6 files changed, 297 insertions, 0 deletions
diff --git a/content/articles/arch-installation.md b/content/articles/arch-installation.md
new file mode 100644
index 0000000..3cd5201
--- /dev/null
+++ b/content/articles/arch-installation.md
@@ -0,0 +1,248 @@
+{
+	"title": "Arch Linux installation",
+	"subtitle": "Installation guide for the Arch Linux operating system"
+}
+
+#### Introduction
+
+This article describes how to install [Arch Linux][1]. It is based on the
+[official installation guide][2].
+
+This primary documentation does not describe one specific installation option
+but instead points out the different options the user has like selecting
+bootloaders, boot modes or filesystems.
+
+As a complement this article documents one specific installation inside a QEMU
+virtual machine (VM). It might be used as a VM or converted to a binary image
+file which can be written to a physical drive like an USB stick or SSD.
+
+#### Design decisions
+
+The installation is based on the following design decisions.
+
+- UEFI boot
+- GUID-based partition table
+- full disc encryption
+- Btrfs root filesystem
+- only a minimalistic set of installed packages (no graphical environment)
+- nftables firewall
+- systemd- and iwd-based networking
+
+Those might change in the future. Secure boot with a unified kernel image is
+appreciated but not yet implemented.
+
+#### Installation
+
+First a virtual drive is created as a file as a starting point for the VM
+installation. Additionally a writable copy of the UEFI variables is created to
+keep settings.
+
+```
+qemu-img create -f qcow2 archlinux.qcow2 8G
+cp /usr/share/edk2/x64/OVMF_VARS.4m.fd .
+```
+
+It is expected that the Arch Linux `*.iso` installation image is downloaded,
+verified and saved in the same folder. See the [download page][3] for details.
+
+The installation image can be booted with `qemu-system-x86_64`. The just
+created virtual machine disk is attached as an additional drive.
+
+It is important that immediately after the first UEFI screen is shown the `e`
+key is pressed and ` console=ttyS0 <Enter>` is typed. This makes sure the
+console is exposed via a virtual serial console bound to the host terminal.
+Booting will take some time.
+
+This is annoying but worth it since it allows to copy and paste all subsequent
+commands instead of typing them by hand.
+
+```
+qemu-system-x86_64 \
+    -enable-kvm \
+    -m 4G \
+    -nic user,model=virtio \
+    -drive file=archlinux.qcow2,media=disk,if=virtio \
+    -smp cpus=4 \
+    -nographic \
+    -boot order=d \
+    -drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd \
+    -drive if=pflash,format=raw,file=OVMF_VARS.4m.fd \
+    -cdrom archlinux-*.iso
+```
+
+After specifying the console the installation image should boot. Next the user
+`root` without password is used to log in.
+
+The following command allows to check if the time is properly synchronized.
+
+```
+timedatectl
+```
+
+The virtual machine disk can be partitioned with `parted`.
+
+```
+parted /dev/vda --script mklabel gpt
+parted /dev/vda --script mkpart primary fat32 1MiB 2GiB
+parted /dev/vda --script mkpart primary 2GiB 100%
+parted /dev/vda --script set 1 boot on
+```
+
+The following commands format the second partition for use with Linux Unified
+Key Setup (LUKS) and opens this LUKS partition to open the encrypted partition
+inside. The interactive questions have to be answered.
+
+```
+cryptsetup luksFormat --batch-mode --label CRYPTO_ROOT /dev/vda2
+cryptsetup open /dev/vda2 root
+```
+
+The actual filesystems are then created with `mkfs`. For the `BOOT` partition
+a FAT filesystem is used. The `ROOT` filesystem containing the operating
+system and user data is formatted with
+[BTRFS](https://btrfs.readthedocs.io/en/latest/).
+
+```
+mkfs.vfat -n BOOT /dev/vda1
+mkfs.btrfs -L ROOT /dev/mapper/root
+```
+
+These two filesystems are opened by mounting them to the current system under
+the path `/mnt`.
+
+```
+mount /dev/mapper/root /mnt
+mount --options fmask=7137,dmask=7027 --mkdir /dev/vda1 /mnt/boot
+```
+
+The software `reflector` is executed to find appropriate Arch Linux package
+servers which provide a good bandwidth at the current location. These server
+references are later copied to the installed system.
+
+```
+systemctl start reflector
+```
+
+Selected software packages are installed to the new system with `pacstrap`.
+
+```
+pacstrap -K /mnt \
+    base \
+    linux \
+    linux-firmware \
+    parted \
+    btrfs-progs \
+    iwd \
+    vi \
+    openssh \
+    nftables \
+    arch-install-scripts \
+    man-db \
+    man-pages \
+    texinfo
+```
+
+The filesystem table (`fstab`) is created, printed and saved to the new system
+to describe which filesystems should be mounted where during boot.
+
+```
+genfstab -L /mnt | tee /mnt/etc/fstab
+```
+
+Without actual booting a change root (`chroot`) command is used to use the new
+system already.
+
+```
+arch-chroot /mnt
+```
+
+Miscellaneous settings are configured via the command line.
+
+```
+ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+hwclock --systohc
+sed -i 's/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
+locale-gen
+echo 'LANG=en_US.UTF-8' > /etc/locale.conf
+echo 'archlinux' > /etc/hostname
+echo 'root' | passwd -s
+echo '[Match]
+Kind=!*
+Type=ether wlan
+
+[Network]
+DHCP=yes' > /etc/systemd/network/auto.network
+systemctl enable nftables.service
+systemctl enable systemd-networkd.service
+systemctl enable systemd-resolved.service
+ln -sf ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+systemctl enable iwd.service
+systemctl enable systemd-timesyncd.service
+```
+
+The systemd bootloader is installed and configured.
