3.1 KiB
3.1 KiB
| keywords | |
|---|---|
|
Archlinux
clean system from old files
paccache -r
paccache -ruk0
paccache -rk1
yay -Ycc
flatpak uninstall --unused
journalctl --disk-usage && journalctl --vacuum-size={size}M
or prepare the file/etc/systemd/journald.conf and this value:SystemMaxUse=50M
archinstall
preinstalled software
htop vim tmux bash-completion firefox networkmanager git sbctl tpm2-tools base-devel firefox-i18n-de gparted exfatprogs ntfs-3g udftools usbutils btop powertop wireguard-tools acpi_call unrar squashfs-tools bluez-tools bluez-utils ddcutil read-edid cups evemu dconf-editor diffutils libguestfs networkmanager-vpnc pam-u2f go gutenprint p7zip wayland-utils age
solo2 gpa libfido2 solo1 efitools fprintd opensc nitrokey-app rhash
keepassxc wl-clipboard element-desktop signal-desktop syncthing
thunderbird thunderbird-i18n-de libreoffice-fresh libreoffice-fresh-de nextcloud-client chromium aria2 meld gimp esptool pinta tracker tracker-miner paperwork pdftricks
gnome-firmware dmidecode brasero clinfo opencl-mesa opencl-driver clpeak croc cups-pdf handbrake sdparm hdparm smartmontools openocd poke remmina gsmartcontrol partclone
radare2 cutter r2ghidra binwalk cabextract hashcat diffpdf ghex flashrom hwinfo i2c-tool nbd virtualbox bootterm veracrypt youtube-dl
gparted
flash usb stick with gparted.iso and dd. boot it
- mount encrypted luks2
customize fresh system
change /etc/mkinitcpio.conf
MODULES=(btrfs tpm_tis)
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt filesystems fsck)
generate linux image
sudo vim /etc/mkinitcpio.d/linux
sudo vim /etc/kernel/cmdline
sudo mkinitcpio -p linux
- /boot/loader/entries/arch.conf https://wiki.archlinux.org/title/Kernel_parameters#systemd-boot
- unified kernel image https://wiki.archlinux.org/title/Unified_kernel_image
- kernel cmdline
- power state cpu
- WARNING: do not use the partuuid in the cmdline. check the uuid correctness with the LUKS container,
blkid - root and resume are links to the mapper
- reboot the system to check if anything is broken
- add secureboot https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Implementing_Secure_Boot
- systemd-enroll tpm2
- WARNING! do not delete slo0
- call
systemd-cryptenroll --tpm2-device=auto --tpm2-with-pin=yes /dev/nvme0n1p2 - add to cmdline
rd.luks.options=tpm2-device=auto,tpm2-pin=yes - regenerate unified kernel image
mkinitcpio -p linux - check
sbctl verifyand resign - reboot and pray
- enable pcsc.socket
git use credential store
https://gist.github.com/maelvls/79d49740ce9208c26d6a1b10b0d95b5e
gnome thumbnail raw picture
https://support.system76.com/articles/fix-raw-image-previews/
failure recovery
- boot from archlinux usb stick
- mount LUKS Container
cryptsetup luksOpen /dev/nvme0n1pX luksDev - temporary dir
mkdir tmpmnt - mount
mount -o subvol=@ /dev/mapper/luksDev tmp arch-chroot tmp bashmount /dev/nmve0n1p1 /boot- fix stuff
mkinicpio -p linux- sync, unmount boot and tmp
cryptsetup luksClose luksdev