dotfiles/README.org

4.5 KiB

fschl dotfiles

My personal computing environment.

Features

  • reproducable machine setup (GNU Guix)
  • keyboard-based environment (Sway wm)
  • efficient, keyboard based (Emacs + CLI tools)
  • portable password management (KeepassXC)
  • similar environment on Desktop, Laptop, Android
  • for Laptop: encrypted boot + home partitions
  • TODO Can you get things done without your computer?

    • Rescue+Recover friends laptops/computers
    • panic-ops using a friends laptop

Security

SSH key generation

  # ED25519 keys are favored over RSA keys when backward compatibility ''is not required''.
  # This is only compatible with OpenSSH 6.5+ and fixed-size (256 bytes).
  $ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_host_$(date +%Y-%m-%d) -C "Key to HOST for user-xyz"

  # Fallback for really old systems (why do you still have those??)
  # RSA keys are favored over ECDSA keys when backward compatibility ''is required'',
  # thus, newly generated keys are always either ED25519 or RSA (NOT ECDSA or DSA).
  $ ssh-keygen -t rsa -b 8192 -f ~/.ssh/id_rsa_host_$(date +%Y-%m-%d) -C "Key to HOST for user-xyz"

  $ ssh-copy-id -i ~/.ssh/<file>.pub -p 22 user@host

GnuPG

Backup Secure Keys

Nowadays it's mere chance to find a USB thumb drive with less than 4GB storage. Though, you want a dedicated drive to transport your password database, ssh keys and GPG keys. Those don't require more than a couple MB. So what to do with the remaining space?

Scenarios:

  • You visit friends, only have your keys with you and you have to check your mails, assist a colleague in some network/ops emergency or just securely look up some confidential information.
  • A family member calls: their HDD just died and you are asked to quickly help out on recovery.

Boot into a safe environment, having all your credentials available in a secure manner. Have a bootable forensics toolbox around to quickly get going in a familiar setup.

Solution: multi-boot!

Thumb Drive Setup

3 partitions: boot+isos, luks encrypted, unencrypted partition for non-sensitive data

TODO [0/5]

  • explain setup, ideas, practises
  • add HOWTO
  • Check new bootable USB solution: https://ventoy.net/en/index.html
  • move to ansible for easier modularization of setup
  • OR: give GUIX a shot

Moving to Arch

ImageMagick Notes

convert multiple .png files into multipage pdf with downscaling

  convert filePrefix*.png -resize 1240x1753 \
          -extent 1240x1753 -gravity center \
          -units PixelsPerInch -density 150x150 multipage.pdf