diff --git a/auto/auto b/auto/auto index fef6b17..a8727de 100755 --- a/auto/auto +++ b/auto/auto @@ -1,4 +1,9 @@ #!/bin/sh -e +if ! command -v git > /dev/null; then + echo "Error: git not found" + exit 1 +fi + cd ssh ./ssh cd .. @@ -23,6 +28,10 @@ cd tmux ./tmux cd .. +cd clang-format +./clang-format +cd .. + cd home-chmod ./home-chmod cd .. diff --git a/auto/clang-format/.clang-format b/auto/clang-format/.clang-format new file mode 100644 index 0000000..8ef617b --- /dev/null +++ b/auto/clang-format/.clang-format @@ -0,0 +1,91 @@ +--- +Language: Cpp +BasedOnStyle: LLVM +AccessModifierOffset: -2 +AlignAfterOpenBracket: DontAlign # BlockIndent for newer version +AlignEscapedNewlines: Right +AlignTrailingComments: false +AllowAllArgumentsOnNextLine: true +AllowAllConstructorInitializersOnNextLine: true +AllowAllParametersOfDeclarationOnNextLine: true +BraceWrapping: + AfterCaseLabel: false + AfterClass: false + AfterControlStatement: Never + AfterEnum: false + AfterFunction: false + AfterNamespace: false + AfterObjCDeclaration: false + AfterStruct: false + AfterUnion: false + AfterExternBlock: false + BeforeCatch: false + BeforeElse: false + IndentBraces: false + SplitEmptyFunction: true + SplitEmptyRecord: true + SplitEmptyNamespace: true +BreakBeforeBinaryOperators: None +BreakBeforeBraces: Attach +BreakBeforeInheritanceComma: false +BreakInheritanceList: BeforeColon +BreakBeforeTernaryOperators: true +BreakConstructorInitializersBeforeComma: false +BreakConstructorInitializers: BeforeColon +BreakAfterJavaFieldAnnotations: false +BreakStringLiterals: true +ColumnLimit: 100 +CommentPragmas: '^ IWYU pragma:' +CompactNamespaces: false +ConstructorInitializerAllOnOneLineOrOnePerLine: false +ConstructorInitializerIndentWidth: 4 +ContinuationIndentWidth: 4 +Cpp11BracedListStyle: true +DeriveLineEnding: true +DerivePointerAlignment: false +DisableFormat: false +ExperimentalAutoDetectBinPacking: false +FixNamespaceComments: true +ForEachMacros: + - foreach + - Q_FOREACH + - BOOST_FOREACH +IncludeBlocks: Preserve +IncludeIsMainRegex: '(Test)?$' +IncludeIsMainSourceRegex: '' +IndentCaseLabels: false +IndentGotoLabels: true +IndentPPDirectives: None +IndentWidth: 4 +IndentWrappedFunctionNames: false +JavaScriptQuotes: Leave +JavaScriptWrapImports: true +KeepEmptyLinesAtTheStartOfBlocks: true +MacroBlockBegin: '' +MacroBlockEnd: '' +MaxEmptyLinesToKeep: 1 +NamespaceIndentation: None +PointerAlignment: Left +ReflowComments: true +SortUsingDeclarations: true +SpaceAfterCStyleCast: true +SpaceAfterLogicalNot: false +SpaceAfterTemplateKeyword: true +SpaceBeforeAssignmentOperators: true +SpaceBeforeCpp11BracedList: false +SpaceBeforeCtorInitializerColon: true +SpaceBeforeInheritanceColon: true +SpaceBeforeParens: ControlStatements +SpaceBeforeRangeBasedForLoopColon: true +SpaceInEmptyBlock: false +SpaceInEmptyParentheses: false +SpacesBeforeTrailingComments: 1 +SpacesInConditionalStatement: false +SpacesInParentheses: false +SpacesInSquareBrackets: false +SpaceBeforeSquareBrackets: false +Standard: Latest +TabWidth: 4 +UseCRLF: false +UseTab: AlignWithSpaces +... diff --git a/auto/clang-format/clang-format b/auto/clang-format/clang-format new file mode 100755 index 0000000..05d6802 --- /dev/null +++ b/auto/clang-format/clang-format @@ -0,0 +1,2 @@ +#!/bin/sh +cp -i .clang-format ~ diff --git a/auto/shells/bash b/auto/shells/bash index 29f8b9c..ddf0f87 100755 --- a/auto/shells/bash +++ b/auto/shells/bash @@ -23,7 +23,6 @@ PS1='${debian_chroot:+($debian_chroot)}\[\e[01;38;5;11m\]\u\[\e[00;38;5;208m\]@\ PROMPT_DIRTRIM=3 alias ls='ls --color' -alias bat='batcat' alias mosh='mosh -o' alias cargo='cargo auditable' alias md='pulldown-cmark -TFSLH' diff --git a/auto/shells/fish b/auto/shells/fish index 545b5ac..5e70779 100755 --- a/auto/shells/fish +++ b/auto/shells/fish @@ -56,10 +56,9 @@ umask 007 export EDITOR='vim' export VISUAL='vim' -export GPG_TTY=$(tty) +export GPG_TTY=(tty) export PATH="$HOME/.local/bin:$PATH:/usr/lib/llvm-15/bin" -alias bat='batcat' alias md='pulldown-cmark -TFSLH' alias mosh='mosh -o' alias cargo='cargo auditable' diff --git a/full-setup b/full-setup new file mode 100755 index 0000000..7a673e1 --- /dev/null +++ b/full-setup @@ -0,0 +1,11 @@ +#!