From 4c8f7e9bbc7a5ea12bc0bf157fafd0a2e41bd7bc Mon Sep 17 00:00:00 2001 From: max Date: Mon, 5 Jun 2023 16:25:19 +0000 Subject: [PATCH] first commit --- README.md | 0 applist.txt | 18 +++ btrfs | 376 ++++++++++++++++++++++++++++++++++++++++++++ hyprconf.txt | 1 + hyprwifi.txt | 1 + logout.txt | 3 + monero.txt | 1 + rsync.txt | 1 + screen.txt | 2 + spotifyalbumart.txt | 17 ++ update.txt | 4 + yt-dlp.txt | 7 + yubi.txt | 2 + 13 files changed, 433 insertions(+) create mode 100644 README.md create mode 100644 applist.txt create mode 100644 btrfs create mode 100644 hyprconf.txt create mode 100644 hyprwifi.txt create mode 100644 logout.txt create mode 100644 monero.txt create mode 100644 rsync.txt create mode 100644 screen.txt create mode 100644 spotifyalbumart.txt create mode 100644 update.txt create mode 100644 yt-dlp.txt create mode 100644 yubi.txt diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/applist.txt b/applist.txt new file mode 100644 index 0000000..93f5bfe --- /dev/null +++ b/applist.txt @@ -0,0 +1,18 @@ +Docker https://www.docker.com apache 2.0 +SWAG Proxy https://www.linuxserver.io/blog/2020-08-21-introducing-swag GPL-3.0 +Portainer https://www.portainer.io Zlib +Hugo https://gohugo.io Apache 2.0 +OpenLDAP https://www.openldap.org MIT +Keycloak https://www.keycloak.org Apache 2.0 +Heimdall https://heimdall.site MIT +Forgejo https://forgejo.org MIT +Funkwhale https://funkwhale.audio GPL-3.0 +Ghost https://ghost.org MIT +Matrix https://matrix.org Apache 2.0 +Owncast https://owncast.online MIT +Peertube https://joinpeertube.org AGPL-3.0 +Pixelfed https://pixelfed.org AGPL-3.0 +Mastodon https://joinmastodon.org AGPL-3.0 +Plausible https://plausible.io MIT +Vaultwarden https://github.com/dani-garcia/vaultwarden AGPL-3.0 +Nextcloud https://nextcloud.com AGPL-3.0 diff --git a/btrfs b/btrfs new file mode 100644 index 0000000..ca4f8c3 --- /dev/null +++ b/btrfs @@ -0,0 +1,376 @@ +***BTRFS*** + +gdisk /dev/sda +*delete partitions with d* +n ++512M +ef00 +n +-100M + +mkfs.fat -F 32 /dev/sda1 +cryptsetup -y -v luksFormat /dev/sda2 +cryptsetup open /dev/sda2 crypt +mkfs.btrfs /dev/mapper/crypt +mount /dev/mapper/crypt /mnt + +cd /mnt +btrfs subvolume create @ +btrfs subvolume create @home +btrfs subvolume create @snapshots +btrfs subvolume create @var_log +btrfs subvolume create @swap + +cd +umount /mnt +mount -o noatime,compress=zstd,space_cache=v2,subvol=@ /dev/mapper/crypt /mnt +mkdir -p /mnt/{boot,home,.snapshots,var/log,swap} +mount -o noatime,compress=zstd,space_cache=v2,subvol=@home /dev/mapper/crypt /mnt/home +mount -o noatime,compress=zstd,space_cache=v2,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots +mount -o noatime,compress=zstd,space_cache=v2,subvol=@var_log /dev/mapper/crypt /mnt/var/log +mount -o noatime,subvol=@swap /dev/mapper/crypt /mnt/swap +mount /dev/sda1 /mnt/boot + +cd /mnt/swap +chattr +C /mnt/swap +dd if=/dev/zero of=./swapfile bs=1M count=24576 status=progress +chmod 0600 ./swapfile +mkswap -U clear ./swapfile +swapon ./swapfile + +cd +pacstrap /mnt base base-devel linux-hardened linux-firmware intel-ucode sudo vim nano git btrfs-progs dosfstools e2fsprogs exfat-utils smartmontools networkmanager dialog man-db man-pages texinfo os-prober + +genfstab -U /mnt >> /mnt/etc/fstab + +arch-chroot /mnt +ln -sf /usr/share/zoneinfo/UTC /etc/localtime + +hwclock --systohc +nano /etc/locale.gen +locale-gen +nano /etc/locale.conf +LANG=en_US.UTF-8 +nano /etc/hostname +*hostname* +passwd + +pacman -S grub efibootmgr +nano /etc/mkinitcpio.conf +*add btrfs to modules* +*HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)* +mkinitcpio -p linux-hardened +grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB +blkid /dev/sda2 +*UUID* +nano /etc/default/grub +*root=/dev/mapper/crypt cryptdevice=UUID=:crypt* +grub-mkconfig -o /boot/grub/grub.cfg + +pacman -Syu linux-hardened-headers dhcpcd openssh git sudo ntp nfs-utils rsync docker docker-compose + +sudo EDITOR=nano visudo +#uncomment wheel +useradd -m -G wheel -s /bin/bash +usermod -aG docker +passwd +systemctl enable dhcpcd.service +systemctl enable sshd +systemctl enable docker.service + + +**ZFS DKMS** + +curl -L https://archzfs.com/archzfs.gpg | pacman-key -a - +pacman-key --lsign-key $(curl -L https://git.io/JsfVS) +curl -L https://git.io/Jsfw2 > /etc/pacman.d/mirrorlist-archzfs + +*** +tee -a /etc/pacman.conf <<- 'EOF' + +#[archzfs-testing] +#Include = /etc/pacman.d/mirrorlist-archzfs + +[archzfs] +Include = /etc/pacman.d/mirrorlist-archzfs +EOF +*** + +pacman -Sy + +INST_LINVAR=linux-hardened +INST_LINVER=$(pacman -Qi ${INST_LINVAR} | grep Version | awk '{ print $3 }') + +*** +if [ "${INST_LINVER}" = \ +"$(pacman -Si ${INST_LINVAR}-headers | grep Version | awk '{ print $3 }')" ]; then + pacman -S --noconfirm --needed ${INST_LINVAR}-headers +else + pacman -U --noconfirm --needed \ + https://archive.archlinux.org/packages/l/${INST_LINVAR}-headers/${INST_LINVAR}-headers-${INST_LINVER}-x86_64.pkg.tar.zst +fi +*** + +pacman -Sy --needed --noconfirm zfs-dkms glibc + +sed -i 's/#IgnorePkg/IgnorePkg/' /etc/pacman.conf +sed -i "/^IgnorePkg/ s/$/ ${INST_LINVAR} ${INST_LINVAR}-headers/" /etc/pacman.conf + +exit +shutdown now + +**Login at console** +sudo systemctl enable sshd +sudo systemctl start sshd +ip addr + +ssh @ +modprobe zfs +zfs list +zpool list + +***UPDATE ZFS*** +INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }') +sudo pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc + +**SNAPPER** + +sudo pacman -S snapper +sudo umount /.snapshots +sudo rm -r /.snapshots +sudo snapper -c root create-config / +sudo btrfs subvolume list / +sudo btrfs subvolume delete /.snapshots +sudo mkdir /.snapshots +sudo mount -a +sudo chmod 750 /.snapshots + +sudo nano /etc/snapper/configs/root +*ALLOW_USERS=""* +**TIMELINE_MIN_AGE="1800" +TIMELINE_LIMIT_HOURLY="5" +TIMELINE_LIMIT_DAILY="7" +TIMELINE_LIMIT_WEEKLY="0" +TIMELINE_LIMIT_MONTHLY="0" +TIMELINE_LIMIT_YEARLY="0"** + +sudo