DuckDuckWhale/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Misc: setup, fish, auto, helix, starship, system

Browse Source 
- Setup: add Fedora guides, Signal, Dynamic Desktop, and Flatseal
- Shells: fix $() on older fish versions and unalias batcat on Fedora
- Auto:
    - Detect git dependency
    - Add .clang-format for C/C++ family
    - Add full-setup script
- Helix: update to 24.03, add text width, rulers, and fix reflow
- Rust: fix fish env
- Starship: fix config path
- System: rename mac fnmode scripts and update sshd_config
This commit is contained in:
DuckDuckWhale 2024-02-04 15:35:36 -08:00
parent 2df4e7a091
commit 9736e73c8e
Signed by: DuckDuckWhale
GPG Key ID: E4B9FC170FFD71CE
18 changed files with 534 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
auto/auto
View File

@ -1,4 +1,9 @@
#!/bin/sh -e
if ! command -v git > /dev/null; then
echo "Error: git not found"
exit 1
fi
cd ssh
./ssh
cd ..
@ -23,6 +28,10 @@ cd tmux
./tmux
cd ..
cd clang-format
./clang-format
cd ..
cd home-chmod
./home-chmod
cd ..

91
auto/clang-format/.clang-format Normal file
View File

@ -0,0 +1,91 @@
---
Language: Cpp
BasedOnStyle: LLVM
AccessModifierOffset: -2
AlignAfterOpenBracket: DontAlign # BlockIndent for newer version
AlignEscapedNewlines: Right
AlignTrailingComments: false
AllowAllArgumentsOnNextLine: true
AllowAllConstructorInitializersOnNextLine: true
AllowAllParametersOfDeclarationOnNextLine: true
BraceWrapping:
AfterCaseLabel: false
AfterClass: false
AfterControlStatement: Never
AfterEnum: false
AfterFunction: false
AfterNamespace: false
AfterObjCDeclaration: false
AfterStruct: false
AfterUnion: false
AfterExternBlock: false
BeforeCatch: false
BeforeElse: false
IndentBraces: false
SplitEmptyFunction: true
SplitEmptyRecord: true
SplitEmptyNamespace: true
BreakBeforeBinaryOperators: None
BreakBeforeBraces: Attach
BreakBeforeInheritanceComma: false
BreakInheritanceList: BeforeColon
BreakBeforeTernaryOperators: true
BreakConstructorInitializersBeforeComma: false
BreakConstructorInitializers: BeforeColon
BreakAfterJavaFieldAnnotations: false
BreakStringLiterals: true
ColumnLimit: 100
CommentPragmas: '^ IWYU pragma:'
CompactNamespaces: false
ConstructorInitializerAllOnOneLineOrOnePerLine: false
ConstructorInitializerIndentWidth: 4
ContinuationIndentWidth: 4
Cpp11BracedListStyle: true
DeriveLineEnding: true
DerivePointerAlignment: false
DisableFormat: false
ExperimentalAutoDetectBinPacking: false
FixNamespaceComments: true
ForEachMacros:
- foreach
- Q_FOREACH
- BOOST_FOREACH
IncludeBlocks: Preserve
IncludeIsMainRegex: '(Test)?$'
IncludeIsMainSourceRegex: ''
IndentCaseLabels: false
IndentGotoLabels: true
IndentPPDirectives: None
IndentWidth: 4
IndentWrappedFunctionNames: false
JavaScriptQuotes: Leave
JavaScriptWrapImports: true
KeepEmptyLinesAtTheStartOfBlocks: true
MacroBlockBegin: ''
MacroBlockEnd: ''
MaxEmptyLinesToKeep: 1
NamespaceIndentation: None
PointerAlignment: Left
ReflowComments: true
SortUsingDeclarations: true
SpaceAfterCStyleCast: true
SpaceAfterLogicalNot: false
SpaceAfterTemplateKeyword: true
SpaceBeforeAssignmentOperators: true
SpaceBeforeCpp11BracedList: false
SpaceBeforeCtorInitializerColon: true
SpaceBeforeInheritanceColon: true
SpaceBeforeParens: ControlStatements
SpaceBeforeRangeBasedForLoopColon: true
SpaceInEmptyBlock: false
SpaceInEmptyParentheses: false
SpacesBeforeTrailingComments: 1
SpacesInConditionalStatement: false
SpacesInParentheses: false
SpacesInSquareBrackets: false
SpaceBeforeSquareBrackets: false
Standard: Latest
TabWidth: 4
UseCRLF: false
UseTab: AlignWithSpaces
...