/bin/sh +cd auto +./auto +cd ../manual/rust +./rust +. ~/.cargo/env +cd ../helix +./helix +cd ../starship +./starship +echo success diff --git a/manual/helix/helix b/manual/helix/helix index 68d3eb7..17bedad 100755 --- a/manual/helix/helix +++ b/manual/helix/helix @@ -21,7 +21,7 @@ fi rm -rf helix-git git clone --single-branch https://github.com/helix-editor/helix helix-git cd helix-git -git checkout 84e24b33dcda16d1d64805f34dcc02d82d0de8f1 +git checkout 2cadec0b1182332338a5a1cc3062776f834d8835 cargo install -f --locked --path helix-term mkdir -p ~/.config/helix rm -rf runtime/grammars/sources @@ -38,14 +38,14 @@ cat > ~/.config/helix/config.toml << 'EOF' theme = "monokai_pro_spectrum" [keys.normal] -space.z = ":reflow 100" +space.z = ":reflow" space.i = ":toggle lsp.display-inlay-hints" space.u = ":update" [editor] line-number = "relative" bufferline = "multiple" -rulers = [101] +rulers = [81, 101] [editor.lsp] display-messages = true @@ -66,6 +66,7 @@ cat > ~/.config/helix/languages.toml << 'EOF' name = 'rust' indent = { tab-width = 4, unit = "\t" } shebangs = ["rust-script"] +text-width = 100 [language-server.rust-analyzer.config] checkOnSave = { command = "clippy" } @@ -73,25 +74,31 @@ checkOnSave = { command = "clippy" } [[language]] name = "c" indent = { tab-width = 4, unit = "\t" } +text-width = 100 [[language]] name = "cpp" indent = { tab-width = 4, unit = "\t" } +text-width = 100 [[language]] name = 'java' indent = { tab-width = 4, unit = "\t" } +text-width = 100 [[language]] name = "bash" indent = { tab-width = 4, unit = "\t" } +text-width = 100 [[language]] name = "toml" indent = { tab-width = 4, unit = "\t" } +text-width = 100 [[language]] name = "markdown" +text-width = 80 indent = { tab-width = 4, unit = "\t" } language-servers = [ "ltex-ls" ] file-types = ["md"] diff --git a/manual/rust/rust-configure b/manual/rust/rust-configure index 6abfec3..94c0bf7 100755 --- a/manual/rust/rust-configure +++ b/manual/rust/rust-configure @@ -14,7 +14,7 @@ use std::{ const ENV: &str = r#". "$HOME/.cargo/env""#; // until the release of https://github.com/rust-lang/rustup/pull/3506/files -const ENV_FISH: &str = r#"export PATH="$HOME/.cargo/bin:$PATH""#; +const ENV_FISH: &str = r#"set -x PATH "$HOME/.cargo/bin" $PATH"#; fn main() -> anyhow::Result<()> { let home = dirs::home_dir().context("can't find home directory")?; diff --git a/manual/starship/starship b/manual/starship/starship index 246bbaa..6326752 100755 --- a/manual/starship/starship +++ b/manual/starship/starship @@ -11,7 +11,7 @@ cargo install starship --locked echo 'eval "$(starship init bash)"' >> ~/.bashrc mkdir -p ~/.config/fish echo 'starship init fish | source' >> ~/.config/fish/config.fish -cat >> ~/.config << 'EOF' +cat >> ~/.config/starship.toml << 'EOF' [status] map_symbol = true format = '[$symbol$common_meaning$signal_name$maybe_int]($style) ' diff --git a/setup/debian-server-setup.md b/setup/debian-server-setup.md index 45ffc47..18a1463 100644 --- a/setup/debian-server-setup.md +++ b/setup/debian-server-setup.md @@ -17,7 +17,7 @@ sudo groupadd --system ssh-users sudo usermod -aG ssh-users $(whoami) sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak sudo wget \ - https://git.duckduckwhale.com/DuckDuckWhale/dotfiles/raw/branch/main/system/sshd/sshd_config \ + https://git.duckduckwhale.com/DuckDuckWhale/dotfiles/raw/branch/main/system/sshd/sshd_config-debian \ -O /etc/ssh/sshd_config