server/Workstation
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Move README, arch.md, and framework.md

Browse Source 
Rework documentation and consolidate all framework docs into a
framework_manjaro file. README is only for ansible now.
This commit is contained in:
ducoterra
2022-02-10 11:33:26 -05:00
parent 8fbf384b2d
commit 0477970c78
4 changed files with 387 additions and 379 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
README.md
View File

@@ -31,100 +31,3 @@ NOTE: Restore home directory and __REBOOT__ first
```bash
ansible-playbook --ask-become-pass ansible/setup-full.yml
```
## BTRFS
https://linoxide.com/how-to-take-backup-with-btrfs-snapshots/
```bash
# Create backup subvolume
btrfs subvolume create /mnt/backup/DucoBacktop
# Create snapshot dir
mkdir /.snapshots
# Create readonly snapshot
```bash
SNAPSHOT_TIME=$(date +"%y_%m_%d-%H.%M")
SNAPSHOT_NAME=home_$SNAPSHOT_TIME
SNAPSHOT_DIR=/.snapshots
btrfs subvolume snapshot -r /home $SNAPSHOT_DIR/$SNAPSHOT_NAME
# Send a snapshot with no previous snapshot
export SNAPSHOT_DIR=${SNAPSHOT_DIR:=/.snapshots}
export BACKUP_DIR=${BACKUP_DIR:=/mnt/backup0/DucoBacktop}
btrfs send $SNAPSHOT_DIR/$SNAPSHOT_NAME | btrfs receive $BACKUP_DIR
# Send a snapshot with previous snapshot
export SNAPSHOT_DIR=${SNAPSHOT_DIR:=/.snapshots}
export BACKUP_DIR=${BACKUP_DIR:=/mnt/backup0/DucoBacktop}
export LATEST=${LATEST:=/previous_snapshot}
btrfs send -p $SNAPSHOT_DIR/$LATEST $SNAPSHOT_DIR/$SNAPSHOT_NAME | btrfs receive $BACKUP_DIR
# Clean up snapshots
find /.snapshots -maxdepth 1 -type d -not -path /.snapshots -exec sudo btrfs subvolume delete {} \;
```
## Luks
```bash
# Create an encrypted drive
sudo cryptsetup luksFormat
# LUKS Disk Encryption can use up to 8 key slots to store passwords. We can use these keys to auto mount LUKS device.
# cryptsetup luksDump /dev/sda
# Create a lukskeys
mkdir /home/ducoterra/.lukskeys
# Generate key
dd if=/dev/random bs=32 count=1 of=/home/ducoterra/.lukskeys/backup0
# Change key mode
chmod 600 /home/ducoterra/.lukskeys
# Luks add a key
sudo cryptsetup luksAddKey /dev/sda /home/ducoterra/.lukskeys/backup0
# Get UUID of disk with
sudo blkid /dev/sda
# Add key to crypttab
echo 'backup0 UUID=1d7ce570-e695-47a0-9dda-5f14b5b20e21 /home/ducoterra/.lukskeys/backup0 luks' > /etc/cryptab
# Create backup mount point
sudo mkdir -p /mnt/backup0
# Add to fstab
echo '/dev/mapper/backup0 /mnt/backup0 btrfs defaults,noatime,compress=zstd 0 0' > /etc/fstab
# mount
sudo cryptsetup luksOpen /dev/disk/by-uuid/1d7ce570-e695-47a0-9dda-5f14b5b20e21 backup0 --key-file=/home/ducoterra/.lukskeys/backup0
# close (or fix issues)
sudo cryptsetup luksClose backup0
```
## ISCSI
```bash
# Login to portal
sudo iscsiadm -m discovery -t sendtargets -p freenas.dnet
# Mount all targets
sudo iscsiadm -m node -l
# Mount at boot
vim /etc/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1
(/var/lib/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1/default) on fedora
node.startup = automatic
```
## Steam
Streaming not working?
Steam > Settings > Remote Play > Advanced Client Options >
Uncheck Enable hardware decoding.

