add new archive files

14 files changed, 764 insertions, 0 deletions

diff --git a/configs/configs_root_dir/etc/NetworkManager/system-connections/XFINITY.nmconnection b/configs/configs_root_dir/etc/NetworkManager/system-connections/XFINITY.nmconnection
new file mode 100644
index 0000000..98c3822
--- /dev/null
+++ b/configs/configs_root_dir/etc/NetworkManager/system-connections/XFINITY.nmconnection
@@ -0,0 +1,32 @@
+[connection]
+id=XFINITY
+uuid=d358928c-b885-4df9-b283-cc23d71bc4d8
+type=wifi
+autoconnect=false
+autoconnect-priority=1
+permissions=
+
+[wifi]
+mac-address-blacklist=
+mode=infrastructure
+ssid=XFINITY
+
+[wifi-security]
+key-mgmt=wpa-eap
+
+[802-1x]
+eap=peap;ttls;
+identity=xxx
+password=yyy
+phase2-auth=gtc
+
+[ipv4]
+dns-search=
+method=auto
+
+[ipv6]
+addr-gen-mode=stable-privacy
+dns-search=
+method=auto
+
+[proxy]
diff --git a/configs/configs_root_dir/etc/resolv.conf b/configs/configs_root_dir/etc/resolv.conf
new file mode 100644
index 0000000..8dda3fc
--- /dev/null
+++ b/configs/configs_root_dir/etc/resolv.conf
@@ -0,0 +1 @@
+nameserver 1.1.1.1
diff --git a/configs/configs_root_dir/etc/systemd/resolved.conf.d/resolved.conf b/configs/configs_root_dir/etc/systemd/resolved.conf.d/resolved.conf
new file mode 100644
index 0000000..314a2db
--- /dev/null
+++ b/configs/configs_root_dir/etc/systemd/resolved.conf.d/resolved.conf
@@ -0,0 +1,6 @@
+[Resolve]
+# https://wiki.archlinux.org/title/Systemd-resolved#mDNS
+# It seems it is enabled by default? But my past experience shows not enabled by default?
+# seems no need now, not sure why
+MulticastDNS=yes
+LLMNR=no
diff --git a/configs/configs_root_dir/etc/systemd/system/dnsmasq_with_logs.service b/configs/configs_root_dir/etc/systemd/system/dnsmasq_with_logs.service
new file mode 100644
index 0000000..5882549
--- /dev/null
+++ b/configs/configs_root_dir/etc/systemd/system/dnsmasq_with_logs.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=dnsmasq - A lightweight DHCP and caching DNS server
+Documentation=man:dnsmasq(8)
+After=network.target
+Before=network-online.target nss-lookup.target
+Wants=nss-lookup.target
+
+[Service]
+Type=dbus
+BusName=uk.org.thekelleys.dnsmasq
+ExecStartPre=/usr/bin/dnsmasq --test
+# https://www.linuxquestions.org/questions/arch-29/where-can-i-look-to-see-where-dnsmasq-is-logging-queries-4175531370/#post5302736
+ExecStart=/usr/bin/dnsmasq -q -k --enable-dbus --user=dnsmasq --pid-file
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+PrivateDevices=true
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target
diff --git a/configs/configs_root_dir/etc/systemd/system/monerod_after_bindsto_mullvad.service b/configs/configs_root_dir/etc/systemd/system/monerod_after_bindsto_mullvad.service
new file mode 100644
index 0000000..fbf3a2e
--- /dev/null
+++ b/configs/configs_root_dir/etc/systemd/system/monerod_after_bindsto_mullvad.service
@@ -0,0 +1,28 @@
+[Unit]
+Description=Monero Full Node
+After=mullvad-daemon.service
+# I do not fully understand all the options
+#PartOf=mullvad-daemon.service
+#Requisite=mullvad-daemon.service
+# from tests, BindsTo will override Requisite? Why?
+# BindsTo is stronger than PartOf
+# https://pychao.com/2021/02/24/difference-between-partof-and-bindsto-in-a-systemd-unit/
+BindsTo=mullvad-daemon.service
+# StopPropagatedFrom functionality seems included in PartOf?
+# from tests, StopPropagatedFrom also propagate restart? Why?
