fix reeselink addresses

infrastructure/graduated/arch/README.md

@@ -257,11 +257,17 @@ after we finish the install.
 Don't set a password for single-user systems. We're using full-disk encryption.
 This will let you login with just a fingerprint.
 
+1. Install `seahorse` if you haven't already
+2. Open the `Passwords and Keys` apps
+3. Create a new Password keyring called "Login"
+4. Do not enter a password
+5. Set it as default
+
 ### Base Tools
 
 ```bash
 # gvfs and gvfs-dnssd are for webdav support
-pacman -S rsync which git iperf3 pwgen dosfstools exfatprogs gvfs gvfs-dnssd wget man-db
+pacman -S rsync which git iperf3 pwgen dosfstools exfatprogs gvfs gvfs-dnssd wget man-db net-tools
 ```
 
 ### ZSH
@@ -661,11 +667,39 @@ You can create chroot environments to run firejails or just use for testing purp
 4. Install <https://aur.archlinux.org/pam-fprint-grosshack.git> to use fingerprint with gnome
 
 In order to use fingerprint auth with gnome for privileged system stuff with gdm,
-edit `/etc/pam.d/system-auth` and add the following to the top of the file:
+edit `/etc/pam.d/system-auth` to include `auth sufficient pam_fprintd_grosshack.so`.
 
 ```conf
-auth        sufficient      pam_fprintd_grosshack.so
-auth        sufficient      pam_unix.so try_first_pass nullok
+#%PAM-1.0
+
+auth       required                    pam_shells.so # User must have shell in /etc/shells
+auth       requisite                   pam_nologin.so # Prevents users from loging in if /etc/nologin exists
+auth       required                    pam_faillock.so      preauth # Timeout after certain number of fails
+# Optionally use requisite above if you do not want to prompt for the password
+# on locked accounts.
+auth       sufficient                  pam_fprintd_grosshack.so
+-auth      [success=2 default=ignore]  pam_systemd_home.so
+auth       [success=1 default=bad]     pam_unix.so          try_first_pass nullok
+auth       [default=die]               pam_faillock.so      authfail
+auth       optional                    pam_permit.so
+auth       required                    pam_env.so
+auth       required                    pam_faillock.so      authsucc
+# If you drop the above call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures.
+
+-account   [success=1 default=ignore]  pam_systemd_home.so
+account    required                    pam_unix.so
+account    optional                    pam_permit.so
+account    required                    pam_time.so
+
+-password  [success=1 default=ignore]  pam_systemd_home.so
+password   required                    pam_unix.so          try_first_pass nullok shadow
+password   optional                    pam_permit.so
+
+-session   optional                    pam_systemd_home.so
+session    required                    pam_limits.so
+session    required                    pam_unix.so
+session    optional                    pam_permit.so
 ```
 
 ##### Turn Off Fingerprint When Laptop Lid Closed

infrastructure/graduated/arch/workstation.md

@@ -2,6 +2,7 @@
 
 - [Workstation](#workstation)
   - [SSH](#ssh)
+  - [Templates](#templates)
   - [Toolbox](#toolbox)
   - [Podman](#podman)
   - [Docker](#docker)
@@ -70,6 +71,16 @@ Host my-host
 
 You can ssh to that host with `ssh my-host` after adding a config entry.
 
+## Templates
+
+You can add files in `~/Templates` to give yourself quick-create options in the gnome
+file browser context menu.
+
+```bash
+mkdir ~/Templates
+touch ~/Templates/text.txt
+```
+
 ## Toolbox
 
 <https://wiki.archlinux.org/title/Toolbox>
@@ -135,6 +146,14 @@ systemctl enable --now libvirtd
 virsh net-autostart default
 ```
 
+Then edit `/etc/libvirt/network.conf` and add:
+
+```conf
+firewall_backend="iptables"
+```
+
+Make sure to restart libvirtd with `systemctl restart libvirtd`.
+
 If you get a blank screen when launching a VM check that you've used the correct bios -
 either secboot or not secboot. This is the most common problem.