228
arch.md
View File

@@ -1,228 +0,0 @@
# Arch Linux
## Hardware/Firmware
### Kernels
```bash
sudo pacman -S grub
```
Manjaro settings manager controls current kernel version.
After installing a new kernel:
```bash
sudo update-grub
```
Hold escape while rebooting to bring up grub menu
### Display
https://askubuntu.com/questions/11738/force-gdm-login-screen-to-the-primary-monitor
Set the display configuration in the user settings the way you want it.
This seems to be fixed.
```bash
sudo cp ~/.config/monitors.xml /var/lib/gdm/.config  ✔  1m 20s 
sudo chown gdm:gdm /var/lib/gdm/.config/monitors.xml
```
### Swap
https://rudd-o.com/linux-and-free-software/tales-from-responsivenessland-why-linux-feels-slow-and-how-to-fix-that
https://wiki.archlinux.org/title/Swap
#### Create a swapfile
```bash
swapoff --all
truncate -s 0 /swap/swapfile
chattr +C /swap/swapfile
fallocate -l 4G /swap/swapfile
chmod 600 /swap/swapfile
mkswap /swap/swapfile
swapon /swap/swapfile
```
Add to /etc/fstab
```text
/swapfile swap swap defaults,noatime 0 0
```
#### Set swappiness
```bash
sudo sysctl -w vm.swappiness=1
```
sudo vim /etc/sysctl.d/99-swappiness.conf
```text
vm.swappiness=1
```
### CA File Import
https://archlinux.org/news/ca-certificates-update/
```bash
# Move the crt (CA) to the correct location
cp dnet_ca.crt /etc/ca-certificates/trust-source/anchors/dnet_ca.crt
# Update the CA store
trust extract-compat
```
### BTRFS Snapshots
https://linuxhint.com/use-btrfs-snapshots/
```bash
cd /run/media/ducoterra/<disk>
mkdir .snapshots
# Take a snapshot
alias util-snapshot='btrfs subvolume snapshot $BACKUP_DRIVE $BACKUP_DRIVE/.snapshots/snapshot_$(date +"%H_%M_%S_%d_%m_%y")'
alias util-backup='util-snapshot && rsync -av --delete /home/ducoterra/ $BACKUP_DRIVE/home/ducoterra/'
# Restore from a snapshot
cp .snapshots/v1/file .
# Find files older than 7 days
find . -maxdepth 1 -mtime +7
```
### Font
```bash
wget https://github.com/tonsky/FiraCode/releases/download/6.2/Fira_Code_v6.2.zip
unzip Fira_Code_v6.2.zip -d Fira_Code
rsync -av Fira_Code/ttf/ ~/.local/share/fonts/
```
## Apps
### Bluetooth
https://wiki.archlinux.org/title/Bluetooth
```bash
sudo pacman -S bluez bluez-utils
sudo systemctl enable bluetooth
sudo systemctl start bluetooth
```
### Snap
https://snapcraft.io/install/snap-store/manjaro
```bash
sudo pacman -S snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
sudo snap install snap-store
```
### Chromium
```bash
sudo pacman -Sy chromium
```
### VSCode
Install from the snap store.
### Steam
Install steam-native from the software manager.
### Mail
#### iCloud
| Field | Value |
| ------------------- | --------------------- |
| IMAP server | imap.mail.me.com |
| Connection security | TLS |
| Login name | ducoterra |
| SMTP server | smtp.mail.me.com |
| Connection security | StartTLS |
| Login | Use a different login |
| Login name | ducoterra@icloud.com |
### Discord
Install discord from software manager
### Wireguard
```bash
sudo pacman -S wireguard-tools
```
### Ping
```bash
sudo pacman -S iputils
```
### Vault
https://www.vaultproject.io/downloads
```bash
unzip vault_1.9.2_linux_amd64.zip
sudo mv vault /usr/local/bin/vault
```
### AWS CLI
https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
```bash
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
```
### ZFS
Depending on your kernel (5.15 as of writing) install the following
```bash
sudo pacman -Sy linux515-zfs
zpool set cachefile=/etc/zfs/<zpool>.cache <zpool>
```
## Docker
```bash
sudo pacman -S docker docker-compose
sudo usermod -aG docker ducoterra
sudo reboot
```
## Kubectl
```bash
sudo pacman -S kubectl
```
## Spotify
Install via snap store.
