diff --git a/btrfs.txt b/btrfs.txt new file mode 100644 index 0000000..ca4f8c3 --- /dev/null +++ b/btrfs.txt @@ -0,0 +1,376 @@ +***BTRFS*** + +gdisk /dev/sda +*delete partitions with d* +n ++512M +ef00 +n +-100M + +mkfs.fat -F 32 /dev/sda1 +cryptsetup -y -v luksFormat /dev/sda2 +cryptsetup open /dev/sda2 crypt +mkfs.btrfs /dev/mapper/crypt +mount /dev/mapper/crypt /mnt + +cd /mnt +btrfs subvolume create @ +btrfs subvolume create @home +btrfs subvolume create @snapshots +btrfs subvolume create @var_log +btrfs subvolume create @swap + +cd +umount /mnt +mount -o noatime,compress=zstd,space_cache=v2,subvol=@ /dev/mapper/crypt /mnt +mkdir -p /mnt/{boot,home,.snapshots,var/log,swap} +mount -o noatime,compress=zstd,space_cache=v2,subvol=@home /dev/mapper/crypt /mnt/home +mount -o noatime,compress=zstd,space_cache=v2,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots +mount -o noatime,compress=zstd,space_cache=v2,subvol=@var_log /dev/mapper/crypt /mnt/var/log +mount -o noatime,subvol=@swap /dev/mapper/crypt /mnt/swap +mount /dev/sda1 /mnt/boot + +cd /mnt/swap +chattr +C /mnt/swap +dd if=/dev/zero of=./swapfile bs=1M count=24576 status=progress +chmod 0600 ./swapfile +mkswap -U clear ./swapfile +swapon ./swapfile + +cd +pacstrap /mnt base base-devel linux-hardened linux-firmware intel-ucode sudo vim nano git btrfs-progs dosfstools e2fsprogs exfat-utils smartmontools networkmanager dialog man-db man-pages texinfo os-prober + +genfstab -U /mnt >> /mnt/etc/fstab + +arch-chroot /mnt +ln -sf /usr/share/zoneinfo/UTC /etc/localtime + +hwclock --systohc +nano /etc/locale.gen +locale-gen +nano /etc/locale.conf +LANG=en_US.UTF-8 +nano /etc/hostname +*hostname* +passwd + +pacman -S grub efibootmgr +nano /etc/mkinitcpio.conf +*add btrfs to modules* +*HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)* +mkinitcpio -p linux-hardened +grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB +blkid /dev/sda2 +*UUID* +nano /etc/default/grub +*root=/dev/mapper/crypt cryptdevice=UUID=:crypt* +grub-mkconfig -o /boot/grub/grub.cfg + +pacman -Syu linux-hardened-headers dhcpcd openssh git sudo ntp nfs-utils rsync docker docker-compose + +sudo EDITOR=nano visudo +#uncomment wheel +useradd -m -G wheel -s /bin/bash +usermod -aG docker +passwd +systemctl enable dhcpcd.service +systemctl enable sshd +systemctl enable docker.service + + +**ZFS DKMS** + +curl -L https://archzfs.com/archzfs.gpg | pacman-key -a - +pacman-key --lsign-key $(curl -L https://git.io/JsfVS) +curl -L https://git.io/Jsfw2 > /etc/pacman.d/mirrorlist-archzfs + +*** +tee -a /etc/pacman.conf <<- 'EOF' + +#[archzfs-testing] +#Include = /etc/pacman.d/mirrorlist-archzfs + +[archzfs] +Include = /etc/pacman.d/mirrorlist-archzfs +EOF +*** + +pacman -Sy + +INST_LINVAR=linux-hardened +INST_LINVER=$(pacman -Qi ${INST_LINVAR} | grep Version | awk '{ print $3 }') + +*** +if [ "${INST_LINVER}" = \ +"$(pacman -Si ${INST_LINVAR}-headers | grep Version | awk '{ print $3 }')" ]; then + pacman -S --noconfirm --needed ${INST_LINVAR}-headers +else + pacman -U --noconfirm --needed \ + https://archive.archlinux.org/packages/l/${INST_LINVAR}-headers/${INST_LINVAR}-headers-${INST_LINVER}-x86_64.pkg.tar.zst +fi +*** + +pacman -Sy --needed --noconfirm zfs-dkms glibc + +sed -i 's/#IgnorePkg/IgnorePkg/' /etc/pacman.conf +sed -i "/^IgnorePkg/ s/$/ ${INST_LINVAR} ${INST_LINVAR}-headers/" /etc/pacman.conf + +exit +shutdown now + +**Login at