update base, workstation, gaming

arch/base.md

@@ -40,6 +40,7 @@ I have instructions for building a:
     - [Don't sleep while plugged in](#dont-sleep-while-plugged-in)
     - [Bluetooth](#bluetooth)
     - [Audio](#audio)
+    - [ISCSI](#iscsi)
   - [Software Stores](#software-stores)
     - [AppImage Support](#appimage-support)
       - [Troubleshooting](#troubleshooting)
@@ -48,12 +49,6 @@ I have instructions for building a:
     - [Firefox](#firefox)
       - [Gnome Extensions](#gnome-extensions)
     - [CUPS Printing](#cups-printing)
-    - [Discord](#discord)
-    - [Steam](#steam)
-    - [XWayland](#xwayland)
-    - [ISCSI](#iscsi)
-    - [Wine](#wine)
-    - [Spotify](#spotify)
     - [Yubikey](#yubikey)
   - [Bashrc](#bashrc)
   - [Unecessary](#unecessary)
@@ -65,7 +60,6 @@ I have instructions for building a:
     - [Deprecated Security](#deprecated-security)
       - [Firejail](#firejail)
 
-
 ## Installation
 
 ### Preparation
@@ -127,7 +121,7 @@ Follow most of the instructions here:
    save this somewhere. I recommend having an encrypted partition on your
    installation drive to which you can write a few bytes of text.
 
-    `echo $(pwgen 8 5) | sed 's/ /-/g' > root-key.txt`
+    `echo -n $(pwgen 8 5) | sed 's/ /-/g' > root-key.txt`
 
 8. `cryptsetup luksFormat /dev/vda2  --key-file /path/to/root-key.txt`
 9. `cryptsetup luksOpen /dev/vda2 root --key-file /path/to/root-key.txt`
@@ -153,7 +147,7 @@ Follow most of the instructions here:
 18. `arch-chroot /mnt`
 19. `ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime`
 20. `hwclock --systohc`
-21. `echo 'LANG=en_US.UTF-8' > /etc/locale.gen`
+21. `echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen`
 22. `echo 'KEYMAP=us' > /etc/vconsole.conf`
 23. `echo 'hostname' > /etc/hostname`
 24. `pacman -S sudo vim dhclient dhcpcd bash-completion btrfs-progs plymouth`
@@ -436,7 +430,7 @@ Access Modes
 #### ClamAV
 
 1. `pacman -S clamav`
-2. `clamscan --recursive /path/to/dir`
+2. `clamscan --recursive --infected /path/to/dir`
 
 - OR -
 
@@ -452,7 +446,7 @@ cd Downloads
 wget https://raw.githubusercontent.com/digint/btrbk/master/btrbk
 clamscan .
 chmod +x btrbk
-sudo mv btbrk /usr/bin/
+sudo mv btrbk /usr/bin/
 ```
 
 ##### fstab
@@ -489,22 +483,22 @@ btrbk -c /etc/btrbk/snapshots.conf run
     snapshot_preserve       14d
 
     # root
-    volume /mnt/btr_pools/root
+    volume /btr_pools/root
         subvolume           root
         snapshot_dir        .snapshots
 
     # home
-    volume /mnt/btr_pools/root
+    volume /btr_pools/root
         subvolume           home
         snapshot_dir        .snapshots
 
     # libvirt
-    volume /mnt/btr_pools/root
+    volume /btr_pools/root
         subvolume           libvirt
         snapshot_dir        .snapshots
 
     # nextcloud
-    volume /mnt/btr_pools/root
+    volume /btr_pools/root
         subvolume           nextcloud
         snapshot_dir        .snapshots
     ```
@@ -548,56 +542,20 @@ btrbk -c /etc/btrbk/snapshots.conf run
 
 ##### Backups
 
-Before you begin, go through the usual process of setting up an encrypted drive:
+Before you begin, go through the usual process of setting up an encrypted drive. If
+you're using Gnome I recommend using the GUI since it handles encrypted USB drives
+really nicely.
 
-1. Install udisks2 for automatic usb drive mounting
+The only thing I'd recommend doing manually is creating the mountpoint as a read-only
+subvolume. This prevents backups from being written to the root device when the backup
+disk isn't mounted.
 
