Michel Le Cocq 2020-06-26 08:00:39 +02:00
commit a67145f779
6 changed files with 237 additions and 170 deletions

6
Firefox-plugins.md Normal file

@ -0,0 +1,6 @@
* [FreedomMarks](https://github.com/damko/freedommarks-browser-webextension) - Browser extension for Nextcloud Bookmarks
* [Grammalecte](https://grammalecte.net/) - Correcteur grammatical, orthographique et typographique pour le français.
* [User-Agent Switcher and Manager](https://add0n.com/useragent-switcher.html) - Spoof websites trying to gather information about your web navigation to deliver distinct content you may not want
* [Wallabagger](https://github.com/wallabag/wallabagger)
Extension pour Wallabag qui permet d'éditer le titre de la page, les tags, changer l'état en tant que favori, archivé ou supprimé.
* [Dark Reader](http://darkreader.org/) - Un thème sombre pour chaque site Web. Prenez soin de vos yeux, utilisez Dark Reader pour votre navigation nocturne et quotidienne.

@ -1,76 +1,77 @@
source : [Linsomniac's Articles - Encrypting ZFS on Ubuntu 20.04](https://linsomniac.gitlab.io/post/2020-04-09-ubuntu-2004-encrypted-zfs/)
# encrypt - Unbuntu 20.04 full ZFS install
Here we are going to install Ubuntu 20.04 in **almost** full zfs updating **zsys-setup** to permit **zfs encryption**. Read bellow articles to understand why 2 differerent pools and full implementation.
* [ZFS focus on Ubuntu 20.04 LTS: whats new?](https://didrocks.fr/2020/05/21/zfs-focus-on-ubuntu-20.04-lts-whats-new/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys general presentation](https://didrocks.fr/2020/05/26/zfs-focus-on-ubuntu-20.04-lts-zsys-general-presentation/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys sate management](https://didrocks.fr/2020/05/28/zfs-focus-on-ubuntu-20.04-lts-zsys-general-principle-on-state-management/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys commands for state management](https://didrocks.fr/2020/06/02/zfs-focus-on-ubuntu-20.04-lts-zsys-commands-for-state-management/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys state collection](https://didrocks.fr/2020/06/04/zfs-focus-on-ubuntu-20.04-lts-zsys-state-collection/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys for system administrators](https://didrocks.fr/2020/06/09/zfs-focus-on-ubuntu-20.04-lts-zsys-for-system-administrators/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys partition layout](https://didrocks.fr/2020/06/11/zfs-focus-on-ubuntu-20.04-lts-zsys-partition-layout/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys dataset layout](https://didrocks.fr/2020/06/16/zfs-focus-on-ubuntu-20.04-lts-zsys-dataset-layout/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys properties on ZFS datasets](https://didrocks.fr/2020/06/19/zfs-focus-on-ubuntu-20.04-lts-zsys-properties-on-zfs-datasets/)
## initial boot and ssh
Boot the Ubuntu 20.04 Desktop installer/live CD.
Click the “Try Ubuntu” button.
launch a terminal.
set a passwd to root to permit remote ssh
~~~
$ sudo su
## passwd
New password :
Retype new passord :
passwd: password updated successfully
~~~
Install ssh to simplfy configuration edit.
~~~
## apt install ssh
~~~
Edit **/etc/ssh/sshd_config** to **Enable PermitRootLogin** change *prohibit-password* to *yes* like bellow.
~~~{.shell}
#PermitRootLogin prohibit-password
PermitRootLogin yes
~~~
~~~
service ssh restart
~~~
find yout IP with : *ip a*
then connect remotely with : *ssh*
## update zsys-setup to enable zfs encyption on rpool
bpool remain unencrypt.
Search for “zpool create”, and make sure you have found the create command that has “rpool” on the last line.
Before the “zpool create” insert: echo MYPASSWORD |
Before the last line of the command insert these lines:
~~~{.cpp}
-O recordsize=1M \
-O encryption=aes-256-gcm \
-O keylocation=prompt \
-O keyformat=passphrase \
~~~
## swap
you may be interrested if you are on a laptop in : [right fit swap for laptop hibernation Ubuntu 20.04 full ZFS install](right-fit-swap-for-laptop-hibernation-Ubuntu-20.04-full-ZFS-install)
## start installation
Run ubiquity to start the installer and install as normal, selecting “Use entire disk” and the option to use ZFS.
## questions to be solves
* what happen if zpool passwd is not given at boot shutdown ?
source : [Linsomniac's Articles - Encrypting ZFS on Ubuntu 20.04](https://linsomniac.gitlab.io/post/2020-04-09-ubuntu-2004-encrypted-zfs/)
# encrypt - Unbuntu 20.04 full ZFS install
Here we are going to install Ubuntu 20.04 in **almost** full zfs updating **zsys-setup** to permit **zfs encryption**. Read bellow articles to understand why 2 differerent pools and full implementation.
* [ZFS focus on Ubuntu 20.04 LTS: whats new?](https://didrocks.fr/2020/05/21/zfs-focus-on-ubuntu-20.04-lts-whats-new/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys general presentation](https://didrocks.fr/2020/05/26/zfs-focus-on-ubuntu-20.04-lts-zsys-general-presentation/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys sate management](https://didrocks.fr/2020/05/28/zfs-focus-on-ubuntu-20.04-lts-zsys-general-principle-on-state-management/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys commands for state management](https://didrocks.fr/2020/06/02/zfs-focus-on-ubuntu-20.04-lts-zsys-commands-for-state-management/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys state collection](https://didrocks.fr/2020/06/04/zfs-focus-on-ubuntu-20.04-lts-zsys-state-collection/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys for system administrators](https://didrocks.fr/2020/06/09/zfs-focus-on-ubuntu-20.04-lts-zsys-for-system-administrators/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys partition layout](https://didrocks.fr/2020/06/11/zfs-focus-on-ubuntu-20.04-lts-zsys-partition-layout/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys dataset layout](https://didrocks.fr/2020/06/16/zfs-focus-on-ubuntu-20.04-lts-zsys-dataset-layout/)
* [ZFS focus on Ubuntu 20.04 LTS: ZSys properties on ZFS datasets](https://didrocks.fr/2020/06/19/zfs-focus-on-ubuntu-20.04-lts-zsys-properties-on-zfs-datasets/)
## initial boot and ssh
Boot the Ubuntu 20.04 Desktop installer/live CD.
Click the “Try Ubuntu” button.
launch a terminal.
set a passwd to root to permit remote ssh
~~~
$ sudo su
## passwd
New password :
Retype new passord :
passwd: password updated successfully
~~~
Install ssh to simplfy configuration edit.
~~~
## apt install ssh
~~~
Edit **/etc/ssh/sshd_config** to **Enable PermitRootLogin** change *prohibit-password* to *yes* like bellow.
~~~{.shell}
#PermitRootLogin prohibit-password
PermitRootLogin yes
~~~
~~~
service ssh restart
~~~
find yout IP with : *ip a*
then connect remotely with : *ssh*
## update zsys-setup to enable zfs encyption on rpool
bpool remain unencrypt.
Search for “zpool create”, and make sure you have found the create command that has “rpool” on the last line.
Before the “zpool create” insert: echo MYPASSWORD |
Before the last line of the command insert these lines:
~~~{.cpp}
-O recordsize=1M \
-O encryption=aes-256-gcm \
-O keylocation=prompt \
-O keyformat=passphrase \
~~~
## swap
you may be interrested if you are on a laptop in : [right fit swap for laptop hibernation Ubuntu 20.04 full ZFS install](right-fit-swap-for-laptop-hibernation-Ubuntu-20.04-full-ZFS-install)
## start installation
Run ubiquity to start the installer and install as normal, selecting “Use entire disk” and the option to use ZFS.
## questions to be solves
* what happen if zpool passwd is not given at boot shutdown ?
* find a way to shut it down pass a delay

