Return to note index?

Essential software for new systems

This is just a quick personal reference so I don’t have to guess and notice that I forgot something important.

Automaattinen sisällysluettelo / Automatically generated Table of Contents

Security

Usability

Essential system configuration

Since software being present and doing nothing may not actually do anything.

Debian console

Terminus on Fedora

After installing the package, adjust /etc/vconsole.conf e.g.:

KEYMAP="fi"
FONT="ter-v16v"

Maybe sudo updatedb and locate ter-v16v at first though?

Terminus on Arch Linux

See Fedora, but change the FONT to "ter-132b" instead.

SSD

BTRFS

Swap

Zramswap is not enough. 8 GB everywhere may be enough, summarizing Gentoo.

No swap partition and swap file is acceptable (consider SSD)? See above for btrfs or as root

fallocate -l 8G /swap
chmod 600 /swap
mkswap /swap
swapon /swap

The /etc/fstab rule is: /swap none swap sw 0 0 and then it’s just a matter of sudo swapon -a

sudo

Consider these:

# Thanks Tails
Defaults timestamp_timeout=0
Defaults pwfeedback
Defaults lecture = always

Additionally Arch Linux should consider either

# Allow full sudo access to the group which is uncommented. The first is
# Debian.
#%sudoers ALL=(ALL:ALL) ALL
# Defaults to passwordless sudo on Debian.
#%wheel ALL=(ALL:ALL) ALL

systemd presets

You are practically guaranteed horrible time especially on Debian, unless /etc/systemd/system-preset has a whatever.preset saying disable * as some distributions consider it a good idea to autostart every installed service by default. I am unsure on whether this requires sudo systemctl daemon-reload to apply.

To return to the preset state of nothing autostarting, execute the dangerous if you don’t know what you are doing command sudo systemctl preset-all.

Debian

Remember to install apt-transport-tor!

sources.list

The mirror to use is https://deb.debian.org/debian.

/etc/apt/preferences.d/whatever

# Copied from https://www.wireguard.com/install/ (2020-01-11)
# Default priority appears to be 500, so 90 results to unstable being
# used when the package is not available anywhere else
Package: *
Pin: release a=unstable
Pin-Priority: 90

Package: *
Pin: release a=unstable-debug
Pin-Priority: 90

sshd

If nothing else, please at least

# ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_ed25519_key

LogLevel VERBOSE
PermitRootLogin prohibit-password
PasswordAuthentication no
AuthenticationMethods publickey

Encrypted DNS

/etc/xdg/autostart

Not having terminal autostarting for all users is pain.

[Desktop Entry]
Terminal=true
Exec=kgx --command="bash --norc -c tmux"
Name=Tmux in Console
Icon=org.gnome.Console

aminda-*.{service,socket]

They workaround either me or the distribution messing things up. While at it, don’t forget /etc/sysctl.d

Remember!

Not quite configuration, but I am not going to start inventing a new place for it.

Accessing UEFI setup without key smashing

Recovering selinux policy issues

Return to note index?

Dear reader, you may be missing a content blocker! 🙀 Please consider installing one to protect yourself, and your close ones, from manipulation and targeted malvertising! Personally I love both Privacy Badger and uBlock Origin (with EFF DNT Policy Allowlist) together, while AdNauseam alone would be more direct protest tool to oppose how the internet is nowadays. Android users may be better served by Rethink while for iOS there is AdGuard. Learn more about targeted advertising! PS. I am sorry if you are already protected and this silly EasyList targeting(?) script doesn't detect that, thank you for taking the steps towards a safer internet! 💜