Triaxx Web Log

Some notes on anything…

GPG

Configuration

See short key id when listing keys:

echo "keyid-format short" >> ~/.gnupg/gpg.conf

Generation

Generate a main key to sign and to certificate and a subkey to encrypt:

gpg --full-generate-key
gpg (GnuPG) 2.5.18; Copyright (C) 2025 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (9) ECC (sign and encrypt) *default*
  (10) ECC (sign only)
  (14) Existing key from card
  (16) ECC and Kyber
Your selection?
Please select which elliptic curve you want:
   (1) Curve 25519 *default*
   (4) NIST P-384
   (6) Brainpool P-256
Your selection?
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: John Doe
Email address: john@doe.net
Comment: 
You selected this USER-ID:
    "John Doe <john@doe.net>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: revocation certificate stored as '/home/jdoe/.gnupg/openpgp-revocs.d/4960E99609DA1753CC6798800DB4D7504AFFB5E4.rev'
public and secret key created and signed.

pub   ed25519/4AFFB5E4 2026-03-25 [SC]
      4960E99609DA1753CC6798800DB4D7504AFFB5E4
uid                    John Doe <john@doe.net>
sub   cv25519/D76499B8 2026-03-25 [E]
      58C2231CAEAF923DB403051E3CFD617FD76499B8

Edit key to add a signing subkey:

Restic

Use restic to backup a set of files/directories on several repositories.

Repo initialization

mkdir -p ~/.config/restic

echo "sftp:bak.triaxx.io:/srv/restic-repo" > .config/restic/repo-bak

cat > ~/.config/restic/passcmd << EOF
#!/usr/bin/env bash

ssh pass.triaxx.io pass restic
EOF
chmod +x ~/.config/restic/passcmd

restic --repository-file ~/.config/restic/repo-bak \
       --password-command ~/.config/restic/passcmd \
       init

Backup

find /etc /home -print > ~/.config/restic/files

restic --repository-file ~/.config/restic/repo-bak \
       --password-command ~/.config/restic/passcmd \
       backup \
       --files-from-verbatim ~/.config/restic/files \
       --skip-if-unchanged

Linux Automation

Create a systemd template service to execute restic backup for each repository:

EFI

Efibootmgr

List UEFI entries:

efibootmgr

Delete entry 0013:

efibootmgr -B -b 0013

Create new entry:

efibootmgr --create --label "HD001" --loader "\EFI\BOOT\BOOTX64.EFI"

Disk check

Bad blocks

badblocks is used to search for bad blocks on a device. It can be installed on NetBSD with:

pkgin install e2fsprogs

or on macOS with:

brew install e2fsprogs

A test can be launched by executing the following command:

# Device must first be unmounted on macOS
sudo diskutil unmountDisk /dev/<device>
badblocks -n -s -v /dev/<device>

where <device> can be identified by executing:

dmesg | tail

right after plugging in the USB flash storage on GNU/Linux or NetBSD and

Arch Linux

Installation

Boot image

curl --output archlinux-x86_64.iso https://mirror.srv.fail/archlinux/iso/2026.03.01/archlinux-x86_64.iso
# on macOS
sudo dd if=archlinux-x86_64.iso of=/dev/disk4 bs=1m status=progress
# on NetBSD
dd if=/home/triaxx/archlinux-x86_64.iso of=/dev/sd2d bs=1m progress=100

System configuration

After booting from USB disk:

localectl list-keymaps | grep fi
loadkeys fi
timedatectl set-timezone Europe/Helsinki

Partitionning

List available types for GPT:

sfdisk --label gpt --list-types

Create partitions:

echo "size=1GiB, name=boot, type=efi-system" | sfdisk /dev/sda
echo "size=40GiB, name=linux-swap, type=linux-swap" | sfdisk /dev/sda --append
echo "size=256GiB, name=linux-root, type=linux-root-x86-64" | sfdisk /dev/sda --append
echo "size=40GiB, name=freebsd-swap, type=freebsd-swap" | sfdisk /dev/sda --append
echo "size=256GiB, name=freebsd-root, type=freebsd-ufs" | sfdisk /dev/sda --append
echo "size=+, name=data, type=freebsd-zfs" | sfdisk /dev/sda --append

Make filesystems:

Figlet

File header

figlet Makefile | sed -e "s|^|# |" > Makefile

Hugo

Abstract

Hugo is an open-source static website generator. It is written in Go and uses Markdown file format as input to produce static HTML website.

Initialization

Site

hugo new project <path>
cd <path>
cat > hugo.toml << EOF
baseURL = 'https://triaxx.io/'
languageCode = 'fr-FR'
title = 'Triaxx Web Log'
EOF

Theme

A theme is mandatory to build sites.

hugo new theme <name>
echo "theme = '<name>' >> hugo.toml

A example menu can be copied from themes/<name>/hugo.toml: