# ZFS encrypted home ```bash # create key, as root dd if=/dev/urandom of=/etc/zfs/home.key bs=32 count=1 && chmod 600 /etc/zfs/home.key # create pool zpool create storage -O xattr=sa -O acltype=posixacl -O atime=off -O compression=lz4 -o ashift=12 /dev/DISK # create home dataset zfs create -O encryption=aes-256-gcm -O keyformat=raw -O keylocation=file:///etc/zfs/home.key -o mountpoint=/home storage/home # create individual dataset zfs create storage/home/andrew # enable zfs load key from file at boot cat < /etc/systemd/system/zfs-load-key.service [Unit] Description=Load encryption keys DefaultDependencies=no After=zfs-import.target Before=zfs-mount.service [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/sbin/zfs load-key -a StandardInput=tty-force [Install] WantedBy=zfs-mount.service EOF # turn on services systemctl enable zfs.target systemctl enable zfs-import-cache systemctl enable zfs-mount systemctl enable zfs-import.target systemctl enable zfs-load-key ``` # Arch / Manjaro ```bash pacman-mirrors --geoip pamac install linux-api-headers linux-headers pamac install zfs-dkms zpool import -f storage zpool set cachefile=/etc/zfs/zpool.cache storage pamac install \ atuin \ base-devel \ bash-completion \ bat \ bottom \ direnv \ dust \ exa \ fd \ fzf \ git \ git-delta \ gitui \ glances \ go \ hdparm \ hexyl \ htop \ httpie \ hyperfine \ jq \ just \ kitty \ libvirt \ lzop \ lsd \ mhash \ mosh \ neovim \ nmon \ opendoas \ pv \ qemu \ ripgrep \ shfmt \ starship \ tealdeer \ tmux \ unzip \ vim \ virt-manager \ zoxide # not available by default #jc mbuffer pamac build lightly-qt systemctl enable --now --user ssh-agent.service ``` # Bitwarden ```bash curl -Lo bw.zip 'https://vault.bitwarden.com/download/?app=cli&platform=linux' unzip bw.zip mkdir -p "$HOME/.local/bin" "$HOME/.config/bash" install -m 755 bw "$HOME/.local/bin/" rm -f bw bw.zip bw config server https://bitwarden.penguincoder.org bw login echo "export BW_SESSION=$(bw unlock --raw)" > "$HOME/.config/bash/bitwarden.sh" source "$HOME/.config/bash/bitwarden.sh" bw sync ``` # Kitty ```bash curl -L https://sw.kovidgoyal.net/kitty/installer.sh | sh /dev/stdin ln -s "$HOME/.local/kitty.app/bin/kitty" "$HOME/.local/bin/" cp "$HOME/.local/kitty.app/share/applications/kitty.desktop" "$HOME/.local/share/applications/" cp "$HOME/.local/kitty.app/share/applications/kitty-open.desktop" "$HOME/.local/share/applications/" sed -i "s|Icon=kitty|Icon=$HOME/.local/kitty.app/share/icons/hicolor/256x256/apps/kitty.png|g" "$HOME/.local/share/applications/kitty*.desktop" ``` # Nix ```bash sh <(curl -L https://nixos.org/nix/install) --daemon ``` # Rust ```bash curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh ``` # Chezmoi ```bash sh -c "$(curl -fsLS chezmoi.io/get)" mv ./bin/chezmoi "$HOME/.local/bin/" ```