-    ```bash
-    pacman -S udisks2
-    ```
+```bash
+btrfs sub create /btr_pools/backup
+btrfs property set /btr_pools/backup ro true
+```
 
-2. Crypttab automatically loads keys named `<drive_name>.key` from `/etc/cryptsetup-keys.d`
-
-    ```bash
-    mkdir /etc/cryptsetup-keys.d
-    ```
-
-3. Generate a sufficiently random key
-
-    ```bash
-    dd if=/dev/urandom of=/etc/cryptsetup-keys.d/btr_backup.key bs=64 count=1`
-    ```
-
-4. Add the key to your backup drive
-
-    ```bash
-    cryptsetup luksAddKey /dev/sda1 /etc/cryptsetup-keys.d/btr_backup.key
-    ```
-
-5. Create a crypttab entry
-
-    /etc/crypttab
-
-    ```text
-    btr_backup  UUID=a074a34c-1211-4f9a-a88c-071b4775fe54   none    nofail
-    ```
-
-6. Create an fstab entry
-
-    /etc/fstab
-
-    ```text
-    /dev/mapper/btr_backup  /mnt/btr_backup btrfs   rw,relatime,ssd,space_cache=v2,subvolid=5,comment=x-gvfs-show,nofail    0 0
-    ```
-
-7. Create a read-only mount point to prevent accidental backups to the wrong disk
-
-    ```bash
-    btrfs subvolume create /mnt/btr_backup
-    btrfs property set /mnt/btr_backup ro true
-    ```
-
-8. Create a backup config
+1. Create a backup config
 
     /etc/btrbk/backups.conf
 
@@ -606,53 +564,56 @@ Before you begin, go through the usual process of setting up an encrypted drive:
     target_preserve_min     no
     target_preserve         30d
 
-    volume /mnt/btr_pools
-        target /mnt/btr_backup
+    # root
+    volume /btr_pools/root
+        target /btr_pools/backup
         subvolume           root
         snapshot_dir        .snapshots
 
-    volume /mnt/btr_pools
-        target /mnt/btr_backup
+    # home
+    volume /btr_pools/root
+        target /btr_pools/backup
         subvolume           home
         snapshot_dir        .snapshots
 
-    volume /mnt/btr_pools
-        target /mnt/btr_backup
+    # libvirt
+    volume /btr_pools/root
+        target /btr_pools/backup
         subvolume           libvirt
         snapshot_dir        .snapshots
     ```
 
-9. Create a backup service
+2. Create a backup service
 
     /etc/systemd/system/btrbk_backups.service
 
     ```conf
     [Unit]
-    Description=Runs btrbk with config file at /etc/btrbk/btrbk.conf
+    Description=Runs btrbk with config file at /etc/btrbk/backups.conf
 
     [Service]
-    ExecStart=btrbk -c /etc/btrbk/btrbk.conf -v run
+    ExecStart=/usr/bin/btrbk -c /etc/btrbk/backups.conf -v run
     ```
 
-10. Create a timer to activate the service
+3. Create a timer to activate the service
 
     /etc/systemd/system/btrbk_backups.timer
 
     ```conf
     [Unit]
-    Description=Run btrbk every hour
+    Description=Run btrbk backups every hour
 
     [Timer]
     OnCalendar=hourly
     AccuracySec=10min
     Persistent=true
-    Unit=btrbk.service
+    Unit=btrbk_backups.service
 
     [Install]
     WantedBy=timers.target
     ```
 
-11. Enable the timer
+4. Enable the timer
 
     ```bash
     systemctl enable --now btrbk_backup.conf
@@ -670,7 +631,7 @@ btrfs send /mnt/btr_backup/root.20230727T1000 | pv | btrfs receive /mnt/btr_iscs
 
 You can create chroot environments to run firejails or just use for testing purposes.
 
-1. `mkdir /chroots`
+1. `btrfs sub create /chroots`
 2. `mkdir /testing`
 3. `pacman -S arch-install-scripts`
 4. `pacstrap -K /chroots/testing/ base base-devel`
@@ -872,6 +833,49 @@ Without pipewire-pulse the audio level/device will reset every reboot.
 
 1. `pacman -S pipewire-pulse` (remove conflicting packages)
 
+### ISCSI
+
+```bash
+pacman -S open-iscsi
+systemctl enable --now iscsid
+```
+
+1. Add auth login
+
+    /etc/iscsi/iscsid.conf
+
+    ```conf
+    node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5
+    node.session.auth.username = username
+    node.session.auth.password = password
+    ```
+
+2. Initiate and login to the portal
+
+    ```bash
+    # Add a new target to your list of nodes
+    iscsiadm \
+        -m discovery \
+        -t st \
+        -p driveripper.reeselink.com
+
+    # Login to the target
+    iscsiadm \
+        -m node \
+        --targetname iqn.2023-01.driveripper.reeselink.com:backup-reese-pc \
+        -p driveripper.reeselink.com:3260 \
+        --login
+
+    # or login to all targets
+    iscsiadm -m node --loginall all
+
+    # View current session
+    iscsiadm -m session
+
+    # Log out of all sessions
+    iscsiadm -m node -u
+    ```
+
 ## Software Stores
 
 ### AppImage Support
@@ -938,89 +942,6 @@ Choose noto-fonts
 3. `sudo systemctl start cups`
 4. `sudo systemctl start avahi-daemon`
 
-### Discord
-
-1. `flatpak install com.discordapp.Discord`
-
-### Steam
-
-<https://wiki.archlinux.org/title/Official_repositories#multilib>
-
-Edit /etc/pacman.conf
-
-```conf
-[multilib]
-Include = /etc/pacman.d/mirrorlist
-```
-
-```bash
-sudo pacman -S steam steam-native
-```
-
-When prompted, use vulkan-radeon
-
-`steam-native` allows vaapi hardware encoding for steam remote play.
-
-You may have to edit your firejail config to get steam to launch:
-
-~/.config/firejail/steam.local
-
-```conf
-ignore apparmor
-```
-
-### XWayland
-
-Provides compatibility with X server applications (like wine)
-
-1. `sudo pacman -S xorg-xwayland`
-
-### ISCSI
-
-1. Add auth login
-
-    /etc/iscsi/iscsid.conf
-
-    ```conf
-    node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5
-    node.session.auth.username = username
-    node.session.auth.password = password
-    ```
-
-2. Initiate and login to the portal
-
-    ```bash
-    # Add a new target to your list of nodes
-    iscsiadm \
-        -m discovery \
-        -t st \
-        -p driveripper.reeselink.com
-
-    # Login to the target
-    iscsiadm \
-        -m node \
-        --targetname iqn.2023-01.driveripper.reeselink.com:backup-reese-pc \
-        -p driveripper.reeselink.com:3260 \
-        --login
-
-    # or login to all targets
-    iscsiadm -m node --loginall all
-
-    # View current session
-    iscsiadm -m session
-
-    # Log out of all sessions
-    iscsiadm -m node -u
-    ```
-
-### Wine
-
-`pacman -S wine`
-
-### Spotify
-
-`pacman -S spotify-launcher`
-
 ### Yubikey
 
 You'll need the yubikey manager appimage in addition to the pacman package