thisven/Website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add computer documentation

Browse source
This commit is contained in:
this.ven 2024-03-31 20:15:33 +02:00
parent a304aa55f6
commit 08fc78c6c2
7 changed files with 495 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
content/docs/_index.md
View file

@ -1,6 +1,6 @@
---
title: 'Docs'
date: 2024-01-01T19:41:48+01:00
date: 2024-03-31T17:26:41+02:00
draft: true
---
@ -8,6 +8,8 @@ This is the documentation of my approaches for realizing the this.ven project.
You can find the field of endeavour in the left pane and below.
{{< cards >}}
{{< card link="computer/" title="Computer" icon="desktop-computer"
subtitle="General setup and tweaking" >}}
{{< card link="graphics/" title="Graphics" icon="photograph"
subtitle="Graphics design and editing" >}}
{{< card link="infrastructure/" title="Infrastructure" icon="cog"

36
content/docs/computer/_index.md Normal file
View file

@ -0,0 +1,36 @@
---
title: 'Computer'
date: 2024-03-31T17:27:21+02:00
draft: true
---
By the way, I use
> a lightweight and flexible Linux® distribution that tries to Keep It Simple.
> — <cite>Arch Linux</cite>[^1]
The Arch Linux principles[^2] render it an ideal foundation for fine-tuning a
system to personal needs. Though this requires using the command-line interface
and get involved with technology details, you are one step closer to know your
system inside out.
{{< callout type="warning" >}}
From my experience Arch Linux is not a beginner's choice. For this reason, you
may consider [Manjaro](https://manjaro.org/), which is based on Arch Linux.
For certain use cases [Ubuntu Studio](https://ubuntustudio.org/) (Pro audio),
[Kali Linux](https://www.kali.org/) (Pentesting and IT security evaluation),
or [Tails](https://tails.boum.org/) (Privacy and activism) are better options.
{{< /callout >}}
This collection of guides documents my installation and system setup.
{{< cards >}}
{{< card link="system-preparation/" title="System preparation"
image="system-preparation/img/nvme-lsblk.png"
imageStyle="aspect-ratio: 16/9; object-fit:contain;"
subtitle="Notes on the official Arch Linux installation guide" >}}
{{< /cards >}}
[^1]: A quote from the [Arch Linux](https://archlinux.org/) website
[^2]: The [principles](https://wiki.archlinux.org/title/Arch_Linux#Principles)
of Arch Linux in the ArchWiki

