rate_ in `/etc/pipewire/pipewire.conf`, e.g. for 44.1kHz
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
default.clock.rate = 44100
|
default.clock.rate = 44100
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -46,7 +44,7 @@ There are some very convenient settings you probably want to set.
|
||||||
|
|
||||||
* Allow direct communication to device for PulseAudio. Edit ALSA configuration `/etc/asound.conf`.
|
* Allow direct communication to device for PulseAudio. Edit ALSA configuration `/etc/asound.conf`.
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
# Use PulseAudio plugin hw
|
# Use PulseAudio plugin hw
|
||||||
pcm.!default {
|
pcm.!default {
|
||||||
type plug
|
type plug
|
||||||
|
@ -56,7 +54,7 @@ There are some very convenient settings you probably want to set.
|
||||||
|
|
||||||
* (**OPTIONAL, DO IF YOU WANT A REMAPPED VERSION OF MAIN AUDIO DEVICE IN sink_name=**) Add some _default_ sink names (remap them) in PulseAudio `/etc/pulse/default.pa`. Use `pacmd list-sinks` and `pacmd list-sources` to list your devices and insert as _master_ below. Any user could use `sink_main` and `src_microphone` instead of the specific device as `sink_name=`. This is **OPTIONAL** if you use direct sink name in any user specific file later instead of "sink_main" and "src_microphone"
|
* (**OPTIONAL, DO IF YOU WANT A REMAPPED VERSION OF MAIN AUDIO DEVICE IN sink_name=**) Add some _default_ sink names (remap them) in PulseAudio `/etc/pulse/default.pa`. Use `pacmd list-sinks` and `pacmd list-sources` to list your devices and insert as _master_ below. Any user could use `sink_main` and `src_microphone` instead of the specific device as `sink_name=`. This is **OPTIONAL** if you use direct sink name in any user specific file later instead of "sink_main" and "src_microphone"
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
# create remapped sink/sources with proper names and description
|
# create remapped sink/sources with proper names and description
|
||||||
# pacmd list-sinks
|
# pacmd list-sinks
|
||||||
load-module module-remap-sink sink_name="sink_main" master="alsa_output.pci-0000_31_00.4.iec958-stereo" sink_properties=device.description="Toslink" remix=no
|
load-module module-remap-sink sink_name="sink_main" master="alsa_output.pci-0000_31_00.4.iec958-stereo" sink_properties=device.description="Toslink" remix=no
|
||||||
|
@ -66,7 +64,7 @@ There are some very convenient settings you probably want to set.
|
||||||
|
|
||||||
* Adapt `.config/pulse/daemon.conf`
|
* Adapt `.config/pulse/daemon.conf`
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
flat-volumes = no
|
flat-volumes = no
|
||||||
|
|
||||||
default-sample-channels = 2
|
default-sample-channels = 2
|
||||||
|
@ -93,7 +91,7 @@ Create and adapt configuration for dsp. See example below. Use EQ presets for yo
|
||||||
|
|
||||||
* Basic file structure
|
* Basic file structure
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
.config/ladspa_dsp
|
.config/ladspa_dsp
|
||||||
├── config_beyerdynamic_dt1990
|
├── config_beyerdynamic_dt1990
|
||||||
└── eq
|
└── eq
|
||||||
|
@ -101,14 +99,14 @@ Create and adapt configuration for dsp. See example below. Use EQ presets for yo
|
||||||
```
|
```
|
||||||
|
|
||||||
* The main configuration for an additional Pulse sink `.config/ladspa_dsp/config_beyerdynamic_dt1990`
|
* The main configuration for an additional Pulse sink `.config/ladspa_dsp/config_beyerdynamic_dt1990`
|
||||||
```sh
|
```shell
|
||||||
LC_NUMERIC=C
|
LC_NUMERIC=C
|
||||||
effects_chain=@eq/beyerdynamic_dt1990.conf
|
effects_chain=@eq/beyerdynamic_dt1990.conf
|
||||||
```
|
```
|
||||||
|
|
||||||
* The EQ settings derived from the target curve found for your headphones, e.g. `.config/ladspa_dsp/eq/beyerdynamic_dt1990.conf`
|
* The EQ settings derived from the target curve found for your headphones, e.g. `.config/ladspa_dsp/eq/beyerdynamic_dt1990.conf`
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
# Beyerdynamic DT 1990
|
# Beyerdynamic DT 1990
|
||||||
# preamp gain
|
# preamp gain
|
||||||
gain -4.0
|
gain -4.0
|
||||||
|
