diff options
Diffstat (limited to 'posts')
| -rw-r--r-- | posts/blarg.md | 192 | ||||
| -rw-r--r-- | posts/dotfiles.md | 142 | ||||
| -rw-r--r-- | posts/my-aerc-setup.md | 1021 | ||||
| -rw-r--r-- | posts/my-first-freebsd-server.md | 127 | ||||
| -rw-r--r-- | posts/void-linux-with-encrypted-root-on-zfs.md | 405 | 
5 files changed, 1299 insertions, 588 deletions
| diff --git a/posts/blarg.md b/posts/blarg.md index b6c9fd0..4a21aaf 100644 --- a/posts/blarg.md +++ b/posts/blarg.md @@ -1,118 +1,74 @@ -<!doctype html> -<html lang="en"> -<head> -	<meta charset="utf-8"> -	<meta name="viewport" content="width=device-width, initial-scale=1"> -	<title>Justine Smithies blog - No Title</title> -	<link rel="icon" href="public/favicon-32x32.png" type="image/png" sizes="32x32"> -	<link href="https://justine.smithies.me.uk/atom.xml" type="application/atom+xml" rel="alternate" title="Atom feed for blog posts"> - <style>  -		body { -			font-family: sans-serif; -			margin: 0 auto; -			max-width: 48rem; -			line-height: 1.45; -			padding: 0.5rem 1.6rem; -		} -		a { -			color: #000000; -			font-weight: bold; -		} -		a:link { -			text-decoration: none; -		} -		a:hover { -			text-decoration: underline; -		} -		main { -			padding: 0 1.4rem; -			hyphens: auto; -		} -		code {	 -			border: 1px solid; -			padding: 0.1rem 0.3rem; -			tab-size: 4; -		} -		pre { -			border: 1px solid; -		} -		pre code { -			display: block; -			overflow-x: auto; -			padding: 0.3rem 0.6rem; -		} -		nav ul { -			margin: 0; -			padding: 0; -			display: flex; -			justify-content: center; -		} -		nav li { -			list-style: none; -		} -		nav li * { -			display: block; -			padding: 0 0.4rem; -			color: black; -		} -		nav li strong { -			padding-left: 1.5rem; -			padding-right: 1rem; -		} -		nav a { -			text-decoration: none; -		} -		nav a:hover { -			 -		}	 -		header { -			border-bottom: 1px dashed grey; -			margin: 0rem 0; -			padding: 1rem 15px; -			text-align: center; -		} -		footer { -			border-top: 1px dashed grey; -			margin: 2rem 0; -			padding: 1rem 15px; -			text-align: center; -			color: #000000; -		} -	</style> -</head> -<body> -<header> -<nav> -	<ul> -		<li><img src="public/tux-1.png" alt="Tux" style="width:100px;height:100px;"></li> -		<li><h1>Justine Smithies blog</h1>Adventures of a Linux, BSD chick</li> -	</ul> -	<ul> -		<li><a href="index.html">Home</a></li> -		<li><a href="about.html">About</a></li> -	</ul> -</nav> -</header> -<main> - -</main> -<footer> -  <small> -    <span><a href="#">↑ Back to Top</a></span><br><br> -    Powered by <a href="https://www.freebsd.org/">FreeBSD</a><br> -    Built with <a href="https://git.smithies.me.uk/blarg">blarg</a> a mix of both <a -      href="https://github.com/karlb/karl.berlin/tree/master">blog.sh</a> and <b>barf</b>. -    The code for this site is licensed under <a -      href="https://git.smithies.me.uk/blarg/tree/LICENSE">MIT</a>. <br> -    Here's the blog's <a href="atom.xml">Atom feed</a>. <br><br> -    <img src="./public/fediverse.png" alt="Smithies SNAC Instance" width="16" height="16" style="vertical-align:middle;"> -    <a rel="me" href="https://snac.smithies.me.uk/justine">Fediverse</a> -    <img src="./public/git.png" alt="Self Hosted" width="16" height="16" style="vertical-align:middle;"> -    <a href="https://git.smithies.me.uk">Git</a> -    <img src="./public/email.png" alt="Email" width="16" height="16" style="vertical-align:middle;"> -    <a href="mailto:justine@smithies.me.uk">Email</a><br> -    ©2022 - 2024 Justine Smithies -  </small> -</footer> -</body> -</html> +# My simple blog engine blarg + +All the pages on this website are built using my simple blog engine [blarg](https://git.smithies.me.uk/blarg). It is a combination of all the best bits of both [blog.sh](https://github.com/karlb/karl.berlin) and [barf](https://git.sr.ht/~bt/barf) plus I've added some of my own touches too. + +## Why didn't I just use one of the above? + +I found out about barf after seeing [hamblingreen](fosstodon.org/@hamblingreen) post about their new blog and absolutely loved the idea of a simple blog site that could I could write posts in markdown with. I instantly cloned the barf repo and started to play about with it but quickly noticed that it didn't quite do things as I'd like and also had a few bugs / issues which would need to be resolved. +As usual I just can't do things the easy way so set out to create blarg my own simple blog engine and took inspiration from both blog.sh and barf. I also needed to make changes to how the dates were displayed on the index and on all posts. Git history is used to form published on and updated dates on blog posts to keep things nice and easy. +I have also ironed out the html issues too so my blog now passes all three W3C validation checks. + +HTML: +[https://validator.w3.org/nu/](https://validator.w3.org/nu/) + +CSS: +[https://jigsaw.w3.org/css-validator/](https://jigsaw.w3.org/css-validator/) + +Atom feed: +[https://validator.w3.org/feed/](https://validator.w3.org/feed/) + +## Requirements + +Before jumping deeper into it, I made a list of my basic requirements: + +- Low maintenance +- Low barrier to create content (markdown) +- Low requirements on the client (web browser, internet connection, RAM, CPU) +- Shows creation and update timestamps of posts +- RSS feed + +## How these constraints are acheived + +### Low maintenance + +- Avoid dependencies: only a POSIX shell and a markdown converter are required. Dependencies always increase the maintenance burden. +- Static files: hosting static files is much easier to do reliably than hosting dynamic content + +### Low barrier to create content + +- Use markdown: when writing markdown I can mostly avoid thinking about the syntax and focus on the content +- Automatically generate timestamps: generating the timestamps from the git history allows me to just create posts without needing any templates or front matter to provide this data. I also can't forget to update these timestamps. + +### Low requirements on the client + +This is mostly solved by not doing anything complicated. Not adding any JS and CSS frameworks keeps the size small. Not setting a font size and not disallowing zooming makes the text readable on a wide variety of devices and by people of bad eye sight. Just using basic HTML and a few lines of CSS allows old or limited browsers and slow computers to display the page easily. I could go on for a long time here, but I'm sure you get the concept. + +### RSS Feed + +Having an RSS feed (an [Atom](https://en.wikipedia.org/wiki/Atom_(Web_standard)) feed to be precise) is a must for me. I really love RSS and in my opinion RSS support is an essential part of a blog. I was shocked to learn that some blog engines need plugins to get RSS support! +Writing something that is nearly a valid Atom feed is pretty easy. Just take the [example Atom feed](https://validator.w3.org/feed/docs/atom.html#sampleFeed) and fill in your own values. + +## Results + +### The HTML output + +* No JS, no tracking, no custom fonts +* No external CSS +* Minimal styling +* Light weight pages + +### The blog script + +You can find the [code of the resulting script](https://codeberg.org/JustineSmithies/blarg) on github. The blog you are currently viewing is part of the same repository and serves as example content. + +To make the script work as intended, you should adhere to the following rules: + +- Make sure to empty out the contents of the `build`, `posts`, `pages` and `public` folders so you don't end up with my content. +- Use git and don't edit history after publishing. This is required for the automatic timestamp generation. +- All posts except the `index.md` have a title using the `# ` syntax at the