max
/
txt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

g

Browse Source 
D::
:wq
:wq
`
D
D
D
D
D
D
D
D
D
D
D
D
C
C
C
C
C
C
C
C
main
max 1 month ago
parent 5545079117
commit 4f7c3a5140
3 changed files with 360 additions and 28 deletions
Show Stats Download Patch File Download Diff File

35
btrfs
Unescape View File

@ -7,6 +7,7 @@ n
ef00
n
-100M
w
mkfs.fat -F 32 /dev/sda1
cryptsetup -y -v luksFormat /dev/sda2
@ -81,36 +82,14 @@ systemctl enable docker.service
**ZFS DKMS**
curl -L https://archzfs.com/archzfs.gpg | pacman-key -a -
pacman-key --lsign-key $(curl -L https://git.io/JsfVS)
curl -L https://git.io/Jsfw2 > /etc/pacman.d/mirrorlist-archzfs
***
tee -a /etc/pacman.conf <<- 'EOF'
#[archzfs-testing]
#Include = /etc/pacman.d/mirrorlist-archzfs
nano /etc/pacman.conf
**
[archzfs]
Include = /etc/pacman.d/mirrorlist-archzfs
EOF
***
pacman -Sy
INST_LINVAR=linux-hardened
INST_LINVER=$(pacman -Qi ${INST_LINVAR} | grep Version | awk '{ print $3 }')
***
if [ "${INST_LINVER}" = \
"$(pacman -Si ${INST_LINVAR}-headers | grep Version | awk '{ print $3 }')" ]; then
pacman -S --noconfirm --needed ${INST_LINVAR}-headers
else
pacman -U --noconfirm --needed \
https://archive.archlinux.org/packages/l/${INST_LINVAR}-headers/${INST_LINVAR}-headers-${INST_LINVER}-x86_64.pkg.tar.zst
fi
***
Server = https://archzfs.com/$repo/$arch
**
pacman-key -r DDF7DB817396A49B2A2723F7403BD972F75D9D76
pacman-key --lsign-key DDF7DB817396A49B2A2723F7403BD972F75D9D76
pacman -Sy --needed --noconfirm zfs-dkms glibc
sed -i 's/#IgnorePkg/IgnorePkg/' /etc/pacman.conf