+# difference between StopPropagatedFrom and BindsTo:
+# https://github.com/systemd/systemd/commit/ffec78c05bfc2e6458e05ee54256d0d766a36280
+#StopPropagatedFrom=mullvad-daemon.service
+
+[Service]
+User=xyz
+
+Type=simple
+ExecStart=/usr/bin/monerod --non-interactive
+StandardOutput=null
+StandardError=null
+
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/configs/configs_root_dir/home/xyz/.config/picom/picom.conf b/configs/configs_root_dir/home/xyz/.config/picom/picom.conf
new file mode 100644
index 0000000..a627117
--- /dev/null
+++ b/configs/configs_root_dir/home/xyz/.config/picom/picom.conf
@@ -0,0 +1,427 @@
+#################################
+#             Shadows           #
+#################################
+
+
+# Enabled client-side shadows on windows. Note desktop windows 
+# (windows with '_NET_WM_WINDOW_TYPE_DESKTOP') never get shadow, 
+# unless explicitly requested using the wintypes option.
+#
+# shadow = false
+shadow = true;
+
+# The blur radius for shadows, in pixels. (defaults to 12)
+# shadow-radius = 12
+shadow-radius = 7;
+
+# The opacity of shadows. (0.0 - 1.0, defaults to 0.75)
+# shadow-opacity = .75
+
+# The left offset for shadows, in pixels. (defaults to -15)
+# shadow-offset-x = -15
+shadow-offset-x = -7;
+
+# The top offset for shadows, in pixels. (defaults to -15)
+# shadow-offset-y = -15
+shadow-offset-y = -7;
+
+# Avoid drawing shadows on dock/panel windows. This option is deprecated,
+# you should use the *wintypes* option in your config file instead.
+#
+# no-dock-shadow = false
+
+# Don't draw shadows on drag-and-drop windows. This option is deprecated, 
+# you should use the *wintypes* option in your config file instead.
+#
+# no-dnd-shadow = false
+
+# Red color value of shadow (0.0 - 1.0, defaults to 0).
+# shadow-red = 0
+
+# Green color value of shadow (0.0 - 1.0, defaults to 0).
+# shadow-green = 0
+
+# Blue color value of shadow (0.0 - 1.0, defaults to 0).
+# shadow-blue = 0
+
+# Do not paint shadows on shaped windows. Note shaped windows 
+# here means windows setting its shape through X Shape extension. 
+# Those using ARGB background is beyond our control. 
+# Deprecated, use 
+#   shadow-exclude = 'bounding_shaped'
+# or 
+#   shadow-exclude = 'bounding_shaped && !rounded_corners'
+# instead.
+#
+# shadow-ignore-shaped = ''
+
+# Specify a list of conditions of windows that should have no shadow.
+#
+# examples:
+#   shadow-exclude = "n:e:Notification";
+#
+# shadow-exclude = []
+shadow-exclude = [
+  "name = 'Notification'",
+  "class_g = 'Conky'",
+  "class_g ?= 'Notify-osd'",
+  "class_g = 'Cairo-clock'",
+  "_GTK_FRAME_EXTENTS@:c"
+];
+
+# Specify a X geometry that describes the region in which shadow should not
+# be painted in, such as a dock window region. Use 
+#    shadow-exclude-reg = "x10+0+0"
+# for example, if the 10 pixels on the bottom of the screen should not have shadows painted on.
+#
+# shadow-exclude-reg = "" 
+
+# Crop shadow of a window fully on a particular Xinerama screen to the screen.
+# xinerama-shadow-crop = false
+
+
+#################################
+#           Fading              #
+#################################
+
+
+# Fade windows in/out when opening/closing and when opacity changes,
+#  unless no-fading-openclose is used.
+fading = false
+#fading = true
+
+# Opacity change between steps while fading in. (0.01 - 1.0, defaults to 0.028)
+# fade-in-step = 0.028
+fade-in-step = 0.03;
+
+# Opacity change between steps while fading out. (0.01 - 1.0, defaults to 0.03)
+# fade-out-step = 0.03
+fade-out-step = 0.03;
+
+# The time between steps in fade step, in milliseconds. (> 0, defaults to 10)
+# fade-delta = 10
+
+# Specify a list of conditions of windows that should not be faded.
+# fade-exclude = []
+
+# Do not fade on window open/close.
+# no-fading-openclose = false
+
+# Do not fade destroyed ARGB windows with WM frame. Workaround of bugs in Openbox, Fluxbox, etc.