beginning of the document. This title is used for the HTML title tag and for the post titles in the article listing and RSS feed. +- To set the title for `index.html` edit the text between `<title>` and `</title>` of the file `header.html`. Do not delete the the double brackets or the word title inside them {{}} as this is used for setting the title on all pages of your site. +- `header.html` contains an absolute link to your `atom.xml`, including a hostname you control. This is necessary to build a correct atom feed. +- Also make sure to edit the section in `header.html` between the `<nav></nav>` tags to suit your site too. +- All images and other content to be published go into the `public` folder. + +Feel free to contact me if you have any questions. If you want to use it for your own site, I can give some guidance. Since I don't expect many users, this is less effort than writing and maintaining good documentation. diff --git a/posts/dotfiles.md b/posts/dotfiles.md index b6c9fd0..f339f2b 100644 --- a/posts/dotfiles.md +++ b/posts/dotfiles.md @@ -1,118 +1,26 @@ -<!doctype html> -<html lang="en"> -<head> -	<meta charset="utf-8"> -	<meta name="viewport" content="width=device-width, initial-scale=1"> -	<title>Justine Smithies blog - No Title</title> -	<link rel="icon" href="public/favicon-32x32.png" type="image/png" sizes="32x32"> -	<link href="https://justine.smithies.me.uk/atom.xml" type="application/atom+xml" rel="alternate" title="Atom feed for blog posts"> - <style>  -		body { -			font-family: sans-serif; -			margin: 0 auto; -			max-width: 48rem; -			line-height: 1.45; -			padding: 0.5rem 1.6rem; -		} -		a { -			color: #000000; -			font-weight: bold; -		} -		a:link { -			text-decoration: none; -		} -		a:hover { -			text-decoration: underline; -		} -		main { -			padding: 0 1.4rem; -			hyphens: auto; -		} -		code {	 -			border: 1px solid; -			padding: 0.1rem 0.3rem; -			tab-size: 4; -		} -		pre { -			border: 1px solid; -		} -		pre code { -			display: block; -			overflow-x: auto; -			padding: 0.3rem 0.6rem; -		} -		nav ul { -			margin: 0; -			padding: 0; -			display: flex; -			justify-content: center; -		} -		nav li { -			list-style: none; -		} -		nav li * { -			display: block; -			padding: 0 0.4rem; -			color: black; -		} -		nav li strong { -			padding-left: 1.5rem; -			padding-right: 1rem; -		} -		nav a { -			text-decoration: none; -		} -		nav a:hover { -			 -		}	 -		header { -			border-bottom: 1px dashed grey; -			margin: 0rem 0; -			padding: 1rem 15px; -			text-align: center; -		} -		footer { -			border-top: 1px dashed grey; -			margin: 2rem 0; -			padding: 1rem 15px; -			text-align: center; -			color: #000000; -		} -	</style> -</head> -<body> -<header> -<nav> -	<ul> -		<li><img src="public/tux-1.png" alt="Tux" style="width:100px;height:100px;"></li> -		<li><h1>Justine Smithies blog</h1>Adventures of a Linux, BSD chick</li> -	</ul> -	<ul> -		<li><a href="index.html">Home</a></li> -		<li><a href="about.html">About</a></li> -	</ul> -</nav> -</header> -<main> +# How I store my dotfiles. -</main> -<footer> -  <small> -    <span><a href="#">↑ Back to Top</a></span><br><br> -    Powered by <a href="https://www.freebsd.org/">FreeBSD</a><br> -    Built with <a href="https://git.smithies.me.uk/blarg">blarg</a> a mix of both <a -      href="https://github.com/karlb/karl.berlin/tree/master">blog.sh</a> and <b>barf</b>. -    The code for this site is licensed under <a -      href="https://git.smithies.me.uk/blarg/tree/LICENSE">MIT</a>. <br> -    Here's the blog's <a href="atom.xml">Atom feed</a>. <br><br> -    <img src="./public/fediverse.png" alt="Smithies SNAC Instance" width="16" height="16" style="vertical-align:middle;"> -    <a rel="me" href="https://snac.smithies.me.uk/justine">Fediverse</a> -    <img src="./public/git.png" alt="Self Hosted" width="16" height="16" style="vertical-align:middle;"> -    <a href="https://git.smithies.me.uk">Git</a> -    <img src="./public/email.png" alt="Email" width="16" height="16" style="vertical-align:middle;"> -    <a href="mailto:justine@smithies.me.uk">Email</a><br> -    ©2022 - 2024 Justine Smithies -  </small> -</footer> -</body> -</html> +I use a bare repository to sync my dotfiles and set it up as follows: + +``` +git init --bare $HOME/.cfg +alias config='/usr/bin/git --git-dir=$HOME/.cfg/ --work-tree=$HOME' +config config --local status.showUntrackedFiles no + +# The add and commit below are just an example of adding a file to the repo +config add .config/nvim/init.lua +config commit -m "Added init.lua" + +git remote add origin REMOTE_URL +git push origin master +``` + +To install them from mine or someone else's git repo do the following: + +``` +echo ".cfg" >> .gitignore +git clone --bare REMOTE-GIT-REPO-URL $HOME/.cfg +alias config='/usr/bin/git --git-dir=$HOME/.cfg/ --work-tree=$HOME' +config config --local status.showUntrackedFiles no +config checkout +``` diff --git a/posts/my-aerc-setup.md b/posts/my-aerc-setup.md index b6c9fd0..e6ed198 100644 --- a/posts/my-aerc-setup.md +++ b/posts/my-aerc-setup.md @@ -1,118 +1,903 @@ -<!doctype html> -<html lang="en"> -<head> -	<meta charset="utf-8"> -	<meta name="viewport" content="width=device-width, initial-scale=1"> -	<title>Justine Smithies blog - No Title</title> -	<link rel="icon" href="public/favicon-32x32.png" type="image/png" sizes="32x32"> -	<link href="https://justine.smithies.me.uk/atom.xml" type="application/atom+xml" rel="alternate" title="Atom feed for blog posts"> - <style>  -		body { -			font-family: sans-serif; -			margin: 0 auto; -			max-width: 48rem; -			line-height: 1.45; -			padding: 0.5rem 1.6rem; -		} -		a { -			color: #000000; -			font-weight: bold; -		} -		a:link { -			text-decoration: none; -		} -		a:hover { -			text-decoration: underline; -		} -		main { -			padding: 0 1.4rem; -			hyphens: auto; -		} -		code {	 -			border: 1px solid; -			padding: 0.1rem 0.3rem; -			tab-size: 4; -		} -		pre { -			border: 1px solid; -		} -		pre code { -			display: block; -			overflow-x: auto; -			padding: 0.3rem 0.6rem; -		} -		nav ul { -			margin: 0; -			padding: 0; -			display: flex; -			justify-content: center; -		} -		nav li { -			list-style: none; -		} -		nav li * { -			display: block; -			padding: 0 0.4rem; -			color: black; -		} -		nav li strong { -			padding-left: 1.5rem; -			padding-right: 1rem; -		} -		nav a { -			text-decoration: none; -		} -		nav a:hover { -			 -		}	 -		header { -			border-bottom: 1px dashed grey; -			margin: 0rem 0; -			padding: 1rem 15px; -			text-align: center; -		} -		footer { -			border-top: 1px dashed grey; -			margin: 2rem 0; -			padding: 1rem 15px; -			text-align: center; -			color: #000000; -		} -	</style> -</head> -<body> -<header> -<nav> -	<ul> -		<li><img src="public/tux-1.png" alt="Tux" style="width:100px;height:100px;"></li> -		<li><h1>Justine Smithies blog</h1>Adventures of a Linux, BSD chick</li> -	</ul> -	<ul> -		<li><a href="index.html">Home</a></li> -		<li><a href="about.html">About</a></li> -	</ul> -</nav> -</header> -<main> - -</main> -<footer> -  <small> -    <span><a href="#">↑ Back to Top</a></span><br><br> -    Powered by <a href="https://www.freebsd.org/">FreeBSD</a><br> -    Built with <a href="https://git.smithies.me.uk/blarg">blarg</a> a mix of both <a -      href="https://github.com/karlb/karl.berlin/tree/master">blog.sh</a> and <b>barf</b>. -    The code for this site is licensed under <a -      href="https://git.smithies.me.uk/blarg/tree/LICENSE">MIT</a>. <br> -    Here's the blog's <a href="atom.xml">Atom feed</a>. <br><br> -    <img src="./public/fediverse.png" alt="Smithies SNAC Instance" width="16" height="16" style="vertical-align:middle;"> -    <a rel="me" href="https://snac.smithies.me.uk/justine">Fediverse</a> -    <img src="./public/git.png" alt="Self Hosted" width="16" height="16" style="vertical-align:middle;"> -    <a href="https://git.smithies.me.uk">Git</a> -    <img src="./public/email.png" alt="Email" width="16" height="16" style="vertical-align:middle;"> -    <a href="mailto:justine@smithies.me.uk">Email</a><br> -    ©2022 - 2024 Justine Smithies -  </small> -</footer> -</body> -</html> +# My aerc setup + +Recently I was almost ready to look into installing and setting up [neomutt](https://github.com/neomutt/neomutt) when I randomly discovered [aerc](https://git.sr.ht/~rjarry/aerc) an email client for your terminal whilst browsing the www as you do. After reading up on it I soon realised that several of my online friends also used aerc having once used mutt / neomutt so decided to give it a go first and to be honest I really really love it! I'll try to document how I have set it up on my Arch system but please be warned it's still a **work in progress** and you may well give me a few pointers too. +This is an offline setup that I have so I can read and write emails even when I'm offline and they will be queued for sending once I'm back online. + +**Please note that I use Gmail for my email at the moment so that's what I have configured but you could easily adapt this to suit if you follow the documentation for the various pieces of software** + +## First the packages I have installed to setup aerc + +### aerc: +[aerc-git](https://aur.archlinux.org/packages/aerc-git) +[dante](https://archlinux.org/packages/extra/x86_64/dante/) +[w3m](https://archlinux.org/packages/extra/x86_64/w3m/) + +### SMTP: +[msmtp-git](https://aur.archlinux.org/packages/msmtp-git) + +The scripts `msmtp-enqueue.sh`, `msmtp-runqueue.sh` and `msmtp-listqueue.sh` are located in `/usr/share/doc/msmtp/msmtpqueue/` and can be copied into your `~/.local/bin/` folder. + +### IMAP MailDir mailbox sync: +[isync-git](https://aur.archlinux.org/packages/isync-git) + +### Passwords: +[pass](https://archlinux.org/packages/extra/any/pass/) + +I use pass to securely store and retreive my passwords + +## Then the config files which are a WIP + +You will have to replace `your full name` and obviously your email address where I've used as an example `your@gmail.com` +It is also noted that in the `accounts.conf` file below I use aerc to check and send anything in the mail queue every 5 minutes using the line `check-mail-cmd    = mbsync -q gmail && msmtp-runqueue.sh`. +Although I have thought that maybe I should reverse that so it sends first and then checks for new mail ? + +`~/.config/aerc/accounts.conf` + +``` +[gmail] +source        = maildir://~/.mail +outgoing      = msmtp-enqueue.sh --read-envelope-from +default       = INBOX +folders-exclude = [Gmail] +from          = your full name <your@gmail.com> +copy-to       = gmail/[Gmail]/Sent Mail +check-mail-cmd    = mbsync -q gmail && msmtp-runqueue.sh +check-mail        = 5m +check-mail-timeout = 10s +``` + +In the `aerc.conf` file below I have made a few changes for layout and especially the timestamp so that it's in a format suited to myself. I've also changed the theme to my favourite gruvbox which will more than likely get updated from time to time as I improve on my setup. + +`~/.config/aerc/aerc.conf` + +``` +# +# aerc main configuration + +[general] +# +# Used as a default path for save operations if no other path is specified. +# ~ is expanded to the current user home dir. +# +#default-save-path= + +# If set to "gpg", aerc will use system gpg binary and keystore for all crypto +# operations. If set to "internal", the internal openpgp keyring will be used. +# If set to "auto", the system gpg will be preferred unless the internal +# keyring already exists, in which case the latter will be used. +# +# Default: auto +#pgp-provider=auto + +# By default, the file permissions of accounts.conf must be restrictive and +# only allow reading by the file owner (0600). Set this option to true to +# ignore this permission check. Use this with care as it may expose your +# credentials. +# +# Default: false +#unsafe-accounts-conf=false + +# Output log messages to specified file. A path starting with ~/ is expanded to +# the user home dir. When redirecting aerc's output to a file using > shell +# redirection, this setting is ignored and log messages are printed to stdout. +# +log-file=~/aerc.log + +# Only log messages above the specified level to log-file. Supported levels +# are: trace, debug, info, warn and error. When redirecting aerc's output to +# a file using > shell redirection, this setting is ignored and the log level +# is forced to trace. +# +# Default: info +#log-level=info + +# Set the $TERM environment variable used for the embedded terminal. +# +# Default: xterm-256color +#term=xterm-256color + +# Display OSC8 strings in the embedded terminal +# +# Default: false +#enable-osc8=false + +[ui] +# +# Describes the format for each row in a mailbox view. This is a comma +# separated list of column names with an optional align and width suffix. After +# the column name, one of the '<' (left), ':' (center) or '>' (right) alignment +# characters can be added (by default, left) followed by an optional width +# specifier. The width is either an integer representing a fixed number of +# characters, or a percentage between 1% and 99% representing a fraction of the +# terminal width. It can also be one of the '*' (auto) or '=' (fit) special +# width specifiers. Auto width columns will be equally attributed the remaining +# terminal width. Fit width columns take the width of their contents. If no +# width specifier is set, '*' is used by default. +# +# Default: date<20,name<17,flags>4,subject<* +#index-columns=date<20,name<17,flags>4,subject<* + +# +# Each name in index-columns must have a corresponding column-$name setting. +# All column-$name settings accept golang text/template syntax. See +# aerc-templates(7) for available template attributes and functions. +# +# Default settings +#column-date={{.DateAutoFormat .Date.Local}} +#column-name={{index (.From | names) 0}} +#column-flags={{.Flags | join ""}} +#column-subject={{.ThreadPrefix}}{{.Subject}} + +# +# String separator inserted between columns. When the column width specifier is +# an exact number of characters, the separator is added to it (i.e. the exact +# width will be fully available for the column contents). +# +# Default: "  " +#column-separator="  " + +# +# See time.Time#Format at https://godoc.org/time#Time.Format +# +# Default: 2006-01-02 03:04 PM (ISO 8601 + 12 hour time) +#timestamp-format=2006-01-02 03:04 PM +timestamp-format=Mon 2 Jan 15:04 2006 +# +# Index-only time format for messages that were received/sent today. +# If this is not specified, timestamp-format is used instead. +# +#this-day-time-format= + +# +# Index-only time format for messages that were received/sent within the last +# 7 days. If this is not specified, timestamp-format is used instead. +# +#this-week-time-format= + +# +# Index-only time format for messages that were received/sent this year. +# If this is not specified, timestamp-format is used instead. +# +#this-year-time-format= + +# +# Width of the sidebar, including the border. +# +# Default: 20 +sidebar-width=30 + +# +# Message to display when viewing an empty folder. +# +# Default: (no messages) +#empty-message=(no messages) + +# Message to display when no folders exists or are all filtered +# +# Default: (no folders) +#empty-dirlist=(no folders) + +# Enable mouse events in the ui, e.g. clicking and scrolling with the mousewheel +# +# Default: false +#mouse-enabled=false + +# +# Ring the bell when new messages are received +# +# Default: true +#new-message-bell=true + +# +# Template to