From 38ac58fac7292eeea2fd3414c98a2bc64ec438c8 Mon Sep 17 00:00:00 2001 From: AntoXa PRO Date: Tue, 11 Jul 2023 10:44:57 +0300 Subject: [PATCH] init --- arch-install.md | 232 +++++++++++++++++++++++++++++++++++++++++++ arch-post-install.md | 25 +++++ criptsetup.md | 23 +++++ letsencrypt.md | 16 +++ pass.md | 15 +++ touchpad.md | 24 +++++ wireguard.md | 126 +++++++++++++++++++++++ 7 files changed, 461 insertions(+) create mode 100644 arch-install.md create mode 100644 arch-post-install.md create mode 100644 criptsetup.md create mode 100644 letsencrypt.md create mode 100644 pass.md create mode 100644 touchpad.md create mode 100644 wireguard.md diff --git a/arch-install.md b/arch-install.md new file mode 100644 index 0000000..c398a97 --- /dev/null +++ b/arch-install.md @@ -0,0 +1,232 @@ +# Arch install + +## First steps + +### Font in the console + +~~~ +setfont ter-128n +~~~ + +### Connecting to WiFi + +~~~ +iwctl +iwctl > device list +iwctl > station scan +iwctl > station get-networks +iwctl > station connect +~~~ + +### Time synchronization + +~~~ +timedatectl set-ntp true +timedatectl status +~~~ + +## Preparing the file system + +~~~ +fdisk /dev/sda +~~~ + +### Creating a partition table + +~~~ +GPT: fdisk > g +DOS: fdisk > o +~~~ + +### Section structure + +~~~ +UEFI: +/dev/sda1 - swap (6G) +/dev/sda2 - boot (512m) +/dev/sda3 - btrfs @,@home (all free) +~~~ + +### DOS: + +~~~ +/dev/sda1 - swap (6G) +/dev/sda2 - btrfs @,@home (all free) +~~~ + +### Creating sections + +~~~ +fdisk > n +~~~ + +### Specifying the types of sections + +~~~ +swap: fdisk > t > Linux swap +boot: fdisk > t > EFI +~~~ + +### Creating file systems (UEFI) + +~~~ +swap: mkswap /dev/sda1 +boot: mkfs.vfat /dev/sda2 +btffs: mkfs.btrfs -L "Arch" /dev/sda3 +~~~ + +### Connect SWAP + +~~~ +swapon /dev/sda1 +~~~ + +### Creating partitions BTRFS + +~~~ +mount /dev/sda3 /mnt +btrfs subvolume create /mnt/@ +btrfs subvolume create /mnt/@home +mkdir /mnt/@/{boot,home} +umount -R /mnt +~~~ + +### Mounting partitions + +~~~ +mount -o subvol=/@,ssd,noatime,compress=lzo,space_cache=v2,discard=async /dev/sda3 /mnt +mount -o subvol=/@home,ssd,noatime,compress=lzo,space_cache=v2,discard=async /dev/sda3 /mnt/home +mount /dev/sda2 /mnt/boot +~~~ + +## Configere system + +### Sorting mirrors for installing packages + +~~~ +reflector -c Russia -c Belarus -a 5 --sort rate --save /etc/pacman.d/mirrorlist +~~~ + +### Install base packages + +~~~ +pacstrap /mnt base linux linux-firmware base-devel btrf-progs dhcpcd iwd vim terminus-font +~~~ + +### Generating a partition mount file + +~~~ +genfstab -U /mnt >> /mnt/etc/fstab +~~~ + +### Change root dir + +~~~ +arch-chroot /mnt +~~~ + +### Change password + +~~~ +passwd +~~~ + +### Internet Activation + +~~~ +systemctl enable dhcpcd +systemctl enable iwd +~~~ + +### We set the time zone and synchronize the time + +~~~ +ln -sf /usr/share/zoneinfo/Europe/Moscow /etc/localtime +hwclock --systohc --utc +~~~ + +### Name host + +~~~ +echo arch > /etc/hostname +~~~ + +### Settings hosts + +~~~ +vim /etc/hosts +-- +127.0.0.1 localhost +::1 localhost +127.0.1.1 arch.localdomain arch +~~~ + +### Generating locales + +~~~ +vim /etc/locale.gen +locale-gen +~~~ + +### Install locale + +~~~ +vim /etc/locale.conf +--> +LANG=en_US.UTF-8 +LANGUGE=en_US +LC_ALL=C +LC_COLLATE=C +~~~ + +### Settings console + +~~~ +vim /etc/vconsole.conf +--> +KEYMAP=us +FONT=ter-128n +~~~ + +#### BTRFS + +~~~ +vim /etc/mkinitcpio.conf +--> +MODULES=(btrfs) +~~~ + +### Editing hooks + +~~~ +vim /etc/mkinitcpio.conf +--> +HUKS=(...keymap) +~~~ + +### Creating the initial environment + +~~~ +mkinitcpio -P +~~~ + +### Installing the loader + +~~~ +pacman -S grub +grub-install /dev/sda + +-- Если UEFI: +pacman -S efibootmgr +grub-install --efi-directory=/boot + +grub-mkconfig -o /boot/grub/grub.cfg +~~~ + +## Completion + +~~~ +exit +umount -R /mnt +reboot +~~~ diff --git a/arch-post-install.md b/arch-post-install.md new file mode 100644 index 0000000..bf4deab --- /dev/null +++ b/arch-post-install.md @@ -0,0 +1,25 @@ +# Arch post install + +## Install utils +~~~ +sudo pacman -S \ + xorg xorg-xinit \ + nitrogen picom polybar i3-wm \ + bluez bluez-tools \ + pulseaudio + +sudo systemct enable bluetooth +~~~ + +## AUR + +~~~ +git clone https://aur.archlinux.org/yay.git +cd yay +makepkg -si +~~~ + +## Yandex