User:Rdeckard/Post-installation

From ArchWiki
< User:Rdeckard
Revision as of 19:16, 18 February 2018 by Rdeckard (talk | contribs) (→‎Setup networking: tip on dhcpd holding up boot)
Jump to navigation Jump to search

Setup networking

If you have a wired connection, start/enable the dhcpcd@interface.service unit.

If you have a wireless connection, create the following file:

/etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=/run/wpa_supplicant
update_config=1

Now add the dhcpcd hook for wpa_supplicant:

# ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /usr/lib/dhcpcd/dhcpcd-hooks/

Now start/enable the dhcpcd@interface.service.

Then connect to a wifi network with:

# wpa_passphrase MYSSID passphrase >> /etc/wpa_supplicant/wpa_supplicant.conf

You may need to restart dhcpcd@interface.service.

Alternatively, use wpa_cli to scan and connect to a network.

Enable the ntpd.service to keep your clock in sync.

Tip: To prevent dhcpcd from holding boot until it gets an IP address, edit the unit with a drop-in file so that it forks right away:
/etc/systemd/system/dhcpcd@.service.d/override.conf
 [Service]
 ExecStart=
 ExecStart=/usr/bin/dhcpcd -b -q %I

DNS Resolver

Install the unbound package.

Set your DNS server to 127.0.0.1:

/etc/resolv.conf
127.0.0.1

Ensure that dhcpcd won't overwrite it:

/etc/dhcpcd.conf
nohook resolv.conf

Add the following configuration file for unbound. It includes DNSSEC, root hints, and ad blocking. Add the IP addresses of DNS servers where indicated.

/etc/unbound/unbound.conf
server:

  username: unbound
  pidfile: "/etc/unbound/unbound.pid"
  directory: "/etc/unbound"

  trust-anchor-file: "/etc/unbound/root.key"
  root-hints: "/etc/unbound/root.hints"
  include: /etc/unbound/ads.conf

  do-not-query-localhost: no
  forward-zone:
    name: "."
    forward-addr: dns_ip_addr1
    forward-addr: dns_ip_addr2

Update the trust anchor file:

# unbound-anchor -a /etc/unbound/root.key

Update the root hints file:

# curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache

Update the ad blocking file:

# curl https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | awk '/^0\.0\.0\.0/ {print "local-zone: \""$2"\" redirect\nlocal-data: \""$2" A 0.0.0.0\""}' > /etc/unbound/ads.conf
Tip: Put the above two commands in systemd timers to regularly update the files.

Start/enable the unbound.service.

Test DNSSEC

$ unbound-host -C /etc/unbound/unbound.conf -v sigok.verteiltesysteme.net

The first output line should be something like the following. Note the word "secure".

sigok.verteiltesysteme.net has address 134.91.78.139 (secure)
$ unbound-host -C /etc/unbound/unbound.conf -v sigfail.verteiltesysteme.net

The first output line should be something like the following. Note the word "BOGUS".

sigfail.verteiltesysteme.net has address 134.91.78.139 (BOGUS (security failure))

AUR

Install the aurutilsAUR package. Then create a local repository called aur:

/etc/pacman.d/aur
[options]
CacheDir = /var/cache/pacman/pkg
CacheDir = /var/cache/pacman/aur
CleanMethod = KeepCurrent

[aur]
SigLevel = Optional TrustAll
Server = file:///var/cache/pacman/aur

Additional line:

/etc/pacman.conf
Include = /etc/pacman.d/aur
# mkdir -p /var/cache/pacman/aur
# chown user:user /var/cache/pacman/aur
$ cd /var/cache/pacman/aur
$ repose -vf aur

Now use aurutils or aurbuild to create packages that are put in the local database.

Pacman hooks

Get notified when a package become an orphan.

/etc/pacman.d/hooks/orphans.hook
[Trigger]
Operation = Upgrade
Operation = Install
Operation = Remove
Type = Package
Target = *

[Action]
Description = Checking for orphans...
When = PostTransaction
Exec = /usr/bin/bash -c "/usr/bin/pacman -Qtd || true"

Clean up pacman cache on transactions.

/etc/pacman.d/hooks/paccache.hook
[Trigger]
Operation = Upgrade
Operation = Install
Operation = Remove
Type = Package
Target = *

[Action]
Description = Cleaning pacman cache...
When = PostTransaction
Exec = /usr/bin/paccache -rv

Get notified when a package is no longer in a repository.

/etc/pacman.d/hooks/repocheck.hook
[Trigger]
Operation = Upgrade
Operation = Install
Operation = Remove
Type = Package
Target = *

[Action]
Description = Checking for dropped packages...
When = PostTransaction
Exec = /usr/bin/pacman -Qqm