lnorg/documentation
1
2
Fork 0
Code Issues 30 Pull requests Projects 6 Activity

Merge branch 'main' of https://git.bijl.us/lnco/documentation

Browse source
This commit is contained in:
tastatur 2023-09-24 18:09:06 +02:00
commit 0c7599cf06
6 changed files with 22 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docs/alpine-server-setup/home.md Normal file
View file

@ -0,0 +1 @@
# A Alpine Linux installation

2
docs/void-desktop-setup/installation/installation-with-lvm.md
View file

@ -113,7 +113,7 @@ The `uuid` is needed again and can be obtained by:
Now edit `/boot/loader/void-options.conf` and insert: Now edit `/boot/loader/void-options.conf` and insert:
``` ```
rw rd.luks.name=<uuid>=root root=/dev/disk/by-label/root quiet splash apparmor=1 security=apparmor loglevel=1 rd.lvm.vg=lv0 rw rd.luks.name=<uuid>=root root=/dev/disk/by-label/root quiet splash apparmor=1 security=apparmor loglevel=1 rd.shell=0 rd.emergency=reboot rd.lvm.vg=lv0
``` ```
To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`. To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`.

2
docs/void-desktop-setup/installation/installation.md
View file

@ -111,7 +111,7 @@ The `uuid` is needed again and can be obtained by:
Now edit `/boot/loader/void-options.conf` and insert: Now edit `/boot/loader/void-options.conf` and insert:
``` ```
rw rd.luks.name=<uuid>=root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor loglevel=1 rw rd.luks.name=<uuid>=root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor loglevel=1 rd.shell=0 rd.emergency=reboot
``` ```
To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`. To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`.

61
docs/void-desktop-setup/post-installation/automatic-decryption.md
View file

@ -1,52 +1,13 @@
# Automatic decryption *(unfinished)* # Automatic decryption
Using Clevis it's possible to automatically decrypt the system upon startup. But because we haven't been able to figure out how to create a functional template file for that we'll have to compile it ourselves. Note that you must use the `booster` initramfs. (A lot more information about the possibilities from clevis can be found on the [ArchWiki](https://wiki.archlinux.org/title/Clevis)) Using Clevis it's possible to automatically decrypt the system upon startup. Note that you must use the `booster` initramfs which should be installed if you followed this guide. (A lot more information about the possibilities from Clevis can be found on the [ArchWiki](https://wiki.archlinux.org/title/Clevis))
## Installing José ## Installation
First we have to compile [José](https://github.com/latchset/jose), a "C-language implementation of Javascript Object Signing and Encryption". José is a dependency of Clevis. Installing clevis is straightforward:
First install the dependencies needed to compile josé.
``` ```
# xbps-install -Sy pkg-config zlib-devel jansson-devel openssl-devel jq-devel gcc meson ninja asciidoc # xbps-install -Sy clevis
```
After that we have to obtain the source of José:
```
$ xbps-fetch https://github.com/latchset/jose/archive/refs/tags/v11.tar.gz
```
Unpack the Tar and go into the directory and follow the rest of these instructions:
```
$ mkdir build && cd build
$ meson .. --prefix=/usr
$ ninja
# ninja install
```
## Installing Clevis
After having installed José install the other dependencies.
```
# xbps-install -Sy luksmeta cryptsetup-devel tpm2-tools libpwquality-devel
(probably missing a few)
```
Then clone the source code into a directory
```
$ xbps-fetch https://github.com/latchset/clevis/archive/refs/tags/v19.tar.gz
```
After unpacking and going into the directory follow the rest of these instructions:
```
$ meson build
$ ninja -C build
# ninja -C build install
``` ```
## Acquiring automatic decryption ## Acquiring automatic decryption
@ -59,3 +20,15 @@ To bind our LUKS volume to TPM with clevis simply enter this command:
``` ```
This will bind the partition with TPM2 and Secureboot and now the root partition can be unencrypted on startup automatically. This will bind the partition with TPM2 and Secureboot and now the root partition can be unencrypted on startup automatically.
If any changes have been made to the Bios or Secureboot and Clevis doesn't automatically decrypt the disk again. Clevis will have to be envoked again.
```
# clevis luks regen -d /dev/disk/by-label/luks -s <keyslot>
```
The keyslot can be found with:
```
# cryptsetup luksDump /dev/disk/by-label/luks
```

2
docs/void-desktop-setup/post-installation/linux-lts.md
View file

@ -6,7 +6,7 @@ It might be desirable to install an LTS kernel for better stability. This can be
# xbps-install -Sy linux-lts linux-lts-headers # xbps-install -Sy linux-lts linux-lts-headers
``` ```
To uninstall the non-lts kernel, ignore the package through `/etc/xbps.d/xbps.conf` by adding: To uninstall the non-lts kernel, ignore the package by creating `/etc/xbps.d/nolinux.conf` and inserting:
``` ```
ignorepkg=linux ignorepkg=linux

3
docs/void-desktop-setup/post-installation/users.md
View file

@ -18,8 +18,7 @@ The user may be added to certain groups, to give it some rights.
# usermod -aG wheel,audio,video,kvm,tty,input,storage <user> # usermod -aG wheel,audio,video,kvm,tty,input,storage <user>
``` ```
The package `sudo` that is present in the `base-system` package will be removed. Since, it is bloatware. To persist this. That is sudo will not be installed ever again on the system. Edit `/etc/xbps.d/xbps.conf` and insert: The package `sudo` that is present in the `base-system` package will be removed. Since, it is bloatware. To persist this. That is sudo will not be installed ever again on the system. Create `/etc/xbps.d/nosudo.conf` and insert:
``` ```
ignorepkg=sudo ignorepkg=sudo