use for Account tab titles +# +# Default: {{.Account}} +#tab-title-account={{.Account}} + +# Marker to show before a pinned tab's name. +# +# Default: ` +#pinned-tab-marker='`' + +# Template for the left side of the directory list. +# See aerc-templates(7) for all available fields and functions. +# +# Default: {{.Folder}} +#dirlist-left={{.Folder}} + +# Template for the right side of the directory list. +# See aerc-templates(7) for all available fields and functions. +# +# Default: {{if .Unread}}{{humanReadable .Unread}}/{{end}}{{if .Exists}}{{humanReadable .Exists}}{{end}} +#dirlist-right={{if .Unread}}{{humanReadable .Unread}}/{{end}}{{if .Exists}}{{humanReadable .Exists}}{{end}} + +# Delay after which the messages are actually listed when entering a directory. +# This avoids loading messages when skipping over folders and makes the UI more +# responsive. If you do not want that, set it to 0s. +# +# Default: 200ms +#dirlist-delay=200ms + +# Display the directory list as a foldable tree that allows to collapse and +# expand the folders. +# +# Default: false +#dirlist-tree=false + +# If dirlist-tree is enabled, set level at which folders are collapsed by +# default. Set to 0 to disable. +# +# Default: 0 +#dirlist-collapse=0 + +# List of space-separated criteria to sort the messages by, see *sort* +# command in *aerc*(1) for reference. Prefixing a criterion with "-r " +# reverses that criterion. +# +# Example: "from -r date" +# +#sort= + +# Moves to next message when the current message is deleted +# +# Default: true +#next-message-on-delete=true + +# Automatically set the "seen" flag when a message is opened in the message +# viewer. +# +# Default: true +#auto-mark-read=true + +# The directories where the stylesets are stored. It takes a colon-separated +# list of directories. If this is unset or if a styleset cannot be found, the +# following paths will be used as a fallback in that order: +# +#   ${XDG_CONFIG_HOME:-~/.config}/aerc/stylesets +#   ${XDG_DATA_HOME:-~/.local/share}/aerc/stylesets +#   /usr/local/share/aerc/stylesets +#   /usr/share/aerc/stylesets +# +#stylesets-dirs= + +# Uncomment to use box-drawing characters for vertical and horizontal borders. +# +# Default: " " +#border-char-vertical=" " +#border-char-horizontal=" " + +# Sets the styleset to use for the aerc ui elements. +# +# Default: default +styleset-name=gruvbox + +# Activates fuzzy search in commands and their arguments: the typed string is +# searched in the command or option in any position, and need not be +# consecutive characters in the command or option. +# +# Default: false +#fuzzy-complete=false + +# How long to wait after the last input before auto-completion is triggered. +# +# Default: 250ms +#completion-delay=250ms + +# The minimum required characters to allow auto-completion to be triggered after +# completion-delay. +# +# Default: 1 +#completion-min-chars=1 + +# +# Global switch for completion popovers +# +# Default: true +#completion-popovers=true + +# Uncomment to use UTF-8 symbols to indicate PGP status of messages +# +# Default: ASCII +#icon-unencrypted= +#icon-encrypted=✔ +#icon-signed=✔ +#icon-signed-encrypted=✔ +#icon-unknown=✘ +#icon-invalid=⚠ + +# Reverses the order of the message list. By default, the message list is +# ordered with the newest (highest UID) message on top. Reversing the order +# will put the oldest (lowest UID) message on top. This can be useful in cases +# where the backend does not support sorting. +# +# Default: false +#reverse-msglist-order = false + +# Reverse display of the mesage threads. Default order is the the intial +# message is on the top with all the replies being displayed below. The +# reverse option will put the initial message at the bottom with the +# replies on top. +# +# Default: false +#reverse-thread-order=false + +# Sort the thread siblings according to the sort criteria for the messages. If +# sort-thread-siblings is false, the thread siblings will be sorted based on +# the message UID in ascending order. This option is only applicable for +# client-side threading with a backend that enables sorting. Note that there's +# a performance impact when sorting is activated. +# +# Default: false +#sort-thread-siblings=false + +#[ui:account=foo] +# +# Enable a threaded view of messages. If this is not supported by the backend +# (IMAP server or notmuch), threads will be built by the client. +# +# Default: false +threading-enabled=true + +# Force client-side thread building +# +# Default: false +#force-client-threads=false + +# Debounce client-side thread building +# +# Default: 50ms +#client-threads-delay=50ms + +[statusline] +# +# Describes the format for the status line. This is a comma separated list of +# column names with an optional align and width suffix. See [ui].index-columns +# for more details. To completely mute the status line except for push +# notifications, explicitly set status-columns to an empty string. +# +# Default: left<*,center:=,right>* +#status-columns=left<*,center:=,right>* + +# +# Each name in status-columns must have a corresponding column-$name setting. +# All column-$name settings accept golang text/template syntax. See +# aerc-templates(7) for available template attributes and functions. +# +# Default settings +#column-left=[{{.Account}}] {{.StatusInfo}} +#column-center={{.PendingKeys}} +#column-right={{.TrayInfo}} + +# +# String separator inserted between columns. +# See [ui].column-separator for more details. +# +#column-separator=" " + +# Specifies the separator between grouped statusline elements. +# +# Default: " | " +#separator=" | " + +# Defines the mode for displaying the status elements. +# Options: text, icon +# +# Default: text +#display-mode=text + +[viewer] +# +# Specifies the pager to use when displaying emails. Note that some filters +# may add ANSI codes to add color to rendered emails, so you may want to use a +# pager which supports ANSI codes. +# +# Default: less -R +#pager=less -R +pager=bat --plain --tabs 4 --paging always --color always + +# +# If an email offers several versions (multipart), you can configure which +# mimetype to prefer. For example, this can be used to prefer plaintext over +# html emails. +# +# Default: text/plain,text/html +alternatives=text/plain,text/html + +# +# Default setting to determine whether to show full headers or only parsed +# ones in message viewer. +# +# Default: false +#show-headers=false + +# +# Layout of headers when viewing a message. To display multiple headers in the +# same row, separate them with a pipe, e.g. "From|To". Rows will be hidden if +# none of their specified headers are present in the message. +# +# Default: From|To,Cc|Bcc,Date,Subject +#header-layout=From|To,Cc|Bcc,Date,Subject + +# Whether to always show the mimetype of an email, even when it is just a single part +# +# Default: false +#always-show-mime=false + +# Parses and extracts http links when viewing a message. Links can then be +# accessed with the open-link command. +# +# Default: true +parse-http-links=true + +[compose] +# +# Specifies the command to run the editor with. It will be shown in an embedded +# terminal, though it may also launch a graphical window if the environment +# supports it. Defaults to $EDITOR, or vi. +#editor= + +# +# Default header fields to display when composing a message. To display +# multiple headers in the same row, separate them with a pipe, e.g. "To|From". +# +# Default: To|From,Subject +#header-layout=To|From,Subject + +# +# Specifies the command to be used to tab-complete email addresses. Any +# occurrence of "%s" in the address-book-cmd will be replaced with what the +# user has typed so far. +# +# The command must output the completions to