2
auto/clang-format/clang-format Executable file
View File

@ -0,0 +1,2 @@
#!/bin/sh
cp -i .clang-format ~

1
auto/shells/bash
View File

@ -23,7 +23,6 @@ PS1='${debian_chroot:+($debian_chroot)}\[\e[01;38;5;11m\]\u\[\e[00;38;5;208m\]@\
PROMPT_DIRTRIM=3
alias ls='ls --color'
alias bat='batcat'
alias mosh='mosh -o'
alias cargo='cargo auditable'
alias md='pulldown-cmark -TFSLH'

3
auto/shells/fish
View File

@ -56,10 +56,9 @@ umask 007
export EDITOR='vim'
export VISUAL='vim'
export GPG_TTY=$(tty)
export GPG_TTY=(tty)
export PATH="$HOME/.local/bin:$PATH:/usr/lib/llvm-15/bin"
alias bat='batcat'
alias md='pulldown-cmark -TFSLH'
alias mosh='mosh -o'
alias cargo='cargo auditable'

11
full-setup Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh
cd auto
./auto
cd ../manual/rust
./rust
. ~/.cargo/env
cd ../helix
./helix
cd ../starship
./starship
echo success

13
manual/helix/helix
View File

@ -21,7 +21,7 @@ fi
rm -rf helix-git
git clone --single-branch https://github.com/helix-editor/helix helix-git
cd helix-git
git checkout 84e24b33dcda16d1d64805f34dcc02d82d0de8f1
git checkout 2cadec0b1182332338a5a1cc3062776f834d8835
cargo install -f --locked --path helix-term
mkdir -p ~/.config/helix
rm -rf runtime/grammars/sources
@ -38,14 +38,14 @@ cat > ~/.config/helix/config.toml << 'EOF'
theme = "monokai_pro_spectrum"
[keys.normal]
space.z = ":reflow 100"
space.z = ":reflow"
space.i = ":toggle lsp.display-inlay-hints"
space.u = ":update"
[editor]
line-number = "relative"
bufferline = "multiple"
rulers = [101]
rulers = [81, 101]
[editor.lsp]
display-messages = true
@ -66,6 +66,7 @@ cat > ~/.config/helix/languages.toml << 'EOF'
name = 'rust'
indent = { tab-width = 4, unit = "\t" }
shebangs = ["rust-script"]
text-width = 100
[language-server.rust-analyzer.config]
checkOnSave = { command = "clippy" }
@ -73,25 +74,31 @@ checkOnSave = { command = "clippy" }
[[language]]
name = "c"
indent = { tab-width = 4, unit = "\t" }
text-width = 100
[[language]]
name = "cpp"
indent = { tab-width = 4, unit = "\t" }
text-width = 100
[[language]]
name = 'java'
indent = { tab-width = 4, unit = "\t" }
text-width = 100
[[language]]
name = "bash"
indent = { tab-width = 4, unit = "\t" }
text-width = 100
[[language]]
name = "toml"
indent = { tab-width = 4, unit = "\t" }
text-width = 100
[[language]]
name = "markdown"
text-width = 80
indent = { tab-width = 4, unit = "\t" }
language-servers = [ "ltex-ls" ]
file-types = ["md"]

2
manual/rust/rust-configure
View File

@ -14,7 +14,7 @@ use std::{
const ENV: &str = r#". "$HOME/.cargo/env""#;
// until the release of https://github.com/rust-lang/rustup/pull/3506/files
const ENV_FISH: &str = r#"export PATH="$HOME/.cargo/bin:$PATH""#;
const ENV_FISH: &str = r#"set -x PATH "$HOME/.cargo/bin" $PATH"#;
fn main() -> anyhow::Result<()> {
let home = dirs::home_dir().context("can't find home directory")?;