sudo systemctl enable ssh --now sudo systemctl reload ssh diff --git a/setup/fedora-install.md b/setup/fedora-install.md new file mode 100644 index 0000000..90a7d1c --- /dev/null +++ b/setup/fedora-install.md @@ -0,0 +1,180 @@ +# Fedora 39 Installation + +Here is how I installed Fedora 39. I chose to migrate from ext4 to btrfs, the +default file system for Fedora. I also bought a new disk, which means that I +needed to create everything from scratch. + +By following these steps, you will be able to install Fedora with: +- `/` as a btrfs subvolume using xxhash as the checksum function on LUKS2 (an + encryption layer) +- `/home` as another subvolume on the same btrfs (which means it's also + encrypted) +- `/boot` as ext4 +- `/boot/efi` as System EFI Partition + +A disk password will be required upon boot and a separate user password will be +required. `/boot` is not encrypted because it contains only the kernel files +and are public and the same for all Fedora installations -- there's nothing +worth encrypting here. Benchmarking shows that there's a negligible performance +overhead. + +After extensive benchmarking, I found SHA-256 to be too slow for practical use +even with the sha_ni kernel module for acceleration. Without acceleration the +speed was ~400 MB/s, and with acceleration the speed was ~1500 MB/s, but my disk +is capable of ~6000 MB/s. crc32c gave me ~5000 MB/s, and xxhash gave me ~4500 +MB/s, which I found acceptable, so that's what I went with. + +## Making a Fedora Live USB + +Simply go to the Fedora project website and download the ISO. I opted not to +use the Fedora Media Writer because I like collecting Linux ISOs. It shouldn't +impact the result. + +After the download you may find the GPG-signed SHA256 checksum file from the +icon next to the ISO download. You may find the GPG key fingerprints and +instructions to verify via the links there. + +Simply `dd` it to the disk and `sync` before pulling the USB out. _Make sure +you have backups and are using the right disk! A friend of mine didn't and +corrupted his disk._ + +## Preparing the SSD + +Boot the USB. Open gparted by typing its name and pressing enter. Make a GPT +partition table. + +(If you have paintext data on the drive, you really should do a NVME sanitize. +You may find instructions on doing that by looking up the man page for the +`nvme` command.) + +Make a large empty partition with no file system (choose "unformatted") leaving +10240 MiB at the end of the drive. You may find a calculator to be handy here. + +Make a 1024 MiB partition at the very end of the drive and format with ext4, +then make another one right before it and also format with ext4. Formatting +here really isn't necessary if not for the Fedora installer graying out all the +fields when it doesn't detect a file system (bug?). + +I assume that you are using an UEFI system as almost all modern x86_64 systems +have that, but you could verify that with `[ -d /sys/firmware/efi ] && echo UEFI +|| echo BIOS`. + +Now, make the LUKS2 layer by opening a terminal and typing: + +`sudo cryptsetup luksFormat --hash sha512 --use-random /dev/` + +...where `` is the big partition you made first and should look +something like `/dev/nvme0n1p1`. There are some sane defaults that I didn't +include in this command as all new systems should have them by default, but you +could spell it out if you want to be extra certain: `--type luks2 --key-size 512 +- --cipher aes-xts-plain64 --iter-time 2000 --verify-passphrase` + +Then, unlock this encrypted partition by typing: `sudo cryptsetup open /dev/ + `, where `` is the name for the mapper file and +doesn't matter for our install. You could just use `luks`. + +Now, make the btrfs file system with xxhash as the checksum function: `sudo +mkfs.btrfs --csum xxhash `. I didn't use LVM