standard output, one completion +# per line. Each line must be tab-delimited, with an email address occurring as +# the first field. Only the email address field is required. The second field, +# if present, will be treated as the contact name. Additional fields are +# ignored. +# +# This parameter can also be set per account in accounts.conf. +#address-book-cmd= + +# Specifies the command to be used to select attachments. Any occurence of '%s' +# in the file-picker-cmd will be replaced the argument <arg> to :attach -m +# <arg>. +# +# The command must output the selected files to standard output, one file per +# line. +#file-picker-cmd= + +# +# Allow to address yourself when replying +# +# Default: true +#reply-to-self=true + +# +# Warn before sending an email that matches the specified regexp but does not +# have any attachments. Leave empty to disable this feature. +# +# Uses Go's regexp syntax, documented at https://golang.org/s/re2syntax. The +# "(?im)" flags are set by default (case-insensitive and multi-line). +# +# Example: +# no-attachment-warning=^[^>]*attach(ed|ment) +# +#no-attachment-warning= + +# +# When set, aerc will generate "format=flowed" bodies with a content type of +# "text/plain; format=flowed" as described in RFC3676. This format is easier to +# handle for some mailing software, and generally just looks like ordinary +# text. To actually make use of this format's features, you'll need support in +# your editor. +# +#format-flowed=false + +[multipart-converters] +# +# Converters allow to generate multipart/alternative messages by converting the +# main text/plain part into any other MIME type. Only exact MIME types are +# accepted. The commands are invoked with sh -c and are expected to output +# valid UTF-8 text. +# +# Example (obviously, this requires that you write your main text/plain body +# using the markdown syntax): +#text/html=pandoc -f markdown -t html --standalone + +[filters] +# +# Filters allow you to pipe an email body through a shell command to render +# certain emails differently, e.g. highlighting them with ANSI escape codes. +# +# The commands are invoked with sh -c. The following folders are appended to +# the system $PATH to allow referencing filters from their name only: +# +#   ${XDG_CONFIG_HOME:-~/.config}/aerc/filters +#   ${XDG_DATA_HOME:-~/.local/share}/aerc/filters +#   $PREFIX/share/aerc/filters +#   /usr/share/aerc/filters +# +# The following variables are defined in the filter command environment: +# +#   AERC_MIME_TYPE      the part MIME type/subtype +#   AERC_FORMAT         the part content type format= parameter +#   AERC_FILENAME       the attachment filename (if any) +#   AERC_SUBJECT        the message Subject header value +#   AERC_FROM           the message From header value +# +# The first filter which matches the email's mimetype will be used, so order +# them from most to least specific. +# +# You can also match on non-mimetypes, by prefixing with the header to match +# against (non-case-sensitive) and a comma, e.g. subject,text will match a +# subject which contains "text". Use header,~regex to match against a regex. +# +text/plain=colorize +text/calendar=calendar +message/delivery-status=colorize +message/rfc822=colorize +#text/html=pandoc -f html -t plain | colorize +#text/html=html | colorize +text/html=w3m -T text/html -cols $(tput cols) -dump -o display_image=false -o display_link_number=true +#text/*=bat -fP --file-name="$AERC_FILENAME" +#application/x-sh=bat -fP -l sh +#image/*=catimg -w $(tput cols) - +image/*=img2sixel +#subject,~Git(hub|lab)=lolcat -f +#from,thatguywhodoesnothardwraphismessages=wrap -w 100 | colorize + +# This special filter is only used to post-process email headers when +# [viewer].show-headers=true +# By default, headers are piped directly into the pager. +# +.headers=colorize + +[openers] +# +# Openers allow you to specify the command to use for the :open and :open-link +# actions on a per-MIME-type basis. The :open-link URL scheme is used to +# determine the MIME type as follows: x-scheme-handler/<scheme>. +# +# {} is expanded as the temporary filename to be opened. If it is not +# encountered in the command, the temporary filename will be appened to the end +# of the command. +# +# Like [filters], openers support basic shell globbing. The first opener which +# matches the part's MIME type (or URL scheme handler MIME type) will be used, +# so order them from most to least specific. +# +# Examples: +# x-scheme-handler/irc=hexchat +# x-scheme-handler/http*=firefox +# text/html=surf -dfgms +# text/plain=gvim {} +125 +# message/rfc822=thunderbird +text/html=qutebrowser +application/x-pdf=zathura +application/pdf=zathura +application/octet-stream=zathura +image/*=imv +image/png=imv +image/jpg=imv +video/*=mpv +audio/*=mpv --no-video +text/*=vim + +[hooks] +# +# Hooks are triggered whenever the associated event occurs. + +# +# Executed when a new email arrives in the selected folder +#mail-received=notify-send "New mail from $AERC_FROM_NAME" "$AERC_SUBJECT" + +# +# Executed when aerc starts +#aerc-startup=aerc :terminal calcurse && aerc :next-tab + +# +# Executed when aerc shuts down. +#aerc-shutdown= + +[templates] +# Templates are used to populate email bodies automatically. +# + +# The directories where the templates are stored. It takes a colon-separated +# list of directories. If this is unset or if a template cannot be found, the +# following paths will be used as a fallback in that order: +# +#   ${XDG_CONFIG_HOME:-~/.config}/aerc/templates +#   ${XDG_DATA_HOME:-~/.local/share}/aerc/templates +#   /usr/local/share/aerc/templates +#   /usr/share/aerc/templates +# +#template-dirs= + +# The default template to be used for new messages. +# +# default: new_message +#new-message=new_message + +# The default template to be used for quoted replies. +# +# default: quoted_reply +#quoted-reply=quoted_reply + +# The default template to be used for forward as body. +# +# default: forward_as_body +#forwards=forward_as_body +``` + +`~/.config/aerc/binds.conf` + +``` +# Binds are of the form <key sequence> = <command to run> +# To use '=' in a key sequence, substitute it with "Eq": "<Ctrl+Eq>" +# If you wish to bind #, you can wrap the key sequence in quotes: "#" = quit +<C-p> = :prev-tab<Enter> +<C-n> = :next-tab<Enter> +<C-t> = :term<Enter> +? = :help keys<Enter> + +[messages] +q = :quit<Enter> + +j = :next<Enter> +<Down> = :next<Enter> +<C-d> = :next 50%<Enter> +<C-f> = :next 100%<Enter> +<PgDn> = :next 100%<Enter> + +k = :prev<Enter> +<Up> = :prev<Enter> +<C-u> = :prev 50%<Enter> +<C-b> = :prev 100%<Enter> +<PgUp> = :prev 100%<Enter> +g = :select 0<Enter> +G = :select -1<Enter> + +J = :next-folder<Enter> +K = :prev-folder<Enter> +H = :collapse-folder<Enter> +L = :expand-folder<Enter> + +v = :mark -t<Enter> +V = :mark -v<Enter> + +T = :toggle-threads<Enter> + +<Enter> = :view<Enter> +d = :prompt 'Really delete this message?' 