@ -120,7 +118,7 @@ Create and adapt configuration for dsp. See example below. Use EQ presets for yo
|
||||||
|
|
||||||
* Add a new sink _based on above remapped sink_main_ for the EQ present in `.config/pulse/default.pa` (also some other reasonable default settings)
|
* Add a new sink _based on above remapped sink_main_ for the EQ present in `.config/pulse/default.pa` (also some other reasonable default settings)
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
# load system defaults
|
# load system defaults
|
||||||
.include /etc/pulse/default.pa
|
.include /etc/pulse/default.pa
|
||||||
|
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-08
|
||||||
tags: [note,linux,archlinux,aptx,pulseaudio,bluetooth]
|
tags: [note,linux,archlinux,aptx,pulseaudio,bluetooth]
|
||||||
---
|
---
|
||||||
|
|
||||||
# aptx and pulseaudio
|
|
||||||
|
|
||||||
Inspect BT packages:
|
Inspect BT packages:
|
||||||
|
|
||||||
* Install [bluez-utils-compat](https://aur.archlinux.org/packages/bluez-utils-compat/)
|
* Install [bluez-utils-compat](https://aur.archlinux.org/packages/bluez-utils-compat/)
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-08
|
||||||
tags: [note,linux,archlinux,fonts]
|
tags: [note,linux,archlinux,fonts]
|
||||||
---
|
---
|
||||||
|
|
||||||
# Fonts
|
|
||||||
|
|
||||||
Probably you want the following installed:
|
Probably you want the following installed:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-12
|
||||||
tags: [note,linux,gpg,pgp]
|
tags: [note,linux,gpg,pgp]
|
||||||
---
|
---
|
||||||
|
|
||||||
# GPG
|
|
||||||
|
|
||||||
## Creation
|
## Creation
|
||||||
**Really, set up an expiration date, otherwise you'll end up with non-revokable keys!**
|
**Really, set up an expiration date, otherwise you'll end up with non-revokable keys!**
|
||||||
|
|
||||||
|
@ -20,7 +18,7 @@ Generate at least 3072 bit key with an expiration date, e.g. with Seahorse or `g
|
||||||
|
|
||||||
## gpg.conf
|
## gpg.conf
|
||||||
|
|
||||||
```
|
```shell
|
||||||
keyserver hkp://keys.gnupg.net
|
keyserver hkp://keys.gnupg.net
|
||||||
keyserver hkps://keys.openpgp.org
|
keyserver hkps://keys.openpgp.org
|
||||||
keyserver hkp://pool.sks-keyservers.net:11371
|
keyserver hkp://pool.sks-keyservers.net:11371
|
||||||
|
@ -31,13 +29,13 @@ keyserver hkp://pgp.mit.edu:11371
|
||||||
|
|
||||||
Search and edit with dconf `.../keyserver`:
|
Search and edit with dconf `.../keyserver`:
|
||||||
|
|
||||||
```
|
```shell
|
||||||
['hkp://keys.gnupg.net', 'hkps://keys.openpgp.org', 'hkp://pool.sks-keyservers.net:11371', 'hkp://pgp.mit.edu:11371']
|
['hkp://keys.gnupg.net', 'hkps://keys.openpgp.org', 'hkp://pool.sks-keyservers.net:11371', 'hkp://pgp.mit.edu:11371']
|
||||||
```
|
```
|
||||||
|
|
||||||
## Export/Revoke
|
## Export/Revoke
|
||||||
|
|
||||||
```
|
```shell
|
||||||
export MY_GPG_ID=theID
|
export MY_GPG_ID=theID
|
||||||
gpg --armor --output public-key.gpg --export $MY_GPG_ID
|
gpg --armor --output public-key.gpg --export $MY_GPG_ID
|
||||||
gpg --armor --output private-key.gpg --export-secret-keys $MY_GPG_ID
|
gpg --armor --output private-key.gpg --export-secret-keys $MY_GPG_ID
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-08
|
||||||
tags: [note,linux,kde,archlinux,wm,tiling]
|
tags: [note,linux,kde,archlinux,wm,tiling]
|
||||||
---
|
---
|
||||||
|
|
||||||
# Config Tiling
|
|
||||||
|
|
||||||
* Install Krohnkite and visit the GitHub page to enable settings
|
* Install Krohnkite and visit the GitHub page to enable settings
|
||||||
* Set proper shortcuts using suffix `(tiling)`
|
* Set proper shortcuts using suffix `(tiling)`
|
||||||
* See hints at [https://github-wiki-see.page/m/esjeon/krohnkite/wiki/Tips](https://github-wiki-see.page/m/esjeon/krohnkite/wiki/Tips)
|
* See hints at [https://github-wiki-see.page/m/esjeon/krohnkite/wiki/Tips](https://github-wiki-see.page/m/esjeon/krohnkite/wiki/Tips)
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-08
|
||||||
tags: [note,kde,linux,archlinux]
|
tags: [note,kde,linux,archlinux]
|
||||||
---
|
---
|
||||||
|
|
||||||
# KDE
|
|
||||||
|
|
||||||
A guide how to setup KDE similar to GNOME experience.