+# no-fading-destroyed-argb = false
+
+
+#################################
+#   Transparency / Opacity      #
+#################################
+
+
+# Opacity of inactive windows. (0.1 - 1.0, defaults to 1.0)
+inactive-opacity = 1;
+#inactive-opacity = 0.8;
+
+# Opacity of window titlebars and borders. (0.1 - 1.0, disabled by default)
+frame-opacity = 1.0;
+#frame-opacity = 0.7;
+
+# Default opacity for dropdown menus and popup menus. (0.0 - 1.0, defaults to 1.0)
+# menu-opacity = 1.0
+
+# Let inactive opacity set by -i override the '_NET_WM_OPACITY' values of windows.
+# inactive-opacity-override = true
+inactive-opacity-override = false;
+
+# Default opacity for active windows. (0.0 - 1.0, defaults to 1.0)
+# active-opacity = 1.0
+
+# Dim inactive windows. (0.0 - 1.0, defaults to 0.0)
+# inactive-dim = 0.0
+
+# Specify a list of conditions of windows that should always be considered focused.
+# focus-exclude = []
+focus-exclude = [ "class_g = 'Cairo-clock'" ];
+
+# Use fixed inactive dim value, instead of adjusting according to window opacity.
+# inactive-dim-fixed = 1.0
+
+# Specify a list of opacity rules, in the format `PERCENT:PATTERN`, 
+# like `50:name *= "Firefox"`. picom-trans is recommended over this. 
+# Note we don't make any guarantee about possible conflicts with other 
+# programs that set '_NET_WM_WINDOW_OPACITY' on frame or client windows.
+# example:
+#    opacity-rule = [ "80:class_g = 'URxvt'" ];
+#
+# opacity-rule = []
+
+
+#################################
+#     Background-Blurring       #
+#################################
+
+
+# Parameters for background blurring, see the *BLUR* section for more information.
+# blur-method = 
+# blur-size = 12
+#
+# blur-deviation = false
+
+# Blur background of semi-transparent / ARGB windows. 
+# Bad in performance, with driver-dependent behavior. 
+# The name of the switch may change without prior notifications.
+#
+# blur-background = false
+
+# Blur background of windows when the window frame is not opaque. 
+# Implies:
+#    blur-background 
+# Bad in performance, with driver-dependent behavior. The name may change.
+#
+# blur-background-frame = false
+
+
+# Use fixed blur strength rather than adjusting according to window opacity.
+# blur-background-fixed = false
+
+
+# Specify the blur convolution kernel, with the following format:
+# example:
+#   blur-kern = "5,5,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1";
+#
+# blur-kern = ''
+blur-kern = "3x3box";
+
+
+# Exclude conditions for background blur.
+# blur-background-exclude = []
+blur-background-exclude = [
+  "window_type = 'dock'",
+  "window_type = 'desktop'",
+  "_GTK_FRAME_EXTENTS@:c"
+];
+
+#################################
+#       General Settings        #
+#################################
+
+# Daemonize process. Fork to background after initialization. Causes issues with certain (badly-written) drivers.
+# daemon = false
+
+# Specify the backend to use: `xrender`, `glx`, or `xr_glx_hybrid`.
+# `xrender` is the default one.
+#
+# I need glx + vsync to fix tearing
+#backend = "glx";
+backend = "xrender";
+
+# Enable/disable VSync.
+# vsync = false
+# I need glx + vsync to fix tearing
+vsync = true
+
+# Enable remote control via D-Bus. See the *D-BUS API* section below for more details.
+# dbus = false
+
+# Try to detect WM windows (a non-override-redirect window with no 
+# child that has 'WM_STATE') and mark them as active.
+#
+#mark-wmwin-focused = false
+mark-wmwin-focused = true;
+
+# Mark override-redirect windows that doesn't have a child window with 'WM_STATE' focused.
+# set to false for inactive opacity on dwm 
+# https://github.com/yshui/picom/issues/456#issuecomment-668693379
+mark-ovredir-focused = false
+#mark-ovredir-focused = true;
+
+# Try to detect windows with rounded corners and don't consider them 
+# shaped windows. The accuracy is not very high, unfortunately.
+#
+# detect-rounded-corners = false
+detect-rounded-corners = true;
+
+# Detect '_NET_WM_OPACITY' on client windows, useful for window managers
+# not passing '_NET_WM_OPACITY' of client windows to frame windows.
