Tomster/Arch-Setup-Script
1
0
Fork 0
mirror of https://github.com/tommytran732/Arch-Setup-Script synced 2024-11-21 17:11:34 -05:00
Code

Update README.md

Browse Source
This commit is contained in:
TommyTran732 2021-07-25 08:33:40 +00:00 committed by tommytran732
parent d09fe558bf
commit 56ecf1c777
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -12,6 +12,15 @@ This fork comes with various security improvements and fully working rollbacks w
6. `cd Arch-Setup-Script`
7. `chmod u+x ./install.sh && ./install.sh`
### Changes to the original project
1. Encrypted /boot with LUKS1
2. SUSE - like partition layout and fully working snapper snapshots & rollback
3. Minimally setup GNOME 40 with pipewire
4. AppArmor and Firewalld enabled by default
5. Defaulting umask to 077
6. Randomize Mac Address and disable Connectivity Check for privacy
7. Added some kernel/grub settings from https://github.com/Whonix/security-misc/tree/master/etc/default
### Snapper behavior
The partition layout I use rallows us to replicate the behavior found in openSUSE 🦎
1. Snapper rollback <number> works! You will no longer need to manually rollback from a live USB like you would with the @ and @home layout suggested in the Arch Wiki.
@ -20,17 +29,6 @@ The partition layout I use rallows us to replicate the behavior found in openSUS
4. Directories such as /boot, /boot/efi, /var/log, /var/crash, /var/tmp, /var/spool, /var/lib/libvirt/images are excluded from the snapshots as they either should be persistent or are just temporary files. /cryptkey is excluded as we do not want the encryption key to be included in the snapshots, which could be sent to another device as a backup.
5. GRUB will boot into the default BTRFS snapshot set by snapper. Like on SUSE, your running system will always be a read-write snapshot in @/.snapshots/X/snapshot.
### Changes to the original project
1. Encrypted /boot
2. SUSE - like partition layout
3. Snapper snapshots & rollback
4. Default umask to 077
5. Firewalld is enabled by default
6. Minimally setup GNOME 40 with pipewire
7. Randomize Mac Address and disable Connectivity Check for privacy
8. Added some kernel/grub settings from https://github.com/Whonix/security-misc/tree/master/etc/default
### Partitions layout
| Partition/Subvolume | Label | Mountpoint | Notes |