systemctl enable --now snapper-timeline.timer +sudo systemctl enable --now snapper-cleanup.timer +**IF SSD** +*sudo systemctl enable fstrim.timer* + +git clone https://aur.archlinux.org/yay +cd yay +makepkg -si PKGBUILD +yay -S snap-pac-grub + +sudo nano /etc/mkinitcpio.conf +*add grub-btrfs-overlayfs to HOOKS* +sudo mkinitcpio -P +sudo rsync -a --delete /boot /.bootbackup +sudo mkdir /etc/pacman.d/hooks +sudo nano /etc/pacman.d/hooks/50-bootbackup.hook + +*** +[Trigger] +Operation = Upgrade +Operation = Install +Operation = Remove +Type = Path +Target = usr/lib/modules/*/vmlinuz + +[Action] +Depends = rsync +Description = Backing up /boot... +When = PostTransaction +Exec = /usr/bin/rsync -a --delete /boot /.bootbackup +*** + +sudo reboot +sudo snapper -c root create +snapper list +sudo snapper modify --d 'Clean BTRFS install with Snapper' + +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@ /dev/mapper/crypt /mnt +sudo mkdir -p /mnt/{boot,home,.snapshots,var/log,swap} +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@home /dev/mapper/crypt /mnt/home +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@var_log /dev/mapper/crypt /mnt/var/log +sudo mount -o noatime,subvol=@swap /dev/mapper/crypt /mnt/swap + +sudo pacman -S gdisk +sudo gdisk /dev/sdb +d +n +1 ++512M +n +-100M +w + +sudo btrfs device add -f /dev/sdb2 /mnt +sudo btrfs fi balance start -dconvert=raid1 -mconvert=raid1 /mnt/ + +**https://unix.stackexchange.com/questions/309184/btrfs-convert-raid0-to-raid1** +** TO REMOVE ** +btrfs balance start -f -sconvert=single -mconvert=single -dconvert=single +btrfs device remove +** +sudo snapper -c root create +snapper list +sudo snapper modify --d 'btrfs raid1' + +***ZFS*** + +sudo btrfs filesystem show +lsblk +ls /dev/disk/by-id/ + +sudo zpool create \ + -o ashift=13 \ + -o autoexpand=on \ + -O encryption=aes-256-gcm \ + -O keylocation=prompt \ + -O keyformat=passphrase \ + -m /zfs/tardis \ + tardis mirror \ + /dev/disk/by-id/scsi-35000c50056be1543 \ + /dev/disk/by-id/scsi-35000c5008512fac3 + + +sudo zpool set feature@encryption=enabled tardis +sudo zfs set compression=lz4 tardis +sudo zfs set atime=off tardis +sudo zfs set xattr=sa tardis + +# Do not enable this on my spinning disks. This is for SSD/NVMe +# zpool set autotrim=on tardis + +sudo zpool add tardis mirror \ + /dev/disk/by-id/scsi-35000c500576d5abf \ + /dev/disk/by-id/scsi-35000c500576d7fb3 + +sudo zpool add tardis mirror \ + /dev/disk/by-id/scsi-35000c500576d7ff7 \ + /dev/disk/by-id/scsi-35000c500576d8a93 + +sudo zpool status +sudo zpool status -x +sudo zpool get ashift +sudo zpool get autoexpand +sudo zpool get autotrim + +sudo zfs list +sudo zfs get encryption +sudo zfs get compression +sudo zfs get xattr + +sudo reboot +sudo zpool export tardis +sudo zpool import -l -d /dev/disk/by-id tardis +sudo zfs mount -a +sudo zpool set cachefile=/etc/zfs/zpool.cache + +sudo systemctl enable zfs.target +sudo systemctl enable