diff --git a/guides/9_CACHYOS.md b/guides/9_CACHYOS.md deleted file mode 100644 index 2bc5632..0000000 --- a/guides/9_CACHYOS.md +++ /dev/null @@ -1,52 +0,0 @@ -# CachyOS - -This guide will walk you through converting your existing Arch Linux installation into a CachyOS installation / installation using the CachyOS optimzied repos. - -## Why - -TODO - -## Installation - -The installation process is fairly straight forward, as CachyOS provides a script to automatically handle configuring -pacman for you to work with the CachyOS repos. All you need to do is: - -```bash -curl https://mirror.cachyos.org/cachyos-repo.tar.xz -o cachyos-repo.tar.xz -tar xvf cachyos-repo.tar.xz && cd cachyos-repo -sudo ./cachyos-repo.sh -``` - -Source: - -## Moving to an optimzied kernel - -Most people decide to use CachyOS mainly to benefit from the optimized kernel packages, as that is generally the most -performance critical part of your system. Even though the CachyOS repos also bring a bunch of other optimized packages, -which definitely contribute to performance improvements too, switching the generic kernel for an optimized one is -usually going to be the most impactful. - -TODO - -## Automatic mirror ranking - -For most Arch installation, `reflector` is used for handling optimizing the mirror order (to improve pacman download speeds), however, for CachyOS, there is a dedicated tool that includes the cachyos repos & mirrors which should be used instead, being [cachyos-rate-mirrors] - -```bash -paru -S cachyos-rate-mirrors -sudo systemctl enable --now cachyos-rate-mirrors.timer -sudo systemctl disable --now reflector.timer -``` - -[cachyos-rate-mirrors]: https://github.com/CachyOS/rate-mirrors - -## Cachyos settings - -Cachyos also provides a `cachyos-settings` package, which contains a set of opinionated settings for various parts of -the system. These are generally designed primarily to improve performance. Personally, I like to handle these on my -own, allowing me to customize them a bit easier from within my dotfiles repo, however, if you do wish to use them, you -can simply do: - -```bash -paru -S cachyos-settings -``` diff --git a/install_root.sh b/install_root.sh index 591c4da..8c93dc3 100755 --- a/install_root.sh +++ b/install_root.sh @@ -74,7 +74,7 @@ echo " - Symlink /etc/resolv.conf to use systemd-resolved stub (you need to be o echo "Optional extra steps:" echo " - enable cronie & copy /etc/crontab & anacrontab from dotfiles" echo " - install docker and copy /etc/docker" -echo " - setup network manager privacy settings by copying /etc/NetworkManager" +echo " - setup MAC address randomization by copying /etc/NetworkManager" echo " - setup battery optimizations (follow guide)" echo " - setup UKIs -> secure-boot -> systemd initramfs -> tpm unlocking (follow guides)" diff --git a/root/etc/NetworkManager/conf.d/dhcp-hostname.conf b/root/etc/NetworkManager/conf.d/dhcp-hostname.conf deleted file mode 100644 index 6c6ceed..0000000 --- a/root/etc/NetworkManager/conf.d/dhcp-hostname.conf +++ /dev/null @@ -1,12 +0,0 @@ -# Do not send the system hostname to DHCP servers. -# -# Normally NetworkManager includes the hostname in DHCP requests so the -# server can label leases or register dynamic DNS entries. Most networks -# do not rely on this, and disabling it slightly reduces information -# leaked about the device (especially when MAC randomization is used). -# -# Individual connections can override this if needed: -# nmcli connection modify ipv4.dhcp-send-hostname yes ipv6.dhcp-send-hostname yes -[connection] -ipv4.dhcp-send-hostname=false -ipv6.dhcp-send-hostname=false diff --git a/root/etc/NetworkManager/conf.d/llmnr-mdns.conf b/root/etc/NetworkManager/conf.d/llmnr-mdns.conf deleted file mode 100644 index 676b15b..0000000 --- a/root/etc/NetworkManager/conf.d/llmnr-mdns.conf +++ /dev/null @@ -1,8 +0,0 @@ -# Disable link-local name resolution protocols. -# -# LLMNR and mDNS allow devices on the same LAN to resolve hostnames -# without DNS. They are rarely needed on managed networks and can -# expose