@ -0,0 +1,71 @@
# disable encrypt swap partition
## prerequisite
* This setup is based on [encrypt swap partition](./encrypt-swap-Ubuntu-20.04)
* all command bellow are run has root
## disable encrypt swap partition
* Turn off swap
~~~
root@laptop:/root# swapoff /dev/mapper/cryptswap
~~~
* Undo the existing mapping.
~~~
root@laptop:/root# cryptsetup luksClose /dev/mapper/cryptswap
~~~
* remove your encrypt swap device define in your **/etc/crypttab**
* ajust **/etc/fstab** to use your real swap partition
~~~
/dev/nvme0n1p2 none swap discard 0 0
~~~
* make your partition a swap
~~~
root@laptop:/root# mkswap /dev/nvme0n1p2
~~~
* activate swap
~~~
root@laptop:/root# swapon -a
~~~
* remove file */etc/initramfs-tools/conf.d/resume*
~~~
root@laptop:/root# rm /etc/initramfs-tools/conf.d/resume
~~~
Register these changes.
~~~{bash}
root@laptop:/root# update-initramfs -u -k all
update-initramfs: Generating /boot/initrd.img-5.4.0-37-generic
cryptsetup: ERROR: Couldn't resolve device rpool/ROOT/ubuntu_0ctpm6
cryptsetup: WARNING: Couldn't determine root device
I: The initramfs will attempt to resume from /dev/nvme0n1p2
I: (UUID=09c1daa8-a572-41b9-8655-c38ea7778723)
I: Set the RESUME variable to override this.
root@laptop:/root#
~~~
* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to point to your real partition
~~~
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash resume=UUID=09c1daa8-a572-41b9-8655-c38ea7778723"
~~~
~~~
root@laptop:/root# update-grub
~~~
Next you need to reboot to enable everything and test it.

@ -0,0 +1,81 @@
# encrypt swap Ubuntu 20.04 with hibernation
## prerequisite
* all command bellow are run has root
* install ecryptfs
~~~{bat}
root@laptop:/root# install apt-get install ecryptfs-utils
~~~
## encrypt swap
* turn off current swap
~~~
root@laptop:/root# swapoff -a
~~~
* encrypt swap partition
~~~
root@laptop:/root# cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2
root@laptop:/root# cryptsetup open /dev/nvme0n1p2 cryptswap
~~~
* set up the crypt partition as swap.
~~~
root@laptop:/root# mkswap /dev/mapper/cryptswap
~~~
* ajust **/etc/fstab** to use your mapper, replace your encrypt swap device like bellow :
~~~
/dev/mapper/cryptswap none swap discard 0 0
~~~
* add your encrypt swap device define in **/etc/crypttab**
~~~
cryptswap /dev/nvme0n1p2 none luks
~~~
* enable swap
~~~
root@laptop:/root# swapon -a
~~~
* edit **/etc/initramfs-tools/conf.d/resume**. Replace the existing **RESUME** line with the following line.
~~~
root@laptop:/root# printf "RESUME=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume
~~~
* Register these changes.
~~~
root@laptop:/root# update-initramfs -u -k all
~~~
* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to point to remove or be sure there is nothing in resume
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
~~~
root@laptop:/root# update-grub
~~~
### to be solve
~~~
cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
cryptsetup: WARNING: Couln't determine root device
~~~
## sources
* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS)
* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)

@ -98,99 +98,6 @@ HandleSuspendKey=suspend-then-hibernate
HandleLidSwitch=suspend-then-hibernate
~~~
## encrypt swap partition
sources :
* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS)
* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)
~~~
apt-get install ecryptfs-utils
swapoff -a
cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2
cryptsetup open /dev/<device> swapDevice
mkswap /dev/mapper/mkswap /dev/mapper/swapDevice
~~~
edit : /etc/default/grub
~~~
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash resume=/dev/mapper/swapDevice"
~~~
~~~
update-grub
~~~
Now ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow :
~~~
/dev/nvme0n1p2 none swap discard 0 0
~~~
remove your encrypt swap device define in /etc/crypttab
~~~
swapDevice /dev/nvme0n1p2 none luks
~~~
~~~
swapon -a
~~~
Register these changes.
~~~
update-initramfs -u -k all
~~~
## disable encrypt swap partition
* Turn off swap
~~~
swapoff /dev/mapper/cryptswap1
~~~
* remove your encrypt swap device define in your /etc/crypttab
* ajust /etc/fstab to use your real swap partition
~~~
/dev/nvme0n1p2 none swap discard 0 0
~~~
* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to
~~~
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash resume=/dev/nvme0n1p2"
~~~
* edit /etc/initramfs-tools/conf.d/resume. Replace the existing RESUME line with the following line.
~~~
RESUME=/dev/nvme0n1p2
~~~
* make your partition a swap
~~~
mkswap /dev/nvme0n1p2
~~~
* activate swap
~~~
swapon -a
~~~
### to be solve
~~~
cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
cryptsetup: WARNING: Couln't determine root device
~~~
## xfce4-power-manager suspend to hibernate option
source : [docs.xfce.org - Frequently Asked Questions - Xfce4 Power Manager](https://docs.xfce.org/xfce/xfce4-power-manager/faq)

@ -1,3 +1,4 @@
<<<<<<< HEAD
# Xubuntu on XPS 13 7390 2 in 1
## sources
* [Gentoo wiki - Dell XPS 13 2-in-1 (7390)](https://wiki.gentoo.org/wiki/Dell_XPS_13_2-in-1_(7390))
@ -103,4 +104,4 @@ select a font face that supports a larger font size, for instance the Terminus f
apt install iio-sensor-proxy
~~~
install : screen rotator : https://github.com/GuLinux/ScreenRotator
install : screen rotator : https://github.com/GuLinux/ScreenRotator