From a3dd837f5114f9699768203645317a4fb5d2ccc5 Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Wed, 3 Feb 2021 22:05:52 +0200 Subject: [PATCH 01/17] Mount picons to tvheadend --- docker/tvheadend/docker-compose.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/tvheadend/docker-compose.yaml b/docker/tvheadend/docker-compose.yaml index 583667f1..73ceb00a 100644 --- a/docker/tvheadend/docker-compose.yaml +++ b/docker/tvheadend/docker-compose.yaml @@ -10,6 +10,7 @@ services: volumes: - /docker/tvheadend:/config - /mnt/Storage/Media/PVR:/recordings + - /mnt/Storage/picons:/picons - /etc/localtime:/etc/localtime:ro ports: - 9982:9982 From 8cca3e7a95d7272a2d0b3b75902e91087caf41ef Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Wed, 10 Feb 2021 17:59:26 +0200 Subject: [PATCH 02/17] Update dotdrop --- dotdrop | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dotdrop b/dotdrop index 900f705b..06842103 160000 --- a/dotdrop +++ b/dotdrop @@ -1 +1 @@ -Subproject commit 900f705b30ee07063ecc7f2df24fc7b28a9451a5 +Subproject commit 06842103672ad8f394b39e5fea2c1ab4442c1f44 From d062b4489493d350d1dd3c7f2a98045ee4c421ec Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Thu, 11 Feb 2021 17:24:26 +0200 Subject: [PATCH 03/17] Open tvheadend port again --- docker/tvheadend/docker-compose.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/tvheadend/docker-compose.yaml b/docker/tvheadend/docker-compose.yaml index 73ceb00a..d4e4acd3 100644 --- a/docker/tvheadend/docker-compose.yaml +++ b/docker/tvheadend/docker-compose.yaml @@ -13,6 +13,7 @@ services: - /mnt/Storage/picons:/picons - /etc/localtime:/etc/localtime:ro ports: + - 9981:9981 - 9982:9982 devices: - /dev/dri:/dev/dri #hardware acceleration From 22ac9b22816bf511fd617fcf7b4567ea9948d58a Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Thu, 11 Feb 2021 17:25:18 +0200 Subject: [PATCH 04/17] Update dotdrop --- dotdrop | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dotdrop b/dotdrop index 06842103..39d52a2c 160000 --- a/dotdrop +++ b/dotdrop @@ -1 +1 @@ -Subproject commit 06842103672ad8f394b39e5fea2c1ab4442c1f44 +Subproject commit 39d52a2c8042d250f0258b1135d7d94e37a14e8f From 92b9dc434024e982f84aa1183b2e24afbd15f050 Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Fri, 12 Feb 2021 19:06:24 +0200 Subject: [PATCH 05/17] Update dotdrop --- dotdrop | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dotdrop b/dotdrop index 39d52a2c..06842103 160000 --- a/dotdrop +++ b/dotdrop @@ -1 +1 @@ -Subproject commit 39d52a2c8042d250f0258b1135d7d94e37a14e8f +Subproject commit 06842103672ad8f394b39e5fea2c1ab4442c1f44 From 476bda1963b1e69d14ff0dd24036677d21ca109c Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Fri, 12 Feb 2021 19:06:35 +0200 Subject: [PATCH 06/17] Use mpv input-ipc instead of input-file on mpvqueue script Fixes #3 --- scripts/media/mpvqueue | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/media/mpvqueue b/scripts/media/mpvqueue index 81e40f41..5a84bc64 100755 --- a/scripts/media/mpvqueue +++ b/scripts/media/mpvqueue @@ -1,23 +1,23 @@ #!