zfs-import-cache.service +sudo systemctl enable zfs-mount.service +sudo systemctl enable zfs-import.target +sudo systemctl start zfs.target +sudo systemctl start zfs-import-cache.service +sudo systemctl start zfs-mount.service +sudo systemctl start zfs-import.target + +*CLIENT NTP* +sudo pacman -Syu openntpd +sudo nano /etc/ntpd.conf +*server ntp.example.org* +sudo ntpd -n + +*SERVER NTP* +sudo pacman -Syu openntpd +sudo nano /etc/ntpd.conf +listen on * +sudo ntpd -n + +sudo systemctl enable openntpd.service +sudo systemctl start openntpd.service + +*** UPDATE KERNEL/ZFS *** + +INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }') + +pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc + +*** IF DOWNGRADE NEEDED *** + +INST_LINVAR=linux-hardened + +DKMS_DATE=$(pacman -Syi zfs-dkms \ +| grep 'Build Date' \ +| sed 's/.*: //' \ +| LC_ALL=C xargs -i{} date -d {} -u +%Y/%m/%d) + +INST_LINVER=$(curl https://archive.archlinux.org/repos/${DKMS_DATE}/core/os/x86_64/ \ +| grep \"${INST_LINVAR}-'[0-9]' \ +| grep -v sig \ +| sed "s|.*$INST_LINVAR-||" \ +| sed "s|-x86_64.*||") + +pacman -U \ +https://archive.archlinux.org/packages/l/${INST_LINVAR}/${INST_LINVAR}-${INST_LINVER}-x86_64.pkg.tar.zst \ +https://archive.archlinux.org/packages/l/${INST_LINVAR}-headers/${INST_LINVAR}-headers-${INST_LINVER}-x86_64.pkg.tar.zst + + +**MAINTENENCE** + +sudo zpool scrub tardis +sudo zpool status + +sudo btrfs scrub start /dev/mapper/crypt +sudo btrfs scrub status /dev/mapper/crypt + +sudo docker stop $(docker ps -a -q) +sudo docker rm $(docker ps -a -q) +sudo docker container prune +sudo docker image prune +sudo docker volume prune +sudo docker system prune +sudo docker network create proxy +sudo docker-compose pull && docker-compose up -d + +sudo cryptsetup open /dev/sda2 crypt +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@ /dev/mapper/crypt /mnt +sudo mkdir -p /mnt/{boot,home,.snapshots,var/log,swap} +sudo mount /dev/sda1 /mnt/boot +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@home /dev/mapper/crypt /mnt/home +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@var_log /dev/mapper/crypt /mnt/var/log +sudo mount -o noatime,subvol=@swap /dev/mapper/crypt /mnt/swap + +sudo pacman -Syu + +INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }') + +sudo pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc + +sudo pacman -S grub efibootmgr +nano /etc/mkinitcpio.conf +*add btrfs to modules* +*HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)* +mkinitcpio -p linux-hardened +lblkid /dev/sda2 +*UUID* +nano /etc/default/grub +*root=/dev/mapper/crypt cryptdevice=UUID=:crypt* +grub-mkconfig -o /boot/grub/grub.cfg + +sudo zpool export tardis +sudo zpool import -l -d /dev/disk/by-id tardis +sudo zfs mount -a + +sudo rsync --info=progress2 -auvz + +server +sudo zfs set sharenfs="rw=@,no_root_squash" tardis +client +sudo mount :/zfs/tardis /zfspool diff --git a/hyprconf.txt b/hyprconf.txt new file mode 100644 index 