User:Rdeckard/Post installation

From Void Linux Wiki
Jump to: navigation, search

Networking

If you have a wireless connection, create the following file:

/etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=/run/wpa_supplicant
update_config=1

Then connect to a wifi network with:

# wpa_supplicant -B -i interface -c /etc/wpa_supplicant/wpa_supplicant.conf
# wpa_cli
> scan
> scan_results
> add_network
> set_network 0 ssid "SSID"
> set_network 0 psk "passphrase"
> enable_network 0
> save_config
> quit

Now add the dhcpcd hook for wpa_supplicant:

# ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /usr/lib/dhcpcd/dhcpcd-hooks/

For both wired and wireless connections, enable the dhcpcd service.

Tip: To generate a minimal configuration for an SSID and passphrase already known use wpa_passphrase SSID passphrase. Then add to the wpa_supplicant configuration file.

Time synchronization

Enable the ntpd service and mark it down by default.

Add it as a dhcpcd hook:

/etc/dhcpcd-exit.hook
sv start ntpd

DNS resolver

Install the unbound package.

Set your DNS server to 127.0.0.1:

/etc/resolv.conf
127.0.0.1

Ensure that dhcpcd won't overwrite it:

/etc/dhcpcd.conf
nohook resolv.conf

Add the following configuration file for unbound. It includes DNSSEC, root hints, and ad blocking. Add the IP addresses of DNS servers where indicated.

/etc/unbound/unbound.conf
server:

  username: unbound
  pidfile: "/etc/unbound/unbound.pid"
  directory: "/etc/unbound"

  trust-anchor-file: "/etc/unbound/root.key"
  root-hints: "/etc/unbound/root.hints"
  include: /etc/unbound/ads.conf

  do-not-query-localhost: no
  forward-zone:
    name: "."
    forward-addr: dns_ip_addr1
    forward-addr: dns_ip_addr2

Update the trust anchor file:

# unbound-anchor -a /etc/unbound/root.key

Update the root hints file:

# curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache

Update the ad blocking file:

# curl https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | awk '/^0\.0\.0\.0/ {print "local-zone: \""$2"\" redirect\nlocal-data: \""$2" A 0.0.0.0\""}' > /etc/unbound/ads.conf
Tip: Put the above commands in a cron job to regularly update the files.

Enable the unbound service, mark it as down by default, and then add it as a dhcpcd exit hook.

Test DNSSEC

$ unbound-host -C /etc/unbound/unbound.conf -v sigok.verteiltesysteme.net

The first output line should be something like the following. Note the word "secure".

sigok.verteiltesysteme.net has address 134.91.78.139 (secure)
$ unbound-host -C /etc/unbound/unbound.conf -v sigfail.verteiltesysteme.net

The first output line should be something like the following. Note the word "BOGUS".

sigfail.verteiltesysteme.net has address 134.91.78.139 (BOGUS (security failure))

Setup cron

Install cronie, postfix, and s-nail.

Setup postfix for local mail only. Append the following to the specified file.

/etc/postfix/main.cf
myhostname = localhost
mydomain = localdomain
mydestination = $myhostname, localhost.$mydomain, localhost
inet_interfaces = $myhostname, localhost
mynetworks_style = host
default_transport = error: outside mail is not deliverable

Edit your crontab to mail cron output to your user:

# crontab -e
MAILTO=user@localhost

Enable cronie and postfix.

To access output from cron:

$ mail