139 lines
2.8 KiB
Markdown
139 lines
2.8 KiB
Markdown
# ZFS encrypted home
|
|
|
|
```bash
|
|
# create key, as root
|
|
dd if=/dev/urandom of=/etc/zfs/home.key bs=32 count=1 && chmod 600 /etc/zfs/home.key
|
|
# create pool
|
|
zpool create storage -O xattr=sa -O acltype=posixacl -O atime=off -O compression=lz4 -o ashift=12 /dev/DISK
|
|
# create home dataset
|
|
zfs create -O encryption=aes-256-gcm -O keyformat=raw -O keylocation=file:///etc/zfs/home.key -o mountpoint=/home storage/home
|
|
# create individual dataset
|
|
zfs create storage/home/andrew
|
|
|
|
# enable zfs load key from file at boot
|
|
cat <<EOF > /etc/systemd/system/zfs-load-key.service
|
|
[Unit]
|
|
Description=Load encryption keys
|
|
DefaultDependencies=no
|
|
After=zfs-import.target
|
|
Before=zfs-mount.service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart=/usr/sbin/zfs load-key -a
|
|
StandardInput=tty-force
|
|
|
|
[Install]
|
|
WantedBy=zfs-mount.service
|
|
EOF
|
|
|
|
# turn on services
|
|
systemctl enable zfs.target
|
|
systemctl enable zfs-import-cache
|
|
systemctl enable zfs-mount
|
|
systemctl enable zfs-import.target
|
|
systemctl enable zfs-load-key
|
|
```
|
|
|
|
# Arch / Manjaro
|
|
|
|
```bash
|
|
pacman-mirrors --geoip
|
|
pamac install linux-api-headers linux-headers
|
|
pamac install zfs-dkms
|
|
zpool import -f storage
|
|
zpool set cachefile=/etc/zfs/zpool.cache storage
|
|
pamac install \
|
|
atuin \
|
|
base-devel \
|
|
bash-completion \
|
|
bat \
|
|
bottom \
|
|
direnv \
|
|
dust \
|
|
exa \
|
|
fd \
|
|
fzf \
|
|
git \
|
|
git-delta \
|
|
gitui \
|
|
glances \
|
|
go \
|
|
hdparm \
|
|
hexyl \
|
|
htop \
|
|
httpie \
|
|
hyperfine \
|
|
jq \
|
|
just \
|
|
kitty \
|
|
libvirt \
|
|
lzop \
|
|
lsd \
|
|
mhash \
|
|
mosh \
|
|
neovim \
|
|
nmon \
|
|
opendoas \
|
|
pv \
|
|
qemu \
|
|
ripgrep \
|
|
shfmt \
|
|
starship \
|
|
tealdeer \
|
|
tmux \
|
|
unzip \
|
|
vim \
|
|
virt-manager \
|
|
zoxide
|
|
# not available by default
|
|
#jc mbuffer
|
|
pamac build lightly-qt
|
|
systemctl enable --now --user ssh-agent.service
|
|
```
|
|
|
|
# Bitwarden
|
|
|
|
```bash
|
|
curl -Lo bw.zip 'https://vault.bitwarden.com/download/?app=cli&platform=linux'
|
|
unzip bw.zip
|
|
mkdir -p "$HOME/.local/bin" "$HOME/.config/bash"
|
|
install -m 755 bw "$HOME/.local/bin/"
|
|
rm -f bw bw.zip
|
|
bw config server https://bitwarden.penguincoder.org
|
|
bw login
|
|
echo "export BW_SESSION=$(bw unlock --raw)" > "$HOME/.config/bash/bitwarden.sh"
|
|
source "$HOME/.config/bash/bitwarden.sh"
|
|
bw sync
|
|
```
|
|
|
|
# Kitty
|
|
|
|
```bash
|
|
curl -L https://sw.kovidgoyal.net/kitty/installer.sh | sh /dev/stdin
|
|
ln -s "$HOME/.local/kitty.app/bin/kitty" "$HOME/.local/bin/"
|
|
cp "$HOME/.local/kitty.app/share/applications/kitty.desktop" "$HOME/.local/share/applications/"
|
|
cp "$HOME/.local/kitty.app/share/applications/kitty-open.desktop" "$HOME/.local/share/applications/"
|
|
sed -i "s|Icon=kitty|Icon=$HOME/.local/kitty.app/share/icons/hicolor/256x256/apps/kitty.png|g" "$HOME/.local/share/applications/kitty*.desktop"
|
|
```
|
|
|
|
# Nix
|
|
|
|
```bash
|
|
sh <(curl -L https://nixos.org/nix/install) --daemon
|
|
```
|
|
|
|
# Rust
|
|
|
|
```bash
|
|
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
|
|
```
|
|
|
|
# Chezmoi
|
|
|
|
```bash
|
|
sh -c "$(curl -fsLS chezmoi.io/get)"
|
|
mv ./bin/chezmoi "$HOME/.local/bin/"
|
|
```
|