here as btrfs snapshots +are much better and support RAID0/1 well. btrfs snapshots doesn't have LVM +snapshots' heavy performance penalty, doesn't require preallocation of space +which is often wasted, and doesn't become invalid later when its space is used +up. + +Then, close the LUKS layer as the installer requires the password to it for +installation. If you skip this step, you would be forced to rescan in the +installer which closes it after you've already selected your configuration. + +## Installing Fedora + +Now, start the installer. Choose your keyboard layout and timezone. Then click +into storage configuration. + +I have some commands for unlocking the LUKS in my Ubuntu install guide, but here +you can simply unlock the LUKS volume and the installer does all the work for +you setting that up. + +Click the `+` button to make a new root subvolume. Anaconda, the Fedora +installer, requires you to create a new btrfs subvolume at the time of +writing. You may simply select the storage as `btrfs.`. Maybe +`` is for disambiguation when you have multiple btrfs file systems +(smh my head)? Then do the same for the home subvolume. The default names are +fine and the mount points are `/` and `/home`, respectively. + +- Format `` (e.g. `/dev/nvme0n1p3`) as ext4 and mount to `/ + boot`. (Check the format checkbox.) +- Format `` (e.g. `/dev/nvme0n1p2`) as System EFI Partition and + mount to `/boot/efi`. +- Format `/dev/mapper/-root` as ext4 and mount to `/`. +- Format `/dev/mapper/-home` as ext4 and mount to `/home`. +- No need for swap as + [Fedora uses zram by default](https://fedoraproject.org/wiki/Changes/SwapOnZRAM). + +Now click "Done" and start your install! It took only ten minutes for me. + +Now, reboot into your newly installed system and test it out. Make sure it +works before migrating your data as that may take a long time, so you don't want +to do it again. + +## Migrating all the data + +Open up your retired machine, pop up the SSD, put it in a NVME enclosure, and +plug it in. + +Now, if you'd like, take a snapshot: `sudo mkdir /snapshots && sudo btrfs +subvolume snapshot /home /snapshots/home-default` + +My install is quite old and is from Ubuntu so it contains lots of files past +their shelf life. I hit `Ctrl`+`h` to unhide all hidden files and compared the +two file trees side-by-side and removed all conflicting or obsolete files. Now, +start the copy: `time sudo cp -a -T ~` where `` is path to +your old home directory. This took 22 minutes for me. + +Now, reboot again to load these files. + +## After the install + +Congratulations! You've reached the end of this guide. After the install, +check out my [configuration guide](fedora-setup.md) and see if you'd like to +pull some bits from that. + +## Some interesting notes + +btrfs uses zstd level 1 compression by default. This saves substantially for +`/`, and a little bit for `/home`: +``` +$ sudo compsize -x / +Processed 121050 files, 95144 regular extents (114629 refs), 60336 inline. +Type Perc Disk Usage Uncompressed Referenced +TOTAL 55% 3.6G 6.6G 8.4G +none 100% 2.1G 2.1G 2.3G +zstd 35% 1.5G 4.5G 6.0G +prealloc 100% 1.2M 1.2M 11M +$ sudo compsize /home +Processed 1178463 files, 1863614 regular extents (1907988 refs), 519681 inline. +Type Perc Disk Usage Uncompressed Referenced +TOTAL 94% 1.2T 1.2T 1.2T +none 100% 1.1T 1.1T 1.1T +zstd 36% 40G 110G 113G +prealloc 100% 1.2M 1.2M 1.1M +``` + +In my testing I managed to reach `91%` by forcing compression, but I didn't use +it as I don't think `3%` is worth the performance hit. (The default options has +negligible performance overhead.) + +After using it for a while: +``` +$ sudo compsize -x / +Processed 356866 files, 228300 regular extents (347966 refs), 187319 inline. +Type Perc Disk Usage Uncompressed Referenced +TOTAL 56% 11G 19G 