'delete-message'<Enter> +D = :delete<Enter> +A = :archive flat<Enter> + +C = :compose<Enter> + +rr = :reply -a<Enter> +rq = :reply -aq<Enter> +Rr = :reply<Enter> +Rq = :reply -q<Enter> + +c = :cf<space> +$ = :term<space> +! = :term<space> +| = :pipe<space> + +/ = :search<space> +\ = :filter<space> +n = :next-result<Enter> +N = :prev-result<Enter> +<Esc> = :clear<Enter> + +[messages:folder=Drafts] +<Enter> = :recall<Enter> + +[view] +/ = :toggle-key-passthrough<Enter>/ +q = :close<Enter> +O = :open<Enter> +S = :save<space> +| = :pipe<space> +D = :delete<Enter> +A = :archive flat<Enter> + +<C-l> = :open-link <space> + +f = :forward<Enter> +rr = :reply -a<Enter> +rq = :reply -aq<Enter> +Rr = :reply<Enter> +Rq = :reply -q<Enter> + +H = :toggle-headers<Enter> +<C-k> = :prev-part<Enter> +<C-j> = :next-part<Enter> +J = :next<Enter> +K = :prev<Enter> + +[view::passthrough] +$noinherit = true +$ex = <C-x> +<Esc> = :toggle-key-passthrough<Enter> + +[compose] +# Keybindings used when the embedded terminal is not selected in the compose +# view +$noinherit = true +$ex = <C-x> +<C-k> = :prev-field<Enter> +<C-j> = :next-field<Enter> +<A-p> = :switch-account -p<Enter> +<A-n> = :switch-account -n<Enter> +<tab> = :next-field<Enter> +<backtab> = :prev-field<Enter> +<C-p> = :prev-tab<Enter> +<C-n> = :next-tab<Enter> + +[compose::editor] +# Keybindings used when the embedded terminal is selected in the compose view +$noinherit = true +$ex = <C-x> +<C-k> = :prev-field<Enter> +<C-j> = :next-field<Enter> +<C-p> = :prev-tab<Enter> +<C-n> = :next-tab<Enter> + +[compose::review] +# Keybindings used when reviewing a message to be sent +y = :send<Enter> +n = :abort<Enter> +v = :preview<Enter> +p = :postpone<Enter> +q = :choose -o d discard abort -o p postpone postpone<Enter> +e = :edit<Enter> +a = :attach<space> +d = :detach<space> + +[terminal] +$noinherit = true +$ex = <C-x> + +<C-p> = :prev-tab<Enter> +<C-n> = :next-tab<Enter> + +[messages:account=gmail] +d = :prompt 'Really move this message to the trash?' mv gmail/[Gmail]/Bin<Enter> +D = :mv gmail/[Gmail]/Bin<Enter> + +[view:account=gmail] +d = :prompt 'Really move this message to the trash?' mv gmail/[Gmail]/Bin<Enter> +D = :mv gmail/[Gmail]/Bin<Enter> +``` + +`~/.config/aerc/stylesets/gruvbox` + +``` +# should work with any terminal colorscheme, but was designed for gruvbox +# terminal colors are preferred, but hex is used for grayscale + +*.default=true + +# present in 'Send this email?' dialog +title.fg=yellow +title.bg=#303030 +title.bold=true + +# used in setup and in 'From:' etc +header.bold=true +header.fg=purple + +# decorative lines +border.fg=blue + +# requires attention +*error.bold=true +*error.fg=red +*error.blink=true +*warning.fg=yellow +*warning.blink=true +*success.fg=green + +# statusline +statusline_default.fg=gray +statusline_*.bg=#303030 + +# message list colors +msglist_deleted.fg=gray +msglist_unread.fg=#98971a +msglist_unread.bold=true +msglist_default.fg=#dedede +msglist_marked.fg=yellow +msglist_marked.reverse=true +msglist_flagged.fg=white +# msglist_flagged.bg=red +msglist_flagged.bold=true + +# inbox etc +dirlist_default.fg=#dedede +dirlist_unread.fg=white +dirlist_unread.bold=true + +# highlight selected item +*.selected.bg=#303030 +*.selected.fg=#fabd2f +*.selected.bold=true + +# primarily used in account setup +selector_default.fg=gray +selector_chooser.bold=true +selector_focused.bg=green +selector_focused.bold=true + +# command completion +completion_default.bg=#303030 +completion_gutter.bg=#303030 +completion_pill.bg=aqua + + +#dynamic +*msglist_answered.fg = #21771f + +[viewer] +header.fg=#d845c5 +header.bold=true     +signature.fg=3    +signature.dim=true     +diff_meta.fg=#ff0000 +diff_meta.bold=true     +diff_chunk.dim=true     +diff_add.fg=#00ff00     +diff_del.fg=#ff0000 +quote_1.fg=6     +quote_2.fg=7 +quote_3.fg=6     +quote_4.fg=7     +quote_3.dim=true +quote_4.dim=true +quote_x.fg=gray +quote_x.dim=true +``` + +`~/.msmtprc` + +``` +IMAPStore gmail-remote +Host imap.gmail.com +AuthMechs LOGIN +User youremail@gmail.com +PassCmd "pass Email/your@gmail.com/app-password" +TLSType IMAPS + +MaildirStore gmail-local +Path ~/.mail/gmail/ +Inbox ~/.mail/gmail/INBOX +Subfolders Verbatim + +Channel gmail +Far :gmail-remote: +Near :gmail-local: +Expunge Both +Create Both +Remove Both +Patterns * !"[Gmail]/All Mail" !"[Gmail]/Important" !"[Gmail]/Starred" +SyncState * +``` + +`~/.msmtprc` + +``` +defaults +tls on + +account gmail +auth on +host smtp.gmail.com +port 587 +user your@gmail.com +from your@gmail.com +passwordeval "pass Email/your@gmail.com/app-password" + +account default: gmail +``` + diff --git a/posts/my-first-freebsd-server.md b/posts/my-first-freebsd-server.md index b6c9fd0..d477f33 100644 --- a/posts/my-first-freebsd-server.md +++ b/posts/my-first-freebsd-server.md @@ -1,118 +1,11 @@ -<!doctype html> -<html lang="en"> -<head> -	<meta charset="utf-8"> -	<meta name="viewport" content="width=device-width, initial-scale=1"> -	<title>Justine Smithies blog - No Title</title> -	<link rel="icon" href="public/favicon-32x32.png" type="image/png" sizes="32x32"> -	<link href="https://justine.smithies.me.uk/atom.xml" type="application/atom+xml" rel="alternate" title="Atom feed for blog posts"> - <style>  -		body { -			font-family: sans-serif; -			margin: 0 auto; -			max-width: 48rem; -			line-height: 1.45; -			padding: 0.5rem 1.6rem; -		} -		a { -			color: #000000; -			font-weight: bold; -		} -		a:link { -			text-decoration: none; -		} -		a:hover { -			text-decoration: underline; -		} -		main { -			padding: 0 1.4rem; -			hyphens: auto; -		} -		code {	 -			border: 1px solid; -			padding: 0.1rem 0.3rem; -			tab-size: 4; -		} -		pre { -			border: 1px solid; -		} -		pre code { -			display: block; -			overflow-x: auto; -			padding: 0.3rem 0.6rem; -		} -		nav ul { -			margin: 0; -			padding: 0; -			display: flex; -			justify-content: center; -		} -		nav li { -			list-style: none; -		} -		nav li * { -			display: block; -			padding: 0 0.4rem; -			color: black; -		} -		nav li strong { -			padding-left: 1.5rem; -			padding-right: 1rem; -		} -		nav a { -			text-decoration: none; -		} -		nav a:hover { -			 -		}	 -		header { -			border-bottom: 1px dashed grey; -			margin: 0rem 0; -			padding: 1rem 15px; -			text-align: center; -		} -		footer { -			border-top: 1px dashed grey; -			margin: 2rem 0; -			padding: 1rem 15px; -			text-align: center; -			color: #000000; -		} -	</style> -</head> -<body> -<header> -<nav> -	<ul> -		<li><img src="public/tux-1.png" alt="Tux" style="width:100px;height:100px;"></li> -		<li><h1>Justine Smithies blog</h1>Adventures of a Linux, BSD chick</li> -	</ul> -	<ul> -		<li><a href="index.html">Home</a></li> -		<li><a href="about.html">About</a></li> -	</ul> -</nav> -</header> -<main> +# So I setup my first FreeBSD server  -</main> -<footer> -  <small> -    <span><a href="#">↑ Back to Top</a></span><br><br> -    Powered by <a href="https://www.freebsd.org/">FreeBSD</a><br> -    Built with <a href="https://git.smithies.me.uk/blarg">blarg</a> a mix of both <a -      href="https://github.com/karlb/karl.berlin/tree/master">blog.sh</a> and <b>barf</b>. -    The code for this site is licensed under <a -      href="https://git.smithies.me.uk/blarg/tree/LICENSE">MIT</a>. <br> -    Here's the blog's <a href="atom.xml">Atom feed</a>. <br><br> -    <img src="./public/fediverse.png" alt="Smithies SNAC Instance" width="16" height="16" style="vertical-align:middle;"> -    <a rel="me" href="https://snac.smithies.me.uk/justine">Fediverse</a> -    <img src="./public/git.png" alt="Self Hosted" width="16" height="16" style="vertical-align:middle;"> -    <a href="https://git.smithies.me.uk">Git</a> -    <img src="./public/email.png" alt="Email" width="16" height="16" style="vertical-align:middle;"> -    <a href="mailto:justine@smithies.me.uk">Email</a><br> -    ©2022 - 2024 Justine Smithies -  </small> -</footer> -</body> -</html> +So recently I decided to give [**FreeBSD**](https://www.freebsd.org/) a spin and thought I'd jump straight in at the deep end by setting up a new server in my Homelab using a recycled PC which was a Fujitsu ESPRIMO E420 E85+ Intel® Core™ i5 with just 4Gb of ram.   +I upgraded it to an i7-4790 CPU and gave it 16Gb ram as I fell that'll be plenty for my usage purposes so far. For drives I used one of the old 1Tb SSD that I had lying around for the main OS drive and purchased 2 x Iron Wolf Pro 4Tb hard drives for storage and the Bastille jails. I obviously had to modify the CD / Spare drive carrier as I no longer needed the CD drive and wanted to mount both 4Tb drives on top to dissipate heat better. The 1Tb SSD was mounted below where the hard drive normally resides. Once this was done I downloaded and installed FreeBSD 14.1 and setup the main SSD as the full OS as I did not connect the 2 x 4TB drives to start with in case I had issues. Once I had everything setup like PF firewall rules and [**fail2ban**](https://github.com/fail2ban/fail2ban) and SSH ports moved plus stopped access using passwords I reconnected the 2 x 4TB drives and set them up as ZFS raid 1 and proceeded to setup [**Bastille**](https://bastillebsd.org/) to use those drives for jails. So every time I setup a new jail it will be located on the ZFS raid 1 drive.   +Jails wise so far I have setup one which hosts [**Nginx**](https://nginx.org/en/), [**Git**](https://git-scm.com/) and [**CGit**](https://git.zx2c4.com/cgit/about/)  for my Git repositories which used to be located at [**SourceHut**](https://sourcehut.org/) but they are just mirrored there for now until I see how I get on.   +I have a jail just with Nginx which is for my personal sites. One hosts [**Syncthing**](https://syncthing.net/) which syncs photo's from my mobile and notes plus other files from various other PC's and laptops in our household. Finally I have [**Radicale**](https://radicale.org) that syncs my calendars and contacts from various devices.   +Backups for now are very simple whilst I write some better scripts. So basically I tar.xz the hosts ( **Beastie** ) various config files as I really don't mind rebuilding if I have to but I'd prefer to keep certain config files for reference. Then my temporary script basically just goes through backing all jails using the `bastille export` command to a NAS drive I have on my network. It also is set to delete any copies older than 31 days. Obviously the NAS drive is only mounted when the script runs and unmounted afterwards. Later I hopefully plan to come up with a better back up system but it will be written by myself just for the experience.   +My reverse proxy that I have to allow me to use one IP and route to various services is hosted on a Raspberry Pi 4 which also happens to be running [**HomeAssistant**](https://www.home-assistant.io/) from a 64Gb SSD. I did think about moving the reverse proxy to Beastie but figured keeping on another machine was probably a better idea?   +Do I plan to add more jails ? Well I do plan to transfer over my [**Logitech Media Server**](https://lyrion.org) and all music to it's own jail which will finally allow me to shut down my old Ubuntu server and re-purpose it later. As for any others I'm not sure yet I'm just working to make everything here just perfect if that is possible at all?   +I have never setup a FreeBSD server before and certainly didn't think I'd get into jails too but there you have it. I purposely haven't included any example configs as there is so much information already on the web for doing exactly what I have already done here with everything literally a search away.   +Would I recommend you try FreeBSD in your Homelab ? Absolutely I would and it has even got me wondering whether I'd even go full on daily driver on my main laptop too with [**River**](https://codeberg.org/river/river) or [**Sway**](https://github.com/swaywm/sway)? Now that is something as a 20+ year Linux user to consider very carefully, but you never know.   diff --git a/posts/void-linux-with-encrypted-root-on-zfs.md b/posts/void-linux-with-encrypted-root-on-zfs.md index b6c9fd0..3179b4c 100644 --- a/posts/void-linux-with-encrypted-root-on-zfs.md +++ b/posts/void-linux-with-encrypted-root-on-zfs.md @@ -1,118 +1,287 @@ -<!doctype html> -<html lang="en"> -<head> -	<meta charset="utf-8"> -	<meta name="viewport" content="width=device-width, initial-scale=1"> -	<title>Justine Smithies blog - No Title</title> -	<link rel="icon" href="public/favicon-32x32.png" type="image/png" sizes="32x32"> -	<link href="https://justine.smithies.me.uk/atom.xml" type="application/atom+xml" rel="alternate" title="Atom feed for blog posts"> - <style>  -		body { -			font-family: sans-serif; -			margin: 0 auto; -			max-width: 48rem; -			line-height: 1.45; -			padding: 0.5rem 1.6rem; -		} -		a { -			color: #000000; -			font-weight: bold; -		} -		a:link { -			text-decoration: none; -		} -		a:hover { -			text-decoration: underline; -		} -		main { -			padding: 0 1.4rem; -			hyphens: auto; -		} -		code {	 -			border: 1px solid; -			padding: 0.1rem 0.3rem; -			tab-size: 4; -		} -		pre { -			border: 1px solid; -		} -		pre code { -			display: block; -			overflow-x: auto; -			padding: 0.3rem 0.6rem; -		} -		nav ul { -			margin: 0; -			padding: 0; -			display: flex; -			justify-content: center; -		} -		nav li { -			list-style: none; -		} -		nav li * { -			display: block; -			padding: 0 0.4rem; -			color: black; -		} -		nav li strong { -			padding-left: 1.5rem; -			padding-right: 1rem; -		} -		nav a { -			text-decoration: none; -		} -		nav a:hover { -			 -		}	 -		header { -			border-bottom: 1px dashed grey; -			margin: 0rem 0; -			padding: 1rem 15px; -			text-align: center; -		} -		footer { -			border-top: 1px dashed grey; -			margin: 2rem 0; -			padding: 1rem 15px; -			text-align: center; -			color: #000000; -		} -	</style> -</head> -<body> -<header> -<nav> -	<ul> -		<li><img src="public/tux-1.png" alt="Tux" style="width:100px;height:100px;"></li> -		<li><h1>Justine Smithies blog</h1>Adventures of a Linux, BSD chick</li> -	</ul> -	<ul> -		<li><a href="index.html">Home</a></li> -		<li><a href="about.html">About</a></li> -	</ul> -</nav> -</header> -<main> - -</main> -<footer> -  <small> -    <span><a href="#">↑ Back to Top</a></span><br><br> -    Powered by <a href="https://www.freebsd.org/">FreeBSD</a><br> -    Built with <a href="https://git.smithies.me.uk/blarg">blarg</a> a mix of both <a -      href="https://github.com/karlb/karl.berlin/tree/master">blog.sh</a> and <b>barf</b>. -    The code for this site is licensed under <a -      href="https://git.smithies.me.uk/blarg/tree/LICENSE">MIT</a>. <br> -    Here's the blog's <a href="atom.xml">Atom feed</a>. <br><br> -    <img src="./public/fediverse.png" alt="Smithies SNAC Instance" width="16" height="16" style="vertical-align:middle;"> -    <a rel="me" href="https://snac.smithies.me.uk/justine">Fediverse</a> -    <img src="./public/git.png" alt="Self Hosted" width="16" height="16" style="vertical-align:middle;"> -    <a href="https://git.smithies.me.uk">Git</a> -    <img src="./public/email.png" alt="Email" width="16" height="16" style="vertical-align:middle;"> -    <a href="mailto:justine@smithies.me.uk">Email</a><br> -    ©2022 - 2024 Justine Smithies -  </small> -</footer> -</body> -</html> +# Installing Void Linux with encrypted Root on ZFS +#### This guide is how I install Void Linux onto a single disk with with encrypted Root on ZFS and a seperate encrypted swap partition. + +It assumes the following: + +Your system uses UEFI to boot + +Your system is x86_64 + +You will use glibc as your system libc. + +You're mildly comfortable with ZFS, EFI and discovering system facts on your own (lsblk, dmesg, gdisk, ...) + +ZFSBootMenu does not require glibc and is not restricted to x86_64. If you are comfortable installing Void Linux on other architectures or with the musl libc, you can adapt the instructions here to your desired configuration. + +### Please note that I have used information from the sources listed below: + +> ZFS BootMenu Docs +<https://docs.zfsbootmenu.org/en/v2.3.x/guides/void-linux/uefi.html> + +> Void Linux ZFS Docs +<https://docs.voidlinux.org/installation/guides/zfs.html> + +> Chain's computar