|
A guide how to setup KDE similar to GNOME experience.
|
||||||
|
|
||||||
* Install packages `plasma` (all and maybe uninstall `discover` later)
|
* Install packages `plasma` (all and maybe uninstall `discover` later)
|
||||||
|
@ -22,21 +20,21 @@ A guide how to setup KDE similar to GNOME experience.
|
||||||
* Different uses of _meta_ key
|
* Different uses of _meta_ key
|
||||||
* Native _"show all"_ windows
|
* Native _"show all"_ windows
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
kwriteconfig5 --file ~/.config/kwinrc --group ModifierOnlyShortcuts --key Meta "org.kde.kglobalaccel,/component/kwin,org.kde.kglobalaccel.Component,invokeShortcut,ExposeAll";
|
kwriteconfig5 --file ~/.config/kwinrc --group ModifierOnlyShortcuts --key Meta "org.kde.kglobalaccel,/component/kwin,org.kde.kglobalaccel.Component,invokeShortcut,ExposeAll";
|
||||||
qdbus org.kde.KWin /KWin reconfigure;
|
qdbus org.kde.KWin /KWin reconfigure;
|
||||||
```
|
```
|
||||||
|
|
||||||
* Native _"show current workspace"_ windows
|
* Native _"show current workspace"_ windows
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
kwriteconfig5 --file ~/.config/kwinrc --group ModifierOnlyShortcuts --key Meta "org.kde.kglobalaccel,/component/kwin,org.kde.kglobalaccel.Component,invokeShortcut,Expose";
|
kwriteconfig5 --file ~/.config/kwinrc --group ModifierOnlyShortcuts --key Meta "org.kde.kglobalaccel,/component/kwin,org.kde.kglobalaccel.Component,invokeShortcut,Expose";
|
||||||
qdbus org.kde.KWin /KWin reconfigure;
|
qdbus org.kde.KWin /KWin reconfigure;
|
||||||
```
|
```
|
||||||
|
|
||||||
* kwin script _Parachute_ to simulate behavior which requires https://github.com/tcorreabr/Parachute (via _AUR_)
|
* kwin script _Parachute_ to simulate behavior which requires https://github.com/tcorreabr/Parachute (via _AUR_)
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
kwriteconfig5 --file ~/.config/kwinrc --group ModifierOnlyShortcuts --key Meta "org.kde.kglobalaccel,/component/kwin,org.kde.kglobalaccel.Component,invokeShortcut,Parachute";
|
kwriteconfig5 --file ~/.config/kwinrc --group ModifierOnlyShortcuts --key Meta "org.kde.kglobalaccel,/component/kwin,org.kde.kglobalaccel.Component,invokeShortcut,Parachute";
|
||||||
qdbus org.kde.KWin /KWin reconfigure;
|
qdbus org.kde.KWin /KWin reconfigure;
|
||||||
```
|
```
|
||||||
|
@ -44,7 +42,7 @@ A guide how to setup KDE similar to GNOME experience.