352
btrfsnu
Unescape View File

@ -0,0 +1,352 @@
***BTRFS***
gdisk /dev/sda
*delete partitions with d*
o
n
+512M
ef00
n
-100M
w
cryptsetup -y -v luksFormat /dev/sda2
cryptsetup open /dev/sda2 crypt
mkfs.vfat -F32 -n EFI /dev/sda1
mkfs.btrfs -L ROOT /dev/mapper/crypt
mount /dev/mapper/crypt /mnt
cd /mnt
btrfs subvolume create @
btrfs subvolume create @home
btrfs subvolume create @snapshots
btrfs subvolume create @pkg
btrfs subvolume create @swap
cd
umount /mnt
mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@ /dev/mapper/crypt /mnt
mkdir -p /mnt/{boot,home,var/cache/pacman/pkg,.snapshots,btrfs}
mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@home /dev/mapper/crypt /mnt/home
mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@pkg /dev/mapper/crypt /mnt/var/cache/pacman/pkg
mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots
mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvolid=5 /dev/mapper/crypt /mnt/btrfs
mount /dev/sda1 /mnt/boot
cd /mnt/btrfs/@swap
truncate -s 0 ./swapfile
chattr +C ./swapfile
btrfs property set ./swapfile compression none
dd if=/dev/zero of=./swapfile bs=1M count=<FILE-SIZE-IN-MiB> status=progress
chmod 600 ./swapfile
mkswap ./swapfile
swapon ./swapfile
cd -
pacstrap /mnt base base-devel linux-hardened linux-firmware intel-ucode sudo vim nano git btrfs-progs dosfstools e2fsprogs exfat-utils smartmontools networkmanager dialog man-db man-pages texinfo os-prober
genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
hwclock --systohc
nano /etc/locale.gen
locale-gen
nano /etc/locale.conf
LANG=en_US.UTF-8
nano /etc/hostname
*hostname*
passwd
nano /etc/mkinitcpio.conf
HOOKS=(base keyboard udev autodetect modconf block keymap encrypt btrfs filesystems resume)
mkinitcpio -p linux-hardened
bootctl --path=/boot install
btrfs inspect-internal map-swapfile -r /swap/swapfile
blkid -s UUID -o value /dev/sda2
btrfs inspect-internal map-swapfile -r /btrfs/\@swap/swapfile
nano /boot/loader/entries/arch.conf
**
title Arch Linux
linux /vmlinuz-linux-hardened
initrd /intel-ucode.img
initrd /initramfs-linux-hardened.img
options cryptdevice=UUID=<UUID-OF-ROOT-PARTITION>:crypt:allow-discards root=/dev/mapper/crypt rootflags=subvol=@ rd.luks.options=discard rw resume=/dev/mapper/crypt resume_offset=<YOUR-OFFSET>
**
pacman -Syu linux-hardened-headers dhcpcd openssh git sudo ntp nfs-utils rsync docker docker-compose
sudo EDITOR=nano visudo
#uncomment wheel
useradd -m -G wheel -s /bin/bash <username>
usermod -aG docker <user>
passwd <username>
systemctl enable dhcpcd.service
systemctl enable sshd
systemctl enable docker.service
**ZFS DKMS**
nano /etc/pacman.conf
**
[archzfs]
Server = https://archzfs.com/$repo/$arch
**
pacman-key -r DDF7DB817396A49B2A2723F7403BD972F75D9D76
pacman-key --lsign-key DDF7DB817396A49B2A2723F7403BD972F75D9D76
pacman -Sy --needed --noconfirm zfs-dkms glibc
INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }')
sed -i 's/#IgnorePkg/IgnorePkg/' /etc/pacman.conf
sed -i "/^IgnorePkg/ s/$/ ${INST_LINVAR} ${INST_LINVAR}-headers/" /etc/pacman.conf
exit
shutdown now
**Login at console**
sudo systemctl enable sshd
sudo systemctl start sshd
ip addr
ssh <username>@<ip>
modprobe zfs
zfs list
zpool list
***UPDATE ZFS***
INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }')
sudo pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc
**SNAPPER**
sudo pacman -S snapper
sudo umount /.snapshots
sudo rm -r /.snapshots
sudo snapper -c root create-config /
sudo btrfs subvolume list /
sudo btrfs subvolume delete /.snapshots
sudo mkdir /.snapshots
sudo mount -a
sudo chmod 750 /.snapshots
sudo nano /etc/snapper/configs/root
*ALLOW_USERS="<username>"*
**TIMELINE_MIN_AGE="1800"
TIMELINE_LIMIT_HOURLY="5"
TIMELINE_LIMIT_DAILY="7"
TIMELINE_LIMIT_WEEKLY="0"
TIMELINE_LIMIT_MONTHLY="0"
TIMELINE_LIMIT_YEARLY="0"**
sudo systemctl enable --now snapper-timeline.timer
sudo systemctl enable --now snapper-cleanup.timer
**IF SSD**
*sudo systemctl enable fstrim.timer*
git clone https://aur.archlinux.org/yay
cd yay
makepkg -si PKGBUILD
sudo reboot
sudo snapper -c root create
snapper list
sudo snapper modify --d 'Clean BTRFS install with Snapper' <snapshot number>
mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@ /dev/mapper/crypt /mnt
mkdir -p /mnt/{boot,home,var/cache/pacman/pkg,.snapshots,btrfs}
mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@home /dev/mapper/crypt /mnt/home
mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@pkg /dev/mapper/crypt /mnt/var/cache/pacman/pkg
mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots
mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvolid=5 /dev/mapper/crypt /mnt/btrfs
sudo pacman -S gdisk
sudo gdisk /dev/sdb
d
n
1
+512M
n
-100M
w
sudo btrfs device add -f /dev/sdb2 /mnt
sudo btrfs fi balance start -dconvert=raid1 -mconvert=raid1 /mnt/