30G +none 100% 6.9G 6.9G 9.8G +zstd 32% 4.1G 12G 20G +prealloc 100% 1.2M 1.2M 22M +$ sudo compsize /home +Processed 1204163 files, 2035560 regular extents (2142558 refs), 501390 inline. +Type Perc Disk Usage Uncompressed Referenced +TOTAL 95% 1.3T 1.4T 1.4T +none 100% 1.3T 1.3T 1.3T +zstd 35% 38G 107G 111G +prealloc 100% 215M 215M 115M diff --git a/setup/fedora-system-setup.md b/setup/fedora-system-setup.md new file mode 100644 index 0000000..a89f4ed --- /dev/null +++ b/setup/fedora-system-setup.md @@ -0,0 +1,113 @@ +# Fedora 39 System Setup + +Congratulations on your new install! Now, let's set the system up. + +_Note: this document details the system level setup only. For user level setup +that is remembered in the user home directories, see +[Fedora 39 User Setup](fedora-user-setup.md)._ + +Rename your system in `Settings` -> `About`. + +## UEFI + +Limit the battery charge to 95%. + +## System packages + +Your first `dnf` install would probably ask you to confirm the Fedora GPG key, +which you may find the fingerprint of at . + +`dnf install vim-enhanced mosh keepassxc thunderbird-wayland mpv obs-studio +wl-clipboard qrencode xournalpp gstreamer1-plugins-bad-free-extras +gnome-extensions-app gnome-shell-extension-gsconnect nautilus-gsconnect +kernel-tools mozilla-openh264 gstreamer1-plugin-openh264 trash-cli ripgrep +gnome-tweaks goldendict-ng gcc-c++ gimp alacritty clang clang-tools-extra bat +quearcode qpdf lm_sensors kdenlive` + +### As needed + +`dnf install gnome-usage install rlwrap mediainfo nmap xeyes progress +duperemove memtest86+` + +## Flathub apps + +If you are somewhat of a FOSS purist like me and didn't enable third party +repositories at the time of install, you may enable Flathub in Software. + +Use Flatseal to lock down all of them: `dnf install flatseal` +You may also use `flatpak permission-show` and `flatpak permission-remove` to +clear out any left over dynamic permissions. `flatpak uninstall --delete-data` +can clear the app data. + +- Mission Center + - `flatpak install flathub io.missioncenter.MissionCenter` + - Use Wayland and disable X11 and its fallback +- Resources + - `flatpak install flathub net.nokyan.Resources` + - Use Wayland and disable X11 and its fallback + - Remove `host:ro` (sus) +- Video Trimmer + - `flatpak install flathub org.gnome.gitlab.YaLTeR.VideoTrimmer` + - Use Wayland and disable X11 and its fallback +- Bottles + - `flatpak install flathub com.usebottles.bottles` +- Signal + - `flatpak install flathub org.signal.Signal` + - Use Wayland: `SIGNAL_USE_WAYLAND=1` and disable X11 permissions. + - Disable `org.freedesktop.login1`. Not sure why it's needed. + If you know why, please let me know! +- Cameractrls + - `flatpak install flathub hu.irl.cameractrls` + - Disable X11 and fallback +- Denaro + - `flatpak install flathub org.nickvision.money` + - Disable X11 and fallback +- Minecraft (Prism Launcher) + - `flatpak install flathub org.prismlauncher.PrismLauncher` + - Remove `xdg-download:ro` + - Remove `~/.ftba:ro` + - Remove `xdg-run/app/com.discordapp.Discord:create` +- Steam + - `flatpak install flathub com.valvesoftware.Steam` + - Remove `xdg-run/app/com.discordapp.Discord:create` +- Geekbench 6 + - `flatpak install flathub com.geekbench.Geekbench6` + - Remove X11 + - `flatpak run com.geekbench.Geekbench6` + - `flatpak run com.geekbench.Geekbench6 --compute vulkan` +- Slack + - `flatpak install flathub com.slack.Slack` + - Disable X11, enable Wayland + - There are some + [suspicious permissions](https://github.com/flathub/com.slack.Slack/issues/217). + I would lock them down with Flatseal and use Wayland. +- Discord + - `flatpak install flathub com.discordapp.Discord` + - Remove `xdg-pictures:ro`, `xdg-videos:ro` +- Zoom + - `flatpak install flathub us.zoom.Zoom` +- WeChat + - `flatpak install flathub com.tencent.WeChat` + - Remove "Owns: `org.kde.