|
||||||
* Use systemd start instead of boot scripts: `kwriteconfig5 --file startkderc --group General --key systemdBoot true`
|
* Use systemd start instead of boot scripts: `kwriteconfig5 --file startkderc --group General --key systemdBoot true`
|
||||||
* Maybe sync the following configuration files to track changes
|
* Maybe sync the following configuration files to track changes
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
.config/kdeglobals
|
.config/kdeglobals
|
||||||
.config/kglobalshortcutsrc
|
.config/kglobalshortcutsrc
|
||||||
.config/khotkeysrc
|
.config/khotkeysrc
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-09-02
|
||||||
tags: [surface,linux,sp8,microsoft]
|
tags: [surface,linux,sp8,microsoft]
|
||||||
---
|
---
|
||||||
|
|
||||||
# Surface
|
|
||||||
|
|
||||||
A guide for the [Surface Pro 8](https://github.com/linux-surface/linux-surface/wiki/Surface-Pro-8). Based on https://github.com/linux-surface/linux-surface/wiki.
|
A guide for the [Surface Pro 8](https://github.com/linux-surface/linux-surface/wiki/Surface-Pro-8). Based on https://github.com/linux-surface/linux-surface/wiki.
|
||||||
|
|
||||||
This guide is for [ArchLinux](https://archlinux.org/) and improves the instructions to be more structured and suited for the SP8.
|
This guide is for [ArchLinux](https://archlinux.org/) and improves the instructions to be more structured and suited for the SP8.
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-08
|
||||||
tags: [note,qt,gtk,linux,archlinux]
|
tags: [note,qt,gtk,linux,archlinux]
|
||||||
---
|
---
|
||||||
|
|
||||||
# Theming Qt and Gtk
|
|
||||||
|
|
||||||
Based on [ArchLinux Wiki](https://wiki.archlinux.org/title/Uniform_look_for_Qt_and_GTK_applications).
|
Based on [ArchLinux Wiki](https://wiki.archlinux.org/title/Uniform_look_for_Qt_and_GTK_applications).
|
||||||
|
|
||||||
Unify Qt5/Qt6 and GTK2/GTK3/GTK4 design.
|
Unify Qt5/Qt6 and GTK2/GTK3/GTK4 design.
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-08
|
||||||
tags: [note,archlinux]
|
tags: [note,archlinux]
|
||||||
---
|
---
|
||||||
|
|
||||||
# Tweaks
|
|
||||||
|
|
||||||
**TAKEN FROM:** https://gist.github.com/lbrame/1678c00213c2bd069c0a59f8733e0ee6
|
**TAKEN FROM:** https://gist.github.com/lbrame/1678c00213c2bd069c0a59f8733e0ee6
|
||||||
|
|
||||||
This is a collection of the tweaks and modification I've made to my Arch Linux installation over the months. These may be applicable to other distros, but please check first before doing anything. I also included Arch Wiki references for all the procedures I mentioned. My recommendation is not to blindly follow this gist but to always check with the Arch Linux wiki first. Things move fast and by the time you're reading this my gist may be out of date. Lastly, the golden rule: never execute a command you don't understand.
|
This is a collection of the tweaks and modification I've made to my Arch Linux installation over the months. These may be applicable to other distros, but please check first before doing anything. I also included Arch Wiki references for all the procedures I mentioned. My recommendation is not to blindly follow this gist but to always check with the Arch Linux wiki first. Things move fast and by the time you're reading this my gist may be out of date. Lastly, the golden rule: never execute a command you don't understand.
|
||||||
|
@ -99,8 +97,8 @@ systemctl enable tlp.service --now
|
||||||
|
|
||||||
`powertop` is a powerful commandline program to keep track of battery consumption. It also allows the user to quickly alter some system settings that have an impact on battery life. You can use it to make a quick tuning:
|
`powertop` is a powerful commandline program to keep track of battery consumption. It also allows the user to quickly alter some system settings that have an impact on battery life. You can use it to make a quick tuning:
|
||||||
|
|
||||||
```
|
```shell
|
||||||
# powertop --auto-tune
|
powertop --auto-tune
|
||||||
```
|
```
|
||||||
|
|
||||||
However, don't enable `powertop`'s service if you already use TLP.
|
However, don't enable `powertop`'s service if you already use TLP.