**https://unix.stackexchange.com/questions/309184/btrfs-convert-raid0-to-raid1**
** TO REMOVE **
btrfs balance start -f -sconvert=single -mconvert=single -dconvert=single <mount>
btrfs device remove <drive> <mount>
**
sudo snapper -c root create
snapper list
sudo snapper modify --d 'btrfs raid1' <snapshot number>
***ZFS***
sudo btrfs filesystem show
lsblk
ls /dev/disk/by-id/
sudo zpool create \
-o ashift=13 \
-o autoexpand=on \
-O encryption=aes-256-gcm \
-O keylocation=prompt \
-O keyformat=passphrase \
-m /zfs/tardis \
tardis mirror \
/dev/disk/by-id/scsi-35000c50056be1543 \
/dev/disk/by-id/scsi-35000c5008512fac3
sudo zpool set feature@encryption=enabled tardis
sudo zfs set compression=lz4 tardis
sudo zfs set atime=off tardis
sudo zfs set xattr=sa tardis
# Do not enable this on my spinning disks. This is for SSD/NVMe
# zpool set autotrim=on tardis
sudo zpool add tardis mirror \
/dev/disk/by-id/scsi-35000c500576d5abf \
/dev/disk/by-id/scsi-35000c500576d7fb3
sudo zpool add tardis mirror \
/dev/disk/by-id/scsi-35000c500576d7ff7 \
/dev/disk/by-id/scsi-35000c500576d8a93
sudo zpool status
sudo zpool status -x
sudo zpool get ashift
sudo zpool get autoexpand
sudo zpool get autotrim
sudo zfs list
sudo zfs get encryption
sudo zfs get compression
sudo zfs get xattr
sudo reboot
sudo zpool export tardis
sudo zpool import -l -d /dev/disk/by-id tardis
sudo zfs mount -a
sudo mkdir /etc/zfs/zfs-list.cache
ln -s /usr/lib/zfs/zed.d/history_event-zfs-list-cacher.sh /etc/zfs/zed.d
sudo systemctl enable zfs.target
sudo systemctl enable zfs-import-cache.service
sudo systemctl enable zfs-mount.service
sudo systemctl enable zfs-import.target
sudo systemctl enable zfs-zed.service
sudo systemctl start zfs.target
sudo systemctl start zfs-import-cache.service
sudo systemctl start zfs-mount.service
sudo systemctl start zfs-import.target
sudo systemctl start zfs-zed.service
sudo touch /etc/zfs/zfs-list.cache/<pool-name>
sudo zfs set canmount=off
sudo zfs set canmount=on
sudo cat /etc/zfs/zfs-list.cache/<pool-name>
sudo zpool set cachefile=/etc/zfs/zpool.cache <pool>
*CLIENT NTP*
sudo pacman -Syu openntpd
sudo nano /etc/ntpd.conf
*server ntp.example.org*
sudo ntpd -n
*SERVER NTP*
sudo pacman -Syu openntpd
sudo nano /etc/ntpd.conf
listen on *
sudo ntpd -n
sudo systemctl enable openntpd.service
sudo systemctl start openntpd.service
*** UPDATE KERNEL/ZFS ***
INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }')
pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc
*** IF DOWNGRADE NEEDED ***
INST_LINVAR=linux-hardened
DKMS_DATE=$(pacman -Syi zfs-dkms \
| grep 'Build Date' \
| sed 's/.*: //' \
| LC_ALL=C xargs -i{} date -d {} -u +%Y/%m/%d)
INST_LINVER=$(curl https://archive.archlinux.org/repos/${DKMS_DATE}/core/os/x86_64/ \
| grep \"${INST_LINVAR}-'[0-9]' \
| grep -v sig \
| sed "s|.*$INST_LINVAR-||" \
| sed "s|-x86_64.*||")
pacman -U \
https://archive.archlinux.org/packages/l/${INST_LINVAR}/${INST_LINVAR}-${INST_LINVER}-x86_64.pkg.tar.zst \
https://archive.archlinux.org/packages/l/${INST_LINVAR}-headers/${INST_LINVAR}-headers-${INST_LINVER}-x86_64.pkg.tar.zst
**MAINTENENCE**
sudo zpool scrub tardis
sudo zpool status
sudo btrfs scrub start /dev/mapper/crypt
sudo btrfs scrub status /dev/mapper/crypt
sudo docker stop $(docker ps -a -q)
sudo docker rm $(docker ps -a -q)
sudo docker container prune
sudo docker image prune
sudo docker volume prune
sudo docker system prune
sudo docker network create proxy
sudo docker-compose pull && docker-compose up -d
sudo cryptsetup open /dev/sda2 crypt
sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@ /dev/mapper/crypt /mnt
sudo mkdir -p /mnt/{boot,home,.snapshots,var/log,swap}
sudo mount /dev/sda1 /mnt/boot
sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@home /dev/mapper/crypt /mnt/home
sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots
sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@var_log /dev/mapper/crypt /mnt/var/log
sudo mount -o noatime,subvol=@swap /dev/mapper/crypt /mnt/swap
sudo pacman -Syu
INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }')
sudo pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc
sudo pacman -S grub efibootmgr
nano /etc/mkinitcpio.conf
*add btrfs to modules*
*HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)*
mkinitcpio -p linux-hardened
lblkid /dev/sda2
*UUID*
nano /etc/default/grub
*root=/dev/mapper/crypt cryptdevice=UUID=<UUID>:crypt*
grub-mkconfig -o /boot/grub/grub.cfg
sudo zpool export tardis
sudo zpool import -l -d /dev/disk/by-id tardis
sudo zfs mount -a
sudo rsync --info=progress2 -auvz <target> <destination>
server
sudo zfs set sharenfs="rw=@<ip>,no_root_squash" tardis
client
sudo mount <ip>:/zfs/tardis /zfspool

1
daddywifi
Unescape View File

@ -0,0 +1 @@
tabarnakClent1
Write Preview
Loading…
Cancel
Save