+#
+# detect-client-opacity = false
+detect-client-opacity = true;
+
+# Specify refresh rate of the screen. If not specified or 0, picom will 
+# try detecting this with X RandR extension.
+#
+# refresh-rate = 60
+refresh-rate = 0
+
+# Limit picom to repaint at most once every 1 / 'refresh_rate' second to 
+# boost performance. This should not be used with 
+#   vsync drm/opengl/opengl-oml
+# as they essentially does sw-opti's job already, 
+# unless you wish to specify a lower refresh rate than the actual value.
+#
+# sw-opti = 
+
+# Use EWMH '_NET_ACTIVE_WINDOW' to determine currently focused window, 
+# rather than listening to 'FocusIn'/'FocusOut' event. Might have more accuracy, 
+# provided that the WM supports it.
+#
+# use-ewmh-active-win = false
+
+# Unredirect all windows if a full-screen opaque window is detected, 
+# to maximize performance for full-screen windows. Known to cause flickering 
+# when redirecting/unredirecting windows.
+#
+# unredir-if-possible = false
+
+# Delay before unredirecting the window, in milliseconds. Defaults to 0.
+# unredir-if-possible-delay = 0
+
+# Conditions of windows that shouldn't be considered full-screen for unredirecting screen.
+# unredir-if-possible-exclude = []
+
+# Use 'WM_TRANSIENT_FOR' to group windows, and consider windows 
+# in the same group focused at the same time.
+#
+# detect-transient = false
+detect-transient = true
+
+# Use 'WM_CLIENT_LEADER' to group windows, and consider windows in the same 
+# group focused at the same time. 'WM_TRANSIENT_FOR' has higher priority if 
+# detect-transient is enabled, too.
+#
+# detect-client-leader = false
+detect-client-leader = true
+
+# Resize damaged region by a specific number of pixels. 
+# A positive value enlarges it while a negative one shrinks it. 
+# If the value is positive, those additional pixels will not be actually painted 
+# to screen, only used in blur calculation, and such. (Due to technical limitations, 
+# with use-damage, those pixels will still be incorrectly painted to screen.) 
+# Primarily used to fix the line corruption issues of blur, 
+# in which case you should use the blur radius value here 
+# (e.g. with a 3x3 kernel, you should use `--resize-damage 1`, 
+# with a 5x5 one you use `--resize-damage 2`, and so on). 
+# May or may not work with *--glx-no-stencil*. Shrinking doesn't function correctly.
+#
+# resize-damage = 1
+
+# Specify a list of conditions of windows that should be painted with inverted color. 
+# Resource-hogging, and is not well tested.
+#
+# invert-color-include = []
+
+# GLX backend: Avoid using stencil buffer, useful if you don't have a stencil buffer. 
+# Might cause incorrect opacity when rendering transparent content (but never 
+# practically happened) and may not work with blur-background. 
+# My tests show a 15% performance boost. Recommended.
+#
+# glx-no-stencil = false
+
+# GLX backend: Avoid rebinding pixmap on window damage. 
+# Probably could improve performance on rapid window content changes, 
+# but is known to break things on some drivers (LLVMpipe, xf86-video-intel, etc.).
+# Recommended if it works.
+#
+# glx-no-rebind-pixmap = false
+
+# Disable the use of damage information. 
+# This cause the whole screen to be redrawn everytime, instead of the part of the screen
+# has actually changed. Potentially degrades the performance, but might fix some artifacts.
+# The opposing option is use-damage
+#
+# no-use-damage = false
+use-damage = true
+
+# Use X Sync fence to sync clients' draw calls, to make sure all draw 
+# calls are finished before picom starts drawing. Needed on nvidia-drivers 
+# with GLX backend for some users.
+#
+# xrender-sync-fence = false
+
+# GLX backend: Use specified GLSL fragment shader for rendering window contents. 
+# See `compton-default-fshader-win.glsl` and `compton-fake-transparency-fshader-win.glsl` 
+# in the source tree for examples.
+#
+# glx-fshader-win = ''
+
+# Force all windows to be painted with blending. Useful if you 
+# have a glx-fshader-win that could turn opaque pixels transparent.
+#
+# force-win-blend = false
+
+# Do not use EWMH to detect fullscreen windows. 