|
||||||
|
@ -115,16 +113,16 @@ Arch Wiki reference: https://wiki.archlinux.org/index.php/Systemd/
|
||||||
|
|
||||||
Systemd's system journal's size can go out of control. There are some things you can do to keep it in control:
|
Systemd's system journal's size can go out of control. There are some things you can do to keep it in control:
|
||||||
|
|
||||||
```
|
```shell
|
||||||
# journalctl --vacuum-size=100M
|
journalctl --vacuum-size=100M
|
||||||
# journalctl --vacuum-time=2weeks
|
journalctl --vacuum-time=2weeks
|
||||||
```
|
```
|
||||||
|
|
||||||
### Forwarding the journal to /dev/tty12
|
### Forwarding the journal to /dev/tty12
|
||||||
|
|
||||||
This is very simple. Just create the file `/etc/systemd/journald.conf.d/fw-tty12.conf` and fill it like this:
|
This is very simple. Just create the file `/etc/systemd/journald.conf.d/fw-tty12.conf` and fill it like this:
|
||||||
|
|
||||||
```
|
```shell
|
||||||
[Journal]
|
[Journal]
|
||||||
ForwardToConsole=yes
|
ForwardToConsole=yes
|
||||||
TTYPath=/dev/tty12
|
TTYPath=/dev/tty12
|
||||||
|
@ -133,8 +131,8 @@ MaxLevelConsole=info
|
||||||
|
|
||||||
Then, restart the service:
|
Then, restart the service:
|
||||||
|
|
||||||
```
|
```shell
|
||||||
# systemctl restart systemd-journald.service
|
systemctl restart systemd-journald.service
|
||||||
```
|
```
|
||||||
|
|
||||||
## Microcode
|
## Microcode
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-08
|
||||||
tags: [note,linux,wm,archlinux,i3]
|
tags: [note,linux,wm,archlinux,i3]
|
||||||
---
|
---
|
||||||
|
|
||||||
# i3
|
|
||||||
|
|
||||||
i3 is a tiling WM for X.org. Use [[KB/Linux/Desktop/sway]] for Wayland.
|
i3 is a tiling WM for X.org. Use [[KB/Linux/Desktop/sway]] for Wayland.
|
||||||
|
|
||||||
Install i3 packages
|
Install i3 packages
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-02-06
|
||||||
tags: [note,sway,i3,linux]
|
tags: [note,sway,i3,linux]
|
||||||
---
|
---
|
||||||
|
|
||||||
# sway
|
|
||||||
|
|
||||||
Sway is a replacement for [[KB/Linux/Desktop/i3]] but for _Wayland_.
|
Sway is a replacement for [[KB/Linux/Desktop/i3]] but for _Wayland_.
|
||||||
|
|
||||||
## Install
|
## Install
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-08
|
||||||
tags: [note,systemd,linux,archlinux]
|
tags: [note,systemd,linux,archlinux]
|
||||||
---
|
---
|
||||||
|
|
||||||
# systemd
|
|
||||||
|
|
||||||
Arch Wiki reference: https://wiki.archlinux.org/index.php/Systemd/
|
Arch Wiki reference: https://wiki.archlinux.org/index.php/Systemd/
|
||||||
|
|
||||||
## Taming the journal's size
|
## Taming the journal's size
|
||||||
|
|
|
@ -3,11 +3,9 @@ creation date: 2022-01-08
|
||||||
tags: [note,linux,archlinux,install]
|
tags: [note,linux,archlinux,install]
|
||||||
---
|
---
|
||||||
|
|
||||||
# Bootstrap
|
|
||||||
|
|
||||||
1. Install some packages:
|
1. Install some packages:
|
||||||
|
|
||||||
```
|
```shell
|
||||||
pacman -S docker docker-compose pacman-contrib git reflector htop dfc ps_mem nginx certbot nano zsh zsh-syntax-highlighting nano-syntax-highlighting rsync pkgfile ntp inetutils which
|
pacman -S docker docker-compose pacman-contrib git reflector htop dfc ps_mem nginx certbot nano zsh zsh-syntax-highlighting nano-syntax-highlighting rsync pkgfile ntp inetutils which
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -28,7 +26,7 @@ tags: [note,linux,archlinux,install]
|
||||||
|
|
||||||
9. Disable and uninstall services from image install
|
9. Disable and uninstall services from image install
|
||||||
|
|
||||||
```
|
```shell
|
||||||
systemctl disable --now cloud-config.service cloud-final.service cloud-init-local.service cloud-init.service cronie.service
|
systemctl disable --now cloud-config.service cloud-final.service cloud-init-local.service cloud-init.service cronie.service
|
||||||
pacman -Rsnc cronie
|
pacman -Rsnc cronie
|
||||||
```
|
```
|
||||||
|
@ -37,7 +35,7 @@ tags: [note,linux,archlinux,install]
|
||||||
|
|
||||||
11. Adjust network config in `/etc/systemd/network` and `/etc/resolv.conf` and `/etc/hosts`
|
11. Adjust network config in `/etc/systemd/network` and `/etc/resolv.conf` and `/etc/hosts`
|
||||||
|
|
||||||
```
|
```shell
|
||||||
#
|
#
|
||||||
# /etc/hosts: static lookup table for host names
|
# /etc/hosts: static lookup table for host names
|
||||||
#
|
#
|
||||||
|
@ -53,7 +51,7 @@ tags: [note,linux,archlinux,install]
|
||||||
|
|
||||||
14. Install AUR wrapper with `admin`
|
14. Install AUR wrapper with `admin`
|
||||||
|
|
||||||
```
|
```shell
|
||||||
sudo su admin
|
sudo su admin
|
||||||
cd
|
cd
|
||||||
mkdir -p packages/yay-bin
|
mkdir -p packages/yay-bin
|
||||||
|
@ -77,7 +75,7 @@ tags: [note,linux,archlinux,install]