447
content/docs/computer/system-preparation/_index.md Normal file
View file

@ -0,0 +1,447 @@
---
title: 'System preparation'
date: 2024-03-31T18:03:41+02:00
draft: true
---
These notes expand from the *Boot the live environment* to the *Reboot* section
in the [install guide](https://wiki.archlinux.org/title/Installation_guide).
Due to hardware specifics and different environmental conditions, such as the
Internet connection, you may need to adapt and troubleshoot on your own.
## Booting the target machine
I connect the target machine using wired ethernet and insert an installation
medium (USB flash) prepared earlier to boot the installation system. This way
I can avoid troubleshooting of missing drivers and unsupported wireless NIC[^1]
hardware.
## Changing crucial UEFI settings
### Disable Secure Boot
For most computers it is necessary to disable Secure Boot[^2] in order to boot the
installation system from an installation medium, such as an USB flash drive. On
my hardware this has already been turned off.
### Switch RAID mode off
Some computers provide a RAID[^3] mode for storage devices, which is mostly not
detected by Linux due to proprietary drivers. I use the UEFI settings to switch
the storage settings to *AHCI* (or *SATA*) mode instead of any RAID mode.
## Live environment setup
In the live environment, I set a German console keymap using the command:
```bash
loadkeys de-latin1
```
I list the *UEFI variables* to verify the UEFI boot mode by issueing:
```bash
ls /sys/firmware/efi/efivars
```
I ensure networking by querying the link status and verify the connection with a
ping to the `archlinux.org` site:
```bash
ip link
ping archlinux.org
```
I synchronize the system clock via NTP[^4]:
```bash
timedatectl set-ntp true
```
## Disk partition layout
I [partition](https://wiki.archlinux.org/title/Partitioning) the disk and
encrypt the partitions to protect data at rest. The first partition is used as
*EFI system partition* mounted at `/boot`. Partition 2 will become a LUKS2[^5]
encrypted partition carrying a *Logical Volume Group* (LVG) managed by LVM[^6].
The LVG consists of three logical volumes for Swap[^7] space, `/home` and `/`
(root). This layout is known as *LVM on LUKS* and illustrated below:
```
+----------------+ +-----------------------------------------------------------+
| Boot partition | | Logical volume 1 | Logical volume 2 | Logical volume 3 |
| | | | | |
| /boot | | [Swap] | / | /home |
| | | | | |
| | | /dev/lvg/swap | /dev/lvg/root | /dev/lvg/home |
| | |_ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _|
| | | |
| | | LUKS2 encrypted partition |
| /dev/nvme0n1p1 | | /dev/nvme0n1p2 |
+----------------+ +-----------------------------------------------------------+
```
### Partitioning
I identify the block device (e.g. `/dev/nvme0n1`) using `lsblk` and modify the
partitions as follows:
```bash
fdisk /dev/nvme0n1
```
I create two partitions:
1. *EFI system partition*, 940 MB, type ID: 1
2. *Linux filesystem partition*, remaining space, type ID: 20 (default)
The [fdisk](https://wiki.archlinux.org/title/Fdisk) command sequence for an
unpartitioned disk is:
- g (use [GPT](https://wiki.archlinux.org/title/GPT))
- n
- 1 (default, you can also use `Return`)
- `Return` (as it typically defaults to disk sector 2048)
- +940M
- t
- 1 (default, you can also use `Return`)
- 1
- n
- 2 (default, you can also use `Return`)
- `Return` (as it defaults to first disk sector)
- `Return` (as it defaults to last disk sector)
- w
### Encryption and LVM
I encrypt the second partition as a LUKS container by using a strong passphrase:
```bash
cryptsetup luksFormat /dev/nvme0n1p2
```
Next, I open this container using `lvg` as the device mapper name:
```bash
cryptsetup open /dev/nvme0n1p2 lvg
```
I create a *Physical Volume* (PV) on top of the container at `/dev/mapper/lvg`:
```bash
pvcreate /dev/mapper/lvg
```
I create a *Volume Group* (VG) `lvg` and add the previously created PV to it:
```bash
vgcreate lvg /dev/mapper/lvg
```
I create a *Logical Volume* (LV) for each filesystem (`/`, `/home`, and Swap):
```bash
lvcreate -L 16G lvg -n swap
lvcreate -L 40G lvg -n root
lvcreate -l 100%FREE lvg -n home
```
{{< callout type="info" >}}
The size of the first LV depends on the amount of memory of your hardware
configuration. If you have more than 16 GB of memory, create a swap space
accordingly in order to use [hibernation](https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation).
{{< /callout >}}
### Formatting and mounting
I format the LVs with [ext4](https://wiki.archlinux.org/title/Ext4) and a