## Minecraft
```bash
git clone https://aur.archlinux.org/minecraft-launcher.git /tmp/minecraft-launcher
makepkg -si --noconfirm
```

54
framework.md
View File

@@ -1,54 +0,0 @@
# Framework Laptop
## Citrix Client
https://www.citrix.com/downloads/citrix-receiver/linux/receiver-for-linux-latest.html
## Fingerprint Sensor
### Sudo Auth
Running ansible playbooks becomes impossible with the default fingerprint
configuration. Unfortunately, it's best to disable fingerprint auth for sudo
tasks. The way to do this is by editing /etc/pam.d/sudo and commenting out
pam_fprintd.so
```conf
auth required pam_env.so
#auth sufficient pam_fprintd.so
auth sufficient pam_unix.so try_first_pass likeauth nullok
auth required pam_deny.so
auth include system-auth
account include system-auth
session include system-auth
```
Note: setting timeout=10 and max-retries=1 per the [pam_fprintd man
page](https://www.mankier.com/8/pam_fprintd) does not seem to work. For some
reason, ansible never hits the password authentication method and times out.
### Errors
"Device disconnected" on enrolling
If you've enrolled fingerprints in another OS or in a previous installation you
might encounter this error. It prevents you from enrolling new fingerprints and
re-enrolling old fingerprints. Fortunately, there's an easy solution thanks to
[this incredible forum
post](https://community.frame.work/t/fingerprint-scanner-compatibility-with-linux-ubuntu-fedora-etc/1501/145).
The problem lies in old fingerprints remaining on the reader without the host
OS knowing about them. When the host OS tries to enroll a new fingerprint that
already exists, the fingerprint reader chokes. The solution is to delete the
old fingerprints from the reader before enrolling new ones. This should be
included as part of the device bootstra process or as part of the devices wipe
process.
Here's the process:
```bash
# Delete all fingerprints from device
sudo python framework/libfprint_delete_device_prints.py -d
```
That's it! Should work again.

387
framework_manjaro.md Normal file
View File

@@ -0,0 +1,387 @@
# Framework Laptop with Manjaro
## Steam
Streaming not working?
Steam > Settings > Remote Play > Advanced Client Options >
Uncheck Enable hardware decoding.
## Backups
Timeshift: btrfs snapshots
Deja Dupe/Duplicity: Daily Backups to external drive
## Minecraft
https://www.minecraft.net/en-us/download
## Citrix Client
https://www.citrix.com/downloads/citrix-receiver/linux/receiver-for-linux-latest.html
## Fingerprint Sensor
### Sudo Auth
Running ansible playbooks becomes impossible with the default fingerprint
configuration. Unfortunately, it's best to disable fingerprint auth for sudo
tasks. The way to do this is by editing /etc/pam.d/sudo and commenting out
pam_fprintd.so
```conf
auth required pam_env.so
#auth sufficient pam_fprintd.so
auth sufficient pam_unix.so try_first_pass likeauth nullok
auth required pam_deny.so
auth include system-auth
account include system-auth
session include system-auth
```
Note: setting timeout=10 and max-retries=1 per the [pam_fprintd man
page](https://www.mankier.com/8/pam_fprintd) does not seem to work. For some
reason, ansible never hits the password authentication method and times out.
### Errors
"Device disconnected" on enrolling
If you've enrolled fingerprints in another OS or in a previous installation you
might encounter this error. It prevents you from enrolling new fingerprints and
re-enrolling old fingerprints. Fortunately, there's an easy solution thanks to
[this incredible forum
post](https://community.frame.work/t/fingerprint-scanner-compatibility-with-linux-ubuntu-fedora-etc/1501/145).
The problem lies in old fingerprints remaining on the reader without the host
OS knowing about them. When the host OS tries to enroll a new fingerprint that
already exists, the fingerprint reader chokes. The solution is to delete the
old fingerprints from the reader before enrolling new ones. This should be
included as part of the device bootstra process or as part of the devices wipe
process.
Here's the process:
```bash
# Delete all fingerprints from device
sudo python framework/libfprint_delete_device_prints.py -d
```
That's it! Should work again.
## BTRFS
https://linoxide.com/how-to-take-backup-with-btrfs-snapshots/
```bash
# Create backup subvolume
btrfs subvolume create /mnt/backup/DucoBacktop
# Create snapshot dir
mkdir /.snapshots
# Create readonly snapshot
```bash
SNAPSHOT_TIME=$(date +"%y_%m_%d-%H.%M")
SNAPSHOT_NAME=home_$SNAPSHOT_TIME
SNAPSHOT_DIR=/.snapshots
btrfs subvolume snapshot -r /home $SNAPSHOT_DIR/$SNAPSHOT_NAME
# Send a snapshot with no previous snapshot
export SNAPSHOT_DIR=${SNAPSHOT_DIR:=/.snapshots}
export BACKUP_DIR=${BACKUP_DIR:=/mnt/backup0/DucoBacktop}
btrfs send $SNAPSHOT_DIR/$SNAPSHOT_NAME | btrfs receive $BACKUP_DIR
# Send a snapshot with previous snapshot
export SNAPSHOT_DIR=${SNAPSHOT_DIR:=/.snapshots}
export BACKUP_DIR=${BACKUP_DIR:=/mnt/backup0/DucoBacktop}
export LATEST=${LATEST:=/previous_snapshot}
btrfs send -p $SNAPSHOT_DIR/$LATEST $SNAPSHOT_DIR/$SNAPSHOT_NAME | btrfs receive $BACKUP_DIR
# Clean up snapshots
find /.snapshots -maxdepth 1 -type d -not -path /.snapshots -exec sudo btrfs subvolume delete {} \;
```
## Luks
```bash
# Create an encrypted drive
sudo cryptsetup luksFormat
# LUKS Disk Encryption can use up to 8 key slots to store passwords. We can use these keys to auto mount LUKS device.
# cryptsetup luksDump /dev/sda
# Create a lukskeys
mkdir /home/ducoterra/.lukskeys
# Generate key
dd if=/dev/random bs=32 count=1 of=/home/ducoterra/.lukskeys/backup0
# Change key mode
chmod 600 /home/ducoterra/.lukskeys
# Luks add a key
sudo cryptsetup luksAddKey /dev/sda /home/ducoterra/.lukskeys/backup0
# Get UUID of disk with
sudo blkid /dev/sda
# Add key to crypttab
echo 'backup0 UUID=1d7ce570-e695-47a0-9dda-5f14b5b20e21 /home/ducoterra/.lukskeys/backup0 luks' > /etc/cryptab
# Create backup mount point
sudo mkdir -p /mnt/backup0
# Add to fstab
echo '/dev/mapper/backup0 /mnt/backup0 btrfs defaults,noatime,compress=zstd 0 0' > /etc/fstab
# mount
sudo cryptsetup luksOpen /dev/disk/by-uuid/1d7ce570-e695-47a0-9dda-5f14b5b20e21 backup0 --key-file=/home/ducoterra/.lukskeys/backup0
# close (or fix issues)
sudo cryptsetup luksClose backup0
```
## ISCSI
```bash
# Login to portal
sudo iscsiadm -m discovery -t sendtargets -p freenas.dnet
# Mount all targets
sudo iscsiadm -m node -l
# Mount at boot
vim /etc/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1
(/var/lib/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1/default) on fedora
node.startup = automatic
```
## Hardware/Firmware
### Kernels
```bash
sudo pacman -S grub
```
Manjaro settings manager controls current kernel version.
After installing a new kernel:
```bash
sudo update-grub
```
Hold escape while rebooting to bring up grub menu
### Display
https://askubuntu.com/questions/11738/force-gdm-login-screen-to-the-primary-monitor
Set the display configuration in the user settings the way you want it.