projects<br> +<https://forum.level1techs.com/t/chains-computar-projects/190001> + +> Daniel Wayne Armstrong Blog<br> +<https://www.dwarmstrong.org/encrypt-swap/> + +# To start +Download the latest hrmpf image from:<br> +<https://github.com/leahneukirchen/hrmpf> + +Write it to USB drive and boot your system in EFI mode. + +Confirm EFI support: + +``` +# dmesg | grep -i efivars +[    0.301784] Registered efivars operations +``` + +# Configure Live Environment +## Source /etc/os-release +The file /etc/os-release defines variables that describe the running distribution. In particular, the $ID variable defined within can be used as a short name for the filesystem that will hold this installation. + +``` +source /etc/os-release +export ID +``` + +## Generate /etc/hostid + +``` +zgenhostid -f 0x00bab10c +``` + +# Disk preparation + +Verify your target disk devices with lsblk. `/dev/sda`, `/dev/sdb` and `/dev/nvme0n1`. +<br> +On my laptop I,ll be using a single drive on `/dev/nvme0n1` with three paritions as follows: + +**1 - EFI boot** +**2 - Swap** ( I'm using 64Gb but you can adjust to suit your needs or just not create swap and number the zpool parition 2 ) +**3 - Zpool** ( This partition uses the remaining disk space ) + +**Note you will need to adjust below when wiping partitions if you use seperate disks.** + +## Wipe partitions +``` +zpool labelclear -f "/dev/nvme0n1" + +wipefs -a "/dev/nvme0n1" + +sgdisk --zap-all "/dev/nvme0n1" +``` + +## Create EFI boot partition +``` +sgdisk -n "1:1m:+512m" -t "1:ef00" "/dev/nvme0n1" +``` + +## Create swap partition +``` +sgdisk -n "2::64Gb" -t "2:8200" "/dev/nvme0n1" -c "2:cryptswap" "/dev/nvme0n1" +``` + +## Create zpool partition +``` +sgdisk -n "3:0:-10m" -t "3:bf00" "/dev/nvme0n1" +``` + +# ZFS pool creation +## Store the pool passphrase in a key file +``` +echo 'SomeKeyphrase' > /etc/zfs/zroot.key +chmod 000 /etc/zfs/zroot.key +``` +## Create the encrypted zpool +``` +zpool create -f -o ashift=12 \ + -O compression=lz4 \ + -O acltype=posixacl \ + -O xattr=sa \ + -O relatime=on \ + -O encryption=aes-256-gcm \ + -O keylocation=file:///etc/zfs/zroot.key \ + -O keyformat=passphrase \ + -o autotrim=on \ + -m none zroot "/dev/disk/by-id/wwn-0x5000c500deadbeef-part3" + ``` + Adjust the pool (-o) and filesystem (-O) options as desired, and replace the partition identifier `wwn-0x5000c500deadbeef-part3` with that of the actual partition to be used. +You can find this out by typing `ls /dev/disk/by-id/` and they will be listed in the output. + +When adding disks or partitions to ZFS pools, it is generally advisable to refer to them by the symbolic links created in /dev/disk/by-id or (on UEFI systems) /dev/disk/by-partuuid so that ZFS will identify the right partitions even if disk naming should change at some point. Using traditional device nodes like /dev/sda3 may cause intermittent import failures. +## Create initial file systems +``` +zfs create -o mountpoint=none zroot/ROOT +zfs create -o mountpoint=/ -o canmount=noauto zroot/ROOT/${ID} +zfs create -o mountpoint=/home zroot/home + +zpool set bootfs=zroot/ROOT/${ID} zroot +``` +> **Note** +It is important to set the property `canmount=noauto` on any file systems with `mountpoint=/` (that is, on any additional boot environments you create). Without this property, the OS will attempt to automount all ZFS file systems and fail when multiple file systems attempt to mount at `/`; this will prevent your system from booting. Automatic mounting of `/` is not required because the root file system is explicitly mounted in the boot process. +Also note that, unlike many ZFS properties, `canmount` is not inheritable. Therefore, setting `canmount=noauto` on `zroot/ROOT` is not sufficient, as any subsequent boot environments you create will default to `canmount=on`. It is necessary to explicitly set the `canmount=noauto` on every boot environment you create. + +## Export, then re-import with a temporary mountpoint of `/mnt` +``` +zpool export zroot +zpool import -N -R /mnt zroot +zfs load-key -L prompt zroot +``` +``` +zfs mount zroot/ROOT/${ID} +zfs mount zroot/home +``` +## Verify that everything is mounted correctly +``` +# mount | grep mnt +zroot/ROOT/void on /mnt type zfs (rw,relatime,xattr,posixacl) +zroot/home on /mnt/home type zfs (rw,relatime,xattr,posixacl) +``` +## Update device symlinks +``` +udevadm trigger +``` +## Install Void +Adjust the mirror, libc, and package selection as you see fit. +``` +XBPS_ARCH=x86_64 xbps-install \ +  -S -R https://mirrors.servercentral.com/voidlinux/current \ +  -r /mnt base-system +``` +## Copy our files into the new install +``` +cp /etc/hostid /mnt/etc +mkdir /mnt/etc/zfs +cp /etc/zfs/zroot.key /mnt/etc/zfs +``` +## Chroot into the new OS +``` +xchroot /mnt +``` +## Basic Void configuration +### Set the keymap, timezone and hardware clock +``` +cat << EOF >> /etc/rc.conf +KEYMAP="us" +HARDWARECLOCK="UTC" +TIMEZONE="Europe/London" +EOF +``` +## Configure your glibc locale +``` +cat << EOF >> /etc/default/libc-locales +en_US.UTF-8 UTF-8 +en_US ISO-8859-1 +EOF +xbps-reconfigure -f glibc-locales +``` +## Set a root password +``` +passwd +``` +# ZFS Configuration +## Configure Dracut to load ZFS support +``` +cat << EOF > /etc/dracut.conf.d/zol.conf +nofsck="yes" +add_dracutmodules+=" zfs " +omit_dracutmodules+=" btrfs resume " +install_items+=" /etc/zfs/zroot.key " +EOF +``` +## Install ZFS and Cryptsetup +``` +xbps-install -S zfs cryptsetup +``` +## To quickly discover and import pools on boot, we need to set a pool cachefile +``` +zpool set cachefile=/etc/zfs/zpool.cache zroot +``` +# Install and configure ZFSBootMenu +## Set ZFSBootMenu properties on datasets +Assign command-line arguments to be used when booting the final kernel. Because ZFS properties are inherited, assign the common properties to the ROOT dataset so all children will inherit common arguments by default. +``` +zfs set org.zfsbootmenu:commandline="quiet loglevel=4" zroot/ROOT +``` +Setup key caching in ZFSBootMenu. +``` +zfs set org.zfsbootmenu:keysource="zroot/ROOT/${ID}" zroot +``` +## Create `vfat` and encrypted `swap` filesystems +``` +mkfs.vfat -F32 /dev/nvme0n1p1 +``` +``` +cat << EOF >> /etc/crypttab +cryptswap /dev/disk/by-partlabel/cryptswap /dev/urandom swap,offset=2048,cipher=aes-xts-plain64,size=512 +EOF +``` +# Create fstab entries and mount the efi partition +``` +cat << EOF >> /etc/fstab +$( blkid | grep /dev/nvme0n1p1 | cut -d ' ' -f 2 ) /boot/efi vfat defaults 0 0 +/dev/mapper/cryptswap none swap defaults 0 0 +EOF +mkdir -p /boot/efi +mount /boot/efi +``` +## Install ZFSBootMenu +``` +xbps-install -S zfsbootmenu systemd-boot-efistub +``` +Configure generate-zbm(5) by ensuring that the following keys appear in /etc/zfsbootmenu/config.yaml: +``` +Global: +  ManageImages: true +  BootMountPoint: /boot/efi +Components: +   Enabled: false +EFI: +  ImageDir: /boot/efi/EFI/zbm +  Versions: false +  Enabled: true +Kernel: +  CommandLine: quiet loglevel=0  +``` + +My `CommandLine:` will be as follows as I don't want ZFSBootMenu automatically resizing the fonts according to the display size. +``` +CommandLine: quiet loglevel=0 zbm.skip_hooks=20-console-autosize.sh +``` +## Create a ZFSBootMenu image: +``` +generate-zbm +``` +## Configure EFI boot entries +``` +xbps-install efibootmgr +``` +``` +efibootmgr -c -d "/dev/nvme0n1" -p "1" \ +  -L "ZFSBootMenu (Backup)" \ +  -l '\EFI\ZBM\VMLINUZ-BACKUP.EFI' + +efibootmgr -c -d "/dev/nvme0n1" -p "1" \ +  -L "ZFSBootMenu" \ +  -l '\EFI\ZBM\VMLINUZ.EFI' +``` +# Prepare for first boot +## Exit the chroot, unmount everything +``` +exit +``` +``` +umount -n -R /mnt +``` +## Export the zpool and reboot +``` +zpool export zroot +``` +``` +reboot +``` | 