[swap](https://wiki.archlinux.org/title/Swap) filesystem (FS), respectively:
```bash
mkfs.ext4 /dev/lvg/root
mkfs.ext4 /dev/lvg/home
mkswap /dev/lvg/swap
```
The boot partition uses a [FAT32](https://wiki.archlinux.org/title/FAT) FS:
```bash
mkfs.fat -F32 /dev/nvme0n1p1
```
I mount the filesystems at `/mnt`:
```bash
mount /dev/lvg/root /mnt
mount /dev/lvg/home /mnt/home
mount --mkdir /dev/nvme0n1p1 /mnt/boot
```
And I activate the Swap partition:
```bash
swapon /dev/lvg/swap
```
At this time I can check the layout of my storage device using `lsblk`.
{{< figure src="img/nvme-lsblk.png" alt="NVMe lsblk"
caption="The layout of the NVMe storage after partitioning and formatting"
>}}
## System initialization
Now I can install the essential packages into the previously mounted location:
```bash
pacstrap /mnt base linux linux-firmware lvm2 vim
```
{{< callout type="info" >}}
The package [lvm2](https://archlinux.org/packages/?name=lvm2) is necessary for
mounting the LVs and [vim](https://archlinux.org/packages/?name=vim) is my
favorite text editor. You may want to use another one found in the
[List of applications](https://wiki.archlinux.org/title/List_of_applications).
{{< /callout >}}
I generate a [fstab](https://wiki.archlinux.org/title/Fstab) file by using
[UUID](https://wiki.archlinux.org/title/UUID)s:
```bash
genfstab -U /mnt >> /mnt/etc/fstab
```
{{< callout type="warning" >}}
If you are using a SSD, you may want to adjust `/etc/fstab` to use `noatime`
for the filesystems instead of `discard`) for security reasons. See this
[section in the ArchWiki article on Dm-crypt Specialties](https://wiki.archlinux.org/title/Dm-crypt/Specialties#Discard/TRIM_support_for_solid_state_drives_(SSD)).
I use `vim /etc/fstab` to open and edit the file accordingly.
{{< /callout >}}
I [change root](https://wiki.archlinux.org/title/Change_root) into the new
system:
```bash
arch-chroot /mnt
```
Next, I first change the root password using the command:
```bash
passwd
```
## Localization
I set the timezone for Germany (CET[^8]) and sync the hardware clock:
```bash
ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
hwclock --systohc
```
For the [locale](https://wiki.archlinux.org/title/Locale), I uncomment the line
`de_DE.UTF-8 UTF-8` and `en_US.UTF-8 UTF-8` in the `/etc/locale.gen` file and
run:
```bash
locale-gen
```
I create the file `/etc/locale.conf` to set the system locale accordingly and
make the console keyboard layout persistent via a `/etc/vconsole.conf` file:
```bash
echo "LANG=de_DE.UTF-8" > /etc/locale.conf
echo "KEYMAP=de-latin1" > /etc/vconsole.conf
```
## Initramfs configuration
I edit `/etc/mkinitcpio.conf` inserting `encrypt`, `lvm2`, and `resume` (for
suspend and hibernate) into the `HOOKS` variable to match the following order:
```
HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont modconf block encrypt lvm2 resume filesystems fsck)
```
Afterwards a manual generatation of the image is necessary:
```bash
mkinitcpio -P
```
{{< callout type="info" >}}
Any warnings about *possibly missing firmware* can be safely ignored as long
as there's no critical device shown.
{{< /callout >}}
## Systemd-boot installation
I use `bootctl` with the `/boot` partition to install the UEFI boot manager
[Systemd-boot](https://wiki.archlinux.org/title/Systemd-boot):
```
bootctl --path=/boot install
```
I create a loader configuration at `/boot/loader/loader.conf` containing:
```{filename="/boot/loader/loader.conf"}
default linux
timeout 0
editor no
```
I create the loader file `/boot/loader/entries/linux.conf` containing:
```{filename="/boot/loader/entries/linux.conf"}
title Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=MyUuid:lvg resume=/dev/lvg/swap root=/dev/lvg/root quiet rw
```
{{< callout type="info" >}}
The `resume` parameter is used for suspend and hibernate.
{{< /callout >}}
Next, I identify the UUID of the LUKS partition (TYPE="crypto\_LUKS") created in
the [Encryption and LVM](#encryption-and-lvm) step by using `blkid`. The
following command conveniently saves it to the `$MyUuid` variable:
```bash
MyUuid=$(blkid | grep crypto_LUKS \
| cut --delimiter=' ' --field=2 | sed 's/[^a-z0-9\\-]//g')
```
I edit `/boot/loader/entries/linux.conf` and replace *MyUuid* with the `$MyUUID`
value in the string `cryptdevice=UUID=MyUUID:lvg` using the following command:
```bash
sed -i "s/MyUuid/$MyUuid/" /boot/loader/entries/linux.conf
```
I check the boot loader entry to contain the correct UUID. Otherwise the system
