Skip to content

Latest commit

 

History

History
157 lines (123 loc) · 8.25 KB

PLAN.md

File metadata and controls

157 lines (123 loc) · 8.25 KB

Laptop setup plan

I'm calling it 'Iris' (after the ancient Greek goddess of the rainbow and messenger of the gods) because it has one of those stupid rainbow backlit keyboards.

Hardware

Hardware specs here.

MVP Goals

Pre-OS

Pre-OS Installation Plan

  1. Partition the disks
    1. A swap partition of 32G
    2. A / partition for the rest, since we don't need EFI and we will be using btrfs subvolumes under LUKS
  2. Create LUKS container
  3. Format O/S filesystem: btrfs with full disk encryption on both drives, including an encrypted bootloader

OS

OS Installation Plan

  1. Archlinux
  2. Bootloader: GRUB2 in BIOS mode (no UEFI)[1][2][3]
  3. Snapper

Post-OS

Execution plan (TBD)

  1. Keyboard layout in the console
  2. Time synchronization: Chrony

Post-MVP Goals

Take a btrfs snapshot here.

Pre-WM

  1. Separate ryan user role in sudoers group
  2. Create XDG default directories with pacman -S xdg-user-dirs && xdg-user-dirs-update
    • Set the XDG_*_DIR env vars to stop creating directory names I hate (like "Downloads")
  3. AUR helper yay
  4. Power Management
  5. Security recommendations, especially:
    • No remote access as root
    • Public key authentication only
    • Passworded BIOS
    • Boot tampering checking: investigate chkboot, hashboot or chkcryptoboot
    • Consider disabling the front-facing camera by blacklisting the uvcvideo module
  6. Domain name resolution: Unbound
  7. Network manager: Wicd
  8. NVidia graphics drivers
  9. Touchpad support with libinput
    • Fix this middle-click weirdness
  10. Fonts:
    • adobe-source-code-pro-fonts
    • gnu-free-fonts
    • ttf-dejavu
    • ttf-fira-code
    • ttf-fira-mono
    • ttf-ubuntu-font-family
    • powerline-fonts

Post-WM

Take a btrfs snapshot here.

  1. XOrg. We use this because we got an nvidia graphics card. Because nvidia sucks, there's no support for it on wayland. Don't buy nvidia.
    • xf86-video-intel
    • xorg-server
    • xorg-setxkbmap
    • xorg-xclipboard
    • xorg-xinit
    • xorg-xinput
    • xorg-xprop
    • xorg-xrandr
    • xorg-xset
  2. WM: i3-gaps
  3. Terminal emulator: kitty
  4. Keyboard layout in Xorg using xorg-setxkbmap
  5. Mouse sensitivity, keyboard repeat rate etc using xorg-xset
  6. Multi-head display configuration using arandr
  7. Secure DNS resolution:
  8. Mirrorlist automation with Reflector
  9. CPU microcode

Decisions

  1. BIOS: coreboot or libreboot? (Is this hardware even supported by either?)
  2. Kernel patchset?
  3. Filesystem: autodefrag or no autodefrag?
  4. Shell: bash or zsh?
  5. cli file manager: ranger or vifm?
  6. Screenshots: scrot or flameshot?
  7. Launcher: dmenu or rofi?
  8. Backlight control: xbacklight or light?
  9. Status bar: i3blocks or polybar?

"Nice to have"s

This stuff is out of scope for this execution plan. We might not want all of it either. This ranges from "I'll get to it eventually" to "I'll look into it and decide if I want it at all eventually".

See also: privacytools.io

  1. grub-btrfs configuration tuning
  2. snap-sync can use snapshots to back up to an external machine
  3. ILoveCandy
  4. Activate NumLock on bootup
  5. Local consumer VPN connection with non-VPN traffic dropped by iptables
  6. zswap
  7. USBGuard
  8. Backlight control using light
  9. AppArmor for closed-source commercial stuff that I (a) don't completely trust and yet (b) don't want to run in a sandbox/VM
  10. CPU frequency scaling
  11. Autostart management with dex
  12. coreboot or libreboot
  13. Bootloader decryption headers on separate device
  14. Hard disk shock protection
  15. Maybe archstrike
  16. Local mail delivery using Postfix
  17. Use systemd timers over cron
  18. Pimp out GRUB with fancy colors and terminal candy

Maintenance

  1. run btrfs-scrub on a schedule?

System maintenance

  1. Periodically clear pacman cache
  2. Periodically remove orphaned packages
  3. pacdiff or something like it

Optimizations

Improving performance

  1. systemd boot time (systemd-analyze)
  2. Consider a different Kernel patchset
  3. zram ?