2
manual/starship/starship
View File

@ -11,7 +11,7 @@ cargo install starship --locked
echo 'eval "$(starship init bash)"' >> ~/.bashrc
mkdir -p ~/.config/fish
echo 'starship init fish | source' >> ~/.config/fish/config.fish
cat >> ~/.config << 'EOF'
cat >> ~/.config/starship.toml << 'EOF'
[status]
map_symbol = true
format = '[$symbol$common_meaning$signal_name$maybe_int]($style) '

2
setup/debian-server-setup.md
View File

@ -17,7 +17,7 @@ sudo groupadd --system ssh-users
sudo usermod -aG ssh-users $(whoami)
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sudo wget \
https://git.duckduckwhale.com/DuckDuckWhale/dotfiles/raw/branch/main/system/sshd/sshd_config \
https://git.duckduckwhale.com/DuckDuckWhale/dotfiles/raw/branch/main/system/sshd/sshd_config-debian \
-O /etc/ssh/sshd_config
sudo systemctl enable ssh --now
sudo systemctl reload ssh

180
setup/fedora-install.md Normal file
View File

@ -0,0 +1,180 @@
# Fedora 39 Installation
Here is how I installed Fedora 39. I chose to migrate from ext4 to btrfs, the
default file system for Fedora. I also bought a new disk, which means that I
needed to create everything from scratch.
By following these steps, you will be able to install Fedora with:
- `/` as a btrfs subvolume using xxhash as the checksum function on LUKS2 (an
encryption layer)
- `/home` as another subvolume on the same btrfs (which means it's also
encrypted)
- `/boot` as ext4
- `/boot/efi` as System EFI Partition
A disk password will be required upon boot and a separate user password will be
required. `/boot` is not encrypted because it contains only the kernel files
and are public and the same for all Fedora installations -- there's nothing
worth encrypting here. Benchmarking shows that there's a negligible performance
overhead.
After extensive benchmarking, I found SHA-256 to be too slow for practical use
even with the sha_ni kernel module for acceleration. Without acceleration the
speed was ~400 MB/s, and with acceleration the speed was ~1500 MB/s, but my disk
is capable of ~6000 MB/s. crc32c gave me ~5000 MB/s, and xxhash gave me ~4500
MB/s, which I found acceptable, so that's what I went with.
## Making a Fedora Live USB
Simply go to the Fedora project website and download the ISO. I opted not to
use the Fedora Media Writer because I like collecting Linux ISOs. It shouldn't
impact the result.
After the download you may find the GPG-signed SHA256 checksum file from the
icon next to the ISO download. You may find the GPG key fingerprints and
instructions to verify via the links there.
Simply `dd` it to the disk and `sync` before pulling the USB out. _Make sure
you have backups and are using the right disk! A friend of mine didn't and
corrupted his disk._
## Preparing the SSD
Boot the USB. Open gparted by typing its name and pressing enter. Make a GPT
partition table.
(If you have paintext data on the drive, you really should do a NVME sanitize.
You may find instructions on doing that by looking up the man page for the
`nvme` command.)
Make a large empty partition with no file system (choose "unformatted") leaving
10240 MiB at the end of the drive. You may find a calculator to be handy here.
Make a 1024 MiB partition at the very end of the drive and format with ext4,
then make another one right before it and also format with ext4. Formatting
here really isn't necessary if not for the Fedora installer graying out all the
fields when it doesn't detect a file system (bug?).
I assume that you are using an UEFI system as almost all modern x86_64 systems
have that, but you could verify that with `[ -d /sys/firmware/efi ] && echo UEFI
|| echo BIOS`.
Now, make the LUKS2 layer by opening a terminal and typing:
