From 4604be298bfa96305ea73564c6bcd8492e0318dc Mon Sep 17 00:00:00 2001 From: ducoterra Date: Thu, 31 Aug 2023 00:21:58 -0400 Subject: [PATCH] update base, workstation, gaming --- arch/base.md | 239 +++++++++++++++----------------------------- arch/gaming.md | 81 +++++++++++++++ arch/workstation.md | 99 ++++++++++++++++-- 3 files changed, 253 insertions(+), 166 deletions(-) diff --git a/arch/base.md b/arch/base.md index d838b7a..9b7c26e 100644 --- a/arch/base.md +++ b/arch/base.md @@ -40,6 +40,7 @@ I have instructions for building a: - [Don't sleep while plugged in](#dont-sleep-while-plugged-in) - [Bluetooth](#bluetooth) - [Audio](#audio) + - [ISCSI](#iscsi) - [Software Stores](#software-stores) - [AppImage Support](#appimage-support) - [Troubleshooting](#troubleshooting) @@ -48,12 +49,6 @@ I have instructions for building a: - [Firefox](#firefox) - [Gnome Extensions](#gnome-extensions) - [CUPS Printing](#cups-printing) - - [Discord](#discord) - - [Steam](#steam) - - [XWayland](#xwayland) - - [ISCSI](#iscsi) - - [Wine](#wine) - - [Spotify](#spotify) - [Yubikey](#yubikey) - [Bashrc](#bashrc) - [Unecessary](#unecessary) @@ -65,7 +60,6 @@ I have instructions for building a: - [Deprecated Security](#deprecated-security) - [Firejail](#firejail) - ## Installation ### Preparation @@ -127,7 +121,7 @@ Follow most of the instructions here: save this somewhere. I recommend having an encrypted partition on your installation drive to which you can write a few bytes of text. - `echo $(pwgen 8 5) | sed 's/ /-/g' > root-key.txt` + `echo -n $(pwgen 8 5) | sed 's/ /-/g' > root-key.txt` 8. `cryptsetup luksFormat /dev/vda2 --key-file /path/to/root-key.txt` 9. `cryptsetup luksOpen /dev/vda2 root --key-file /path/to/root-key.txt` @@ -153,7 +147,7 @@ Follow most of the instructions here: 18. `arch-chroot /mnt` 19. `ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime` 20. `hwclock --systohc` -21. `echo 'LANG=en_US.UTF-8' > /etc/locale.gen` +21. `echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen` 22. `echo 'KEYMAP=us' > /etc/vconsole.conf` 23. `echo 'hostname' > /etc/hostname` 24. `pacman -S sudo vim dhclient dhcpcd bash-completion btrfs-progs plymouth` @@ -436,7 +430,7 @@ Access Modes #### ClamAV 1. `pacman -S clamav` -2. `clamscan --recursive /path/to/dir` +2. `clamscan --recursive --infected /path/to/dir` - OR - @@ -452,7 +446,7 @@ cd Downloads wget https://raw.githubusercontent.com/digint/btrbk/master/btrbk clamscan . chmod +x btrbk -sudo mv btbrk /usr/bin/ +sudo mv btrbk /usr/bin/ ``` ##### fstab @@ -489,22 +483,22 @@ btrbk -c /etc/btrbk/snapshots.conf run snapshot_preserve 14d # root - volume /mnt/btr_pools/root + volume /btr_pools/root subvolume root snapshot_dir .snapshots # home - volume /mnt/btr_pools/root + volume /btr_pools/root subvolume home snapshot_dir .snapshots # libvirt - volume /mnt/btr_pools/root + volume /btr_pools/root subvolume libvirt snapshot_dir .snapshots # nextcloud - volume /mnt/btr_pools/root + volume /btr_pools/root subvolume nextcloud snapshot_dir .snapshots ``` @@ -548,56 +542,20 @@ btrbk -c /etc/btrbk/snapshots.conf run ##### Backups -Before you begin, go through the usual process of setting up an encrypted drive: +Before you begin, go through the usual process of setting up an