add basic audit notes

2025-12-02 23:40:15 -05:00
parent 1684c6cbb5
commit 70bdc4ef5d
2 changed files with 75360 additions and 0 deletions
--- a/hashes/base-image.sha256sum
+++ b/hashes/base-image.sha256sum
--- a/notes/main.md
+++ b/notes/main.md
@@ -0,0 +1,37 @@
+
+
+# manual install base
+pacstrap: `pacstrap -K /mnt base base-devel linux-lts linux-firmware iwd vim e2fsprogs openssh git efibootmgr linux-lts-headers wpa_supplicant zsh` 
+command: `find /mnt -print0 | xargs -0 sha256sum | tee base-image.sha256sum`
+  - issues faced
+    - `/etc/kernel/cmdline:rd.luks.name=UUID=name` -- BOOT ERROR -- UUID is of superblock not LUKS container, should be correct in ansible
+    - `efibootmgr * --loader "PATH"` -- PATH INVALID ERROR -- PATH doesnt require mount name, oops, should be correct in ansible
+
+
+# manual install compare-to
+
+
+# ansible install compare-three
+
+## secrets
+    - bitwarden
+        - [x] complex password
+        - [ ] fingerprint / biometric phone login (==GOOGLE== make enough money for GrapheneOS)
+        - [ ] email (==GOOGLE EDUCATION -- UNCC email== this will be pain, make enough money for ProtonMail)
+    - gpg git repo
+        - encrypted using GPG key, commited into private git repo
+    - ansible_vault
+        - double check that default password file I created wasnt accidentally commited anywhere
+        - use gitBFG
+
+## secureboot
+    - OEM Micro$oft leaked (lol) keys
+        - hashes:
+    - personal key
+        - fingerprint:
+
+## luks / dm-crypt
+    - password
+    - backup encryption keyfile
+
+## GPG key package signing