console** +sudo systemctl enable sshd +sudo systemctl start sshd +ip addr + +ssh @ +modprobe zfs +zfs list +zpool list + +***UPDATE ZFS*** +INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }') +sudo pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc + +**SNAPPER** + +sudo pacman -S snapper +sudo umount /.snapshots +sudo rm -r /.snapshots +sudo snapper -c root create-config / +sudo btrfs subvolume list / +sudo btrfs subvolume delete /.snapshots +sudo mkdir /.snapshots +sudo mount -a +sudo chmod 750 /.snapshots + +sudo nano /etc/snapper/configs/root +*ALLOW_USERS=""* +**TIMELINE_MIN_AGE="1800" +TIMELINE_LIMIT_HOURLY="5" +TIMELINE_LIMIT_DAILY="7" +TIMELINE_LIMIT_WEEKLY="0" +TIMELINE_LIMIT_MONTHLY="0" +TIMELINE_LIMIT_YEARLY="0"** + +sudo systemctl enable --now snapper-timeline.timer +sudo systemctl enable --now snapper-cleanup.timer +**IF SSD** +*sudo systemctl enable fstrim.timer* + +git clone https://aur.archlinux.org/yay +cd yay +makepkg -si PKGBUILD +yay -S snap-pac-grub + +sudo nano /etc/mkinitcpio.conf +*add grub-btrfs-overlayfs to HOOKS* +sudo mkinitcpio -P +sudo rsync -a --delete /boot /.bootbackup +sudo mkdir /etc/pacman.d/hooks +sudo nano /etc/pacman.d/hooks/50-bootbackup.hook + +*** +[Trigger] +Operation = Upgrade +Operation = Install +Operation = Remove +Type = Path +Target = usr/lib/modules/*/vmlinuz + +[Action] +Depends = rsync +Description = Backing up /boot... +When = PostTransaction +Exec = /usr/bin/rsync -a --delete /boot /.bootbackup +*** + +sudo reboot +sudo snapper -c root create +snapper list +sudo snapper modify --d 'Clean BTRFS install with Snapper' + +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@ /dev/mapper/crypt /mnt +sudo mkdir -p /mnt/{boot,home,.snapshots,var/log,swap} +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@home /dev/mapper/crypt /mnt/home +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@var_log /dev/mapper/crypt /mnt/var/log +sudo mount -o noatime,subvol=@swap /dev/mapper/crypt /mnt/swap + +sudo pacman -S gdisk +sudo gdisk /dev/sdb +d +n +1 ++512M +n +-100M +w + +sudo btrfs device add -f /dev/sdb2 /mnt +sudo btrfs fi balance start -dconvert=raid1 -mconvert=raid1 /mnt/ + +**https://unix.stackexchange.com/questions/309184/btrfs-convert-raid0-to-raid1** +** TO REMOVE ** +btrfs balance start -f -sconvert=single -mconvert=single -dconvert=single +btrfs device remove +** +sudo snapper -c root create +snapper list +sudo snapper modify --d 'btrfs raid1' + +***ZFS*** + +sudo btrfs filesystem show +lsblk +ls /dev/disk/by-id/ + +sudo zpool create \ + -o ashift=13 \ + -o autoexpand=on \ + -O encryption=aes-256-gcm \ + -O keylocation=prompt \ + -O keyformat=passphrase \ + -m /zfs/tardis \ + tardis mirror \ + /dev/disk/by-id/scsi-35000c50056be1543 \ + /dev/disk/by-id/scsi-35000c5008512fac3 + + +sudo zpool set feature@encryption=enabled tardis +sudo zfs set compression=lz4 tardis +sudo zfs set atime=off tardis +sudo zfs set xattr=sa tardis + +# Do not enable this on my spinning disks. This is for SSD/NVMe +# zpool set autotrim=on tardis + +sudo zpool add tardis mirror \ + /dev/disk/by-id/scsi-35000c500576d5abf \ + /dev/disk/by-id/scsi-35000c500576d7fb3 + +sudo zpool add tardis mirror \ + /dev/disk/by-id/scsi-35000c500576d7ff7 \ + /dev/disk/by-id/scsi-35000c500576d8a93 + +sudo zpool status +sudo zpool status -x +sudo zpool get ashift +sudo zpool get autoexpand +sudo zpool get autotrim + +sudo zfs list +sudo zfs get encryption +sudo zfs get compression +sudo zfs get xattr + +sudo reboot +sudo zpool export tardis +sudo zpool import -l -d /dev/disk/by-id tardis +sudo zfs mount -a +sudo zpool set cachefile=/etc/zfs/zpool.cache + +sudo systemctl enable zfs.target +sudo systemctl enable zfs-import-cache.service +sudo systemctl enable zfs-mount.service +sudo systemctl enable zfs-import.target +sudo systemctl start zfs.target +sudo systemctl start zfs-import-cache.service +sudo systemctl start zfs-mount.service +sudo systemctl start zfs-import.target + +*CLIENT NTP* +sudo pacman -Syu openntpd +sudo nano /etc/ntpd.conf +*server ntp.example.org* +sudo ntpd -n + +*SERVER NTP* +sudo pacman -Syu openntpd +sudo nano /etc/ntpd.conf +listen on * +sudo ntpd -n + +sudo systemctl enable openntpd.service +sudo systemctl start openntpd.service + +*** UPDATE KERNEL/ZFS *** + +INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }') + +pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc + +*** IF DOWNGRADE NEEDED *** + +INST_LINVAR=linux-hardened + +DKMS_DATE=$(pacman -Syi zfs-dkms \ +| grep 'Build Date' \ +| sed 's/.*: //' \ +| LC_ALL=C xargs -i{} date -d {} -u +%Y/%m/%d) + +INST_LINVER=$(curl https://archive.archlinux.org/repos/${DKMS_DATE}/core/os/x86_64/ \ +| grep \"${INST_LINVAR}-'[0-9]' \ +| grep -v sig \ +| sed "s|.*$INST_LINVAR-||" \ +| sed "s|-x86_64.*||") + +pacman -U \ +https://archive.archlinux.org/packages/l/${INST_LINVAR}/${INST_LINVAR}-${INST_LINVER}-x86_64.pkg.tar.zst \ +https://archive.archlinux.org/packages/l/${INST_LINVAR}-headers/${INST_LINVAR}-headers-${INST_LINVER}-x86_64.pkg.tar.zst + + +**MAINTENENCE** + +sudo zpool scrub tardis +sudo zpool status + +sudo btrfs scrub start /dev/mapper/crypt +sudo btrfs scrub status /dev/mapper/crypt + +sudo docker stop $(docker ps -a -q) +sudo docker rm $(docker ps -a -q) +sudo docker container prune +sudo docker image prune +sudo docker volume prune +sudo docker system prune +sudo docker network create proxy +sudo docker-compose pull && docker-compose up -d + +sudo cryptsetup open /dev/sda2 crypt +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@ /dev/mapper/crypt /mnt +sudo mkdir -p /mnt/{boot,home,.snapshots,var/log,swap} +sudo mount /dev/sda1 /mnt/boot +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@home /dev/mapper/crypt /mnt/home +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots +sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@var_log /dev/mapper/crypt /mnt/var/log +sudo mount -o noatime,subvol=@swap /dev/mapper/crypt /mnt/swap + +sudo pacman -Syu + +INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }') + +sudo pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc + +sudo pacman -S grub efibootmgr +nano /etc/mkinitcpio.conf +*add btrfs to modules* +*HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)* +mkinitcpio -p linux-hardened +lblkid /dev/sda2 +*UUID* +nano /etc/default/grub +*root=/dev/mapper/crypt cryptdevice=UUID=:crypt* +grub-mkconfig -o /boot/grub/grub.cfg + +sudo zpool export tardis +sudo zpool import -l -d /dev/disk/by-id tardis +sudo zfs mount -a + +sudo rsync --info=progress2 -auvz + +server +sudo zfs set sharenfs="rw=@,no_root_squash" tardis +client +sudo mount :/zfs/tardis /zfspool diff --git a/rsync.txt b/rsync.txt index 7978248..ebba45f 100644 --- a/rsync.txt +++ b/rsync.txt @@ -1 +1 @@ -rsync -rvzh wtfserver@192.168.1.14:/rsync +rsync -rvzh @:/rsync