+
+```
+bootctl install
+echo 'title Arch Linux
+linux /vmlinuz-linux
+initrd /initramfs-linux.img
+options cryptdevice=/dev/disk/by-label/CRYPTO_ROOT:root root=/dev/mapper/root rw' > /boot/loader/entries/arch.conf
+```
+
+The initial RAM filesystem (`initramfs`) is configured and created to ensure
+BTRFS and LUKS support during an early boot stage.
+
+```
+sed -i 's/^HOOKS.*$/HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt btrfs filesystems fsck)/g' /etc/mkinitcpio.conf
+mkinitcpio -P
+```
+
+The `chroot` is exited and the live system is powered off.
+
+```
+exit
+poweroff
+```
+
+The virtual machine image can be written to a physical drive like a boot stick
+or SSD with `qemu-img`. For that the `/dev/null` in the following command has
+to be replaced by the path to the correct drive. A mistake here might lead to
+the destruction of the current system with no way back. Use with care and only
+if you know what you are doing.
+
+```
+qemu-img dd -f qcow2 -O raw if=archlinux.qcow2 of=/dev/null
+```
+
+Otherwise the virtual machine image can be started again with QEMU without the
+installation image:
+
+```
+qemu-system-x86_64 \
+    -enable-kvm \
+    -m 4G \
+    -nic user,model=virtio \
+    -drive file=archlinux.qcow2,media=disk,if=virtio \
+    -smp cpus=4 \
+    -drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd \
+    -drive if=pflash,format=raw,file=OVMF_VARS.4m.fd
+```
+
+The username and password is based on this guide `root`. Output to the serial
+console is currently not supported.
+
+If the new system is booted the second partition containing the LUKS container
+and `ROOT` BTRFS partition can be extended to the full possible size.
+
+```
+parted /dev/sdb --script resizepart 2 100%
+cryptsetup resize root
+btrfs filesystem resize max /
+```
+
+With this step the installation is finished.
+
+[1]: https://archlinux.org/
+[2]: https://wiki.archlinux.org/title/Installation_guide
+[3]: https://archlinux.org/download/
diff --git a/content/git/homematic-go.md b/content/git/homematic-go.md
new file mode 100644
index 0000000..7c7ce98
--- /dev/null
+++ b/content/git/homematic-go.md
@@ -0,0 +1,13 @@
+{
+	"name":"homematic-go",
+	"friendly_name":"homematic-go",
+	"description":"Go library to use homematic devices",
+	"state":"experimental"
+}
+
+This Go library contains logic to integrate [Homematic][1] devices.
+
+API documentation is available [here][2].
+
+[1]: https://homematic-ip.com
+[2]: https://pkg.go.dev/xengineering.eu/homematic-go
diff --git a/content/git/iot-contact-go.md b/content/git/iot-contact-go.md
new file mode 100644
index 0000000..700eecf
--- /dev/null
+++ b/content/git/iot-contact-go.md
@@ -0,0 +1,14 @@
+{
+	"name":"iot-contact-go",
+	"friendly_name":"iot-contact-go",
+	"description":"Go library to use iot-contact devices",
+	"state":"experimental"
+}
+
+This Go library contains all the logic necessary to use [iot-contact][1]
+devices.
+
+API documentation is available [here][2].
+
+[1]: https://xengineering.eu/git/iot-contact
+[2]: https://pkg.go.dev/xengineering.eu/iot-contact-go
diff --git a/content/git/parts-kicad.md b/content/git/parts-kicad.md
new file mode 100644
index 0000000..c6f6052
--- /dev/null
+++ b/content/git/parts-kicad.md
@@ -0,0 +1,6 @@
+{
+	"name":"parts-kicad",
+	"friendly_name":"parts-kicad",
+	"description":"Custom KiCad part library",
+	"state":"experimental"
+}
diff --git a/content/homematic-go b/content/homematic-go
new file mode 100644
index 0000000..d0e1b79
--- /dev/null
+++ b/content/homematic-go
@@ -0,0 +1,8 @@
+<html>
+<head>
+	<meta name="go-import" content="xengineering.eu/homematic-go git https://cgit.xengineering.eu/homematic-go">
+	<meta name="go-source" content="xengineering.eu/homematic-go https://cgit.xengineering.eu/homematic-go https://cgit.xengineering.eu/homematic-go/tree{/dir}?h={commit} https://cgit.xengineering.eu/homematic-go/tree/{file}?h={commit}#n{line}">
+</head>
+<body>
+</body>
+</html>
diff --git a/content/iot-contact-go b/content/iot-contact-go
new file mode 100644
index 0000000..fd08de3
--- /dev/null
+++ b/content/iot-contact-go
@@ -0,0 +1,8 @@
+<html>
+<head>
+	<meta name="go-import" content="xengineering.eu/iot-contact-go git https://cgit.xengineering.eu/iot-contact-go">
+	<meta name="go-source" content="xengineering.eu/iot-contact-go https://cgit.xengineering.eu/iot-contact-go https://cgit.xengineering.eu/iot-contact-go/tree{/dir}?h={commit} https://cgit.xengineering.eu/iot-contact-go/tree/{file}?h={commit}#n{line}">
+</head>
+<body>
+</body>
+</html>