*`" + +## SSH + +In `Settings` -> `Sharing`: turn on `Remote Login` and edit +`/etc/ssh/sshd_config` according to `system/sshd/sshd_config-rhel`. + +`sudoedit /etc/ssh/sshd_config.d/00-no-gss.conf` and write +`GSSAPIAuthentication no` to override `/etc/ssh/sshd_config.d/50-redhat.conf`, +which changes the default setting for some stupid reason. +(Why does that file exist at all?? Please let me know if you have a clue.) + +``` +systemctl reload sshd +sudo groupadd --system ssh-users +sudo usermod -aG ssh-users $(whoami) +``` +Finally, log out then log in again for the `usermod` to take effect. + +If you see a permission denied from sshd in your logs, use +`restorecon -RFv ~/.ssh` to please SELinux. + +(Don't forget to install Mosh!) diff --git a/setup/fedora-user-setup.md b/setup/fedora-user-setup.md new file mode 100644 index 0000000..d88a775 --- /dev/null +++ b/setup/fedora-user-setup.md @@ -0,0 +1,93 @@ +# Fedora 39 User Setup + +Now that you have setup your new system, time to configure quality-of-life user +settings! + +_Note: this document details the user level setup only. This means settings +that you may make without super user permission and are remembered in the home +directory. For system level setup, see +[Fedora 39 System Setup](fedora-system-setup.md)._ + +## Default apps + +- Shell: Fish (`chsh -s /usr/bin/fish`) +- Video: MPV + +## Power + +Turn off `Automatic Suspend` when `Plugged In`. + +## Displays + +Turn on Night Light and slide the slider to almost the very left. +`gsettings set org.gnome.mutter experimental-features +"['scale-monitor-framebuffer', 'variable-refresh-rate']"` Then turn fractional +scaling to 125%. + +## Keyboard + +In `Input Sources`, add `Chinese (Intelligent Pinyin)` and +`Hanyu Pinyin Letters (with AltGr dead keys)`. + +## Touchpad + +- Slightly higher pointer speed +- Enable tap to click + +## Privacy & Security + +- `File History & Trash`: Auto delete everything in 30 days + +### Shortcuts + +| Name | Shortcut | Command | +| Home folder | `Super` + `F` | +| Launch email client | `Super` + `E` | +| Launch web browser | `Super` + `W` | +| Microphone mute/unmute | `Super` + `A` | + +In Settings -> Keyboard -> Custom Shortcuts: +| Name | Shortcut | Command | +| Launch Calculator | `Super` + `C` | `gnome-calculator` | +| Launch Dictionary | `Super` + `D` | `goldendict-ng` | +| Launch Terminal | `Super` + `T` | `alacritty` | +| Swap Esc with Caps Lock | `Ctrl` + `Super` + `S` | `gsettings set org.gnome.desktop.input-sources xkb-options "['caps:swapescape']"` | +| Disable Caps Lock | `Ctrl` + `Super` + `D`| `gsettings set org.gnome.desktop.input-sources xkb-options "['caps:none']"` | +| Clear key mappings | `Ctrl` + `Super` + `C` | `gsettings set org.gnome.desktop.input-sources xkb-options "[]"` | +| Toggle OBS Recording | `Super` + `R` | `obs-cmd -w obsws://localhost:4455/ recording toggle` | +| Save OBS Replay | `Super` + `Alt` + `C` (for capture) | `obs-cmd -w obsws://localhost:4455/ replay save` | + +## Migrating Thunderbird and Firefox + +Look in `installs.ini` and `profiles.ini` and keep the last one. +Or use the profile managers. + +## Migrating podman rootless containers + +Reset SELinux labels: +`restorecon -RFv $HOME/.local/share/containers` + +## App settings + +- Terminal: Monospace 15 +- Text Editor + - Monospace 15 + - Using the top right settings icon: + - Show Line Number + - Show Right Margin + - Spaces Per Tab: 4 +- GSConnect: Enable in Extensions app, pair with phone, and adjust settings + accordingly. +- Xournal++: turn on dark mode +- OBS: 2560x1440, + [mkv](https://en.wikipedia.org/wiki/Comparison_of_video_container_formats), + VAAPI AV1 (CQ 28), opus, output to `~/Videos/OBS/` + - Install [per application audio capture](https://github.com/dimtpap/obs-pipewire-audio-capture/releases/tag/1.1.4). + To install the plugin: open OBS folder from its menu, decompress the zip and + remove the outer folder and put in the `plugins` folder, creating it if it + doesn't exist. The final result should be something like + `.config/obs-studio/plugins/linux-pipewire-audio/{bin,data}/...