encrypted drive. If +you're using Gnome I recommend using the GUI since it handles encrypted USB drives +really nicely. -1. Install udisks2 for automatic usb drive mounting +The only thing I'd recommend doing manually is creating the mountpoint as a read-only +subvolume. This prevents backups from being written to the root device when the backup +disk isn't mounted. - ```bash - pacman -S udisks2 - ``` +```bash +btrfs sub create /btr_pools/backup +btrfs property set /btr_pools/backup ro true +``` -2. Crypttab automatically loads keys named `.key` from `/etc/cryptsetup-keys.d` - - ```bash - mkdir /etc/cryptsetup-keys.d - ``` - -3. Generate a sufficiently random key - - ```bash - dd if=/dev/urandom of=/etc/cryptsetup-keys.d/btr_backup.key bs=64 count=1` - ``` - -4. Add the key to your backup drive - - ```bash - cryptsetup luksAddKey /dev/sda1 /etc/cryptsetup-keys.d/btr_backup.key - ``` - -5. Create a crypttab entry - - /etc/crypttab - - ```text - btr_backup UUID=a074a34c-1211-4f9a-a88c-071b4775fe54 none nofail - ``` - -6. Create an fstab entry - - /etc/fstab - - ```text - /dev/mapper/btr_backup /mnt/btr_backup btrfs rw,relatime,ssd,space_cache=v2,subvolid=5,comment=x-gvfs-show,nofail 0 0 - ``` - -7. Create a read-only mount point to prevent accidental backups to the wrong disk - - ```bash - btrfs subvolume create /mnt/btr_backup - btrfs property set /mnt/btr_backup ro true - ``` - -8. Create a backup config +1. Create a backup config /etc/btrbk/backups.conf @@ -606,53 +564,56 @@ Before you begin, go through the usual process of setting up an encrypted drive: target_preserve_min no target_preserve 30d - volume /mnt/btr_pools - target /mnt/btr_backup + # root + volume /btr_pools/root + target /btr_pools/backup subvolume root snapshot_dir .snapshots - volume /mnt/btr_pools - target /mnt/btr_backup + # home + volume /btr_pools/root + target /btr_pools/backup subvolume home snapshot_dir .snapshots - volume /mnt/btr_pools - target /mnt/btr_backup + # libvirt + volume /btr_pools/root + target /btr_pools/backup subvolume libvirt snapshot_dir .snapshots ``` -9. Create a backup service +2. Create a backup service /etc/systemd/system/btrbk_backups.service ```conf [Unit] - Description=Runs btrbk with config file at /etc/btrbk/btrbk.conf + Description=Runs btrbk with config file at /etc/btrbk/backups.conf [Service] - ExecStart=btrbk -c /etc/btrbk/btrbk.conf -v run + ExecStart=/usr/bin/btrbk -c /etc/btrbk/backups.conf -v run ``` -10. Create a timer to activate the service +3. Create a timer to activate the service /etc/systemd/system/btrbk_backups.timer ```conf [Unit] - Description=Run btrbk every hour + Description=Run btrbk backups every hour [Timer] OnCalendar=hourly AccuracySec=10min Persistent=true - Unit=btrbk.service + Unit=btrbk_backups.service [Install] WantedBy=timers.target ``` -11. Enable the timer +4. Enable the timer ```bash systemctl enable --now btrbk_backup.conf @@ -670,7 +631,7 @@ btrfs send /mnt/btr_backup/root.20230727T1000 | pv | btrfs receive /mnt/btr_iscs You can create chroot environments to run firejails or just use for testing purposes. -1. `mkdir /chroots` +1. `btrfs sub create /chroots` 2. `mkdir /testing` 3. `pacman -S arch-install-scripts` 4. `pacstrap -K /chroots/testing/ base base-devel` @@ -872,6 +833,49 @@ Without pipewire-pulse the audio level/device will reset every reboot. 