/usr/bin/env bash -MPVPIPE=/tmp/mpvqueue.playlist - notify="notify-send -i mpv -a mpv" url="$1" +# NOTE: You need to configure mpv to +# enable ipc server on this path (see my mpv config for an example) +MPVSOCKET="/tmp/mpvsocket" + # See if MPV is already running if [ -z "$(pidof mpv)" ]; then # mpv is not running - # remove fifo - rm -f $MPVPIPE && mkfifo $MPVPIPE # pause other players playerctl pause # start mpv - /usr/bin/mpv --no-terminal --input-file="${MPVPIPE}" "$url" & disown + /usr/bin/mpv --no-terminal "$url" & disown - # Wait for mpv to be up before moving on to adding anything else to playlist + # Wait for mpv to be up before adding anything else to playlist while [ -z "$(pidof mpv)" ]; do sleep 1 done @@ -26,5 +26,5 @@ if [ -z "$(pidof mpv)" ]; then else # mpv is running, so add stuff to playlist $notify "Adding $url" - echo "loadfile \"$url\" append-play" >> "${MPVPIPE}" + echo "{\"command\": [\"loadfile\", \"$url\", \"append\"]}" | socat - /tmp/mpvsocket fi From 34f6a0fc4a6056cb8432d09ed2f01a2048c660d7 Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Mon, 15 Feb 2021 17:06:27 +0200 Subject: [PATCH 07/17] Don't load mpris plugin in config Fixes #4. Apparently the AUR package has been updated to load the plugin automatically --- home/.config/mpv/mpv.conf | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/home/.config/mpv/mpv.conf b/home/.config/mpv/mpv.conf index 2a3f77ed..be2d89c7 100644 --- a/home/.config/mpv/mpv.conf +++ b/home/.config/mpv/mpv.conf @@ -21,10 +21,8 @@ audio-pitch-correction=yes # automatically insert scaletempo when playing with h replaygain=track ############# -# Plugins/misc # +# misc # ############# -# Mpris plugin -script=/usr/lib/mpv/mpris.so # Start ipc server input-ipc-server=/tmp/mpvsocket From f05518a3ca93c6d97a992aee954ae404293fd9df Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Thu, 18 Feb 2021 17:47:10 +0200 Subject: [PATCH 08/17] Switch from systemd-boot to efistub --- config-root.yaml | 9 --------- efistub/arch.efi | 12 ++++++++++++ efistub/lts.efi | 12 ++++++++++++ {home/.EFISTUB => efistub}/update.sh | 2 +- home/.EFISTUB/01-arch.efi | 12 ------------ home/.EFISTUB/02-ck.efi | 12 ------------ home/.EFISTUB/03-lts.efi | 12 ------------ root/boot/loader/entries/arch-lts.conf | 5 ----- root/boot/loader/entries/kodi.conf | 5 ----- 9 files changed, 25 insertions(+), 56 deletions(-) create mode 100755 efistub/arch.efi create mode 100755 efistub/lts.efi rename {home/.EFISTUB => efistub}/update.sh (85%) delete mode 100755 home/.EFISTUB/01-arch.efi delete mode 100755 home/.EFISTUB/02-ck.efi delete mode 100755 home/.EFISTUB/03-lts.efi delete mode 100755 root/boot/loader/entries/arch-lts.conf delete mode 100755 root/boot/loader/entries/kodi.conf diff --git a/config-root.yaml b/config-root.yaml index 714389bd..f2e0485d 100644 --- a/config-root.yaml +++ b/config-root.yaml @@ -98,15 +98,6 @@ dotfiles: f_cpupower: src: etc/default/cpupower dst: /etc/default/cpupower - f_arch.conf: - src: boot/loader/entries/arch.conf - dst: /boot/loader/entries/arch.conf - f_arch-lts.conf: - src: boot/loader/entries/arch-lts.conf - dst: /boot/loader/entries/arch-lts.conf - f_kodi.conf: - src: boot/loader/entries/kodi.conf - dst: /boot/loader/entries/kodi.conf f_pacserve.service.conf: src: etc/pacserve/pacserve.service.conf dst: /etc/pacserve/pacserve.service.conf diff --git a/efistub/arch.efi b/efistub/arch.efi new file mode 100755 index 00000000..46c60cdf --- /dev/null +++ b/efistub/arch.efi @@ -0,0 +1,12 @@ +#/bin/bash +# vim:ft=sh + +sudo efibootmgr \ + --disk /dev/sda \ + --part 1 \ + --create \ + --quiet \ + --remove-dups \ + --label "Arch Linux" \ + --loader /vmlinuz-linux \ + --unicode 'rd.luks.uuid=19fa8fab-c5fe-454a-9a17-b7185ce975ea rd.luks.name=19fa8fab-c5fe-454a-9a17-b7185ce975ea=cryptroot rd.luks.options=allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=10530935 rw quiet splash vga=current idle=nomwait cpuidle.governor=teo' diff --git a/efistub/lts.efi b/efistub/lts.efi new file mode 100755 index 00000000..9a77a197 --- /dev/null +++ b/efistub/lts.efi @@ -0,0 +1,12 @@ +#!/bin/bash +# vim:ft=sh + +sudo efibootmgr \ + --disk /dev/sda \ + --part 1 \ + --create \ + --quiet \ + --remove-dups \ + --label "Arch Linux LTS" \ + --loader /vmlinuz-linux-lts \ + --unicode 'rd.luks.uuid=19fa8fab-c5fe-454a-9a17-b7185ce975ea rd.luks.name=19fa8fab-c5fe-454a-9a17-b7185ce975ea=cryptroot rd.luks.options=allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=10530935 rw quiet splash vga=current idle=nomwait cpuidle.governor=teo' diff --git a/home/.EFISTUB/update.sh b/efistub/update.sh similarity index 85% rename from home/.EFISTUB/update.sh rename to efistub/update.sh index 07c1dba8..19a17d85 100755 --- a/home/.EFISTUB/update.sh +++ b/efistub/update.sh @@ -11,4 +11,4 @@ for bootscript in *.efi; do done # set bootorder -sudo efibootmgr --bootorder 0000,0001,0002 +sudo efibootmgr --bootorder 0000,0001 diff --git a/home/.EFISTUB/01-arch.efi b/home/.EFISTUB/01-arch.efi deleted file mode 100755 index a5f67c2b..00000000 --- a/home/.EFISTUB/01-arch.efi +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -# vim:ft=sh - -sudo efibootmgr \ - --disk /dev/sda \ - --part 1 \ - --create \ - --quiet \ - --remove-dups \ - --label "Arch Linux" \ - --loader /vmlinuz-linux \ - --unicode 'cryptdevice=UUID=19fa8fab-c5fe-454a-9a17-b7185ce975ea:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=7345408 rw quiet loglevel=3 vga=current processor.max_cstate=5 rcu_nocbs=0-11 initrd=/amd-ucode.img initrd=/initramfs-linux.img amdgpu.noretry=0' diff --git a/home/.EFISTUB/02-ck.efi b/home/.EFISTUB/02-ck.efi deleted file mode 100755 index b387bad3..00000000 --- a/home/.EFISTUB/02-ck.efi +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -# vim:ft=sh - -sudo efibootmgr \ - --disk /dev/sda \ - --part 1 \ - --create \ - --quiet \ - --remove-dups \ - --label "Arch Linux CK" \ - --loader /vmlinuz-linux-ck-zen \ - --unicode 'cryptdevice=UUID=19fa8fab-c5fe-454a-9a17-b7185ce975ea:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=7345408 rw quiet loglevel=3 vga=current vt.global_cursor_default=0 processor.max_cstate=5 rcu_nocbs=0-11 initrd=/amd-ucode.img initrd=/initramfs-linux.img amdgpu.noretry=0' diff --git a/home/.EFISTUB/03-lts.efi b/home/.EFISTUB/03-lts.efi deleted file mode 100755 index fd74e762..00000000 --- a/home/.EFISTUB/03-lts.efi +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -# vim:ft=sh - -sudo efibootmgr \ - --disk /dev/sda \ - --part 1 \ - --create \ - --quiet \ - --remove-dups \ - --label "Arch Linux LTS" \ - --loader /vmlinuz-linux-lts \ - --unicode 'cryptdevice=UUID=19fa8fab-c5fe-454a-9a17-b7185ce975ea:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=7345408 rw quiet loglevel=3 vga=current vt.global_cursor_default=0 