`sudo cryptsetup luksFormat --hash sha512 --use-random /dev/<root-partition>`
...where `<root-partition>` is the big partition you made first and should look
something like `/dev/nvme0n1p1`. There are some sane defaults that I didn't
include in this command as all new systems should have them by default, but you
could spell it out if you want to be extra certain: `--type luks2 --key-size 512
- --cipher aes-xts-plain64 --iter-time 2000 --verify-passphrase`
Then, unlock this encrypted partition by typing: `sudo cryptsetup open /dev/
<root-partition> <mapper>`, where `<mapper>` is the name for the mapper file and
doesn't matter for our install. You could just use `luks`.
Now, make the btrfs file system with xxhash as the checksum function: `sudo
mkfs.btrfs --csum xxhash <mapper>`. I didn't use LVM here as btrfs snapshots
are much better and support RAID0/1 well. btrfs snapshots doesn't have LVM
snapshots' heavy performance penalty, doesn't require preallocation of space
which is often wasted, and doesn't become invalid later when its space is used
up.
Then, close the LUKS layer as the installer requires the password to it for
installation. If you skip this step, you would be forced to rescan in the
installer which closes it after you've already selected your configuration.
## Installing Fedora
Now, start the installer. Choose your keyboard layout and timezone. Then click
into storage configuration.
I have some commands for unlocking the LUKS in my Ubuntu install guide, but here
you can simply unlock the LUKS volume and the installer does all the work for
you setting that up.
Click the `+` button to make a new root subvolume. Anaconda, the Fedora
installer, requires you to create a new btrfs subvolume at the time of
writing. You may simply select the storage as `btrfs.<some-number>`. Maybe
`<some-number>` is for disambiguation when you have multiple btrfs file systems
(smh my head)? Then do the same for the home subvolume. The default names are
fine and the mount points are `/` and `/home`, respectively.
- Format `<boot-partition>` (e.g. `/dev/nvme0n1p3`) as ext4 and mount to `/
boot`. (Check the format checkbox.)
- Format `<efi-partition>` (e.g. `/dev/nvme0n1p2`) as System EFI Partition and
mount to `/boot/efi`.
- Format `/dev/mapper/<machine name>-root` as ext4 and mount to `/`.
- Format `/dev/mapper/<machine name>-home` as ext4 and mount to `/home`.
- No need for swap as
[Fedora uses zram by default](https://fedoraproject.org/wiki/Changes/SwapOnZRAM).
Now click "Done" and start your install! It took only ten minutes for me.
Now, reboot into your newly installed system and test it out. Make sure it
works before migrating your data as that may take a long time, so you don't want
to do it again.
## Migrating all the data
Open up your retired machine, pop up the SSD, put it in a NVME enclosure, and
plug it in.
Now, if you'd like, take a snapshot: `sudo mkdir /snapshots && sudo btrfs
subvolume snapshot /home /snapshots/home-default`
My install is quite old and is from Ubuntu so it contains lots of files past
their shelf life. I hit `Ctrl`+`h` to unhide all hidden files and compared the
two file trees side-by-side and removed all conflicting or obsolete files. Now,
start the copy: `time sudo cp -a -T <old-path> ~` where `<old-path>` is path to
your old home directory. This took 22 minutes for me.
Now, reboot again to load these files.
## After the install
Congratulations! You've reached the end of this guide. After the install,
check out my [configuration guide](fedora-setup.md) and see if you'd like to
pull some bits from that.
## Some interesting notes
btrfs uses zstd level 1 compression by default. This saves substantially for