system information to the local network. -[connection] -connection.llmnr=0 -connection.mdns=0 diff --git a/root/etc/mkinitcpio.conf b/root/etc/mkinitcpio.conf deleted file mode 100644 index 068f7dc..0000000 --- a/root/etc/mkinitcpio.conf +++ /dev/null @@ -1,81 +0,0 @@ -# vim:set ft=sh -# MODULES -# The following modules are loaded before any boot hooks are -# run. Advanced users may wish to specify all system modules -# in this array. For instance: -# MODULES=(usbhid xhci_hcd) -MODULES=() - -# BINARIES -# This setting includes any additional binaries a given user may -# wish into the CPIO image. This is run last, so it may be used to -# override the actual binaries included by a given hook -# BINARIES are dependency parsed, so you may safely ignore libraries -BINARIES=() - -# FILES -# This setting is similar to BINARIES above, however, files are added -# as-is and are not parsed in any way. This is useful for config files. -FILES=() - -# HOOKS -# This is the most important setting in this file. The HOOKS control the -# modules and scripts added to the image, and what happens at boot time. -# Order is important, and it is recommended that you do not change the -# order in which HOOKS are added. Run 'mkinitcpio -H ' for -# help on a given hook. -# 'base' is _required_ unless you know precisely what you are doing. -# 'udev' is _required_ in order to automatically load modules -# 'filesystems' is _required_ unless you specify your fs modules in MODULES -# Examples: -## This setup specifies all modules in the MODULES setting above. -## No RAID, lvm2, or encrypted root is needed. -# HOOKS=(base) -# -## This setup will autodetect all modules for your system and should -## work as a sane default -# HOOKS=(base udev autodetect microcode modconf block filesystems fsck) -# -## This setup will generate a 'full' image which supports most systems. -## No autodetection is done. -# HOOKS=(base udev microcode modconf block filesystems fsck) -# -## This setup assembles a mdadm array with an encrypted root file system. -## Note: See 'mkinitcpio -H mdadm_udev' for more information on RAID devices. -# HOOKS=(base udev microcode modconf keyboard keymap consolefont block mdadm_udev encrypt filesystems fsck) -# -## This setup loads an lvm2 volume group. -# HOOKS=(base udev microcode modconf block lvm2 filesystems fsck) -# -## This will create a systemd based initramfs which loads an encrypted root filesystem. -# HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole sd-encrypt block filesystems fsck) -# -## NOTE: If you have /usr on a separate partition, you MUST include the -# usr and fsck hooks. -HOOKS=(base systemd plymouth autodetect microcode modconf kms keyboard sd-vconsole numlock sd-encrypt block filesystems fsck) - -# COMPRESSION -# Use this to compress the initramfs image. By default, zstd compression -# is used for Linux ≥ 5.9 and gzip compression is used for Linux < 5.9. -# Use 'cat' to create an uncompressed image. -#COMPRESSION="zstd" -#COMPRESSION="gzip" -#COMPRESSION="bzip2" -#COMPRESSION="lzma" -#COMPRESSION="xz" -#COMPRESSION="lzop" -#COMPRESSION="lz4" - -# COMPRESSION_OPTIONS -# Additional options for the compressor -#COMPRESSION_OPTIONS=() - -# MODULES_DECOMPRESS -# Decompress loadable kernel modules and their firmware during initramfs -# creation. Switch (yes/no). -# Enable to allow further decreasing image size when using high compression -# (e.g. xz -9e or zstd --long --ultra -22) at the expense of increased RAM usage -# at early boot. -# Note that any compressed files will be placed in the uncompressed early CPIO -# to avoid double compression. -#MODULES_DECOMPRESS="no" diff --git a/root/etc/systemd/resolved.conf b/root/etc/systemd/resolved.conf index ef71348..be2b2e0 100644 --- a/root/etc/systemd/resolved.conf +++ b/root/etc/systemd/resolved.conf @@ -31,7 +31,7 @@ FallbackDNS=9.9.9.9#dns.quad9.net 2620:fe::9#dns.quad9.net 1.1.1.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com #Domains= #DNSSEC=no -DNSOverTLS=opportunistic +DNSOverTLS=yes #MulticastDNS=yes #LLMNR=yes #Cache=yes