processor.max_cstate=5 rcu_nocbs=0-11 initrd=/amd-ucode.img initrd=/initramfs-linux.img amdgpu.noretry=0' diff --git a/root/boot/loader/entries/arch-lts.conf b/root/boot/loader/entries/arch-lts.conf deleted file mode 100755 index 1df835e8..00000000 --- a/root/boot/loader/entries/arch-lts.conf +++ /dev/null @@ -1,5 +0,0 @@ -title Arch Linux LTS -initrd /amd-ucode.img -initrd /initramfs-linux-lts.img -linux /vmlinuz-linux-lts -options rd.luks.uuid=19fa8fab-c5fe-454a-9a17-b7185ce975ea rd.luks.name=19fa8fab-c5fe-454a-9a17-b7185ce975ea=cryptroot rd.luks.options=allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=10530935 rw quiet splash vga=current idle=nomwait cpuidle.governor=teo diff --git a/root/boot/loader/entries/kodi.conf b/root/boot/loader/entries/kodi.conf deleted file mode 100755 index 5a86d927..00000000 --- a/root/boot/loader/entries/kodi.conf +++ /dev/null @@ -1,5 +0,0 @@ -title Kodi -initrd /amd-ucode.img -initrd /initramfs-linux.img -linux /vmlinuz-linux -options rd.luks.uuid=19fa8fab-c5fe-454a-9a17-b7185ce975ea rd.luks.name=19fa8fab-c5fe-454a-9a17-b7185ce975ea=cryptroot rd.luks.options=allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=10530935 rw quiet splash vga=current idle=nomwait video=eDP-1:d video=1920x1080@60 From d67f344bb13748580904d6a439e377754c46bc6c Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Thu, 18 Feb 2021 18:18:09 +0200 Subject: [PATCH 09/17] Switch to busybox init hooks from systemd --- efistub/arch.efi | 2 +- root/etc/mkinitcpio.conf | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/efistub/arch.efi b/efistub/arch.efi index 46c60cdf..1f0d26a5 100755 --- a/efistub/arch.efi +++ b/efistub/arch.efi @@ -9,4 +9,4 @@ sudo efibootmgr \ --remove-dups \ --label "Arch Linux" \ --loader /vmlinuz-linux \ - --unicode 'rd.luks.uuid=19fa8fab-c5fe-454a-9a17-b7185ce975ea rd.luks.name=19fa8fab-c5fe-454a-9a17-b7185ce975ea=cryptroot rd.luks.options=allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=10530935 rw quiet splash vga=current idle=nomwait cpuidle.governor=teo' + --unicode 'cryptdevice=UUID=19fa8fab-c5fe-454a-9a17-b7185ce975ea:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=10530935 rw quiet splash vga=current idle=nomwait cpuidle.governor=teo' diff --git a/root/etc/mkinitcpio.conf b/root/etc/mkinitcpio.conf index 12d768ea..1c602676 100644 --- a/root/etc/mkinitcpio.conf +++ b/root/etc/mkinitcpio.conf @@ -1,8 +1,10 @@ MODULES=(amdgpu) FILES=() + {%@@ if profile == "Mirkwood" @@%} BINARIES=("/usr/bin/btrfs") -HOOKS=(base autodetect modconf block filesystems keyboard fsck systemd sd-colors sd-vconsole sd-encrypt) +HOOKS=(colors consolefont welcomemessage base udev autodetect modconf block filesystems btrfs keyboard encrypt fsck) + {%@@ else @@%} BINARIES=() HOOKS=(colors consolefont base udev autodetect modconf block filesystems keyboard fsck) From e83a466c4a511b0e3e3edc5640ac81e79e817412 Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Thu, 18 Feb 2021 18:29:40 +0200 Subject: [PATCH 10/17] Update dotdrop and fix root config --- config-root.yaml | 3 --- dotdrop | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/config-root.yaml b/config-root.yaml index f2e0485d..d1430269 100644 --- a/config-root.yaml +++ b/config-root.yaml @@ -134,9 +134,6 @@ profiles: - f_20-quiet-printk.conf - f_system.conf - f_cpupower - - f_arch.conf - - f_arch-lts.conf - - f_kodi.conf include: - Locale - Pacman diff --git a/dotdrop b/dotdrop index 06842103..f0da6a6f 160000 --- a/dotdrop +++ b/dotdrop @@ -1 +1 @@ -Subproject commit 06842103672ad8f394b39e5fea2c1ab4442c1f44 +Subproject commit f0da6a6f9c59892e9f820443d235350ef0b2e8fd From 1191d9411bd60ebf79eec30f96c1cd15cfcb1439 Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Thu, 18 Feb 2021 18:54:26 +0200 Subject: [PATCH 11/17] Update systemd-boot config for future reference --- root/boot/loader/README.md | 2 ++ root/boot/loader/entries/arch-busybox.conf | 5 +++++ root/boot/loader/entries/{arch.conf => arch-systemd.conf} | 0 root/boot/loader/loader.conf | 4 ++-- 4 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 root/boot/loader/README.md create mode 100755 root/boot/loader/entries/arch-busybox.conf rename root/boot/loader/entries/{arch.conf => arch-systemd.conf} (100%) diff --git a/root/boot/loader/README.md b/root/boot/loader/README.md new file mode 100644 index 00000000..f0138427 --- /dev/null +++ b/root/boot/loader/README.md @@ -0,0 +1,2 @@ +I don't use systemd-boot on my main system anymore but this is here for reference +when I'm setting up new systems. diff --git a/root/boot/loader/entries/arch-busybox.conf b/root/boot/loader/entries/arch-busybox.conf new file mode 100755 index 00000000..db073af3 --- /dev/null +++ b/root/boot/loader/entries/arch-busybox.conf @@ -0,0 +1,5 @@ +title Arch Linux +initrd /amd-ucode.img +initrd /initramfs-linux.img +linux /vmlinuz-linux +options cryptdevice=UUID=19fa8fab-c5fe-454a-9a17-b7185ce975ea:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=10530935 rw quiet splash vga=current idle=nomwait cpuidle.governor=teo diff --git a/root/boot/loader/entries/arch.conf b/root/boot/loader/entries/arch-systemd.conf similarity index 100% rename from root/boot/loader/entries/arch.conf rename to root/boot/loader/entries/arch-systemd.conf diff --git a/root/boot/loader/loader.conf b/root/boot/loader/loader.conf index 49951610..62bce553 100755 --- a/root/boot/loader/loader.conf +++ b/root/boot/loader/loader.conf @@ -1,3 +1,3 @@ -default arch +default arch-busybox timeout 0 -editor 1 +editor 0 From 028cb18007de92f50b096261b2c5770a3c37b8b6 Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Thu, 18 Feb 2021 18:54:50 +0200 Subject: [PATCH 12/17] Add customized encrypt hook --- config-root.yaml | 80 ++++++++------- root/usr/lib/initcpio/hooks/encrypt | 149 ++++++++++++++++++++++++++++ 2 files changed, 191 insertions(+), 38 deletions(-) create mode 100644 root/usr/lib/initcpio/hooks/encrypt diff --git a/config-root.yaml b/config-root.yaml index d1430269..05d3c267 100644 --- a/config-root.yaml +++ b/config-root.yaml @@ -101,61 +101,65 @@ dotfiles: f_pacserve.service.conf: src: etc/pacserve/pacserve.service.conf dst: /etc/pacserve/pacserve.service.conf + f_encrypt: + src: usr/lib/initcpio/hooks/encrypt + dst: /usr/lib/initcpio/hooks/encrypt profiles: Network: dotfiles: - - d_network - - f_networkd.conf + - d_network + - f_networkd.conf Locale: dotfiles: - - f_locale.conf - - f_locale.gen + - f_locale.conf + - f_locale.gen Pacman: dotfiles: - - f_pacman.conf - - f_pacserve.service.conf + - f_pacman.conf + - f_pacserve.service.conf