From c828cd5014a8496bb1ec6b965c7a5e4a92b90113 Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Tue, 5 Mar 2024 14:20:35 +0100 Subject: [PATCH] update README --- README.org | 75 +++++++++++++++++++++++++++++------------------------- 1 file changed, 40 insertions(+), 35 deletions(-) diff --git a/README.org b/README.org index 48b8390..ba6fa59 100644 --- a/README.org +++ b/README.org @@ -1,35 +1,29 @@ * fschl dotfiles - Things that make my linux life more comfortable, portable and secure. - For debian, or debian-based distros. using i3wm.org on the desktop. +My personal computing environment. -** Questions this repos tries to answer +** Features - - How long does it take for you to set up a machine? - - Do you have backups? - - Are you using a password manager? - - How do you transport your secrets? - - Can you get things done without *your* computer? + - reproducable machine setup (GNU Guix) + - keyboard-based environment (Sway wm) + - efficient, keyboard based (Emacs + CLI tools) + - portable password management (KeepassXC) + - similar environment on Desktop, Laptop, Android + - for Laptop: encrypted boot + home partitions + - TODO Can you get things done without *your* computer? - Rescue+Recover friends laptops/computers - panic-ops using a friends laptop -*** Firefox/Thunderbird customization +** Security - - goto ~.mozilla/firefox//~ - - ~mkdir chrome/ && cp ~/dotfiles/userChrome.css ./chrome/~ - - open Firefox: ~about:config~ and set - ~toolkit.legacyUserProfileCustomizations.stylesheets~ to *true* - -*** Security - -**** SSH Hardening +*** SSH Hardening - https://blog.g3rt.nl/upgrade-your-ssh-keys.html - https://stribika.github.io/2015/01/04/secure-secure-shell.html - https://wiki.mozilla.org/Security/Guidelines/OpenSSH#OpenSSH_client - see ~/etc/ssh/ssh_config~ and ~.ssh/config~ -**** SSH key generation +*** SSH key generation #+BEGIN_SRC bash # ED25519 keys are favored over RSA keys when backward compatibility ''is not required''. @@ -44,26 +38,22 @@ $ ssh-copy-id -i ~/.ssh/.pub -p 22 user@host #+END_SRC -**** GnuPG +*** GnuPG - - https://wiki.mozilla.org/Security/Key_Management - - https://keyring.debian.org/creating-key.html - - https://wiki.debian.org/Subkeys + - https://wiki.mozilla.org/Security/Key_Management + - https://keyring.debian.org/creating-key.html + - https://wiki.debian.org/Subkeys - ~~/.gnupg/gpg.conf~: + ~~/.gnupg/gpg.conf~: + + #+BEGIN_SRC bash + personal-digest-preferences SHA512 SHA384 + cert-digest-algo SHA256 + default-preference-list SHA512 SHA384 AES256 ZLIB BZIP2 ZIP Uncompressed + keyid-format 0xlong + #+END_SRC - #+BEGIN_SRC bash - personal-digest-preferences SHA512 SHA384 - cert-digest-algo SHA256 - default-preference-list SHA512 SHA384 AES256 ZLIB BZIP2 ZIP Uncompressed - keyid-format 0xlong - #+END_SRC - -**** Managing logins & passphrases - - - use a secure, cross-platform, *cloudless* password manager, e.g keepassXC - -**** Backup Secure Keys +*** Backup Secure Keys - get 2 USB thumb drives - on each, create 2 partitions (ext4, you will never use them on any windows device anyway) @@ -105,6 +95,21 @@ ** NEXT Moving to Guix +- btrfs for snapshots, easier backups +- encrypted =/boot= + =/home= partitions +- separate subvolumes for =/gnu=, =var=, =swap= + +- [ ] MOVE: https://www.draketo.de/software/package-guix.html + +*** Disk partitioning + +- https://reckoning.dev/blog/ubuntu-btrfs-guide/ +- https://wiki.systemcrafters.net/guix/nonguix-installation-guide/#partition-the-disks +- https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html +- https://git.sr.ht/~abcdw/rde/tree/master/item/examples/README + - https://guix.gnu.org/manual/en/html_node/Mapped-Devices.html + - Mapped Devices example in *RDE*: https://git.sr.ht/~abcdw/rde/tree/master/item/examples/src/rde-configs/hosts/ixy.scm + ** ImageMagick Notes convert multiple .png files into multipage pdf with downscaling