Difference between revisions of "User:Rdeckard/Post-installation"

Setup networking

If you have a wired connection, start/enable the dhcpcd@interface.service unit.

If you have a wireless connection, create the following file:

/etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=/run/wpa_supplicant
update_config=1

Now add the dhcpcd hook for wpa_supplicant:

# ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /usr/lib/dhcpcd/dhcpcd-hooks/

Now start/enable the dhcpcd@interface.service.

Then connect to a wifi network with:

# wpa_passphrase MYSSID passphrase >> /etc/wpa_supplicant/wpa_supplicant.conf

You may need to restart dhcpcd@interface.service.

Alternatively, use wpa_cli to scan and connect to a network.

Enable the ntpd.service to keep your clock in sync.

/etc/systemd/system/dhcpcd@.service.d/override.conf

 [Service]
 ExecStart=
 ExecStart=/usr/bin/dhcpcd -b -q %I

DNS Resolver

Install the unbound package.

Set your DNS server to 127.0.0.1:

/etc/resolv.conf

127.0.0.1

Ensure that dhcpcd won't overwrite it:

/etc/dhcpcd.conf

nohook resolv.conf

Add the following configuration file for unbound. It includes DNSSEC, root hints, and ad blocking. Add the IP addresses of DNS servers where indicated.

/etc/unbound/unbound.conf

server:

  username: unbound
  pidfile: "/etc/unbound/unbound.pid"
  directory: "/etc/unbound"

  trust-anchor-file: "/etc/unbound/root.key"
  root-hints: "/etc/unbound/root.hints"
  include: /etc/unbound/ads.conf

  do-not-query-localhost: no
  forward-zone:
    name: "."
    forward-addr: dns_ip_addr1
    forward-addr: dns_ip_addr2

Update the trust anchor file:

# unbound-anchor -a /etc/unbound/root.key

Update the root hints file:

# curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache

Update the ad blocking file:

# curl https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | awk '/^0\.0\.0\.0/ {print "local-zone: \""$2"\" redirect\nlocal-data: \""$2" A 0.0.0.0\""}' > /etc/unbound/ads.conf

Start/enable the unbound.service.

Test DNSSEC

$ unbound-host -C /etc/unbound/unbound.conf -v sigok.verteiltesysteme.net

The first output line should be something like the following. Note the word "secure".

sigok.verteiltesysteme.net has address 134.91.78.139 (secure)

$ unbound-host -C /etc/unbound/unbound.conf -v sigfail.verteiltesysteme.net

The first output line should be something like the following. Note the word "BOGUS".

sigfail.verteiltesysteme.net has address 134.91.78.139 (BOGUS (security failure))

Pacman

Create local repository for AUR

Install the aurutils^AUR package. Then create a local repository called aur:

/etc/pacman.d/aur

[options]
CacheDir = /var/cache/pacman/pkg
CacheDir = /var/cache/pacman/aur
CleanMethod = KeepCurrent

[aur]
SigLevel = Optional TrustAll
Server = file:///var/cache/pacman/aur

Additional line:

/etc/pacman.conf

Include = /etc/pacman.d/aur

# mkdir -p /var/cache/pacman/aur
# chown user:user /var/cache/pacman/aur
$ cd /var/cache/pacman/aur
$ repose -vf aur

Now use aurutils or aurbuild to create packages that are put in the local database.

Pacman hooks

Get notified when a package become an orphan.

/etc/pacman.d/hooks/orphans.hook

[Trigger]
Operation = Upgrade
Operation = Install
Operation = Remove
Type = Package
Target = *

[Action]
Description = Checking for orphans...
When = PostTransaction
Exec = /usr/bin/bash -c "/usr/bin/pacman -Qtd || true"

Clean up pacman cache on transactions.

/etc/pacman.d/hooks/paccache.hook

[Trigger]
Operation = Upgrade
Operation = Install
Operation = Remove
Type = Package
Target = *

[Action]
Description = Cleaning pacman cache...
When = PostTransaction
Exec = /usr/bin/paccache -rv

Get notified when a package is no longer in a repository.

/etc/pacman.d/hooks/repocheck.hook

[Trigger]
Operation = Upgrade
Operation = Install
Operation = Remove
Type = Package
Target = *

[Action]
Description = Checking for dropped packages...
When = PostTransaction
Exec = /usr/bin/bash -c "/usr/bin/pacman -Qqm || true"