` + - Enable websocket server and install + [obs CLI for obs-websocket v5](https://github.com/grigio/obs-cmd) to + emulate global shortcuts on Wayland + - Enable replay buffer of 60 seconds and 1000 MB diff --git a/setup/ubuntu-setup.md b/setup/ubuntu-setup.md index 89e5d94..8971cf0 100644 --- a/setup/ubuntu-setup.md +++ b/setup/ubuntu-setup.md @@ -71,8 +71,12 @@ Here's my personal Ubuntu 23.10 setup. (Make sure to use Wayland on Nvidia!) - UFW: - `sudo ufw allow 1716:1764/tcp` - `sudo ufw allow 1716:1764/udp` -- Flatseal - - `flatpak install flathub com.github.tchx84.Flatseal` + +## Flatpaks + +Use Flatseal to lock down all of them: `flatpak install flathub +com.github.tchx84.Flatseal` + - Firefox - `flatpak install flathub org.mozilla.firefox` - Xournal++ @@ -84,9 +88,14 @@ Here's my personal Ubuntu 23.10 setup. (Make sure to use Wayland on Nvidia!) - To host servers: `sudo ufw allow 25565/tcp` - Bottles - `flatpak install flathub com.usebottles.bottles` +- Signal + - Use Wayland. Disable `...login1`. + - `flatpak install flathub org.signal.Signal` - Discord - `flatpak install flathub com.discordapp.Discord` - Slack + - There are some [suspicious permissions](https://github.com/flathub/com.slack.Slack/issues/217). + I would lock them down with Flatseal and use Wayland. - `flatpak install flathub com.slack.Slack` - Denaro - `flatpak install flathub org.nickvision.money` @@ -98,6 +107,10 @@ Here's my personal Ubuntu 23.10 setup. (Make sure to use Wayland on Nvidia!) - `flatpak install flathub org.gnome.gitlab.YaLTeR.VideoTrimmer` - Pods - `flatpak install com.github.marhkb.Pods` +- Dynamic Wallpaper Editor + - `flatpak install flathub com.github.maoschanz.DynamicWallpaperEditor` +- Dynamic Wallpaper + - `flatpak install flathub me.dusansimic.DynamicWallpaper` ## Optional Apps diff --git a/system/mac-fnmode/fnmode-once.sh b/system/mac-fnmode/fnmode-once similarity index 100% rename from system/mac-fnmode/fnmode-once.sh rename to system/mac-fnmode/fnmode-once diff --git a/system/mac-fnmode/fnmode-persistent.sh b/system/mac-fnmode/fnmode-persistent similarity index 100% rename from system/mac-fnmode/fnmode-persistent.sh rename to system/mac-fnmode/fnmode-persistent diff --git a/system/sshd/sshd_config b/system/sshd/sshd_config-debian similarity index 82% rename from system/sshd/sshd_config rename to system/sshd/sshd_config-debian index b7a918d..90a57e8 100644 --- a/system/sshd/sshd_config +++ b/system/sshd/sshd_config-debian @@ -1,13 +1,13 @@ Include /etc/ssh/sshd_config.d/*.conf -AllowGroups ssh-users Port 22 +AllowGroups ssh-users PermitRootLogin no PubkeyAuthentication yes +AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no KbdInteractiveAuthentication no UsePAM yes AllowTcpForwarding yes -X11Forwarding yes -PrintMotd no +X11Forwarding no AcceptEnv LANG LC_* COLORTERM Subsystem sftp /usr/lib/openssh/sftp-server diff --git a/system/sshd/sshd_config-rhel b/system/sshd/sshd_config-rhel index d7740cc..1095423 100644 --- a/system/sshd/sshd_config-rhel +++ b/system/sshd/sshd_config-rhel @@ -1,14 +1,13 @@ Include /etc/ssh/sshd_config.d/*.conf -AllowGroups ssh-users Port 22 +AllowGroups ssh-users PermitRootLogin no PubkeyAuthentication yes +AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no KbdInteractiveAuthentication no -AuthorizedKeysFile .ssh/authorized_keys UsePAM yes AllowTcpForwarding yes -X11Forwarding yes -PrintMotd no +X11Forwarding no AcceptEnv LANG LC_* COLORTERM Subsystem sftp /usr/libexec/openssh/sftp-server