`/`, and a little bit for `/home`:
```
$ sudo compsize -x /
Processed 121050 files, 95144 regular extents (114629 refs), 60336 inline.
Type Perc Disk Usage Uncompressed Referenced
TOTAL 55% 3.6G 6.6G 8.4G
none 100% 2.1G 2.1G 2.3G
zstd 35% 1.5G 4.5G 6.0G
prealloc 100% 1.2M 1.2M 11M
$ sudo compsize /home
Processed 1178463 files, 1863614 regular extents (1907988 refs), 519681 inline.
Type Perc Disk Usage Uncompressed Referenced
TOTAL 94% 1.2T 1.2T 1.2T
none 100% 1.1T 1.1T 1.1T
zstd 36% 40G 110G 113G
prealloc 100% 1.2M 1.2M 1.1M
```
In my testing I managed to reach `91%` by forcing compression, but I didn't use
it as I don't think `3%` is worth the performance hit. (The default options has
negligible performance overhead.)
After using it for a while:
```
$ sudo compsize -x /
Processed 356866 files, 228300 regular extents (347966 refs), 187319 inline.
Type Perc Disk Usage Uncompressed Referenced
TOTAL 56% 11G 19G 30G
none 100% 6.9G 6.9G 9.8G
zstd 32% 4.1G 12G 20G
prealloc 100% 1.2M 1.2M 22M
$ sudo compsize /home
Processed 1204163 files, 2035560 regular extents (2142558 refs), 501390 inline.
Type Perc Disk Usage Uncompressed Referenced
TOTAL 95% 1.3T 1.4T 1.4T
none 100% 1.3T 1.3T 1.3T
zstd 35% 38G 107G 111G
prealloc 100% 215M 215M 115M

113
setup/fedora-system-setup.md Normal file
View File

@ -0,0 +1,113 @@
# Fedora 39 System Setup
Congratulations on your new install! Now, let's set the system up.
_Note: this document details the system level setup only. For user level setup
that is remembered in the user home directories, see
[Fedora 39 User Setup](fedora-user-setup.md)._
Rename your system in `Settings` -> `About`.
## UEFI
Limit the battery charge to 95%.
## System packages
Your first `dnf` install would probably ask you to confirm the Fedora GPG key,
which you may find the fingerprint of at <https://fedoraproject.org/security>.
`dnf install vim-enhanced mosh keepassxc thunderbird-wayland mpv obs-studio
wl-clipboard qrencode xournalpp gstreamer1-plugins-bad-free-extras
gnome-extensions-app gnome-shell-extension-gsconnect nautilus-gsconnect
kernel-tools mozilla-openh264 gstreamer1-plugin-openh264 trash-cli ripgrep
gnome-tweaks goldendict-ng gcc-c++ gimp alacritty clang clang-tools-extra bat
quearcode qpdf lm_sensors kdenlive`
### As needed
`dnf install gnome-usage install rlwrap mediainfo nmap xeyes progress
duperemove memtest86+`
## Flathub apps
If you are somewhat of a FOSS purist like me and didn't enable third party
repositories at the time of install, you may enable Flathub in Software.
Use Flatseal to lock down all of them: `dnf install flatseal`
You may also use `flatpak permission-show` and `flatpak permission-remove` to
clear out any left over dynamic permissions. `flatpak uninstall --delete-data`
can clear the app data.
- Mission Center
- `flatpak install flathub io.missioncenter.MissionCenter`
- Use Wayland and disable X11 and its fallback
- Resources
- `flatpak install flathub net.nokyan.Resources`
- Use Wayland and disable X11 and its fallback
- Remove `host:ro` (sus)
- Video Trimmer
- `flatpak install flathub org.gnome.gitlab.YaLTeR.VideoTrimmer`
- Use Wayland and disable X11 and its fallback
- Bottles
- `flatpak install flathub com.usebottles.bottles`
- Signal
- `flatpak install flathub org.signal.Signal`
- Use Wayland: `SIGNAL_USE_WAYLAND=1` and disable X11 permissions.
- Disable `org.freedesktop.login1`. Not sure why it's needed.
If you know why, please let me know!
- Cameractrls
- `flatpak install flathub hu.irl.cameractrls`
- Disable X11 and fallback
- Denaro
- `flatpak install flathub org.nickvision.money`
- Disable X11 and fallback
- Minecraft (Prism Launcher)
- `flatpak install flathub org.prismlauncher.PrismLauncher`
