woods.art
: Home Docs Downloads - Git repos

Debian Misc Info & Tips

Full Disk encryption

The current version of GRUB in Debian Bullseye only supports LUKS1 and by default the Debian uses LUKS2. The most simple way around this is to install with a seperate /boot partition and then convert that to LUKS1 so grub can access it. Then from there, everything but /boot/efi is encrypted. Not perfect but it works pretty well.

My Refs

Full Disk Encryption in Debian

Paraphrased Steps

See the link above for more in detail steps! This isn't a step by step guide.

  1. Install Debian with:
    • normal /boot/efi partition
    • normal /boot partition
    • LVM on top of LUKS:
      • /
      • /home
      • swap
      • anything else you want
  2. Boot up install and test out the system
  3. umount /boot/efi
  4. Tar up /boot
  5. umount the /boot partition
  6. Set up LUKS1 on the /boot partition then install an FS on it, like ext4
  7. Update /etc/crypttab
  8. Update /etc/fstab
  9. mount /boot
  10. untar /boot backup
  11. mount /boot/efi
  12. regenerate the grub cfg and make sure the cryptoisk module is enabled
  13. regenerate the initramfs
  14. test boot (will have to input both luks passwords)
  15. follow the one password steps in the link above for both the LVM and /boot partition

Compiling a Custom Vanilla Kernel

This is really easy in Debian nowadays.

  1. Make sure you have all the packages installed to BUILD a kernel
  2. git clone linux-stable
  3. DL Debian kernel with a version close to yours
  4. Extract deb package with ar then data.tar.xz with tar
  5. Copy over config from deb package to linux-stable
  6. $ make olddefconfig
  7. $ make -j `nproc` bindeb-pkg
  8. $ sudo dpkg -i ../linux-header... ../linux-image # not the debug stuff unless you want though
  9. Maybe get yourself a cup of coffee as a reward

Various Small $STUFF

xtrlock with XFCE4 Util

Easiest way is to just create a wrapper in /usr/local/bin/xlock for xtrlock -b. Also for the /usr/bin/xflock4 command, sneak in a sleep 1 above the xset dpms force off so the monitor power saving mode is turned on when you lock your screen.

surfshark Always Running

Call me crazy but I'm not a fan of SW always running, especially when I'm not using it.

# systemctl --user --global disable surfsharkd.service
# systemctl disable surfsharkd2.service

Then you can run a wrapper:

#!/bin/bash

systemctl --user start surfsharkd.service
sleep 1
/usr/bin/surfshark
sleep 1
systemctl --user stop surfsharkd.service