This seems to be fixed.
```bash
sudo cp ~/.config/monitors.xml /var/lib/gdm/.config  ✔  1m 20s 
sudo chown gdm:gdm /var/lib/gdm/.config/monitors.xml
```
### Swap
https://rudd-o.com/linux-and-free-software/tales-from-responsivenessland-why-linux-feels-slow-and-how-to-fix-that
https://wiki.archlinux.org/title/Swap
#### Create a swapfile
```bash
swapoff --all
truncate -s 0 /swap/swapfile
chattr +C /swap/swapfile
fallocate -l 4G /swap/swapfile
chmod 600 /swap/swapfile
mkswap /swap/swapfile
swapon /swap/swapfile
```
Add to /etc/fstab
```text
/swapfile swap swap defaults,noatime 0 0
```
#### Set swappiness
```bash
sudo sysctl -w vm.swappiness=1
```
sudo vim /etc/sysctl.d/99-swappiness.conf
```text
vm.swappiness=1
```
### CA File Import
https://archlinux.org/news/ca-certificates-update/
```bash
# Move the crt (CA) to the correct location
cp dnet_ca.crt /etc/ca-certificates/trust-source/anchors/dnet_ca.crt
# Update the CA store
trust extract-compat
```
### BTRFS Snapshots
https://linuxhint.com/use-btrfs-snapshots/
```bash
cd /run/media/ducoterra/<disk>
mkdir .snapshots
# Take a snapshot
alias util-snapshot='btrfs subvolume snapshot $BACKUP_DRIVE $BACKUP_DRIVE/.snapshots/snapshot_$(date +"%H_%M_%S_%d_%m_%y")'
alias util-backup='util-snapshot && rsync -av --delete /home/ducoterra/ $BACKUP_DRIVE/home/ducoterra/'
# Restore from a snapshot
cp .snapshots/v1/file .
# Find files older than 7 days
find . -maxdepth 1 -mtime +7
```
### Font
```bash
wget https://github.com/tonsky/FiraCode/releases/download/6.2/Fira_Code_v6.2.zip
unzip Fira_Code_v6.2.zip -d Fira_Code
rsync -av Fira_Code/ttf/ ~/.local/share/fonts/
```
## Apps
### Bluetooth
https://wiki.archlinux.org/title/Bluetooth
```bash
sudo pacman -S bluez bluez-utils
sudo systemctl enable bluetooth
sudo systemctl start bluetooth
```
### Snap
https://snapcraft.io/install/snap-store/manjaro
```bash
sudo pacman -S snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap
sudo snap install snap-store
```
### Chromium
```bash
sudo pacman -Sy chromium
```
### VSCode
Install from the snap store.
### Steam
Install steam-native from the software manager.
### Mail
#### iCloud
| Field | Value |
| ------------------- | --------------------- |
| IMAP server | imap.mail.me.com |
| Connection security | TLS |
| Login name | ducoterra |
| SMTP server | smtp.mail.me.com |
| Connection security | StartTLS |
| Login | Use a different login |
| Login name | ducoterra@icloud.com |
### Discord
Install discord from software manager
### Wireguard
```bash
sudo pacman -S wireguard-tools
```
### Ping
```bash
sudo pacman -S iputils
```
### Vault
https://www.vaultproject.io/downloads
```bash
unzip vault_1.9.2_linux_amd64.zip
sudo mv vault /usr/local/bin/vault
```
### AWS CLI
https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
```bash
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
```
### ZFS
Depending on your kernel (5.15 as of writing) install the following
```bash
sudo pacman -Sy linux515-zfs
zpool set cachefile=/etc/zfs/<zpool>.cache <zpool>
```
## Docker
```bash
sudo pacman -S docker docker-compose
sudo usermod -aG docker ducoterra
sudo reboot
```
## Kubectl
```bash
sudo pacman -S kubectl
```
## Spotify
Install via snap store.
## Minecraft
```bash
git clone https://aur.archlinux.org/minecraft-launcher.git /tmp/minecraft-launcher
makepkg -si --noconfirm
```