|
||||||
|
|
||||||
20. Copy `/root/scripts` to new server.
|
20. Copy `/root/scripts` to new server.
|
||||||
|
|
||||||
```
|
```shell
|
||||||
# copy /etc/mail.rc
|
# copy /etc/mail.rc
|
||||||
pacman -S s-nail
|
pacman -S s-nail
|
||||||
```
|
```
|
||||||
|
|
|
@ -3,20 +3,18 @@ creation date: 2022-01-08
|
||||||
tags: [note,linux,archlinux,dns]
|
tags: [note,linux,archlinux,dns]
|
||||||
---
|
---
|
||||||
|
|
||||||
# DNS
|
|
||||||
|
|
||||||
**Please use a local unbound which is even better!**
|
**Please use a local unbound which is even better!**
|
||||||
|
|
||||||
Start and enable
|
Start and enable
|
||||||
|
|
||||||
```
|
```shell
|
||||||
systemd-networkd
|
systemd-networkd
|
||||||
systemd-resolved
|
systemd-resolved
|
||||||
```
|
```
|
||||||
|
|
||||||
If you desire that any network manager cannot change the DNS servers, then execute `sudo chattr -i /etc/resolv.conf; sudo nano /etc/resolv.conf; sudo chattr +i /etc/resolv.conf` to insert the following content:
|
If you desire that any network manager cannot change the DNS servers, then execute `sudo chattr -i /etc/resolv.conf; sudo nano /etc/resolv.conf; sudo chattr +i /etc/resolv.conf` to insert the following content:
|
||||||
|
|
||||||
```
|
```shell
|
||||||
options timeout:1
|
options timeout:1
|
||||||
nameserver 80.241.218.68
|
nameserver 80.241.218.68
|
||||||
nameserver 46.182.19.48
|
nameserver 46.182.19.48
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-08
|
||||||
tags: [note,archlinux,linux,domains]
|
tags: [note,archlinux,linux,domains]
|
||||||
---
|
---
|
||||||
|
|
||||||
# Domains
|
|
||||||
|
|
||||||
Add new domains
|
Add new domains
|
||||||
|
|
||||||
1. Add new listen inside `systemd-boot`
|
1. Add new listen inside `systemd-boot`
|
||||||
|
|
|
@ -23,7 +23,7 @@ AA.....
|
||||||
|
|
||||||
## Create a compatible ssh key and transfer to the user
|
## Create a compatible ssh key and transfer to the user
|
||||||
|
|
||||||
```
|
```shell
|
||||||
ssh-keygen-rsa id_rsa
|
ssh-keygen-rsa id_rsa
|
||||||
|
|
||||||
ssh-keygen -e -f .ssh/id_rsa.pub | grep -v "Comment:" > .ssh/id_rsa_rfc.pub
|
ssh-keygen -e -f .ssh/id_rsa.pub | grep -v "Comment:" > .ssh/id_rsa_rfc.pub
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-08
|
||||||
tags: [note,linux,archlinux]
|
tags: [note,linux,archlinux]
|
||||||
---
|
---
|
||||||
|
|
||||||
# Upgrades
|
|
||||||
|
|
||||||
This assumes, that you have `dotfiles-system` installed.
|
This assumes, that you have `dotfiles-system` installed.
