From 4f7c3a5140f40b8627787de99d0eb91042f3fc30 Mon Sep 17 00:00:00 2001 From: max Date: Thu, 14 Mar 2024 16:14:57 +0000 Subject: [PATCH] g D:: :wq :wq ` D D D D D D D D D D D D C C C C C C C C --- btrfs | 35 ++---- btrfsnu | 352 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ daddywifi | 1 + 3 files changed, 360 insertions(+), 28 deletions(-) create mode 100644 btrfsnu create mode 100644 daddywifi diff --git a/btrfs b/btrfs index ca4f8c3..222b62a 100644 --- a/btrfs +++ b/btrfs @@ -7,6 +7,7 @@ n ef00 n -100M +w mkfs.fat -F 32 /dev/sda1 cryptsetup -y -v luksFormat /dev/sda2 @@ -81,36 +82,14 @@ systemctl enable docker.service **ZFS DKMS** -curl -L https://archzfs.com/archzfs.gpg | pacman-key -a - -pacman-key --lsign-key $(curl -L https://git.io/JsfVS) -curl -L https://git.io/Jsfw2 > /etc/pacman.d/mirrorlist-archzfs - -*** -tee -a /etc/pacman.conf <<- 'EOF' - -#[archzfs-testing] -#Include = /etc/pacman.d/mirrorlist-archzfs - +nano /etc/pacman.conf +** [archzfs] -Include = /etc/pacman.d/mirrorlist-archzfs -EOF -*** - -pacman -Sy - -INST_LINVAR=linux-hardened -INST_LINVER=$(pacman -Qi ${INST_LINVAR} | grep Version | awk '{ print $3 }') - -*** -if [ "${INST_LINVER}" = \ -"$(pacman -Si ${INST_LINVAR}-headers | grep Version | awk '{ print $3 }')" ]; then - pacman -S --noconfirm --needed ${INST_LINVAR}-headers -else - pacman -U --noconfirm --needed \ - https://archive.archlinux.org/packages/l/${INST_LINVAR}-headers/${INST_LINVAR}-headers-${INST_LINVER}-x86_64.pkg.tar.zst -fi -*** +Server = https://archzfs.com/$repo/$arch +** +pacman-key -r DDF7DB817396A49B2A2723F7403BD972F75D9D76 +pacman-key --lsign-key DDF7DB817396A49B2A2723F7403BD972F75D9D76 pacman -Sy --needed --noconfirm zfs-dkms glibc sed -i 's/#IgnorePkg/IgnorePkg/' /etc/pacman.conf diff --git a/btrfsnu b/btrfsnu new file mode 100644 index 0000000..ad2ef9b --- /dev/null +++ b/btrfsnu @@ -0,0 +1,352 @@ +***BTRFS*** + +gdisk /dev/sda +*delete partitions with d* +o +n ++512M +ef00 +n +-100M +w + +cryptsetup -y -v luksFormat /dev/sda2 +cryptsetup open /dev/sda2 crypt +mkfs.vfat -F32 -n EFI /dev/sda1 +mkfs.btrfs -L ROOT /dev/mapper/crypt +mount /dev/mapper/crypt /mnt + +cd /mnt +btrfs subvolume create @ +btrfs subvolume create @home +btrfs subvolume create @snapshots +btrfs subvolume create @pkg +btrfs subvolume create @swap +cd +umount /mnt + +mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@ /dev/mapper/crypt /mnt +mkdir -p /mnt/{boot,home,var/cache/pacman/pkg,.snapshots,btrfs} +mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@home /dev/mapper/crypt /mnt/home +mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@pkg /dev/mapper/crypt /mnt/var/cache/pacman/pkg +mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots +mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvolid=5 /dev/mapper/crypt /mnt/btrfs +mount /dev/sda1 /mnt/boot + +cd /mnt/btrfs/@swap +truncate -s 0 ./swapfile +chattr +C ./swapfile +btrfs property set ./swapfile compression none +dd if=/dev/zero of=./swapfile bs=1M count= status=progress +chmod 600 ./swapfile +mkswap ./swapfile +swapon ./swapfile +cd - + +pacstrap /mnt base base-devel linux-hardened linux-firmware intel-ucode sudo vim nano git btrfs-progs dosfstools e2fsprogs exfat-utils smartmontools networkmanager dialog man-db man-pages texinfo os-prober + +genfstab -U /mnt >> /mnt/etc/fstab + +arch-chroot /mnt +ln -sf /usr/share/zoneinfo/UTC /etc/localtime + +hwclock --systohc +nano /etc/locale.gen +locale-gen +nano /etc/locale.conf +LANG=en_US.UTF-8 +nano /etc/hostname +*hostname* +passwd + +nano /etc/mkinitcpio.conf +HOOKS=(base keyboard udev autodetect modconf block keymap encrypt btrfs filesystems resume) +mkinitcpio -p linux-hardened + +bootctl --path=/boot install +btrfs inspect-internal map-swapfile -r /swap/swapfile +blkid -s UUID -o value /dev/sda2 +btrfs inspect-internal map-swapfile -r /btrfs/\@swap/swapfile +nano /boot/loader/entries/arch.conf + +** +title Arch Linux +linux /vmlinuz-linux-hardened +initrd /intel-ucode.img +initrd /initramfs-linux-hardened.img +options cryptdevice=UUID=:crypt:allow-discards root=/dev/mapper/crypt rootflags=subvol=@ rd.luks.options=discard rw resume=/dev/mapper/crypt resume_offset= +** + +pacman -Syu linux-hardened-headers dhcpcd openssh git sudo ntp nfs-utils rsync docker docker-compose + +sudo EDITOR=nano visudo +#uncomment wheel +useradd -m -G wheel -s /bin/bash +usermod -aG docker +passwd +systemctl enable dhcpcd.service +systemctl enable sshd +systemctl enable docker.service + + +**ZFS DKMS** + +nano /etc/pacman.conf + +** +[archzfs] +Server = https://archzfs.com/$repo/$arch +** + +pacman-key -r DDF7DB817396A49B2A2723F7403BD972F75D9D76 +pacman-key --lsign-key DDF7DB817396A49B2A2723F7403BD972F75D9D76 +pacman -Sy --needed --noconfirm zfs-dkms glibc + +INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }') +sed -i 's/#IgnorePkg/IgnorePkg/' /etc/pacman.conf +sed -i "/^IgnorePkg/ s/$/ ${INST_LINVAR} ${INST_LINVAR}-headers/" /etc/pacman.conf + +exit +shutdown now + +**Login at console** +sudo systemctl enable sshd +sudo systemctl start sshd +ip addr + +ssh @ +modprobe zfs +zfs list +zpool list + +***UPDATE ZFS*** +INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }') +sudo pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc + +**SNAPPER** + +sudo pacman -S snapper +sudo umount /.snapshots +sudo rm -r /.snapshots +sudo snapper -c root create-config / +sudo btrfs subvolume list / +sudo btrfs subvolume delete /.snapshots +sudo mkdir /.snapshots +sudo mount -a +sudo chmod 750 /.snapshots + +sudo nano /etc/snapper/configs/root +*ALLOW_USERS=""* +**TIMELINE_MIN_AGE="1800" +TIMELINE_LIMIT_HOURLY="5" +TIMELINE_LIMIT_DAILY="7" +TIMELINE_LIMIT_WEEKLY="0" +TIMELINE_LIMIT_MONTHLY="0" +TIMELINE_LIMIT_YEARLY="0"** + +sudo systemctl enable --now snapper-timeline.timer +sudo systemctl enable --now snapper-cleanup.timer +**IF SSD** +*sudo systemctl enable fstrim.timer* + +git clone https://aur.archlinux.org/yay +cd yay +makepkg -si PKGBUILD + +sudo reboot +sudo snapper -c root create +snapper list +sudo snapper modify --d 'Clean BTRFS install with Snapper' + +mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@ /dev/mapper/crypt /mnt +mkdir -p /mnt/{boot,home,var/cache/pacman/pkg,.snapshots,btrfs} +mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@home /dev/mapper/crypt /mnt/home +mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@pkg /dev/mapper/crypt /mnt/var/cache/pacman/pkg +mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots +mount -o noatime,nodiratime,compress=zstd,space_cache=v2,ssd,subvolid=5 /dev/mapper/crypt /mnt/btrfs + +sudo pacman -S gdisk +sudo gdisk /dev/sdb +d +n +1 ++512M +n +-100M +w + +sudo btrfs device add -f /dev/sdb2 /mnt +sudo btrfs fi balance start -dconvert=raid1 -mconvert=raid1 /mnt/ + +**https://unix.stackexchange.com/questions/309184/btrfs-convert-raid0-to-raid1** +** TO REMOVE ** +btrfs balance start -f -sconvert=single -mconvert=single -dconvert=single +btrfs device remove +** +sudo snapper -c root create +snapper list +sudo snapper modify --d 'btrfs raid1' + +***ZFS*** + +sudo btrfs filesystem show +lsblk +ls /dev/disk/by-id/ + +sudo zpool create \ + -o ashift=13 \ + -o autoexpand=on \ + -O encryption=aes-256-gcm \ + -O keylocation=prompt \ + -O keyformat=passphrase \ + -m /zfs/tardis \ + tardis mirror \ + /dev/disk/by-id/scsi-35000c50056be1543 \ + /dev/disk/by-id/scsi-35000c5008512fac3 + + +sudo zpool set feature@encryption=enabled tardis +sudo zfs set compression=lz4 tardis +sudo zfs set atime=off tardis +sudo zfs set xattr=sa tardis + +# Do not enable this on my spinning disks. This is for SSD/NVMe +# zpool set autotrim=on tardis + +sudo zpool add tardis mirror \ + /dev/disk/by-id/scsi-35000c500576d5abf \ + /dev/disk/by-id/scsi-35000c500576d7fb3 + +sudo zpool add tardis mirror \ + /dev/disk/by-id/scsi-35000c500576d7ff7 \ + /dev/disk/by-id/scsi-35000c500576d8a93 + +sudo zpool status +sudo zpool status -x +sudo zpool get ashift +sudo zpool get autoexpand +sudo zpool get autotrim + +sudo zfs list +sudo zfs get encryption +sudo zfs get compression +sudo zfs get xattr + +sudo reboot +sudo zpool export tardis +sudo zpool import -l -d /dev/disk/by-id tardis +sudo zfs mount -a +sudo mkdir /etc/zfs/zfs-list.cache +ln -s /usr/lib/zfs/zed.d/history_event-zfs-list-cacher.sh /etc/zfs/zed.d + +sudo systemctl enable zfs.target +sudo systemctl enable zfs-import-cache.service +sudo systemctl enable zfs-mount.service +sudo systemctl enable zfs-import.target +sudo systemctl enable zfs-zed.service +sudo systemctl start zfs.target +sudo systemctl start zfs-import-cache.service +sudo systemctl start zfs-mount.service +sudo systemctl start zfs-import.target +sudo systemctl start zfs-zed.service + +sudo touch /etc/zfs/zfs-list.cache/ +sudo zfs set canmount=off +sudo zfs set canmount=on +sudo cat /etc/zfs/zfs-list.cache/ +sudo zpool set cachefile=/etc/zfs/zpool.cache + +*CLIENT NTP* +sudo pacman -Syu openntpd +sudo nano /etc/ntpd.conf +*server ntp.example.org* +sudo ntpd -n + +*SERVER NTP* +sudo pacman -Syu openntpd +sudo nano /etc/ntpd.conf +listen on * +sudo ntpd -n + +sudo systemctl enable openntpd.service +sudo systemctl start openntpd.service + +*** UPDATE KERNEL/ZFS *** + +INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }') + +pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc + +*** IF DOWNGRADE NEEDED *** + +INST_LINVAR=linux-hardened + +DKMS_DATE=$(pacman -Syi zfs-dkms \ +| grep 'Build Date' \ +| sed 's/.*: //' \ +| LC_ALL=C xargs -i{} date -d {} -u +%Y/%m/%d) + +INST_LINVER=$(curl https://archive.archlinux.org/repos/${DKMS_DATE}/core/os/x86_64/ \ +| grep \"${INST_LINVAR}-'[0-9]' \ +| grep -v sig \ +| sed "s|.*$INST_LINVAR-||" \ +| sed "s|-x86_64.*||") + +pacman -U \ +https://archive.archlinux.org/packages/l/${INST_LINVAR}/${INST_LINVAR}-${INST_LINVER}-x86_64.pkg.tar.zst \ +https://archive.archlinux.org/packages/l/${INST_LINVAR}-headers/${INST_LINVAR}-headers-${INST_LINVER}-x86_64.pkg.tar.zst + + +**MAINTENENCE** + +sudo zpool scrub tardis +sudo zpool status + +sudo btrfs scrub start /dev/mapper/crypt +sudo btrfs scrub status /dev/mapper/crypt + +sudo docker stop $(docker ps -a -q) +sudo docker rm $(docker ps -a -q) +sudo docker container prune +sudo docker image prune +sudo docker volume prune +sudo docker system prune +sudo docker network create proxy +sudo docker-compose pull && docker-compose up -d + +sudo cryptsetup open /dev/sda2 crypt +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@ /dev/mapper/crypt /mnt +sudo mkdir -p /mnt/{boot,home,.snapshots,var/log,swap} +sudo mount /dev/sda1 /mnt/boot +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@home /dev/mapper/crypt /mnt/home +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@var_log /dev/mapper/crypt /mnt/var/log +sudo mount -o noatime,subvol=@swap /dev/mapper/crypt /mnt/swap + +sudo pacman -Syu + +INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }') + +sudo pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc + +sudo pacman -S grub efibootmgr +nano /etc/mkinitcpio.conf +*add btrfs to modules* +*HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)* +mkinitcpio -p linux-hardened +lblkid /dev/sda2 +*UUID* +nano /etc/default/grub +*root=/dev/mapper/crypt cryptdevice=UUID=:crypt* +grub-mkconfig -o /boot/grub/grub.cfg + +sudo zpool export tardis +sudo zpool import -l -d /dev/disk/by-id tardis +sudo zfs mount -a + +sudo rsync --info=progress2 -auvz + +server +sudo zfs set sharenfs="rw=@,no_root_squash" tardis +client +sudo mount :/zfs/tardis /zfspool diff --git a/daddywifi b/daddywifi new file mode 100644 index 0000000..889cbd1 --- /dev/null +++ b/daddywifi @@ -0,0 +1 @@ +tabarnakClent1