Browser +~~~ +yay -S yandex-browser +~~~ diff --git a/criptsetup.md b/criptsetup.md new file mode 100644 index 0000000..c6433a3 --- /dev/null +++ b/criptsetup.md @@ -0,0 +1,23 @@ +# Cryptsetup + +## Crypt disk. +~~~ +cryptsetup -y -v luksFormat /dev/sda1 + +# (Enter YES, uppercase) +~~~ + +## Open disk. +~~~ +cryptsetup open /dev/sda1 [name_disk] +~~~ + +## Create file system. +~~~ +mkfs.btrfs -f /dev/mapper/[name_disk] +~~~ + +## Mount file system. +~~~ +mount /dev/mapper/[name_disk] /mnt/[name_directory] +~~~ diff --git a/letsencrypt.md b/letsencrypt.md new file mode 100644 index 0000000..174a9b1 --- /dev/null +++ b/letsencrypt.md @@ -0,0 +1,16 @@ +# Letsencrypt + +## Certbot install +~~~ +pacman -S certbot +~~~ + +## Certbot setup ssl +~~~ +certbot certonly +~~~ + +## Certbot update ssl +~~~ +certbot renew --dry-run +~~~ diff --git a/pass.md b/pass.md new file mode 100644 index 0000000..5ea20de --- /dev/null +++ b/pass.md @@ -0,0 +1,15 @@ +# Pass + +## GPG install + +~~~ +pacman -S gnupg +gpg --import /path/private/or/public/keys +~~~ + +## Failed key (There is no assurance this key belongs to the named user) + +~~~ +gpg --edit-key +gpg> trust +~~~ diff --git a/touchpad.md b/touchpad.md new file mode 100644 index 0000000..8d75f73 --- /dev/null +++ b/touchpad.md @@ -0,0 +1,24 @@ +# Settings touchpad + +## Get device names +~~~ +libinput list-devices | grep Device +~~~ + +## Create config +~~~ +vim /etc/X11/xorg.conf.d/30-touchpad.conf + +--- +Section "InputClass" + Identifier "" + MatchIsTouchpad "on" + Driver "libinput" + Option "Tapping" "on" + Option "NaturalScrolling" "true" + Option "PinchZoom" "on" + Option "AccelSpeed" "0.5" +EndSection +~~~ + +reboot diff --git a/wireguard.md b/wireguard.md new file mode 100644 index 0000000..6efc64c --- /dev/null +++ b/wireguard.md @@ -0,0 +1,126 @@ +# Текстовая инструкция по настройке Wireguard + +[видео: https://www.youtube.com/watch?v=5Aql0V-ta8A](https://www.youtube.com/watch?v=5Aql0V-ta8A) + +## Обновляем сервер: +~~~ +apt update && apt upgrade -y +~~~ + +## Ставим wireguard: + +~~~ +apt install wireguard +~~~ + +## Генерим ключи сервера: + +~~~ +wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey +~~~ + +## Проставляем права на приватный ключ: + +~~~ +chmod 600 /etc/wireguard/privatekey +~~~ + +# Создаём конфиг сервера: + +~~~ +vim /etc/wireguard/wg0.conf + +[Interface] +PrivateKey = +Address = 10.0.0.1/24 +ListenPort = 51831 +PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE +~~~ + +Вставляем вместо содержимое файла /etc/wireguard/privatekey + +## Настраиваем IP форвардинг: + +~~~ +echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf +sysctl -p +~~~ + +## Включаем systemd демон с wireguard: + +~~~ +systemctl enable wg-quick@wg0.service +systemctl start wg-quick@wg0.service +systemctl status wg-quick@wg0.service +~~~ + +## Создаём ключи клиента: + +~~~ +wg genkey | tee /etc/wireguard/goloburdin_privatekey | wg pubkey | tee /etc/wireguard/goloburdin_publickey +~~~ + +## Добавляем в конфиг сервера клиента: + +~~~ +vim /etc/wireguard/wg0.conf + +[Peer] +PublicKey = +AllowedIPs = 10.0.0.2/32 +~~~ + +Вместо — заменяем на содержимое файла /etc/wireguard/goloburdin_publickey + +## Перезагружаем systemd сервис с wireguard: + +~~~ +systemctl restart wg-quick@wg0 +systemctl status wg-quick@wg0 +~~~ + +## Создание клиента: + +На локальной машине (например, на ноутбуке) создаём текстовый файл с конфигом клиента: + +~~~ +vim goloburdin_wb.conf +~~~ + +## Полная маршрутизация трафика: + +~~~ +[Interface] +PrivateKey = +Address = 10.0.0.2/32 +DNS = 8.8.8.8 + +[Peer] +PublicKey = +Endpoint = :51830 +AllowedIPs = 0.0.0.0/0 +PersistentKeepalive = 20 + +~~~ + +Здесь заменяем на приватный ключ клиента, то есть содержимое файла /etc/wireguard/goloburdin_privatekey на сервере. + заменяем на публичный ключ сервера, то есть на содержимое файла /etc/wireguard/publickey на сервере. заменяем на IP сервера. + +## Что бы сделать частичную маршрутизацию: + +Убрать DNS и изменить AllowedIPs на 10.0.0.0/24 + +## Теперь нам нужно перенести этот конфиг на смартфон: + +~~~ +apt install qrencode +~~~ + +И потом выбрать конфиг и сгенерировать из него QR код + +~~~ +qrencode -t ansiutf8 < iphone.conf +~~~ + +После этого в консоли мы увидим QR код и нам остается только отсканировать его через WireGuard на мобильном приложении.