+# Reverts to checking if a window is fullscreen based only on its size and coordinates.
+#
+# no-ewmh-fullscreen = false
+
+# Dimming bright windows so their brightness doesn't exceed this set value. 
+# Brightness of a window is estimated by averaging all pixels in the window, 
+# so this could comes with a performance hit. 
+# Setting this to 1.0 disables this behaviour. Requires --use-damage to be disabled. (default: 1.0)
+#
+# max-brightness = 1.0
+
+# Make transparent windows clip other windows like non-transparent windows do,
+# instead of blending on top of them.
+#
+# transparent-clipping = false
+
+# Set the log level. Possible values are:
+#  "trace", "debug", "info", "warn", "error"
+# in increasing level of importance. Case doesn't matter. 
+# If using the "TRACE" log level, it's better to log into a file 
+# using *--log-file*, since it can generate a huge stream of logs.
+#
+# log-level = "debug"
+log-level = "warn";
+
+# Set the log file.
+# If *--log-file* is never specified, logs will be written to stderr. 
+# Otherwise, logs will to written to the given file, though some of the early 
+# logs might still be written to the stderr. 
+# When setting this option from the config file, it is recommended to use an absolute path.
+#
+# log-file = '/path/to/your/log/file'
+
+# Show all X errors (for debugging)
+# show-all-xerrors = false
+
+# Write process ID to a file.
+# write-pid-path = '/path/to/your/log/file'
+
+# Window type settings
+# 
+# 'WINDOW_TYPE' is one of the 15 window types defined in EWMH standard: 
+#     "unknown", "desktop", "dock", "toolbar", "menu", "utility", 
+#     "splash", "dialog", "normal", "dropdown_menu", "popup_menu", 
+#     "tooltip", "notification", "combo", and "dnd".
+# 
+# Following per window-type options are available: ::
+# 
+#   fade, shadow:::
+#     Controls window-type-specific shadow and fade settings.
+# 
+#   opacity:::
+#     Controls default opacity of the window type.
+# 
+#   focus:::
+#     Controls whether the window of this type is to be always considered focused. 
+#     (By default, all window types except "normal" and "dialog" has this on.)
+# 
+#   full-shadow:::
+#     Controls whether shadow is drawn under the parts of the window that you 
+#     normally won't be able to see. Useful when the window has parts of it 
+#     transparent, and you want shadows in those areas.
+# 
+#   redir-ignore:::
+#     Controls whether this type of windows should cause screen to become 
+#     redirected again after been unredirected. If you have unredir-if-possible
+#     set, and doesn't want certain window to cause unnecessary screen redirection, 
+#     you can set this to `true`.
+#
+wintypes:
+{
+  tooltip = { fade = true; shadow = true; focus = true; full-shadow = false; };
+  dock = { shadow = false; }
+  dnd = { shadow = false; }
+  #popup_menu = { opacity = 0.8; }
+  dropdown_menu = { opacity = 0.8; }
+};
diff --git a/configs/configs_root_dir/home/xyz/.mozilla/firefox/xxxxxxxx.fly/chrome/userChrome.css b/configs/configs_root_dir/home/xyz/.mozilla/firefox/xxxxxxxx.fly/chrome/userChrome.css
new file mode 100644
index 0000000..ee8a868
--- /dev/null
+++ b/configs/configs_root_dir/home/xyz/.mozilla/firefox/xxxxxxxx.fly/chrome/userChrome.css
@@ -0,0 +1,7 @@
+#titlebar {
+	visibility: collapse !important;
+}
+
+#sidebar {
+	min-width: 0px !important;
+}
diff --git a/configs/pinephone_fde/systemd_root_dir/boot/boot.txt b/configs/pinephone_fde/systemd_root_dir/boot/boot.txt
new file mode 100644
index 0000000..c95ed1d
--- /dev/null
+++ b/configs/pinephone_fde/systemd_root_dir/boot/boot.txt
@@ -0,0 +1,34 @@
+gpio set 98 # Enable vibrator
+
+setenv bootargs loglevel=4 console=${console} console=tty0 root=/dev/mapper/root rw rootwait quiet 
+
+echo "Loading kernel..."
+load mmc ${mmc_bootdev}:1 ${ramdisk_addr_r} ${bootdir}/Image.gz
+
+echo "Uncompressing kernel..."
