Posted on Leave a comment

Setting up the sway window manager on Fedora

Sometimes during a critical activity, working with overlapping windows becomes counterproductive. You might find a tiled window manager like sway to be a good alternative.

Sway is a tiling Wayland compositor. It has the advantage of compatibility with an existing i3 configuration, so you can use it to replace i3 and use Wayland as the display protocol.

Installing sway

To setup sway, open a new terminal and type the following command

sudo dnf install sway

Once the installation is completed, log out of your user session. At the login screen, select your user account. Before you enter your password, choose Sway from the menu, as shown in the following image.

After login, your desktop looks like this:

Configuration

To begin configuration, copy the default config into your user directory. Do that using the following commands.

mkdir -p .config/sway
cp /etc/sway/config ~/.config/sway/

Sway is highly configurable. It’s suggested you read the project’s wiki page to fine tune your settings. For example, to change the keyboard layout, open a new terminal and run this command:

$ swaymsg -t get_inputs
[george@mrwhite ~]$ swaymsg -t get_inputs Input device: VirtualPS/2 VMware VMMouse Type: Mouse Identifier: 2:19:VirtualPS/2_VMware_VMMouse Product ID: 19 Vendor ID: 2 Libinput Send Events: enabled Input device: VirtualPS/2 VMware VMMouse Type: Mouse Identifier: 2:19:VirtualPS/2_VMware_VMMouse Product ID: 19 Vendor ID: 2 Libinput Send Events: enabled Input device: AT Translated Set 2 keyboard Type: Keyboard Identifier: 1:1:AT_Translated_Set_2_keyboard Product ID: 1 Vendor ID: 1 Active Keyboard Layout: Portuguese (Brazil) Libinput Send Events: enabled

Copy the identifier keyboard code. Open your ~/.config/sway/config file with your text editor and edit the configuration accordingly:

## Input configuration
input "1:1:AT_Translated_Set_2_keyboard" { xkb_layout br
}

Save the settings. To reload the configurations, press Super+Shift+c. (Typically the Super key is mapped to the logo key on a PC.)

Waybar

Sway’s default status bar may not have all the functions you want. Fortunately Waybar is a good replacement. To install, run the follow commands. (Note, however, that COPR is not an official Fedora repository and not supported by the Fedora Project.)

sudo dnf copr enable alebastr/waybar sudo dnf install waybar 

Open your ~/.config/sway/config file. Edit the bar configuration like this:

bar { swaybar_command waybar
}

Reload the configuration and you’ll now see the waybar in action, as shown below.

To customize the waybar, you can visit this wiki page for more details and ideas.

Alacritty

Alacritty is a terminal emulator that uses the GPU for rendering, and a good replacement for urxvt. To install run the following lines

sudo dnf copr enable pschyska/alacritty
sudo dnf install alacritty

To enable it as default terminal emulator edit your ~/.config/sway/config. Change this line:

set $term urxvt256c-ml

To:

set $term alacritty

Reload your configuration.

When you open a new terminal with Super+C, alacritty will be open as seen in the following image:


Photo by Ivan Vranić on Unsplash.

Posted on Leave a comment

Manage your passwords with Bitwarden and Podman

You might have encountered a few advertisements the past year trying to sell you a password manager. Some examples are LastPass, 1Password, or Dashlane. A password manager removes the burden of remembering the passwords for all your websites. No longer do you need to re-use passwords or use easy-to-remember passwords. Instead, you only need to remember one single password that can unlock all your other passwords for you.

This can make you more secure by having one strong password instead of many weak passwords. You can also sync your passwords across devices if you have a cloud-based password manager like LastPass, 1Password, or Dashlane. Unfortunately, none of these products are open source. Luckily there are open source alternatives available.

Open source password managers

These alternatives include Bitwarden, LessPass, or KeePass. Bitwarden is an open source password manager that stores all your passwords encrypted on the server, which works the same way as LastPass, 1Password, or Dashlane. LessPass is a bit different as it focuses on being a stateless password manager. This means it derives passwords based on a master password, the website, and your username rather than storing the passwords encrypted. On the other side of the spectrum there’s KeePass, a file-based password manager with a lot of flexibility with its plugins and applications.

Each of these three apps has its own downsides. Bitwarden stores everything in one place and is exposed to the web through its API and website interface. LessPass can’t store custom passwords since it’s stateless, so you need to use their derived passwords. KeePass, a file-based password manager, can’t easily sync between devices. You can utilize a cloud-storage provider together with WebDAV to get around this, but a lot of clients do not support it and you might get file conflicts if devices do not sync correctly.

This article focuses on Bitwarden.

Running an unofficial Bitwarden implementation

There is a community implementation of the server and its API called bitwarden_rs. This implementation is fully open source as it can use SQLite or MariaDB/MySQL, instead of the proprietary Microsoft SQL Server that the official server uses.

It’s important to recognize some differences exist between the official and the unofficial version. For instance, the official server has been audited by a third-party, whereas the unofficial one hasn’t. When it comes to implementations, the unofficial version lacks email confirmation and support for two-factor authentication using Duo or email codes.

Let’s get started running the server with SELinux in mind. Following the documentation for bitwarden_rs you can construct a Podman command as follows:

$ podman run -d \ 
--userns=keep-id \
--name bitwarden \
-e SIGNUPS_ALLOWED=false \
-e ROCKET_PORT=8080 \
-v /home/egustavs/Bitwarden/bw-data/:/data/:Z \
-p 8080:8080 \
bitwardenrs/server:latest

This downloads the bitwarden_rs image and runs it in a user container under the user’s namespace. It uses a port above 1024 so that non-root users can bind to it. It also changes the volume’s SELinux context with :Z to prevent permission issues with read-write on /data.

If you host this under a domain, it’s recommended to put this server under a reverse proxy with Apache or Nginx. That way you can use port 80 and 443 which points to the container’s 8080 port without running the container as root.

Running under systemd

With Bitwarden now running, you probably want to keep it that way. Next, create a unit file that keeps the container running, automatically restarts if it doesn’t respond, and starts running after a system restart. Create this file as /etc/systemd/system/bitwarden.service:

[Unit]
Description=Bitwarden Podman container
Wants=syslog.service

[Service]
User=egustavs
Group=egustavs
TimeoutStartSec=0
ExecStart=/usr/bin/podman run 'bitwarden'
ExecStop=-/usr/bin/podman stop -t 10 'bitwarden'
Restart=always
RestartSec=30s
KillMode=none

[Install]
WantedBy=multi-user.target

Now, enable and start it using sudo:

$ sudo systemctl enable bitwarden.service && sudo systemctl start bitwarden.service
$ systemctl status bitwarden.service
bitwarden.service - Bitwarden Podman container
Loaded: loaded (/etc/systemd/system/bitwarden.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2019-07-09 20:23:16 UTC; 1 day 14h ago
Main PID: 14861 (podman)
Tasks: 44 (limit: 4696)
Memory: 463.4M

Success! Bitwarden is now running under system and will keep running.

Adding LetsEncrypt

It’s strongly recommended to run your Bitwarden instance through an encrypted channel with something like LetsEncrypt if you have a domain. Certbot is a bot that creates LetsEncrypt certificates for us, and they have a guide for doing this through Fedora.

After you generate a certificate, you can follow the bitwarden_rs guide about HTTPS. Just remember to append :Z to the LetsEncrypt volume to handle permissions while not changing the port.


Photo by CMDR Shane on Unsplash.