minor things

archlinux.md

@@ -15,4 +15,26 @@ journalctl --disk-usage && journalctl --vacuum-size={size}M
 ```
 or prepare the file`/etc/systemd/journald.conf` and this value:`SystemMaxUse=50M`
 
+## customize fresh system
+- /etc/mkinitcpio.conf
+- /boot/loader/entries/arch.conf https://wiki.archlinux.org/title/Kernel_parameters#systemd-boot
+- unified kernel image https://wiki.archlinux.org/title/Unified_kernel_image
+- kernel cmdline
+    - power state cpu
+    - WARNING: do not use the partuuid in the cmdline. check the uuid correctness with the LUKS container, `blkid`
+    - root and resume are links to the mapper
+- reboot the system to check if anything is broken
+- add secureboot https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Implementing_Secure_Boot
 
+
+## failure recovery
+1. boot from archlinux usb stick
+2. mount LUKS Container `cryptsetup luksOpen /dev/nvme0n1pX luksDev`
+3. temporary dir `mkdir tmpmnt`
+4. mount `mount -o subvol=@ /dev/mapper/luksDev tmp`
+5. `arch-chroot tmp bash`
+6. `mount /dev/nmve0n1p1 /boot`
+7. fix stuff
+8. `mkinicpio -p linux`
+9. sync, unmount boot and tmp
+10. `cryptsetup luksClose luksdev`

fido2.md

@@ -14,12 +14,22 @@ pamu2fcfg -o pam://$(hostname) -i pam://$(hostname) -n >> ~/.config/Yubico/u2f_k
 ```
 - WebAuth
     - main feature, login with username (known value by user), ChallengeResponse ( secret ) and button (interactive)/PIN
+    - https://webauthn.io/ to test
 - resident keys
 - HMAC-secret extension 
     - symmetric key scoped to a credential
     - https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#sctn-hmac-secret-extension
 ## hardware
+##### udev rules
+In general there should be no need to add the rules after install the libfido2
+https://github.com/Yubico/libfido2/blob/main/udev/70-u2f.rules
+this list just contains legitime FIDO2 tokens
+```
+
+```
 #### OpenSK
+##### udev
+https://raw.githubusercontent.com/google/OpenSK/f2496a8e6d71a4e838884996a1c9b62121f87df2/rules.d/55-opensk.rules
 #### solo2
 ```bash
 udo lpc55 ls
@@ -87,7 +97,13 @@ Properties {
 }
 
 ```
+#### somu
+it is build around: STM32L432KC https://www.st.com/en/microcontrollers-microprocessors/stm32l432kc.html
 #### nitrokey
+##### storage
+##### start
+##### udev
+https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules
 ### code snippets
 
 resident-key aka discoverable credentials (`fido2-token -S` to set the PIN, otherwise all other things fails, after using the PIN an additional touch is needed but not declared. Check this with

filesystems.md

@@ -2,7 +2,18 @@
 ## btrfs
 ### btrfs scrub
 As a copy-on-write (COW) filesystem btrfs can compensate some errors from the underlying storage
-
+##### btrfs resize
+```
+btrfs filesystem show -d
+btrfs filesystem resize -500m /dev/mapper/ubuntu--vg-root/@subvolume
+```
+##### btrfs snapshot size
+to show all snapshots enable quotas
+```
+    [root@localhost ~]# btrfs quota enable /btrfs/
+    [root@localhost ~]# 
+    [root@localhost ~]# btrfs qgroup show  /btrfs/
+```
 ##### systemd handling
 create for all btrfs filesystems a regulary scrub timer.
 ```bash

lenovo_L13YOGA_G2_AMD.md

@@ -0,0 +1,17 @@
+---
+keywords:
+  - IT
+---
+# Lenovo L13 Yoga G2 AMD
+- Art.Nr.:  21AES01A00
+- AMD Ryzen™ 5 PRO 5650U HexaCore Mobilprozessor (6 Kerne/ 12 Threads • 2.30 bis 4.2 GHz • 3MB L2 Cache • 16MB L3 Cache • 15 Watt)
+- 16GB, DualChannel, onBoard (fest integriert), DDR4-3200 MHz onBoard
+- 33.8 cm (13.3"), Full-HD (1.920 x 1080 Bildpunkte, 16:9), LED-Backlight, **IPS-Technologie**, MultiTouch (10-Finger), Digitizer-Oberfläche mit Unterstützung für aktive Eingebestifte, 360° drehbar
+- MediaTek MT7921
+
+My own system: https://linux-hardware.org/?probe=6dfbd97685
+
+### broken under archlinux
+1. keyboard backlight https://wiki.archlinux.org/title/Keyboard_backlight#On_GNOME
+2. keyboard FN keys
+3. bluetooth daemon disabled by default