+unzip ${ramdisk_addr_r} ${kernel_addr_r}
+
+echo "Loading initramfs..."
+load mmc ${mmc_bootdev}:1 ${ramdisk_addr_r} ${bootdir}/initramfs-linux.img
+setenv ramdisk_size ${filesize}
+
+echo "Loading dtb..."
+load mmc ${mmc_bootdev}:1 ${fdt_addr_r} ${bootdir}/dtbs/${fdtfile}
+
+echo Resizing FDT
+fdt addr ${fdt_addr_r}
+fdt resize
+
+echo Adding FTD RAM clock
+fdt mknode / memory
+fdt set /memory ram_freq ${ram_freq}
+fdt list /memory
+
+echo Loading user script
+setenv user_scriptaddr 0x61dbc200
+load mmc ${mmc_bootdev}:1 ${user_scriptaddr} ${bootdir}/user.scr
+if test $? -eq 0; then source ${user_scriptaddr}; else echo No user script found; fi
+
+echo "Booting..."
+gpio clear 98 # Disable vibrator
+booti ${kernel_addr_r} ${ramdisk_addr_r}:0x${ramdisk_size} ${fdt_addr_r}
diff --git a/configs/pinephone_fde/systemd_root_dir/etc/crypttab b/configs/pinephone_fde/systemd_root_dir/etc/crypttab
new file mode 100644
index 0000000..5d5f279
--- /dev/null
+++ b/configs/pinephone_fde/systemd_root_dir/etc/crypttab
@@ -0,0 +1,14 @@
+# Configuration for encrypted block devices.
+# See crypttab(5) for details.
+
+# NOTE: Do not list your root (/) partition here, it must be set up
+#       beforehand by the initramfs (/etc/mkinitcpio.conf).
+
+# <name>       <device>                                     <password>              <options>
+# home         UUID=b8ad5c18-f445-495d-9095-c9ec4f9d2f37    /etc/mypassword1
+# data1        /dev/sda3                                    /etc/mypassword2
+# data2        /dev/sda5                                    /etc/cryptfs.key
+# swap         /dev/sdx4                                    /dev/urandom            swap,cipher=aes-cbc-essiv:sha256,size=256
+# vol          /dev/sdb7                                    none
+
+home UUID=b719aa8b-1f53-4069-bd9b-5edfb450f85a none
diff --git a/configs/pinephone_fde/systemd_root_dir/etc/crypttab.initramfs b/configs/pinephone_fde/systemd_root_dir/etc/crypttab.initramfs
new file mode 100644
index 0000000..307ce3b
--- /dev/null
+++ b/configs/pinephone_fde/systemd_root_dir/etc/crypttab.initramfs
@@ -0,0 +1 @@
+root UUID=5f5bcfd4-816c-4a69-97b2-0dae88dc7c0c none password-echo=no
diff --git a/configs/pinephone_fde/systemd_root_dir/etc/mkinitcpio.conf b/configs/pinephone_fde/systemd_root_dir/etc/mkinitcpio.conf
new file mode 100644
index 0000000..935aa3a
--- /dev/null
+++ b/configs/pinephone_fde/systemd_root_dir/etc/mkinitcpio.conf
@@ -0,0 +1,73 @@
+# vim:set ft=sh
+# MODULES
+# The following modules are loaded before any boot hooks are
+# run.  Advanced users may wish to specify all system modules
+# in this array.  For instance:
+#     MODULES=(usbhid xhci_hcd)
+MODULES=()
+
+# BINARIES
+# This setting includes any additional binaries a given user may
+# wish into the CPIO image.  This is run last, so it may be used to
+# override the actual binaries included by a given hook
+# BINARIES are dependency parsed, so you may safely ignore libraries
+BINARIES=()
+
+# FILES
+# This setting is similar to BINARIES above, however, files are added
+# as-is and are not parsed in any way.  This is useful for config files.
+FILES=()
+
+# HOOKS
+# This is the most important setting in this file.  The HOOKS control the
+# modules and scripts added to the image, and what happens at boot time.
+# Order is important, and it is recommended that you do not change the
+# order in which HOOKS are added.  Run 'mkinitcpio -H <hook name>' for
+# help on a given hook.
+# 'base' is _required_ unless you know precisely what you are doing.