0000000..d0b1386 --- /dev/null +++ b/hyprconf.txt @@ -0,0 +1 @@ +sudo nano /home/max/.config/hypr/hyprland.conf diff --git a/hyprwifi.txt b/hyprwifi.txt new file mode 100644 index 0000000..614ad35 --- /dev/null +++ b/hyprwifi.txt @@ -0,0 +1 @@ +nmtui diff --git a/logout.txt b/logout.txt new file mode 100644 index 0000000..05a8d9c --- /dev/null +++ b/logout.txt @@ -0,0 +1,3 @@ +qdbus org.kde.ksmserver /KSMServer logout 1 0 3 -KDE + +hyprctl dispatch exit 1 -hyprland diff --git a/monero.txt b/monero.txt new file mode 100644 index 0000000..855d081 --- /dev/null +++ b/monero.txt @@ -0,0 +1 @@ +sudo monero-wallet-gui #Lm1 diff --git a/rsync.txt b/rsync.txt new file mode 100644 index 0000000..7978248 --- /dev/null +++ b/rsync.txt @@ -0,0 +1 @@ +rsync -rvzh wtfserver@192.168.1.14:/rsync diff --git a/screen.txt b/screen.txt new file mode 100644 index 0000000..c26d0fe --- /dev/null +++ b/screen.txt @@ -0,0 +1,2 @@ +add to bashrc for screen: +[ -z "$STY" ] && screen -Rd "wtfxus" diff --git a/spotifyalbumart.txt b/spotifyalbumart.txt new file mode 100644 index 0000000..bc115ca --- /dev/null +++ b/spotifyalbumart.txt @@ -0,0 +1,17 @@ +Sinsations +https://open.spotify.com/album/5VK4bpWvPNA5VJGhJmW3DS?si=9OSaftzeRpifHiJuaSrpMg +https://open.spotify.com/oembed?url=https://open.spotify.com/album/5VK4bpWvPNA5VJGhJmW3DS?si=9OSaftzeRpifHiJuaSrpMg + +Nightmare +https://open.spotify.com/album/5Jt9mvfzA91rnlEl8r5Es7?si=eQYKrabjS4aa510_U7y67A +https://open.spotify.com/oembed?url=https://open.spotify.com/album/5Jt9mvfzA91rnlEl8r5Es7?si=eQYKrabjS4aa510_U7y67A + +Daydream +https://open.spotify.com/album/13XwFH5hJWgUVotEabNxrg?si=DOUMbE6SSHSKtUUp4u2JLg +https://open.spotify.com/oembed?url=https://open.spotify.com/album/13XwFH5hJWgUVotEabNxrg?si=DOUMbE6SSHSKtUUp4u2JLg + +Please Come Home +https://open.spotify.com/track/4BW6pn822VCsHcxykKhiD1?si=72cff04aaf6b4d14 +https://open.spotify.com/oembed?url=https://open.spotify.com/track/4BW6pn822VCsHcxykKhiD1?si=72cff04aaf6b4d14 + +https://open.spotify.com/oembed?url= diff --git a/update.txt b/update.txt new file mode 100644 index 0000000..965878e --- /dev/null +++ b/update.txt @@ -0,0 +1,4 @@ +INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }') +sudo pacman -Sy --needed --noconfirm ${INST_LINVAR} ${INST_LINVAR}-headers zfs-${INST_LINVAR} zfs-utils + +ctrl-a \ diff --git a/yt-dlp.txt b/yt-dlp.txt new file mode 100644 index 0000000..527b021 --- /dev/null +++ b/yt-dlp.txt @@ -0,0 +1,7 @@ +Best MP4: +yt-dlp --format "bv*[ext=mp4]+ba[ext=m4a]/b[ext=mp4]" "https://www.youtube.com/watch?v=oHg5SJYRHA0" +Best audio: +yt-dlp --extract-audio --audio-format mp3 --audio-quality 0 "https://www.youtube.com/watch?v=oHg5SJYRHA0" +Playlist: +yt-dlp --yes-playlist --format "bv*[ext=mp4]+ba[ext=m4a]/b[ext=mp4]" "https://www.youtube.com/watch?v=oHg5SJYRHA0" + diff --git a/yubi.txt b/yubi.txt new file mode 100644 index 0000000..9a4f216 --- /dev/null +++ b/yubi.txt @@ -0,0 +1,2 @@ +PWKL YXOR PBQZ OO2F 76JF LSNX X3SD FJUK BW +