1. `pacman -S pipewire-pulse` (remove conflicting packages) +### ISCSI + +```bash +pacman -S open-iscsi +systemctl enable --now iscsid +``` + +1. Add auth login + + /etc/iscsi/iscsid.conf + + ```conf + node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5 + node.session.auth.username = username + node.session.auth.password = password + ``` + +2. Initiate and login to the portal + + ```bash + # Add a new target to your list of nodes + iscsiadm \ + -m discovery \ + -t st \ + -p driveripper.reeselink.com + + # Login to the target + iscsiadm \ + -m node \ + --targetname iqn.2023-01.driveripper.reeselink.com:backup-reese-pc \ + -p driveripper.reeselink.com:3260 \ + --login + + # or login to all targets + iscsiadm -m node --loginall all + + # View current session + iscsiadm -m session + + # Log out of all sessions + iscsiadm -m node -u + ``` + ## Software Stores ### AppImage Support @@ -938,89 +942,6 @@ Choose noto-fonts 3. `sudo systemctl start cups` 4. `sudo systemctl start avahi-daemon` -### Discord - -1. `flatpak install com.discordapp.Discord` - -### Steam - - - -Edit /etc/pacman.conf - -```conf -[multilib] -Include = /etc/pacman.d/mirrorlist -``` - -```bash -sudo pacman -S steam steam-native -``` - -When prompted, use vulkan-radeon - -`steam-native` allows vaapi hardware encoding for steam remote play. - -You may have to edit your firejail config to get steam to launch: - -~/.config/firejail/steam.local - -```conf -ignore apparmor -``` - -### XWayland - -Provides compatibility with X server applications (like wine) - -1. `sudo pacman -S xorg-xwayland` - -### ISCSI - -1. Add auth login - - /etc/iscsi/iscsid.conf - - ```conf - node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5 - node.session.auth.username = username - node.session.auth.password = password - ``` - -2. Initiate and login to the portal - - ```bash - # Add a new target to your list of nodes - iscsiadm \ - -m discovery \ - -t st \ - -p driveripper.reeselink.com - - # Login to the target - iscsiadm \ - -m node \ - --targetname iqn.2023-01.driveripper.reeselink.com:backup-reese-pc \ - -p driveripper.reeselink.com:3260 \ - --login - - # or login to all targets - iscsiadm -m node --loginall all - - # View current session - iscsiadm -m session - - # Log out of all sessions - iscsiadm -m node -u - ``` - -### Wine - -`pacman -S wine` - -### Spotify - -`pacman -S spotify-launcher` - ### Yubikey You'll need the yubikey manager appimage in addition to the pacman package diff --git a/arch/gaming.md b/arch/gaming.md index e69de29..87ee08a 100644 --- a/arch/gaming.md +++ b/arch/gaming.md @@ -0,0 +1,81 @@ +# Gaming + +- [Gaming](#gaming) + - [Discord](#discord) + - [Steam](#steam) + - [XWayland](#xwayland) + - [Wine](#wine) + - [Spotify](#spotify) + - [VLC](#vlc) + - [AppImages](#appimages) + - [Bitwarden](#bitwarden) + +## Discord + +```bash +mv ~/Downloads/Discord ~/Applications/Discord +``` + +```conf +[Desktop Entry] +Name=Discord +Exec=/home/ducoterra/Applications/Discord/Discord +Icon=/home/ducoterra/Applications/Discord/discord.png +Type=Application +``` + +## Steam + + + +Edit /etc/pacman.conf + +```conf +[multilib] +Include = /etc/pacman.d/mirrorlist +``` + +```bash +sudo pacman -S steam +``` + +When prompted (on AMD) use vulkan-radeon + +## XWayland + +Provides compatibility with X server applications (like wine) + +1. `sudo pacman -S xorg-xwayland` + +## Wine + +`pacman -S wine` + +## Spotify + +`pacman -S spotify-launcher` + +## VLC + +```bash +pacman -S vlc +``` + +## AppImages + +### Bitwarden + + + +```bash +mv ~/Downloads/Bitwarden*.AppImage ~/Applications/Bitwarden.AppImage +chmod +x ~/Applications/*.AppImage +``` + +```conf +[Desktop Entry] +Name=Bitwarden +Exec=/home/ducoterra/Applications/Bitwarden.AppImage +Icon=/home/ducoterra/.icons/bitwarden.png +Type=Application +``` diff --git a/arch/workstation.md b/arch/workstation.md index da91468..169ff46 100644 --- a/arch/workstation.md +++ b/arch/workstation.md @@ -10,15 +10,21 @@ - [VSCode](#vscode) - [Shell](#shell) - [Fonts](#fonts) + - [Navigation](#navigation) - [Extensions](#extensions) + - [Wireguard](#wireguard) - [Remote Desktop](#remote-desktop) - [Transmission](#transmission) - - [Wireguard](#wireguard) + - [VLC](#vlc) + - [AppImages](#appimages) + - [Bitwarden](#bitwarden) + - [Nextcloud](#nextcloud) + - [Insomnia](#insomnia) ## Base Tools ```bash -pacman -S rsync which git iperf3 +pacman -S rsync which git iperf3 pwgen ``` ## ZSH @@ -137,6 +143,26 @@ Edit settings.json } ``` +### Navigation + +The best navigation shortcut ever is alt+left and alt+right to move the cursor to it's +previous positions. + +```json +[ + { + "key": "alt+left", + "command": "workbench.action.navigateBack", + "when": "" + }, + { + "key": "alt+right", + "command": "workbench.action.navigateForward", + "when": "" + } +] +``` + ### Extensions To save a list of installed extensions run: @@ -151,6 +177,15 @@ To install that list of extensions run: cat vscode_extensions.txt | xargs -L 1 code --install-extension ``` +## Wireguard + +Wireguard requires `linux-headers`. If that isn't installed or is misconfigured your +vpn likely won't activate. + +```bash +pacman -S wireguard-tools +``` + ## Remote Desktop ```bash @@ -163,11 +198,61 @@ pacman -S remmina freerdp pacman -S gtk4 transmission-gtk ``` -### Wireguard - -Wireguard requires `linux-headers`. If that isn't installed or is misconfigured your -vpn likely won't activate. +## VLC ```bash -pacman -S wireguard-tools +pacman -S vlc +``` + +## AppImages + +### Bitwarden + + + +```bash +mv ~/Downloads/Bitwarden*.AppImage ~/Applications/Bitwarden.AppImage +chmod +x ~/Applications/*.AppImage +``` + +```conf +[Desktop Entry] +Name=Bitwarden +Exec=/home/ducoterra/Applications/Bitwarden.AppImage +Icon=/home/ducoterra/.icons/bitwarden.png +Type=Application +``` + +### Nextcloud + + + +```bash +mv ~/Downloads/Nextcloud*.AppImage ~/Applications/Nextcloud.AppImage +chmod +x ~/Applications/*.AppImage +``` + +```conf +[Desktop Entry] +Name=Nextcloud +Exec=/home/ducoterra/Applications/Nextcloud.AppImage +Icon=/home/ducoterra/.icons/nextcloud.png +Type=Application +``` + +### Insomnia + + + +```bash +mv ~/Downloads/Insomnia*.AppImage ~/Applications/Insomnia.AppImage +chmod +x ~/Applications/*.AppImage +``` + +```conf +[Desktop Entry] +Name=Insomnia +Exec=/home/ducoterra/Applications/Insomnia.AppImage +Icon=/home/ducoterra/.icons/insomnia.png +Type=Application ```