+# 'udev' is _required_ in order to automatically load modules
+# 'filesystems' is _required_ unless you specify your fs modules in MODULES
+# Examples:
+##   This setup specifies all modules in the MODULES setting above.
+##   No RAID, lvm2, or encrypted root is needed.
+#    HOOKS=(base)
+#
+##   This setup will autodetect all modules for your system and should
+##   work as a sane default
+#    HOOKS=(base udev autodetect modconf block filesystems fsck)
+#
+##   This setup will generate a 'full' image which supports most systems.
+##   No autodetection is done.
+#    HOOKS=(base udev modconf block filesystems fsck)
+#
+##   This setup assembles a mdadm array with an encrypted root file system.
+##   Note: See 'mkinitcpio -H mdadm_udev' for more information on RAID devices.
+#    HOOKS=(base udev modconf keyboard keymap consolefont block mdadm_udev encrypt filesystems fsck)
+#
+##   This setup loads an lvm2 volume group.
+#    HOOKS=(base udev modconf block lvm2 filesystems fsck)
+#
+##   NOTE: If you have /usr on a separate partition, you MUST include the
+#    usr and fsck hooks.
+HOOKS=(base systemd autodetect keyboard modconf block sd-encrypt filesystems fsck)
+
+# COMPRESSION
+# Use this to compress the initramfs image. By default, gazip compression
+# is used. Use 'cat' to create an uncompressed image.
+#COMPRESSION="zstd"
+#COMPRESSION="gzip"
+#COMPRESSION="bzip2"
+#COMPRESSION="lzma"
+#COMPRESSION="xz"
+#COMPRESSION="lzop"
+#COMPRESSION="lz4"
+
+# COMPRESSION_OPTIONS
+# Additional options for the compressor
+#COMPRESSION_OPTIONS=()
+
+# MODULES_DECOMPRESS
+# Decompress kernel modules during initramfs creation.
+# Enable to speedup boot process, disable to save RAM
+# during early userspace. Switch (yes/no).
+#MODULES_DECOMPRESS="yes"
diff --git a/configs/pinephone_fde/udev_root_dir/boot/boot.txt b/configs/pinephone_fde/udev_root_dir/boot/boot.txt
new file mode 100644
index 0000000..1bb642a
--- /dev/null
+++ b/configs/pinephone_fde/udev_root_dir/boot/boot.txt
@@ -0,0 +1,34 @@
+gpio set 98 # Enable vibrator
+
+setenv bootargs loglevel=4 console=${console} console=tty0 cryptdevice=UUID=5f5bcfd4-816c-4a69-97b2-0dae88dc7c0c:root root=/dev/mapper/root rw rootwait quiet 
+
+echo "Loading kernel..."
+load mmc ${mmc_bootdev}:1 ${ramdisk_addr_r} ${bootdir}/Image.gz
+
+echo "Uncompressing kernel..."
+unzip ${ramdisk_addr_r} ${kernel_addr_r}
+
+echo "Loading initramfs..."
+load mmc ${mmc_bootdev}:1 ${ramdisk_addr_r} ${bootdir}/initramfs-linux.img
+setenv ramdisk_size ${filesize}
+
+echo "Loading dtb..."
+load mmc ${mmc_bootdev}:1 ${fdt_addr_r} ${bootdir}/dtbs/${fdtfile}
+
+echo Resizing FDT
+fdt addr ${fdt_addr_r}
+fdt resize
+
+echo Adding FTD RAM clock
+fdt mknode / memory
+fdt set /memory ram_freq ${ram_freq}
+fdt list /memory
+
+echo Loading user script
+setenv user_scriptaddr 0x61dbc200
+load mmc ${mmc_bootdev}:1 ${user_scriptaddr} ${bootdir}/user.scr
+if test $? -eq 0; then source ${user_scriptaddr}; else echo No user script found; fi
+
+echo "Booting..."
+gpio clear 98 # Disable vibrator
+booti ${kernel_addr_r} ${ramdisk_addr_r}:0x${ramdisk_size} ${fdt_addr_r}
diff --git a/configs/pinephone_fde/udev_root_dir/etc/crypttab b/configs/pinephone_fde/udev_root_dir/etc/crypttab
new file mode 100644
index 0000000..dc3e241
--- /dev/null
+++ b/configs/pinephone_fde/udev_root_dir/etc/crypttab
@@ -0,0 +1,14 @@
+# Configuration for encrypted block devices.
