mazzilius_marsti

joined 8 months ago
[–] mazzilius_marsti@lemmy.world 1 points 2 hours ago (1 children)

yeh if I encrypt /home using luks with passphrase, so cryptsetup. How do I tell the OS to decrypt it? I tried passphrase before and it cannot boot because /home cannot be mounted. That is why I searched and found out about the Arch wiki way: using keyfile stored in root.

 

Any distro would do, but for my case, it is Arch because I have more control over the partitions. I would like the OS, so root, swap and others on 1 drive. The /home should be on a separate drive. The tricky thing is to have everything encrypted, except /boot and /efi of course.

Now, here is what I can do

  1. FDE on 1 drive. This is easy: you create /efi, /boot and then create a large LUKS partition. From there, you create LVM on that LUKS partition and get your: /, /home and swap. Then mount everything correctly and install.

In the grub config, you only need to set it so it knows the LUKS partitom and where the root is. For eg, if your LUKs partition is /dev/sda3, you do:

  • cryptdevice=UUID=<uuid of the /dev/sda3>: cryptlvm rootfs=/dev/vg/root.
  1. Unencrypted /home on another drive. This is like 1) but /home is mounted on a separate drive. Still need to do the grub config, but nothing is needed for /home. It is automatically mounted when you login.

Now for my case: Encrypt /home

The encryption and mount part is easy. But how to get the OS to recognize it? The Arch wiki has this weird thing where you create an encryption key, they called it home.key, using cryptsetup. You then store the key in /etc and then in your /etc/crypttab, you specifiy the drive with /home and location of the key. No need for any passphrase.

The problem I have with this is that keys are stored in root. So if my root system is corrupted, I cant even decrypt home....

Any advice is welcome..

[–] mazzilius_marsti@lemmy.world 4 points 17 hours ago

I have Fedora on my work laptop and vanilla Arch on my tinkering laptop.

I think instead of thinking about "set it and forget it", you might want to think about "if shit happens, how fast can I fix it?". That is because stuff break or there are bugs . If you use a very old and LTS distro, you might be comfortable but there might be bugs that do not get fixed until much later. Eg: Debian's kernel used to be able to suspend-then-hibernate, then they jump to one that cannot. So if you want that feature back, you need to wait.... until Debian catches up with mainline's fixes.

So if you only use your computer for web, email, movie. Then any distro will work.

Now, imo there are 2 types of problems in Linux:

  1. Boot/GRUB/partition problems: this can happen if you're dual boot, or a config goes wrong. To fix, usually you need to boot a live cd.

Pop OS would be #1 choice just because it has a "Recovery Partition" with live environment. You can reinstall the entire OS while you're on the plane, without wifi or any USB.

Arch would be #2 here, just because the arch iso is so good. It is minimal and has all the tools you need to fix stuff: partitions, wifi..etc. Plus, it boots in tty so it is faster for fixing.

  1. Problems with library mismatch: for this you want one with good snapshots built in. So OpenSUSE or if you know how to configure btrfs, maybe Fedora. I would still go Pop OS here, so you can configure btrfs AND get the recovery from point 1) above. Linux Mint would be #2 choice because they have timeshift built in.

So the TLDR for you is: pick Pop OS for the recovery partition. Also, use btrfs. Lastly, configure your disk nicely, i.e. dont do any crazy LVM encryption, just use standard layout so when comes the time to fix, it is easier.

 

Hey folks. I recently got an old X220 with an mSATA SSD. I plan to to install Linux on there. It doesnt matter which OS: Debian, Ubuntu or Arch. The machine is so old that all distros play nice with it.

Anyway, the speed on the mSATA is slower than the 2.5 SSD. So I want to know if is it possible to have your /boot, /efi, swap on the mSATA. Then, the /home on the 2.5 SSD? Any problems with this setup and if anyone tried it before?

Now, for the reasons why I use mSATA instead of just putting Linux on 2.5 SSD:

  1. the mSATA is Samsung, pretty rare nowadays. The health is still very excellent. I checked with CrystalDiskInfo. So might as well use it.

  2. My X220 has a problem finding out grub if installed on the 2.5 SSD. It's literally a 50/50 chance it can find grub properly. So:

a) you installed Linux on 2.5 SSD, reboot.

b) grub error screen

c) restart

d) boot into Linux well

Note at d) if I do anything to restart/shutdown the computer, you are back at step b) and require another reboot to reach Linux.

Any advice is welcome.