- Remove `xdg-download:ro`
- Remove `~/.ftba:ro`
- Remove `xdg-run/app/com.discordapp.Discord:create`
- Steam
- `flatpak install flathub com.valvesoftware.Steam`
- Remove `xdg-run/app/com.discordapp.Discord:create`
- Geekbench 6
- `flatpak install flathub com.geekbench.Geekbench6`
- Remove X11
- `flatpak run com.geekbench.Geekbench6`
- `flatpak run com.geekbench.Geekbench6 --compute vulkan`
- Slack
- `flatpak install flathub com.slack.Slack`
- Disable X11, enable Wayland
- There are some
[suspicious permissions](https://github.com/flathub/com.slack.Slack/issues/217).
I would lock them down with Flatseal and use Wayland.
- Discord
- `flatpak install flathub com.discordapp.Discord`
- Remove `xdg-pictures:ro`, `xdg-videos:ro`
- Zoom
- `flatpak install flathub us.zoom.Zoom`
- WeChat
- `flatpak install flathub com.tencent.WeChat`
- Remove "Owns: `org.kde.*`"
## SSH
In `Settings` -> `Sharing`: turn on `Remote Login` and edit
`/etc/ssh/sshd_config` according to `system/sshd/sshd_config-rhel`.
`sudoedit /etc/ssh/sshd_config.d/00-no-gss.conf` and write
`GSSAPIAuthentication no` to override `/etc/ssh/sshd_config.d/50-redhat.conf`,
which changes the default setting for some stupid reason.
(Why does that file exist at all?? Please let me know if you have a clue.)
```
systemctl reload sshd
sudo groupadd --system ssh-users
sudo usermod -aG ssh-users $(whoami)
```
Finally, log out then log in again for the `usermod` to take effect.
If you see a permission denied from sshd in your logs, use
`restorecon -RFv ~/.ssh` to please SELinux.
(Don't forget to install Mosh!)

93
setup/fedora-user-setup.md Normal file
View File

@ -0,0 +1,93 @@
# Fedora 39 User Setup
Now that you have setup your new system, time to configure quality-of-life user
settings!
_Note: this document details the user level setup only. This means settings
that you may make without super user permission and are remembered in the home
directory. For system level setup, see
[Fedora 39 System Setup](fedora-system-setup.md)._
## Default apps
- Shell: Fish (`chsh -s /usr/bin/fish`)
- Video: MPV
## Power
Turn off `Automatic Suspend` when `Plugged In`.
## Displays
Turn on Night Light and slide the slider to almost the very left.
`gsettings set org.gnome.mutter experimental-features
"['scale-monitor-framebuffer', 'variable-refresh-rate']"` Then turn fractional
scaling to 125%.
## Keyboard
In `Input Sources`, add `Chinese (Intelligent Pinyin)` and
`Hanyu Pinyin Letters (with AltGr dead keys)`.
## Touchpad
- Slightly higher pointer speed
- Enable tap to click
## Privacy & Security
- `File History & Trash`: Auto delete everything in 30 days
### Shortcuts
| Name | Shortcut | Command |
| Home folder | `Super` + `F` |
| Launch email client | `Super` + `E` |
| Launch web browser | `Super` + `W` |
| Microphone mute/unmute | `Super` + `A` |
In Settings -> Keyboard -> Custom Shortcuts:
| Name | Shortcut | Command |
| Launch Calculator | `Super` + `C` | `gnome-calculator` |
| Launch Dictionary | `Super` + `D` | `goldendict-ng` |
| Launch Terminal | `Super` + `T` | `alacritty` |
| Swap Esc with Caps Lock | `Ctrl` + `Super` + `S` | `gsettings set org.gnome.desktop.input-sources xkb-options "['caps:swapescape']"` |
| Disable Caps Lock | `Ctrl` + `Super` + `D`| `gsettings set org.gnome.desktop.input-sources xkb-options "['caps:none']"` |
| Clear key mappings | `Ctrl` + `Super` + `C` | `gsettings set org.gnome.desktop.input-sources xkb-options "[]"` |
| Toggle OBS Recording | `Super` + `R` | `obs-cmd -w obsws://localhost:4455/<secret> recording toggle` |
| Save OBS Replay | `Super` + `Alt` + `C` (for capture) | `obs-cmd -w obsws://localhost:4455/<secret> replay save` |