is unable to boot from the correct device and fall back to an emergency shell.
If this happens to you, refer to [Boot problems](https://wiki.archlinux.org/title/General_troubleshooting#Boot_problems).
## Networking
I set the hostname in a `/etc/hostname` file to *arch-studio24*, for example:
```bash
echo "arch-studio24" > /etc/hostname
```
And I complete the network configuration using Systemd-networkd and
Systemd-resolvd.
For this, I retrieve and note the [udev](https://wiki.archlinux.org/title/Udev)
assigned names of the network interfaces using the utility:
```bash
ip link
```
I configure a wired adapter using DHCP by creating a new file at the location
`/etc/systemd/network/20-wired.network` and providing the udev name
(*enp0s13f0u1* is used in the following example):
```{filename="/etc/systemd/network/20-wired.network"}
[Match]
Name=enp0s13f0u1
[Network]
DHCP=yes
```
I enable the `systemd-networkd.service` to activate it at system startup:
```bash
systemctl enable systemd-networkd.service
```
I create the Systemd-resolved configuration directory:
```bash
mkdir /etc/systemd/resolved.conf.d
```
I [manually](https://wiki.archlinux.org/title/Systemd-resolved#Manually) set a
censorship-free DNS[^9] server such as [dnsforge.de](https://dnsforge.de) by
creating `/etc/systemd/resolved.conf.d/dns_servers.conf` with the content:
```{filename="/etc/systemd/resolved.conf.d/dns_servers.conf"}
[Resolve]
DNS=176.9.93.198
Domains=~.
```
Additionally, I setup [fdns2.dismail.de](https://dismail.de/info.html#dns) via
`/etc/systemd/resolved.conf.d/fallback_dns.conf` as fallback DNS containing:
```{filename="/etc/systemd/resolved.conf.d/fallback_dns.conf"}
[Resolve]
FallbackDNS=159.69.114.157
```
I enable `systemd-resolved.service` to activate it at system startup:
```bash
systemctl enable systemd-resolved.service
```
I backup the Glibc resolver file and use Systemd-resolved in stub mode:
```bash
cp /etc/resolv.conf /etc/resolv.conf.bkp
```
Next, I exit the arch-chroot (using `exit` or the key combination
`<Ctrl+d>`) to create the resolv.conf symlink:
```bash
ln -sf /run/systemd/resolve/stub-resolv.conf /mnt/etc/resolv.conf
```
{{< callout type="warning" >}}
Creating the symlink inside an arch-chroot is not possible since the file is
bind-mounted from the live-environment, see the note in
[Systemd-resolvd#DNS](https://wiki.archlinux.org/title/Systemd-resolved#DNS).
{{< /callout >}}
## Reboot
Finally, I can unmount all partitions to ensure none of them is busy, and
reboot into the installed system:
```bash
umount -R /mnt
reboot
```
{{< callout type="info" >}}
You may have to remove the installation media or change the boot sequence to
boot from the storage device chosen in [Partitioning](#partitioning) step.
{{< /callout >}}
After the reboot I can login into the new system as root user and proceed with
the [basic configuration](../basic_configuration/) of the installed system.
[^1]: [Network interface controller](https://en.wikipedia.org/wiki/Network_interface_controller)
in the Wikipedia
[^2]: [Disabling Secure Boot](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Disabling_Secure_Boot)
in the ArchWiki
[^3]: [RAID](https://en.wikipedia.org/wiki/RAID) in the Wikipedia
[^4]: [NTP](https://wiki.archlinux.org/title/Network_Time_Protocol_daemon) in
the ArchWiki
[^5]: [Dm-crypt](https://wiki.archlinux.org/title/Dm-crypt) in the ArchWiki
[^6]: [LVM](https://wiki.archlinux.org/title/LVM) in the ArchWiki
[^7]: [Swap](https://wiki.archlinux.org/title/Swap) in the ArchWiki
*atime* option explanation for SSDs in the ArchWiki
[^8]: [CET](https://en.wikipedia.org/wiki/Central_European_Time) in the
Wikipedia
[^9]: [Domain Name System](https://en.wikipedia.org/wiki/Domain_Name_System) in
the Wikipedia

BIN
content/docs/computer/system-preparation/img/nvme-lsblk.png (Stored with Git LFS) Normal file
View file

Binary file not shown.

2
content/music/inconvenient-ep/influenca/hidden

@ -1 +1 @@
Subproject commit b8f240ff66b79c2e79b4b7aad086d6e1197dd7a3
Subproject commit fc3a9b5ca962f57632352d05210f78ebab4f49a2

5
hugo.yaml
View file

@ -4,7 +4,7 @@ title: this.ven
theme: hextra
params:
description: FLOSS musician, tinkerer and privacy advocate#
description: FLOSS musician, tinkerer and privacy advocate
displayUpdatedDate: true
editURL:
enable: true
@ -22,6 +22,9 @@ params:
footer:
displayCopyright: true
width: wide
blog:
list:
displayTags: true
menu:
main:

2
themes/hextra

@ -1 +1 @@
Subproject commit 5c7303bee7db6be24612541530e526fd77caf905
Subproject commit 24fb13b221da34512fda402ff9fe7590a6f358c7