Mirkwood: dotfiles: - - f_getty.conf - - f_cryptissue - - f_welcomemessage.conf - - d_bin - - f_adb.service - - f_bluetooth.conf - - f_sshd_config - - f_logind.conf - - f_60-uinput-permissions.rules - - f_freetype2.sh - - f_fonts.conf - - f_99-lowbat.rules - - f_ignore - - f_mkinitcpio.conf - - f_vconsole.conf - - f_20-quiet-printk.conf - - f_system.conf - - f_cpupower + - f_getty.conf + - f_cryptissue + - f_welcomemessage.conf + - d_bin + - f_adb.service + - f_bluetooth.conf + - f_sshd_config + - f_logind.conf + - f_60-uinput-permissions.rules + - f_freetype2.sh + - f_fonts.conf + - f_99-lowbat.rules + - f_ignore + - f_mkinitcpio.conf + - f_vconsole.conf + - f_20-quiet-printk.conf + - f_system.conf + - f_cpupower + - f_encrypt include: - - Locale - - Pacman - - Network + - Locale + - Pacman + - Network Moria: include: - - Locale - - Pacman - - Network + - Locale + - Pacman + - Network dotfiles: - - f_sshd_config - - f_99-sysctl.conf - - f_cpupower + - f_sshd_config + - f_99-sysctl.conf + - f_cpupower Gondor: include: - - Locale - - Pacman + - Locale + - Pacman dotfiles: - - f_sshd_config + - f_sshd_config localhost: include: - - Locale + - Locale Edoras: include: - - Pacman + - Pacman diff --git a/root/usr/lib/initcpio/hooks/encrypt b/root/usr/lib/initcpio/hooks/encrypt new file mode 100644 index 00000000..a25c1f60 --- /dev/null +++ b/root/usr/lib/initcpio/hooks/encrypt @@ -0,0 +1,149 @@ +#!/usr/bin/ash + +run_hook() { + modprobe -a -q dm-crypt >/dev/null 2>&1 + [ "${quiet}" = "y" ] && CSQUIET=">/dev/null" + + # Get keyfile if specified + ckeyfile="/crypto_keyfile.bin" + if [ -n "$cryptkey" ]; then + IFS=: read ckdev ckarg1 ckarg2 </dev/null 2>&1 + umount /ckey + ;; + *) + # Read raw data from the block device + # ckarg1 is numeric: ckarg1=offset, ckarg2=length + dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1 + ;; + esac + fi + [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase." + fi + + if [ -n "${cryptdevice}" ]; then + DEPRECATED_CRYPT=0 + IFS=: read cryptdev cryptname cryptoptions <&2 + ;; + esac + done + set +f + IFS="$OLDIFS" + unset OLDIFS + + if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then + if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then + [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated + dopassphrase=1 + # If keyfile exists, try to use that + if [ -f ${ckeyfile} ]; then + if eval cryptsetup --key-file ${ckeyfile} open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then + dopassphrase=0 + else + echo "Invalid keyfile. Reverting to passphrase." + fi + fi + # Ask for a passphrase + if [ ${dopassphrase} -gt 0 ]; then + echo "" + echo "Enter password to decrypt disk:" + + #loop until we get a real password + while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do + sleep 2; + done + fi + if [ -e "/dev/mapper/${cryptname}" ]; then + if [ ${DEPRECATED_CRYPT} -eq 1 ]; then + export root="/dev/mapper/root" + fi + else + err "Password succeeded, but ${cryptname} creation failed, aborting..." + return 1 + fi + elif [ -n "${crypto}" ]; then + [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated + msg "Non-LUKS encrypted device found..." + if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then + err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip" + err "Non-LUKS decryption not attempted..." + return 1 + fi + exe="cryptsetup open --type plain $resolved $cryptname $cryptargs" + IFS=: read c_hash c_cipher c_keysize c_offset c_skip < Date: Thu, 18 Feb 2021 18:57:15 +0200 Subject: [PATCH 13/17] Add initrd to efistub configs --- efistub/arch.efi | 2 +- efistub/lts.efi | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/efistub/arch.efi b/efistub/arch.efi index 1f0d26a5..c0932d67 100755 --- a/efistub/arch.efi +++ b/efistub/arch.efi @@ -9,4 +9,4 @@ sudo efibootmgr \ --remove-dups \ --label "Arch Linux" \ --loader /vmlinuz-linux \ - --unicode 'cryptdevice=UUID=19fa8fab-c5fe-454a-9a17-b7185ce975ea:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=10530935 rw quiet splash vga=current idle=nomwait cpuidle.governor=teo' + --unicode 'initrd=\amd-ucode.img initrd=\initramfs-linux.img cryptdevice=UUID=19fa8fab-c5fe-454a-9a17-b7185ce975ea:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=10530935 rw quiet splash vga=current idle=nomwait cpuidle.governor=teo' diff --git a/efistub/lts.efi b/efistub/lts.efi index 9a77a197..9a9d0613 100755 --- a/efistub/lts.efi +++ b/efistub/lts.efi @@ -9,4 +9,4 @@ sudo efibootmgr \ --remove-dups \ --label "Arch Linux LTS" \ --loader /vmlinuz-linux-lts \ - --unicode 'rd.luks.uuid=19fa8fab-c5fe-454a-9a17-b7185ce975ea rd.luks.name=19fa8fab-c5fe-454a-9a17-b7185ce975ea=cryptroot rd.luks.options=allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=10530935 rw quiet splash vga=current idle=nomwait cpuidle.governor=teo' + --unicode 'initrd=\amd-ucode.img initrd=\initramfs-linux-lts.img cryptdevice=UUID=19fa8fab-c5fe-454a-9a17-b7185ce975ea:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=root resume=/dev/mapper/cryptroot resume_offset=10530935 rw quiet splash vga=current idle=nomwait cpuidle.governor=teo' From b0d2c508695a0bd0022104564c95e63a0d3fc9bd Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Thu, 18 Feb 2021 19:05:53 +0200 Subject: [PATCH 14/17] Remove custom encrypt initcpio hook --- config-root.yaml | 4 - root/usr/lib/initcpio/hooks/encrypt | 149 ---------------------------- 2 files changed, 153 deletions(-) delete mode 100644 root/usr/lib/initcpio/hooks/encrypt diff --git a/config-root.yaml b/config-root.yaml index 05d3c267..0b292e37 100644 --- a/config-root.yaml +++ b/config-root.yaml @@ -101,9 +101,6 @@ dotfiles: f_pacserve.service.conf: src: etc/pacserve/pacserve.service.conf dst: /etc/pacserve/pacserve.service.conf - f_encrypt: - src: usr/lib/initcpio/hooks/encrypt - dst: /usr/lib/initcpio/hooks/encrypt profiles: Network: dotfiles: @@ -137,7 +134,6 @@ profiles: - f_20-quiet-printk.conf - f_system.conf - f_cpupower - - f_encrypt include: - Locale - Pacman diff --git a/root/usr/lib/initcpio/hooks/encrypt b/root/usr/lib/initcpio/hooks/encrypt deleted file mode 100644 index a25c1f60..00000000 --- a/root/usr/lib/initcpio/hooks/encrypt +++ /dev/null @@ -1,149 +0,0 @@ -#!