|
||||||
|
|
||||||
Upgrading the VM includes the following sub tasks:
|
Upgrading the VM includes the following sub tasks:
|
||||||
|
|
|
@ -3,11 +3,9 @@ creation date: 2022-01-08
|
||||||
tags: [note,linux,postgres,database,postgresql,psql,archlinux]
|
tags: [note,linux,postgres,database,postgresql,psql,archlinux]
|
||||||
---
|
---
|
||||||
|
|
||||||
# PostgreSQL
|
|
||||||
|
|
||||||
## Commonly used
|
## Commonly used
|
||||||
|
|
||||||
```
|
```shell
|
||||||
-- list all users
|
-- list all users
|
||||||
\du
|
\du
|
||||||
|
|
||||||
|
@ -50,7 +48,7 @@ DROP USER <user>;
|
||||||
|
|
||||||
## Updating major versions
|
## Updating major versions
|
||||||
|
|
||||||
```
|
```shell
|
||||||
systemctl start postgresql.service // if not already running
|
systemctl start postgresql.service // if not already running
|
||||||
chown postgres:postgres /var/lib/postgres
|
chown postgres:postgres /var/lib/postgres
|
||||||
sudo -i -u postgres
|
sudo -i -u postgres
|
||||||
|
@ -75,7 +73,7 @@ exit
|
||||||
|
|
||||||
* Backup existing instance:
|
* Backup existing instance:
|
||||||
|
|
||||||
```
|
```shell
|
||||||
// host
|
// host
|
||||||
docker-compose down
|
docker-compose down
|
||||||
cp -r <data-dir> <data-dir-bak>
|
cp -r <data-dir> <data-dir-bak>
|
||||||
|
@ -93,7 +91,7 @@ exit
|
||||||
```
|
```
|
||||||
* Change major version tag of container, e.g. edit `docker-compose`
|
* Change major version tag of container, e.g. edit `docker-compose`
|
||||||
* Restore old database dump
|
* Restore old database dump
|
||||||
```
|
```shell
|
||||||
// host
|
// host
|
||||||
docker-compose up -d
|
docker-compose up -d
|
||||||
docker cp old_backup.sql <container-name>:/old_backup.sql
|
docker cp old_backup.sql <container-name>:/old_backup.sql
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-07-18
|
||||||
tags: [ssh,cryptsetup,remote,unlock,crypt]
|
tags: [ssh,cryptsetup,remote,unlock,crypt]
|
||||||
---
|
---
|
||||||
|
|
||||||
# Remote unlocking at boot
|
|
||||||
|
|
||||||
Guide borrowed from https://linux.fernandocejas.com/docs/guides/decrypt-luks-partition-remotely-via-ssh.
|
Guide borrowed from https://linux.fernandocejas.com/docs/guides/decrypt-luks-partition-remotely-via-ssh.
|
||||||
|
|
||||||
1. Install `pacman -S mkinitcpio-systemd-tool busybox cryptsetup openssh tinyssh tinyssh-convert mc`
|
1. Install `pacman -S mkinitcpio-systemd-tool busybox cryptsetup openssh tinyssh tinyssh-convert mc`
|
||||||
|
|
|
@ -3,12 +3,10 @@ creation date: 2022-01-08
|
||||||
tags: [note,archlinux,linux,security,ssh,iptables]
|
tags: [note,archlinux,linux,security,ssh,iptables]
|
||||||
---
|
---
|
||||||
|
|
||||||
# SSH Guard, iptables
|
|
||||||
|
|
||||||
## SSH
|
## SSH
|
||||||
Disable weak ciphers by adding the following to the `sshd_config` file:
|
Disable weak ciphers by adding the following to the `sshd_config` file:
|
||||||
|
|
||||||
```
|
```shell
|
||||||
# Disable weak ciphers
|
# Disable weak ciphers
|
||||||
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512
|
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512
|
||||||
MACs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
|
MACs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
|
||||||
|
@ -25,7 +23,7 @@ Ports `22` and `2222` will be monitored in this example.
|
||||||
|
|
||||||
Also see [here](https://wiki.archlinux.org/index.php/Sshguard#iptables).
|
Also see [here](https://wiki.archlinux.org/index.php/Sshguard#iptables).