## Migrating Thunderbird and Firefox
Look in `installs.ini` and `profiles.ini` and keep the last one.
Or use the profile managers.
## Migrating podman rootless containers
Reset SELinux labels:
`restorecon -RFv $HOME/.local/share/containers`
## App settings
- Terminal: Monospace 15
- Text Editor
- Monospace 15
- Using the top right settings icon:
- Show Line Number
- Show Right Margin
- Spaces Per Tab: 4
- GSConnect: Enable in Extensions app, pair with phone, and adjust settings
accordingly.
- Xournal++: turn on dark mode
- OBS: 2560x1440,
[mkv](https://en.wikipedia.org/wiki/Comparison_of_video_container_formats),
VAAPI AV1 (CQ 28), opus, output to `~/Videos/OBS/`
- Install [per application audio capture](https://github.com/dimtpap/obs-pipewire-audio-capture/releases/tag/1.1.4).
To install the plugin: open OBS folder from its menu, decompress the zip and
remove the outer folder and put in the `plugins` folder, creating it if it
doesn't exist. The final result should be something like
`.config/obs-studio/plugins/linux-pipewire-audio/{bin,data}/...`
- Enable websocket server and install
[obs CLI for obs-websocket v5](https://github.com/grigio/obs-cmd) to
emulate global shortcuts on Wayland
- Enable replay buffer of 60 seconds and 1000 MB

17
setup/ubuntu-setup.md
View File

@ -71,8 +71,12 @@ Here's my personal Ubuntu 23.10 setup. (Make sure to use Wayland on Nvidia!)
- UFW:
- `sudo ufw allow 1716:1764/tcp`
- `sudo ufw allow 1716:1764/udp`
- Flatseal
- `flatpak install flathub com.github.tchx84.Flatseal`
## Flatpaks
Use Flatseal to lock down all of them: `flatpak install flathub
com.github.tchx84.Flatseal`
- Firefox
- `flatpak install flathub org.mozilla.firefox`
- Xournal++
@ -84,9 +88,14 @@ Here's my personal Ubuntu 23.10 setup. (Make sure to use Wayland on Nvidia!)
- To host servers: `sudo ufw allow 25565/tcp`
- Bottles
- `flatpak install flathub com.usebottles.bottles`
- Signal
- Use Wayland. Disable `...login1`.
- `flatpak install flathub org.signal.Signal`
- Discord
- `flatpak install flathub com.discordapp.Discord`
- Slack
- There are some [suspicious permissions](https://github.com/flathub/com.slack.Slack/issues/217).
I would lock them down with Flatseal and use Wayland.
- `flatpak install flathub com.slack.Slack`
- Denaro
- `flatpak install flathub org.nickvision.money`
@ -98,6 +107,10 @@ Here's my personal Ubuntu 23.10 setup. (Make sure to use Wayland on Nvidia!)
- `flatpak install flathub org.gnome.gitlab.YaLTeR.VideoTrimmer`
- Pods
- `flatpak install com.github.marhkb.Pods`
- Dynamic Wallpaper Editor
- `flatpak install flathub com.github.maoschanz.DynamicWallpaperEditor`
- Dynamic Wallpaper
- `flatpak install flathub me.dusansimic.DynamicWallpaper`
## Optional Apps

0
system/mac-fnmode/fnmode-once.sh → system/mac-fnmode/fnmode-once
View File

0
system/mac-fnmode/fnmode-persistent.sh → system/mac-fnmode/fnmode-persistent
View File

6
system/sshd/sshd_config → system/sshd/sshd_config-debian
View File

@ -1,13 +1,13 @@
Include /etc/ssh/sshd_config.d/*.conf
AllowGroups ssh-users
Port 22
AllowGroups ssh-users
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
KbdInteractiveAuthentication no
UsePAM yes
AllowTcpForwarding yes
X11Forwarding yes
PrintMotd no
X11Forwarding no
AcceptEnv LANG LC_* COLORTERM
Subsystem sftp /usr/lib/openssh/sftp-server

7
system/sshd/sshd_config-rhel
View File

@ -1,14 +1,13 @@
Include /etc/ssh/sshd_config.d/*.conf
AllowGroups ssh-users
Port 22
AllowGroups ssh-users
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
KbdInteractiveAuthentication no
AuthorizedKeysFile .ssh/authorized_keys
UsePAM yes
AllowTcpForwarding yes
X11Forwarding yes
PrintMotd no
X11Forwarding no
AcceptEnv LANG LC_* COLORTERM
Subsystem sftp /usr/libexec/openssh/sftp-server