/usr/bin/ash - -run_hook() { - modprobe -a -q dm-crypt >/dev/null 2>&1 - [ "${quiet}" = "y" ] && CSQUIET=">/dev/null" - - # Get keyfile if specified - ckeyfile="/crypto_keyfile.bin" - if [ -n "$cryptkey" ]; then - IFS=: read ckdev ckarg1 ckarg2 </dev/null 2>&1 - umount /ckey - ;; - *) - # Read raw data from the block device - # ckarg1 is numeric: ckarg1=offset, ckarg2=length - dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1 - ;; - esac - fi - [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase." - fi - - if [ -n "${cryptdevice}" ]; then - DEPRECATED_CRYPT=0 - IFS=: read cryptdev cryptname cryptoptions <&2 - ;; - esac - done - set +f - IFS="$OLDIFS" - unset OLDIFS - - if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then - if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then - [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated - dopassphrase=1 - # If keyfile exists, try to use that - if [ -f ${ckeyfile} ]; then - if eval cryptsetup --key-file ${ckeyfile} open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then - dopassphrase=0 - else - echo "Invalid keyfile. Reverting to passphrase." - fi - fi - # Ask for a passphrase - if [ ${dopassphrase} -gt 0 ]; then - echo "" - echo "Enter password to decrypt disk:" - - #loop until we get a real password - while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do - sleep 2; - done - fi - if [ -e "/dev/mapper/${cryptname}" ]; then - if [ ${DEPRECATED_CRYPT} -eq 1 ]; then - export root="/dev/mapper/root" - fi - else - err "Password succeeded, but ${cryptname} creation failed, aborting..." - return 1 - fi - elif [ -n "${crypto}" ]; then - [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated - msg "Non-LUKS encrypted device found..." - if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then - err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip" - err "Non-LUKS decryption not attempted..." - return 1 - fi - exe="cryptsetup open --type plain $resolved $cryptname $cryptargs" - IFS=: read c_hash c_cipher c_keysize c_offset c_skip < Date: Thu, 18 Feb 2021 19:06:19 +0200 Subject: [PATCH 15/17] Use zstd compression for initrd --- root/etc/mkinitcpio.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/root/etc/mkinitcpio.conf b/root/etc/mkinitcpio.conf index 1c602676..54c22309 100644 --- a/root/etc/mkinitcpio.conf +++ b/root/etc/mkinitcpio.conf @@ -1,3 +1,4 @@ +COMPRESSION="zstd" MODULES=(amdgpu) FILES=() From f2eb0247d6a2e97b35ef62dd6eaa5c44b121db88 Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Sat, 27 Feb 2021 11:49:51 +0200 Subject: [PATCH 16/17] Update dotdrop --- dotdrop | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dotdrop b/dotdrop index f0da6a6f..900f705b 160000 --- a/dotdrop +++ b/dotdrop @@ -1 +1 @@ -Subproject commit f0da6a6f9c59892e9f820443d235350ef0b2e8fd +Subproject commit 900f705b30ee07063ecc7f2df24fc7b28a9451a5 From d444812c173b688c762f745413fd918674f513cc Mon Sep 17 00:00:00 2001 From: Marko Korhonen Date: Sat, 27 Feb 2021 11:49:59 +0200 Subject: [PATCH 17/17] Disable laptop screen output when closing lid --- home/.config/sway/conf.d/04-output.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home/.config/sway/conf.d/04-output.conf b/home/.config/sway/conf.d/04-output.conf index b6030a4a..0a264714 100644 --- a/home/.config/sway/conf.d/04-output.conf +++ b/home/.config/sway/conf.d/04-output.conf @@ -3,3 +3,7 @@ output * bg $wallpaper fill output eDP-1 position 0 0 output HDMI-A-1 position 1920 0 + +# Disable laptop screen when lid is closed +bindswitch --locked lid:on output $laptop disable +bindswitch --locked lid:off output $laptop enable