+# See crypttab(5) for details.
+
+# NOTE: Do not list your root (/) partition here, it must be set up
+#       beforehand by the initramfs (/etc/mkinitcpio.conf).
+
+# <name>       <device>                                     <password>              <options>
+# home         UUID=b8ad5c18-f445-495d-9095-c9ec4f9d2f37    /etc/mypassword1
+# data1        /dev/sda3                                    /etc/mypassword2
+# data2        /dev/sda5                                    /etc/cryptfs.key
+# swap         /dev/sdx4                                    /dev/urandom            swap,cipher=aes-cbc-essiv:sha256,size=256
+# vol          /dev/sdb7                                    none
+
+home UUID=b719aa8b-1f53-4069-bd9b-5edfb450f85a /etc/cryptsetup-keys.d/home.key
diff --git a/configs/pinephone_fde/udev_root_dir/etc/mkinitcpio.conf b/configs/pinephone_fde/udev_root_dir/etc/mkinitcpio.conf
new file mode 100644
index 0000000..30baa0c
--- /dev/null
+++ b/configs/pinephone_fde/udev_root_dir/etc/mkinitcpio.conf
@@ -0,0 +1,73 @@
+# vim:set ft=sh
+# MODULES
+# The following modules are loaded before any boot hooks are
+# run.  Advanced users may wish to specify all system modules
+# in this array.  For instance:
+#     MODULES=(usbhid xhci_hcd)
+MODULES=()
+
+# BINARIES
+# This setting includes any additional binaries a given user may
+# wish into the CPIO image.  This is run last, so it may be used to
+# override the actual binaries included by a given hook
+# BINARIES are dependency parsed, so you may safely ignore libraries
+BINARIES=()
+
+# FILES
+# This setting is similar to BINARIES above, however, files are added
+# as-is and are not parsed in any way.  This is useful for config files.
+FILES=()
+
+# HOOKS
+# This is the most important setting in this file.  The HOOKS control the
+# modules and scripts added to the image, and what happens at boot time.
+# Order is important, and it is recommended that you do not change the
+# order in which HOOKS are added.  Run 'mkinitcpio -H <hook name>' for
+# help on a given hook.
+# 'base' is _required_ unless you know precisely what you are doing.
+# 'udev' is _required_ in order to automatically load modules
+# 'filesystems' is _required_ unless you specify your fs modules in MODULES
+# Examples:
+##   This setup specifies all modules in the MODULES setting above.
+##   No RAID, lvm2, or encrypted root is needed.
+#    HOOKS=(base)
+#
+##   This setup will autodetect all modules for your system and should
+##   work as a sane default
+#    HOOKS=(base udev autodetect modconf block filesystems fsck)
+#
+##   This setup will generate a 'full' image which supports most systems.
+##   No autodetection is done.
+#    HOOKS=(base udev modconf block filesystems fsck)
+#
+##   This setup assembles a mdadm array with an encrypted root file system.
+##   Note: See 'mkinitcpio -H mdadm_udev' for more information on RAID devices.
+#    HOOKS=(base udev modconf keyboard keymap consolefont block mdadm_udev encrypt filesystems fsck)
+#
+##   This setup loads an lvm2 volume group.
+#    HOOKS=(base udev modconf block lvm2 filesystems fsck)
+#
+##   NOTE: If you have /usr on a separate partition, you MUST include the
+#    usr and fsck hooks.
+HOOKS=(base udev autodetect keyboard modconf block osk-sdl encrypt filesystems fsck)
+
+# COMPRESSION
+# Use this to compress the initramfs image. By default, gazip compression
+# is used. Use 'cat' to create an uncompressed image.
+#COMPRESSION="zstd"
+#COMPRESSION="gzip"
+#COMPRESSION="bzip2"
+#COMPRESSION="lzma"
+#COMPRESSION="xz"
+#COMPRESSION="lzop"
+#COMPRESSION="lz4"
+
+# COMPRESSION_OPTIONS
+# Additional options for the compressor
+#COMPRESSION_OPTIONS=()
+
+# MODULES_DECOMPRESS
+# Decompress kernel modules during initramfs creation.
+# Enable to speedup boot process, disable to save RAM
+# during early userspace. Switch (yes/no).
+#MODULES_DECOMPRESS="yes"