[–] mazzilius_marsti@lemmy.world 1 points 4 days ago (1 children)

hmm thanks i'm gonna try that script you linked in artix wiki. Havent seen that one before so its worth a shot. What I usually see is some systemd Unit scripts. Gtlock looks neat as well, does swaylock give you problems too?

[–] mazzilius_marsti@lemmy.world 4 points 4 days ago* (last edited 4 days ago)

The only robust and no BS lock combo so far, imo, is Regolith i3wm.

For some reasons and whatever black magic eas used, this Frankenstein combo of i3 and GNOME work every single time. The downside is their configs are soooo messy. It is very hard to use whatever you have in vanilla i3 for Regolith.

 

I have an older laptop so no need to worry about the stupid Modern Standby introduced in late 2019. What I want is a reliable way to lock screen when suspend, doesnt matter how bloat or minimal.

First, to make sure the laptop suspends when I close the lid:

  • on some Distro, this works OOTB.
  • If it doesnt, I check /etc/systemd/sleep.conf and set allow Suspend from there.

After this, laptop does suspend. Now here comes the trickiest part, how to make sure your screen stays locked? There are so many rabbit holes so I want some help.

Depending on your software selections, you can fall into 3 categories:

  1. create some systemd script like this: https://wiki.archlinux.org/title/Slock

Problem: sometimes the screen doesnt get locked, i.e. your slock doesnt get triggered. Even worse, in some cases, the desktop is briefly shown on resume, before the locker shows up.

  1. use program like xss-lock, xautolock. Then links it with your locker and then autostart in your wm. Eg: i3wm with i3lock and xss-lock:

exec --no-startup-id xss-lock --transfer-sleep-lock -- i3lock

This works. But the laptop sometimes takes a while to suspend.

  1. manually invoke "Lock" with a keystroke. Then close the lid. Apparently this works but I have to remember to manually "lock" every single time.

Thanks for any suggestions.

[–] mazzilius_marsti@lemmy.world 7 points 6 days ago* (last edited 6 days ago) (4 children)

I like and I do use Linux as my main OS. No dual boot BS, just pure Linux

butttttttttttttt

getting hibernate working perfectly in Linux on new hardware is PITA. I'm just happy with suspend working well, let alone hibernation.

Modern standby is the absolute shit of an invention.

This is the ONLY reason I wish I have a Mac. Forget all the memes and jokes about Apple, their laptops suspend very well. IIRC, they also have a hibernation timer built in, so if your laptop automatically hibernates after X hrs. But I dont want to be stuck in their ecosystem, so yeh...

Linux devs are not that keen to make hibernate work well either. Remember systemd dev forcefully removed the "suspend then hibernate" feature? You can still find the thread on Github lol.

 

So I put all of my important dot files on Github. Whenever I need to reinstall stuff, I pull the files. To get this working, I need to do the "gh auth login" where it grants the ssh key. Or I can create a token for that specific machine on Github. This is a long list of letters/numbers that I then copy when doing "git clone".

During installations of Arch or even a minimal Debian, how do you do this? There are no browsers, so the command "gh auth login" would get stuck.

Is there a better way to do this, other than making the dotfiles repo public?

[–] mazzilius_marsti@lemmy.world 1 points 2 weeks ago

thanks, i asked because the Google PlayStore has WaterFox from waterfox.net. Not sure if this is real or fake, because other Fox forks can only be installed from Fdroid like Mull/Fennec

[–] mazzilius_marsti@lemmy.world 2 points 2 weeks ago (2 children)

where did you get Waterfox on Android? The Playstore or F droid?

[–] mazzilius_marsti@lemmy.world 1 points 2 weeks ago (1 children)

interesting, so you just back up your ~/.password-store directory? You use the same thing on Android or something else?/

I am using KeePass, it generates password and also TOTP. Works fine but I want to switch to something more Linuxy. Keepass is great but you really depend on a 3rd party.

[–] mazzilius_marsti@lemmy.world 1 points 2 weeks ago (3 children)

the GNU pass encrypt using gpg? How do you transfer between devices, using cloud?

[–] mazzilius_marsti@lemmy.world 1 points 2 weeks ago

Do you script it so when it is an Ebay/Amazon link, Libre Wolf is opened? Or you just remember to do so?/

[–] mazzilius_marsti@lemmy.world 4 points 2 weeks ago

Use both. Deposit / withdraw huge sums at the bank, always. For small payments, use online banking.

Depending on the bank, online security can be a hit or miss. Are your grandparents ok to learn and do stuff like secure passwords, 2FA..etc? If they are, go ahead with online banking. If not, there is nothing wrong with do the transactions at the bank.

view more: next ›