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
# IPv4
|
# IPv4
|
||||||
iptables -N sshguard
|
iptables -N sshguard
|
||||||
iptables -A INPUT -m multiport -p tcp --destination-ports 22,2222 -j sshguard
|
iptables -A INPUT -m multiport -p tcp --destination-ports 22,2222 -j sshguard
|
||||||
|
@ -39,18 +37,18 @@ ip6tables-save > /etc/iptables/ip6tables.rules
|
||||||
|
|
||||||
Start with `systemctl enable --now sshguard` or restart afterwards with `systemctl restart sshguard` to apply or `ExecStartPre=` above in sshguard's systemd file.
|
Start with `systemctl enable --now sshguard` or restart afterwards with `systemctl restart sshguard` to apply or `ExecStartPre=` above in sshguard's systemd file.
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
ExecStartPre=/bin/bash -c '(while ! nc -z -v -w1 localhost 2222 > /dev/null; do echo "Waiting for port 2222 to open..."; sleep 15; done); sleep 10'
|
ExecStartPre=/bin/bash -c '(while ! nc -z -v -w1 localhost 2222 > /dev/null; do echo "Waiting for port 2222 to open..."; sleep 15; done); sleep 10'
|
||||||
```
|
```
|
||||||
|
|
||||||
or create the following file and execute on every reboot with a certain, e.g. with
|
or create the following file and execute on every reboot with a certain, e.g. with
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
[Timer]
|
[Timer]
|
||||||
OnBootSec=1min
|
OnBootSec=1min
|
||||||
```
|
```
|
||||||
|
|
||||||
```sh
|
```shell
|
||||||
# IPv4
|
# IPv4
|
||||||
iptables -N sshguard && \
|
iptables -N sshguard && \
|
||||||
iptables -A INPUT -m multiport -p tcp --destination-ports 22,2222 -j sshguard && \
|
iptables -A INPUT -m multiport -p tcp --destination-ports 22,2222 -j sshguard && \
|
||||||
|
|
|
@ -3,8 +3,6 @@ creation date: 2022-01-08
|
||||||
tags: [note,linux,archlinux,security,hardening]
|
tags: [note,linux,archlinux,security,hardening]
|
||||||
---
|
---
|
||||||
|
|
||||||
# Security hardening
|
|
||||||
|
|
||||||
## ssh
|
## ssh
|
||||||
`ssh-guard` allowed.
|
`ssh-guard` allowed.
|
||||||
|
|
||||||
|
@ -12,14 +10,14 @@ tags: [note,linux,archlinux,security,hardening]
|
||||||
|
|
||||||
Execute the following
|
Execute the following
|
||||||
|
|
||||||
```
|
```shell
|
||||||
mkdir -p /etc/nginx/ssl
|
mkdir -p /etc/nginx/ssl
|
||||||
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
|
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
|
||||||
```
|
```
|
||||||
|
|
||||||
In `nginx.conf`, set the following inside the `http` block:
|
In `nginx.conf`, set the following inside the `http` block:
|
||||||
|
|
||||||
```
|
```shell
|
||||||
# security hardened
|
# security hardened
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
```
|
```
|
||||||
|
@ -27,7 +25,7 @@ server_tokens off;
|
||||||
|
|
||||||
For each `server` block, set the following
|
For each `server` block, set the following
|
||||||
|
|
||||||
```
|
```shell
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
|
|
||||||
# enable session resumption to improve https performance
|
# enable session resumption to improve https performance
|
||||||
|
@ -59,7 +57,7 @@ access_log off;
|
||||||
|
|
||||||
## PHP
|
## PHP
|
||||||
|
|
||||||
```
|
```shell
|
||||||
session.cookie_secure = true
|
session.cookie_secure = true
|
||||||
session.use_only_cookies = 1
|
session.use_only_cookies = 1
|
||||||
session.cookie_httponly = true
|
session.cookie_httponly = true
|
||||||
|
@ -69,7 +67,7 @@ session.cookie_httponly = true
|
||||||
|
|
||||||
Set maximum journal retention in `/etc/systemd/journald.conf`:
|
Set maximum journal retention in `/etc/systemd/journald.conf`:
|
||||||
|
|
||||||
```
|
```shell
|
||||||
MaxRetentionSec=604800
|
MaxRetentionSec=604800
|
||||||
MaxFileSec=86400
|
MaxFileSec=86400
|
||||||
```
|
```
|
||||||
|
|
|
@ -3,6 +3,6 @@ creation date: <% tp.date.now("YYYY-MM-DD") %>
|
||||||
tags: [note]
|
tags: [note]
|
||||||
---
|
---
|
||||||
|
|
||||||
# <% tp.file.title %>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue