diff --git a/.circleci/config.yml b/.circleci/config.yml
index e6c4748..89d5255 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -12,8 +12,8 @@ jobs:
name: install AWS CLI
command: |
sudo apt update
- sudo apt install python-pip
- pip install awscli
+ sudo apt install python3-pip
+ pip3 install awscli
# build with hugo
- run: HUGO_ENV=production hugo -v --minify
diff --git a/.gitmodules b/.gitmodules
deleted file mode 100644
index a6851ba..0000000
--- a/.gitmodules
+++ /dev/null
@@ -1,3 +0,0 @@
-[submodule "themes/terminal"]
- path = themes/terminal
- url = https://github.com/panr/hugo-theme-terminal.git
diff --git a/config/_default/config.toml b/config/_default/config.toml
index a60bfba..98adb9b 100644
--- a/config/_default/config.toml
+++ b/config/_default/config.toml
@@ -1,4 +1,7 @@
baseURL = "https://alejandr0angul0.dev/"
languageCode = "en-us"
-theme = "terminal"
+theme = "alejandro-angulo"
+[markup]
+ [markup.highlight]
+ noClasses = false
diff --git a/config/_default/languages.toml b/config/_default/languages.toml
index 2b28f54..3876603 100644
--- a/config/_default/languages.toml
+++ b/config/_default/languages.toml
@@ -1,6 +1,6 @@
[en]
languageName = "English"
-title = "Alejandr00"
+title = "alejandr00"
subtitle = ""
owner = ""
keywords = ""
@@ -24,4 +24,3 @@ missingBackButtonLabel = "Back to home page"
identifier = "gh"
name = "github"
url = "https://github.com/alejandro-angulo"
-
diff --git a/config/_default/params.toml b/config/_default/params.toml
index 107ffa7..f869ad7 100644
--- a/config/_default/params.toml
+++ b/config/_default/params.toml
@@ -37,3 +37,6 @@ showLastUpdated = false
creator = "alejandr0angul0"
site = "alejandr0angul0"
+[markup]
+ [markup.highlight]
+ codeFences = false
diff --git a/content/posts/X1C6-arch-linux-install.md b/content/posts/X1C6-arch-linux-install.md
new file mode 100644
index 0000000..368dfd7
--- /dev/null
+++ b/content/posts/X1C6-arch-linux-install.md
@@ -0,0 +1,607 @@
++++
+title = "Arch Linux X1 Carbon 6"
+date = "2020-07-30T17:56:45-07:00"
+author = ""
+authorTwitter = "" #do not include @
+cover = ""
+tags = ["info-dump"]
+keywords = ["arch", "linux", "thinkpad", "X1", "carbon", "LUKS", "install"]
+description = ""
+showFullContent = false
++++
+
+I recently picked up a 6th gen X1 Carbon so of course I wanted to install Arch Linux on it. This post documents the steps I took
+in case I ever have to do this again. I used [ejmg's
+guide](https://github.com/ejmg/an-idiots-guide-to-installing-arch-on-a-lenovo-carbon-x1-gen-6) guide, [HardenedArray's gist
+guide](https://gist.github.com/HardenedArray/ee3041c04165926fca02deca675effe1), and the [Arch Linux wiki
+page](https://wiki.archlinux.org/index.php/Lenovo_ThinkPad_X1_Carbon_(Gen_6)) as references.
+
+_Note_: This was my setup as of July 2020ish. Things have changed since then.
+
+## Setup
+
+### Prepare Installation Media
+
+This part is relatively straighforward. Check out the [arch wiki
+page](https://wiki.archlinux.org/title/USB_flash_installation_medium).
+
+### Prepare BIOS
+
+BIOS -> Security -> Secure Boot -> Disable
+BIOS -> Config -> Thunderbolt(TM) 3 -> Thunderbolt BIOS Assist Mode: Enabled
+
+Configure boot order to boot off USB
+BIOS -> Startup -> Boot -> Move USB HDD to the top of the list (also moved USB FDD to 2nd since I wasn't sure which one I needed
+
+Plug in USB
+
+## Live Environment Setup
+
+### Connect to WiFi Network
+
+I was able to get everything set up with `iwctl`. Once you're in the `iwctl` prompt, use the `help` command to see available
+commands.
+
+```bash
+# iwctl
+[iwd]# device list
+
+# Shows devices installed. Mine was wlan0
+
+[iwd]# station wlan0 get-networks
+
+# Shows available networks
+
+[iwd]# station wlan0 connect $SSID
+
+# Wrap your SSID in quotes if it has spaces
+# Enter passphrase when prompted
+
+[iwd]# exit
+```
+
+### Partition Drive
+
+TODO: Rewrite this section to have more of a focus on what commands to run (too much time spent describing)
+
+My device had two SSDs installed. `lsblk` showed them as `nvme0n1` and `nvme1n1`. My primary SSD was `nvme1n1` so I ran `gdisk
+/dev/nmve1n1`. You can enter `?` to get a list of commands. I went ahead and deleted (`d`) all the existing partitions. Created an
+EFI partition (`n`) on partition 1 with a size of 100 MiB (chose first sector and then `+100M` for the last sector) with hex code
+EF00 (EFI partition). I created partition 2 to span the rest of the device. I tried having a separate boot partition but ran into
+issues getting my system to boot up properly. It's probably possible to have a separate boot partition but it probably makes the
+setup more complex. So, unless you know what you're doing, don't create any other partitions on this drive.
+
+For my second drive I ran `gdisk /dev/nvme0n1` and left a single partition spanning the entire device with hex code 8300 (Linux
+FS). This drive can be partitioned however you like.
+
+I should zero my devices but I'm not that paranoid so I didn't. This could be done with `ddrescue` or with `cat` like so `cat
+/dev/zero > /dev/nvme1n1 && cat /dev/zero /dev/nme0n1`.
+
+### Setup filesystems
+
+#### Encrypting Devices
+
+Encrypt all partitions except for the EFI partition. This is done with `cryptsetup`'s `luksFormat` subcommand. `luksFormat` will
+prompt for a password. **Do not** forget these passwords or you'll be locked out of your drives and be forced to reformat. The
+passwords don't have to match. In fact, it's better to have a unique password for each one but **do not** forget the passwords. Once
+the drives are encrypted, they need to be opened with the `luksOpen` subcommand. The last part of the `luksOpen` (`EncryptedBoot`
+and `Secondary` below) subcommand is just a label and can be any value (just be sure to remain consistent -- these labels will be
+used later on).
+
+These are the commands I ran:
+
+```bash
+cryptsetup -c aes-xts-plain64 -h sha512 -s 512 --use-random --type luks1 luksFormat /dev/nvme1n1p2
+cryptsetup -c aes-xts-plain64 -h sha512 -s 512 --use-random --type luks1 luksFormat /dev/nme0n1p1
+cryptsetup luksOpen /dev/nvme1n1p2 EncryptedBoot
+cryptsetup luksOpen /dev/nvme0n1p1 Secondary
+```
+
+When I first tried setting this up I realized I had accidentally encrypted the EFI partition (saw an error when I tried to mount
+it later on). Fixing this is easy though, just close the partition with `cryptsetup luksClose EncryptedBoot`. Replace
+`EncryptedBoot` with whatever label was given (this can be checked with `lsblk`). Once the partition is closed, reformat it with
+FAT32 again (see the [`Create FileSystems`](#create-filesystems) section).
+
+#### LVM
+
+Use the Linux Volume Manager (LVM) to create a swap volume on the primary drive (labeled `EncryptedBoot`). Setup volumes for the
+secondary drive (labeled `Secondary`) while we're at it.
+
+```bash
+pvcreate /dev/mapper/EncryptedBoot
+vgcreate Arch /dev/mapper/EncryptedBoot
+lvcreate -L 16G -n swap
+lvcreate -l 100%FREE Arch -n root
+pvcreate /dev/mapper/Secondary
+vgcreate Data /dev/mapper/Secondary
+lvcreate -l 100%FREE Data -n root
+```
+
+#### Create Filesystems
+
+Create a FAT32 filesystem for the EFI partition, set up the swap partition, and format the rest with ext4.
+
+
+```bash
+mkfs.vfat -F 32 /dev/nvme1n1p1
+mkswap /dev/mapper/Arch-swap
+mkfs.ext4 /dev/mapper/Arch-root
+mkfs.ext4 /dev/mapper/Data-root
+```
+
+## Installation
+
+### Bootstrap
+
+Now that the drives are ready, the actual installation can begin. Mount the drives first.
+
+```bash
+mount /dev/mapper/Arch-root /mnt
+swapon /dev/mapper/Arch-swap
+mkdir /mnt/boot
+mkdir -p /mnt/mnt/data
+mount /dev/mapper/Data-root /mnt/mnt/data
+mkdir /mnt/efi
+mount /dev/nvme1n1p1 /mnt/efi
+```
+
+Install a base set of packages. More will be installed later on, this is just a minimal set of packages.
+
+```bash
+pacstrap /mnt base base-devel grub efibootmgr dialog wpa_supplicant linux linux-headers vim dhcpcd netctl lvm2 linux-firmware iwd
+man-db man-pages
+```
+
+_Note:_ Later on when I was configuring my network after Arch had been installed I realized I didn't use `netctl` or `dhcpcd`.
+These can probably be left out. Not sure if `wpa_supplicant` needs to be installed here either. `vim` could be replaced with a
+different editor like `emacs` or `nano`.
+
+One last step before chroot'ing into the Arch installation is to write an `/etc/fstab` file. This can be generated with `genfstab`.
+
+```bash
+genfstab -U /mnt >> /mnt/etc/fstab
+```
+
+Before continuing, review `/mnt/etc/fstab` and make any necessary changes (I didn't need to make any changes but it's a good idea
+to check). It's finally time to chroot.
+
+```bash
+arch-chroot /mnt /bin/bash
+```
+
+The root is now the same as the Arch install's root.
+
+### Housekeeping
+
+Find the local timezone in `/usr/share/zoneinfo` and set the system timezone.
+
+```bash
+ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
+```
+
+Set the hostname. I decided on naming my computer `carbon`.
+
+```bash
+echo carbon > /etc/hostname
+```
+
+Set the locale. Go through `/etc/locale.gen` and uncomment the relevant lines. I only uncommented `en_US.UTF-8 UTF-8`. After that,
+generate localization files.
+
+```bash
+echo LANG=en_US.UTF-8 > /etc/locale.conf
+locale-gen
+```
+
+Set the root password and create a user account (bad practice to run as root).
+
+```bash
+passwd
+useradd -m -G wheel -s /bin/bash alejandro
+```
+
+Replace `alejandro` with your username. `sudo` will later be configured to allow users in the `wheel` group.
+
+### More Encryption Configuration
+
+When the system boots up, the bootloader (I'll be using `grub`) will need to read `/boot` and the system will need access to any
+other volumes specified in the fstab file. Without any extra configuration, there will be a passphrase prompt for every volume.
+LUKS devices have multiple "key slots." It's possible to use a key file to fill in one of the key slots and later pass that file
+in to open (decrypt) a LUKS device. This makes it possible to have `grub` handle decryption of root and swap without requiring the
+user to enter multiple passphrases (which is clunky and error-prone). Other volumes (my data root volume) can be configured in
+`/etc/crypttab` (similar to `/etc/fstab`) to also be automatically opened.
+
+Generate a random keyfile.
+
+```bash
+cd /
+dd bs=512 count=4 if=/dev/random of=crypto_keyfile.bin iflag=fullblock
+```
+
+This keyfile should **never** be shared. In fact, no user should have access to this file. The [arch wiki
+warns](https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#With_a_keyfile_embedded_in_the_initramfs) that initramfs's
+permissions should be set to 600 as well.
+
+```bash
+chmod 000 /crypto_keyfile.bin
+chmod 600 /boot/initramfs-linux*
+```
+
+Add the keyfile to the LUKS devices.
+
+```bash
+cryptsetup luksAddKey /dev/nvme1n1p2 /crypto_keyfile.bin
+cryptsetup luksAddKey /dev/nvme0n1p1 /crypto_keyfile.bin
+# Use the commands below to verify the keyfile has been added.
+cryptsetup luksDump /dev/nvme1n1p2 # Should see slots 0 and 1 occupied
+cryptsetup luksDump /dev/nvme0n1p1 # Should see slots 0 and 1 occupied
+```
+
+Configure automatic opening of the data volume through `crypttab`. Edit `/etc/crypttab`
+
+```plaintext
+# SNIP ...
+#
+ Go home or use the navigation at the bottom of the page to navigate to another page.
+
+ {{ .Summary }}}}
+```json
{
"Aliases": {
"Quantity": 1,
@@ -253,7 +253,7 @@ for the JSON required is below. The region name is whatever was configured when
"HttpVersion": "http2",
"IsIPV6Enabled": true
}
-{{
}}
+```
```bash
aws create-distribution --distribution-config file://
+__/\\\\\_____/\\\________________________________________/\\\\\\\\\\\\\\\___________________________________________________/\\\__
+ _\/\\\\\\___\/\\\_______________________________________\/\\\///////////___________________________________________________\/\\\__
+ _\/\\\/\\\__\/\\\___________________/\\\________________\/\\\______________________________________________________________\/\\\__
+ _\/\\\//\\\_\/\\\_____/\\\\\_____/\\\\\\\\\\\___________\/\\\\\\\\\\\_________/\\\\\_____/\\\____/\\\__/\\/\\\\\\__________\/\\\__
+ _\/\\\\//\\\\/\\\___/\\\///\\\__\////\\\////____________\/\\\///////________/\\\///\\\__\/\\\___\/\\\_\/\\\////\\\____/\\\\\\\\\__
+ _\/\\\_\//\\\/\\\__/\\\__\//\\\____\/\\\________________\/\\\______________/\\\__\//\\\_\/\\\___\/\\\_\/\\\__\//\\\__/\\\////\\\__
+ _\/\\\__\//\\\\\\_\//\\\__/\\\_____\/\\\_/\\____________\/\\\_____________\//\\\__/\\\__\/\\\___\/\\\_\/\\\___\/\\\_\/\\\__\/\\\__
+ _\/\\\___\//\\\\\__\///\\\\\/______\//\\\\\_____________\/\\\______________\///\\\\\/___\//\\\\\\\\\__\/\\\___\/\\\_\//\\\\\\\/\\_
+ _\///_____\/////_____\/////_________\/////______________\///_________________\/////______\/////////___\///____\///___\///////\//__
+
+
+{{ .Title }}
+{{ range .Pages.ByPublishDate.Reverse }}
+{{ .Title }}
+ {{ partial "metadata.html" . }}
+
+
+
+__/\\\_________________________/\\\\\\_____/\\\\\\___________________________________________________________________________/\\\\\\____________/\\\__ + _\/\\\________________________\////\\\____\////\\\__________________________________________________________________________\////\\\___________\/\\\__ + _\/\\\___________________________\/\\\_______\/\\\_____________________________________________________________________________\/\\\___________\/\\\__ + _\/\\\_____________/\\\\\\\\_____\/\\\_______\/\\\________/\\\\\_______________/\\____/\\___/\\_____/\\\\\_____/\\/\\\\\\\_____\/\\\___________\/\\\__ + _\/\\\\\\\\\\____/\\\/////\\\____\/\\\_______\/\\\______/\\\///\\\____________\/\\\__/\\\\_/\\\___/\\\///\\\__\/\\\/////\\\____\/\\\______/\\\\\\\\\__ + _\/\\\/////\\\__/\\\\\\\\\\\_____\/\\\_______\/\\\_____/\\\__\//\\\___________\//\\\/\\\\\/\\\___/\\\__\//\\\_\/\\\___\///_____\/\\\_____/\\\////\\\__ + _\/\\\___\/\\\_\//\\///////______\/\\\_______\/\\\____\//\\\__/\\\_____________\//\\\\\/\\\\\___\//\\\__/\\\__\/\\\____________\/\\\____\/\\\__\/\\\__ + _\/\\\___\/\\\__\//\\\\\\\\\\__/\\\\\\\\\__/\\\\\\\\\__\///\\\\\/_______________\//\\\\//\\\_____\///\\\\\/___\/\\\__________/\\\\\\\\\_\//\\\\\\\/\\_ + _\///____\///____\//////////__\/////////__\/////////_____\/////__________________\///__\///________\/////_____\///__________\/////////___\///////\//__ ++{{ end }} diff --git a/themes/alejandro-angulo/layouts/partials/metadata.html b/themes/alejandro-angulo/layouts/partials/metadata.html new file mode 100644 index 0000000..501f336 --- /dev/null +++ b/themes/alejandro-angulo/layouts/partials/metadata.html @@ -0,0 +1,11 @@ + +{{ end }} diff --git a/themes/alejandro-angulo/static/css/highlight.css b/themes/alejandro-angulo/static/css/highlight.css new file mode 100644 index 0000000..84bd15a --- /dev/null +++ b/themes/alejandro-angulo/static/css/highlight.css @@ -0,0 +1,82 @@ +/* Background */ .chroma { color: #f8f8f2; background-color: #282a36 } +/* Other */ .chroma .x { } +/* Error */ .chroma .err { } +/* LineTableTD */ .chroma .lntd { vertical-align: top; padding: 0; margin: 0; border: 0; } +/* LineTable */ .chroma .lntable { border-spacing: 0; padding: 0; margin: 0; border: 0; width: auto; overflow: auto; display: block; } +/* LineHighlight */ .chroma .hl { display: block; width: 100%;background-color: #ffffcc } +/* LineNumbersTable */ .chroma .lnt { margin-right: 0.4em; padding: 0 0.4em 0 0.4em;color: #7f7f7f } +/* LineNumbers */ .chroma .ln { margin-right: 0.4em; padding: 0 0.4em 0 0.4em;color: #7f7f7f } +/* Keyword */ .chroma .k { color: #ff79c6 } +/* KeywordConstant */ .chroma .kc { color: #ff79c6 } +/* KeywordDeclaration */ .chroma .kd { color: #8be9fd; font-style: italic } +/* KeywordNamespace */ .chroma .kn { color: #ff79c6 } +/* KeywordPseudo */ .chroma .kp { color: #ff79c6 } +/* KeywordReserved */ .chroma .kr { color: #ff79c6 } +/* KeywordType */ .chroma .kt { color: #8be9fd } +/* Name */ .chroma .n { } +/* NameAttribute */ .chroma .na { color: #50fa7b } +/* NameBuiltin */ .chroma .nb { color: #8be9fd; font-style: italic } +/* NameBuiltinPseudo */ .chroma .bp { } +/* NameClass */ .chroma .nc { color: #50fa7b } +/* NameConstant */ .chroma .no { } +/* NameDecorator */ .chroma .nd { } +/* NameEntity */ .chroma .ni { } +/* NameException */ .chroma .ne { } +/* NameFunction */ .chroma .nf { color: #50fa7b } +/* NameFunctionMagic */ .chroma .fm { } +/* NameLabel */ .chroma .nl { color: #8be9fd; font-style: italic } +/* NameNamespace */ .chroma .nn { } +/* NameOther */ .chroma .nx { } +/* NameProperty */ .chroma .py { } +/* NameTag */ .chroma .nt { color: #ff79c6 } +/* NameVariable */ .chroma .nv { color: #8be9fd; font-style: italic } +/* NameVariableClass */ .chroma .vc { color: #8be9fd; font-style: italic } +/* NameVariableGlobal */ .chroma .vg { color: #8be9fd; font-style: italic } +/* NameVariableInstance */ .chroma .vi { color: #8be9fd; font-style: italic } +/* NameVariableMagic */ .chroma .vm { } +/* Literal */ .chroma .l { } +/* LiteralDate */ .chroma .ld { } +/* LiteralString */ .chroma .s { color: #f1fa8c } +/* LiteralStringAffix */ .chroma .sa { color: #f1fa8c } +/* LiteralStringBacktick */ .chroma .sb { color: #f1fa8c } +/* LiteralStringChar */ .chroma .sc { color: #f1fa8c } +/* LiteralStringDelimiter */ .chroma .dl { color: #f1fa8c } +/* LiteralStringDoc */ .chroma .sd { color: #f1fa8c } +/* LiteralStringDouble */ .chroma .s2 { color: #f1fa8c } +/* LiteralStringEscape */ .chroma .se { color: #f1fa8c } +/* LiteralStringHeredoc */ .chroma .sh { color: #f1fa8c } +/* LiteralStringInterpol */ .chroma .si { color: #f1fa8c } +/* LiteralStringOther */ .chroma .sx { color: #f1fa8c } +/* LiteralStringRegex */ .chroma .sr { color: #f1fa8c } +/* LiteralStringSingle */ .chroma .s1 { color: #f1fa8c } +/* LiteralStringSymbol */ .chroma .ss { color: #f1fa8c } +/* LiteralNumber */ .chroma .m { color: #bd93f9 } +/* LiteralNumberBin */ .chroma .mb { color: #bd93f9 } +/* LiteralNumberFloat */ .chroma .mf { color: #bd93f9 } +/* LiteralNumberHex */ .chroma .mh { color: #bd93f9 } +/* LiteralNumberInteger */ .chroma .mi { color: #bd93f9 } +/* LiteralNumberIntegerLong */ .chroma .il { color: #bd93f9 } +/* LiteralNumberOct */ .chroma .mo { color: #bd93f9 } +/* Operator */ .chroma .o { color: #ff79c6 } +/* OperatorWord */ .chroma .ow { color: #ff79c6 } +/* Punctuation */ .chroma .p { } +/* Comment */ .chroma .c { color: #6272a4 } +/* CommentHashbang */ .chroma .ch { color: #6272a4 } +/* CommentMultiline */ .chroma .cm { color: #6272a4 } +/* CommentSingle */ .chroma .c1 { color: #6272a4 } +/* CommentSpecial */ .chroma .cs { color: #6272a4 } +/* CommentPreproc */ .chroma .cp { color: #ff79c6 } +/* CommentPreprocFile */ .chroma .cpf { color: #ff79c6 } +/* Generic */ .chroma .g { } +/* GenericDeleted */ .chroma .gd { color: #ff5555 } +/* GenericEmph */ .chroma .ge { text-decoration: underline } +/* GenericError */ .chroma .gr { } +/* GenericHeading */ .chroma .gh { font-weight: bold } +/* GenericInserted */ .chroma .gi { color: #50fa7b; font-weight: bold } +/* GenericOutput */ .chroma .go { color: #44475a } +/* GenericPrompt */ .chroma .gp { } +/* GenericStrong */ .chroma .gs { } +/* GenericSubheading */ .chroma .gu { font-weight: bold } +/* GenericTraceback */ .chroma .gt { } +/* GenericUnderline */ .chroma .gl { text-decoration: underline } +/* TextWhitespace */ .chroma .w { } diff --git a/themes/alejandro-angulo/static/css/style.css b/themes/alejandro-angulo/static/css/style.css new file mode 100644 index 0000000..c527c60 --- /dev/null +++ b/themes/alejandro-angulo/static/css/style.css @@ -0,0 +1,72 @@ +body { + background-color: #1d2021; + color: #ffffdf; + margin: 1em; +} + +a { + color: #00a7af; +} +a:visited { + color: #005f87; +} +a:hover { + background-color: #00a7af; + color: #1d2021; +} + +#header-link { + text-decoration: none; +} + +#content { + margin-bottom: 2em; +} + +#site-footer { + background-color: #3a3a3a; + bottom: 0; + left: 0; + margin: 0; + padding: 3px 0; + position: fixed; + width: 100%; +} + +#site-footer .current-page { + color: #ffaf00; + padding: 0 5px; +} + +#nav { + display: inline-block; +} + +.lhs { + float: left; +} + +.rhs { + float: right; +} + +.home-link, +.nav-link { + text-decoration: none; + padding: 0 5px; +} +.nav-link, +.nav-link:visited, +.home-link, +.home-link:visited { + color: #949494; +} +.nav-link:hover, +.home-link:hover { + color: inherit; + background-color: inherit; +} + +.highlight .chroma { + padding: 1em; +} diff --git a/themes/alejandro-angulo/theme.toml b/themes/alejandro-angulo/theme.toml new file mode 100644 index 0000000..46d637d --- /dev/null +++ b/themes/alejandro-angulo/theme.toml @@ -0,0 +1,7 @@ +name = "alejandro-angulo" +license = "MIT" +min_version = "0.41.0" + +[author] + name = "Alejandro Angulo" + homepage = "https://alejandr0angul0.dev/" diff --git a/themes/terminal b/themes/terminal deleted file mode 160000 index 6404a48..0000000 --- a/themes/terminal +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 6404a48fe385a70a8ca22e9da72839c9709665de