3.1 KiB
3.1 KiB
keywords | |
---|---|
|
Archlinux
clean system from old files
paccache -r
paccache -ruk0
paccache -rk1
yay -Ycc
flatpak uninstall --unused
journalctl --disk-usage && journalctl --vacuum-size={size}M
or prepare the file/etc/systemd/journald.conf
and this value:SystemMaxUse=50M
archinstall
preinstalled software
htop vim tmux bash-completion firefox networkmanager git sbctl tpm2-tools base-devel firefox-i18n-de gparted exfatprogs ntfs-3g udftools usbutils btop powertop wireguard-tools acpi_call unrar squashfs-tools bluez-tools bluez-utils ddcutil read-edid cups evemu dconf-editor diffutils libguestfs networkmanager-vpnc pam-u2f go gutenprint p7zip wayland-utils age
solo2 gpa libfido2 solo1 efitools fprintd opensc nitrokey-app rhash
keepassxc wl-clipboard element-desktop signal-desktop syncthing
thunderbird thunderbird-i18n-de libreoffice-fresh libreoffice-fresh-de nextcloud-client chromium aria2 meld gimp esptool pinta tracker tracker-miner paperwork pdftricks
gnome-firmware dmidecode brasero clinfo opencl-mesa opencl-driver clpeak croc cups-pdf handbrake sdparm hdparm smartmontools openocd poke remmina gsmartcontrol partclone
radare2 cutter r2ghidra binwalk cabextract hashcat diffpdf ghex flashrom hwinfo i2c-tool nbd virtualbox bootterm veracrypt youtube-dl
gparted
flash usb stick with gparted.iso and dd. boot it
- mount encrypted luks2
customize fresh system
change /etc/mkinitcpio.conf
MODULES=(btrfs tpm_tis)
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt filesystems fsck)
generate linux image
sudo vim /etc/mkinitcpio.d/linux
sudo vim /etc/kernel/cmdline
sudo mkinitcpio -p linux
- /boot/loader/entries/arch.conf https://wiki.archlinux.org/title/Kernel_parameters#systemd-boot
- unified kernel image https://wiki.archlinux.org/title/Unified_kernel_image
- kernel cmdline
- power state cpu
- WARNING: do not use the partuuid in the cmdline. check the uuid correctness with the LUKS container,
blkid
- root and resume are links to the mapper
- reboot the system to check if anything is broken
- add secureboot https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Implementing_Secure_Boot
- systemd-enroll tpm2
- WARNING! do not delete slo0
- call
systemd-cryptenroll --tpm2-device=auto --tpm2-with-pin=yes /dev/nvme0n1p2
- add to cmdline
rd.luks.options=tpm2-device=auto,tpm2-pin=yes
- regenerate unified kernel image
mkinitcpio -p linux
- check
sbctl verify
and resign - reboot and pray
- enable pcsc.socket
git use credential store
https://gist.github.com/maelvls/79d49740ce9208c26d6a1b10b0d95b5e
gnome thumbnail raw picture
https://support.system76.com/articles/fix-raw-image-previews/
failure recovery
- boot from archlinux usb stick
- mount LUKS Container
cryptsetup luksOpen /dev/nvme0n1pX luksDev
- temporary dir
mkdir tmpmnt
- mount
mount -o subvol=@ /dev/mapper/luksDev tmp
arch-chroot tmp bash
mount /dev/nmve0n1p1 /boot
- fix stuff
mkinicpio -p linux
- sync, unmount boot and tmp
cryptsetup luksClose luksdev