***BTRFS***

gdisk /dev/sda
*delete partitions with d*
n
+512M
ef00
n
-100M
w

mkfs.fat -F 32 /dev/sda1
cryptsetup -y -v luksFormat /dev/sda2
cryptsetup open /dev/sda2 crypt
mkfs.btrfs /dev/mapper/crypt
mount /dev/mapper/crypt /mnt

cd /mnt
btrfs subvolume create @
btrfs subvolume create @home
btrfs subvolume create @snapshots
btrfs subvolume create @var_log
btrfs subvolume create @swap

cd
umount /mnt
mount -o noatime,compress=zstd,space_cache=v2,subvol=@ /dev/mapper/crypt /mnt
mkdir -p /mnt/{boot,home,.snapshots,var/log,swap}
mount -o noatime,compress=zstd,space_cache=v2,subvol=@home /dev/mapper/crypt /mnt/home
mount -o noatime,compress=zstd,space_cache=v2,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots
mount -o noatime,compress=zstd,space_cache=v2,subvol=@var_log /dev/mapper/crypt /mnt/var/log
mount -o noatime,subvol=@swap /dev/mapper/crypt /mnt/swap
mount /dev/sda1 /mnt/boot

cd /mnt/swap
chattr +C /mnt/swap
dd if=/dev/zero of=./swapfile bs=1M count=24576 status=progress
chmod 0600 ./swapfile
mkswap -U clear ./swapfile
swapon ./swapfile

cd
pacstrap /mnt base base-devel linux-hardened linux-firmware intel-ucode sudo vim nano git btrfs-progs dosfstools e2fsprogs exfat-utils smartmontools networkmanager dialog man-db man-pages texinfo os-prober

genfstab -U /mnt >> /mnt/etc/fstab

arch-chroot /mnt
ln -sf /usr/share/zoneinfo/UTC /etc/localtime

hwclock --systohc
nano /etc/locale.gen
locale-gen
nano /etc/locale.conf
LANG=en_US.UTF-8
nano /etc/hostname
*hostname*
passwd

pacman -S grub efibootmgr
nano /etc/mkinitcpio.conf
*add btrfs to modules*
*HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)*
mkinitcpio -p linux-hardened
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
blkid /dev/sda2
*UUID*
nano /etc/default/grub
*root=/dev/mapper/crypt cryptdevice=UUID=<UUID>:crypt*
grub-mkconfig -o /boot/grub/grub.cfg

pacman -Syu linux-hardened-headers dhcpcd openssh git sudo ntp nfs-utils rsync docker docker-compose

sudo EDITOR=nano visudo
#uncomment wheel
useradd -m -G wheel -s /bin/bash <username>
usermod -aG docker <user>
passwd <username>
systemctl enable dhcpcd.service
systemctl enable sshd
systemctl enable docker.service


**ZFS DKMS**

nano /etc/pacman.conf
**
[archzfs]
Server = https://archzfs.com/$repo/$arch
**

pacman-key -r DDF7DB817396A49B2A2723F7403BD972F75D9D76
pacman-key --lsign-key DDF7DB817396A49B2A2723F7403BD972F75D9D76
pacman -Sy --needed --noconfirm zfs-dkms glibc

sed -i 's/#IgnorePkg/IgnorePkg/' /etc/pacman.conf
sed -i "/^IgnorePkg/ s/$/ ${INST_LINVAR} ${INST_LINVAR}-headers/" /etc/pacman.conf

exit
shutdown now

**Login at console**
sudo systemctl enable sshd
sudo systemctl start sshd
ip addr

ssh <username>@<ip>
modprobe zfs
zfs list
zpool list

***UPDATE ZFS***
INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }')
sudo pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc

**SNAPPER**

sudo pacman -S snapper
sudo umount /.snapshots
sudo rm -r /.snapshots
sudo snapper -c root create-config /
sudo btrfs subvolume list /
sudo btrfs subvolume delete /.snapshots
sudo mkdir /.snapshots
sudo mount -a
sudo chmod 750 /.snapshots

sudo nano /etc/snapper/configs/root
*ALLOW_USERS="<username>"*
**TIMELINE_MIN_AGE="1800"
TIMELINE_LIMIT_HOURLY="5"
TIMELINE_LIMIT_DAILY="7"
TIMELINE_LIMIT_WEEKLY="0"
TIMELINE_LIMIT_MONTHLY="0"
TIMELINE_LIMIT_YEARLY="0"**

sudo systemctl enable --now snapper-timeline.timer
sudo systemctl enable --now snapper-cleanup.timer
**IF SSD**
*sudo systemctl enable fstrim.timer*

git clone https://aur.archlinux.org/yay
cd yay
makepkg -si PKGBUILD
yay -S snap-pac-grub

sudo nano /etc/mkinitcpio.conf
*add grub-btrfs-overlayfs to HOOKS*
sudo mkinitcpio -P
sudo rsync -a --delete /boot /.bootbackup
sudo mkdir /etc/pacman.d/hooks
sudo nano /etc/pacman.d/hooks/50-bootbackup.hook

***
[Trigger]
Operation = Upgrade
Operation = Install
Operation = Remove
Type = Path
Target = usr/lib/modules/*/vmlinuz

[Action]
Depends = rsync
Description = Backing up /boot...
When = PostTransaction
Exec = /usr/bin/rsync -a --delete /boot /.bootbackup
***

sudo reboot
sudo snapper -c root create
snapper list
sudo snapper modify --d 'Clean BTRFS install with Snapper' <snapshot number>

sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@ /dev/mapper/crypt /mnt
sudo mkdir -p /mnt/{boot,home,.snapshots,var/log,swap}
sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@home /dev/mapper/crypt /mnt/home
sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots
sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@var_log /dev/mapper/crypt /mnt/var/log
sudo mount -o noatime,subvol=@swap /dev/mapper/crypt /mnt/swap

sudo pacman -S gdisk
sudo gdisk /dev/sdb
d
n
1
+512M
n
-100M
w

sudo btrfs device add -f /dev/sdb2 /mnt
sudo btrfs fi balance start -dconvert=raid1 -mconvert=raid1 /mnt/

**https://unix.stackexchange.com/questions/309184/btrfs-convert-raid0-to-raid1**
** TO REMOVE **
btrfs balance start -f -sconvert=single -mconvert=single -dconvert=single <mount>
btrfs device remove <drive> <mount>
**
sudo snapper -c root create
snapper list
sudo snapper modify --d 'btrfs raid1' <snapshot number>

***ZFS***

sudo btrfs filesystem show
lsblk
ls /dev/disk/by-id/

sudo zpool create \
  -o ashift=13 \
  -o autoexpand=on \
  -O encryption=aes-256-gcm \
  -O keylocation=prompt \
  -O keyformat=passphrase \
  -m /zfs/tardis \
  tardis mirror \
  /dev/disk/by-id/scsi-35000c50056be1543 \
  /dev/disk/by-id/scsi-35000c5008512fac3


sudo zpool set feature@encryption=enabled tardis
sudo zfs set compression=lz4 tardis
sudo zfs set atime=off tardis
sudo zfs set xattr=sa tardis

# Do not enable this on my spinning disks. This is for SSD/NVMe
# zpool set autotrim=on tardis

sudo zpool add tardis mirror \
  /dev/disk/by-id/scsi-35000c500576d5abf \
  /dev/disk/by-id/scsi-35000c500576d7fb3

sudo zpool add tardis mirror \
  /dev/disk/by-id/scsi-35000c500576d7ff7 \
  /dev/disk/by-id/scsi-35000c500576d8a93

sudo zpool status
sudo zpool status -x
sudo zpool get ashift
sudo zpool get autoexpand
sudo zpool get autotrim

sudo zfs list
sudo zfs get encryption
sudo zfs get compression
sudo zfs get xattr

sudo reboot
sudo zpool export tardis
sudo zpool import -l -d /dev/disk/by-id tardis
sudo zfs mount -a
sudo zpool set cachefile=/etc/zfs/zpool.cache <pool>

sudo systemctl enable zfs.target
sudo systemctl enable zfs-import-cache.service
sudo systemctl enable zfs-mount.service
sudo systemctl enable zfs-import.target
sudo systemctl start zfs.target
sudo systemctl start zfs-import-cache.service
sudo systemctl start zfs-mount.service
sudo systemctl start zfs-import.target

