From c09fa9e94d150319580288f1e46f3b23e506615b Mon Sep 17 00:00:00 2001
From: TommyTran732 <57488583+tommytran732@users.noreply.github.com>
Date: Sun, 25 Jul 2021 08:33:40 +0000
Subject: [PATCH] Update README.md

---
 README.md | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/README.md b/README.md
index 263d2e7..13212f3 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,15 @@ This fork comes with various security improvements and fully working rollbacks w
 6. `cd Arch-Setup-Script`
 7. `chmod u+x ./install.sh && ./install.sh`
 
+### Changes to the original project
+1. Encrypted /boot with LUKS1
+2. SUSE - like partition layout and fully working snapper snapshots & rollback
+3. Minimally setup GNOME 40 with pipewire
+4. AppArmor and Firewalld enabled by default
+5. Defaulting umask to 077
+6. Randomize Mac Address and disable Connectivity Check for privacy
+7. Added some kernel/grub settings from https://github.com/Whonix/security-misc/tree/master/etc/default
+
 ### Snapper behavior
 The partition layout I use rallows us to replicate the behavior found in openSUSE 🦎
 1. Snapper rollback <number> works! You will no longer need to manually rollback from a live USB like you would with the @ and @home layout suggested in the Arch Wiki.
@@ -20,17 +29,6 @@ The partition layout I use rallows us to replicate the behavior found in openSUS
 4. Directories such as /boot, /boot/efi, /var/log, /var/crash, /var/tmp, /var/spool, /var/lib/libvirt/images are excluded from the snapshots as they either should be persistent or are just temporary files. /cryptkey is excluded as we do not want the encryption key to be included in the snapshots, which could be sent to another device as a backup.
 5. GRUB will boot into the default BTRFS snapshot set by snapper. Like on SUSE, your running system will always be a read-write snapshot in @/.snapshots/X/snapshot. 
 
-### Changes to the original project
-1. Encrypted /boot
-2. SUSE - like partition layout
-3. Snapper snapshots & rollback
-4. Default umask to 077
-5. Firewalld is enabled by default
-6. Minimally setup GNOME 40 with pipewire
-7. Randomize Mac Address and disable Connectivity Check for privacy
-8. Added some kernel/grub settings from https://github.com/Whonix/security-misc/tree/master/etc/default
-
-
 ### Partitions layout 
 
 | Partition/Subvolume | Label                        | Mountpoint               | Notes                       |