*CLIENT NTP*
sudo pacman -Syu openntpd
sudo nano /etc/ntpd.conf
*server ntp.example.org*
sudo ntpd -n

*SERVER NTP*
sudo pacman -Syu openntpd
sudo nano /etc/ntpd.conf
listen on *
sudo ntpd -n

sudo systemctl enable openntpd.service
sudo systemctl start openntpd.service

*** UPDATE KERNEL/ZFS ***

INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }')

pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc

*** IF DOWNGRADE NEEDED ***

INST_LINVAR=linux-hardened

DKMS_DATE=$(pacman -Syi zfs-dkms \
| grep 'Build Date' \
| sed 's/.*: //' \
| LC_ALL=C xargs -i{} date -d {} -u +%Y/%m/%d)

INST_LINVER=$(curl https://archive.archlinux.org/repos/${DKMS_DATE}/core/os/x86_64/ \
| grep \"${INST_LINVAR}-'[0-9]' \
| grep -v sig \
| sed "s|.*$INST_LINVAR-||" \
| sed "s|-x86_64.*||")

pacman -U \
https://archive.archlinux.org/packages/l/${INST_LINVAR}/${INST_LINVAR}-${INST_LINVER}-x86_64.pkg.tar.zst \
https://archive.archlinux.org/packages/l/${INST_LINVAR}-headers/${INST_LINVAR}-headers-${INST_LINVER}-x86_64.pkg.tar.zst


**MAINTENENCE**

sudo zpool scrub tardis
sudo zpool status

sudo btrfs scrub start /dev/mapper/crypt
sudo btrfs scrub status /dev/mapper/crypt

sudo docker stop $(docker ps -a -q)
sudo docker rm $(docker ps -a -q)
sudo docker container prune
sudo docker image prune
sudo docker volume prune
sudo docker system prune
sudo docker network create proxy
sudo docker-compose pull && docker-compose up -d

sudo cryptsetup open /dev/sda2 crypt
sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@ /dev/mapper/crypt /mnt
sudo mkdir -p /mnt/{boot,home,.snapshots,var/log,swap}
sudo mount /dev/sda1 /mnt/boot
sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@home /dev/mapper/crypt /mnt/home
sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@snapshots /dev/mapper/crypt /mnt/.snapshots
sudo mount -o noatime,compress=zstd,space_cache=v2,subvol=@var_log /dev/mapper/crypt /mnt/var/log
sudo mount -o noatime,subvol=@swap /dev/mapper/crypt /mnt/swap

sudo pacman -Syu

INST_LINVAR=$(sed 's|.*linux|linux|' /proc/cmdline | sed 's|.img||g' | awk '{ print $1 }')

sudo pacman -Sy --needed $INST_LINVAR $INST_LINVAR-headers zfs-dkms glibc

sudo pacman -S grub efibootmgr
nano /etc/mkinitcpio.conf
*add btrfs to modules*
*HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)*
mkinitcpio -p linux-hardened
lblkid /dev/sda2
*UUID*
nano /etc/default/grub
*root=/dev/mapper/crypt cryptdevice=UUID=<UUID>:crypt*
grub-mkconfig -o /boot/grub/grub.cfg

sudo zpool export tardis
sudo zpool import -l -d /dev/disk/by-id tardis
sudo zfs mount -a

sudo rsync --info=progress2 -auvz <target> <destination>

server
sudo zfs set sharenfs="rw=@<ip>,no_root_squash" tardis
client
sudo mount <ip>:/zfs/tardis /zfspool