server/Workstation
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

WIP: Notes

Browse Source
This commit is contained in:
ducoterra
2023-01-22 10:23:32 -05:00
parent 770b208f26
commit 5cc4c9b9cf
77 changed files with 2194 additions and 227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
.vscode/

BIN
btrfs_map_physical Executable file
View File

Binary file not shown.

549
btrfs_map_physical.c Normal file
View File

@@ -0,0 +1,549 @@
// SPDX-FileCopyrightText: Omar Sandoval <osandov@osandov.com>
// SPDX-License-Identifier: MIT
#include <fcntl.h>
#include <getopt.h>
#include <inttypes.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <linux/btrfs.h>
#include <linux/btrfs_tree.h>
#include <asm/byteorder.h>
#define le16_to_cpu __le16_to_cpu
#define le32_to_cpu __le32_to_cpu
#define le64_to_cpu __le64_to_cpu
static const char *progname = "btrfs_map_physical";
static void usage(bool error)
{
fprintf(error ? stderr : stdout,
"usage: %s [OPTION]... PATH\n"
"\n"
"Map the logical and physical extents of a file on Btrfs\n\n"
"Pipe this to `column -ts $'\\t'` for prettier output.\n"
"\n"
"Btrfs represents a range of data in a file with a \"file extent\". Each\n"
"file extent refers to a subset of an \"extent\". Each extent has a\n"
"location in the logical address space of the filesystem belonging to a\n"
"\"chunk\". Each chunk maps has a profile (i.e., RAID level) and maps to\n"
"one or more physical locations, or \"stripes\", on disk. The extent may be\n"
"\"encoded\" on disk (currently this means compressed, but in the future it\n"
"may also be encrypted).\n"
"\n"
"An explanation of each printed field and its corresponding on-disk data\n"
"structure is provided below:\n"
"\n"
"FILE OFFSET Offset in the file where the file extent starts\n"
" [(struct btrfs_key).offset]\n"
"FILE SIZE Size of the file extent\n"
" [(struct btrfs_file_extent_item).num_bytes for most\n"
" extents, (struct btrfs_file_extent_item).ram_bytes\n"
" for inline extents]\n"
"EXTENT OFFSET Offset from the beginning of the unencoded extent\n"
" where the file extent starts\n"
" [(struct btrfs_file_extent_item).offset]\n"
"EXTENT TYPE Type of the extent (inline, preallocated, etc.)\n"
" [(struct btrfs_file_extent_item).type];\n"
" how it is encoded\n"
" [(struct btrfs_file_extent_item){compression,\n"
" encryption,other_encoding}];\n"
" and its data profile\n"
" [(struct btrfs_chunk).type]\n"
"LOGICAL SIZE Size of the unencoded extent\n"
" [(struct btrfs_file_extent_item).ram_bytes]\n"
"LOGICAL OFFSET Location of the extent in the filesystem's logical\n"
" address space\n"
" [(struct btrfs_file_extent_offset).disk_bytenr]\n"
"PHYSICAL SIZE Size of the encoded extent on disk\n"
" [(struct btrfs_file_extent_offset).disk_num_bytes]\n"
"DEVID ID of the device containing the extent\n"
" [(struct btrfs_stripe).devid]\n"
"PHYSICAL OFFSET Location of the extent on the device\n"
" [calculated from (struct btrfs_stripe).offset]\n"
"\n"
"FILE SIZE is rounded up to the sector size of the filesystem.\n"
"\n"
"Inline extents are stored with the metadata of the filesystem; this tool\n"
"does not have the ability to determine their location.\n"
"\n"
"Gaps in a file are represented with a hole file extent unless the\n"
"filesystem was formatted with the \"no-holes\" option.\n"
"\n"
"If the file extent was truncated, hole punched, cloned, or deduped,\n"
"EXTENT OFFSET may be non-zero and LOGICAL SIZE may be different from\n"
"FILE SIZE.\n"
"\n"
"Options:\n"
" -h, --help display this help message and exit\n",
progname);
exit(error ? EXIT_FAILURE : EXIT_SUCCESS);
}
struct stripe {
uint64_t devid;
uint64_t offset;
};
struct chunk {
uint64_t offset;
uint64_t length;
uint64_t stripe_len;
uint64_t type;
struct stripe *stripes;
size_t num_stripes;
size_t sub_stripes;
};
struct chunk_tree {
struct chunk *chunks;
size_t num_chunks;
};
static int read_chunk_tree(int fd, struct chunk **chunks, size_t *num_chunks)
{
struct btrfs_ioctl_search_args search = {
.key = {
.tree_id = BTRFS_CHUNK_TREE_OBJECTID,
.min_objectid = BTRFS_FIRST_CHUNK_TREE_OBJECTID,
.min_type = BTRFS_CHUNK_ITEM_KEY,
.min_offset = 0,
.max_objectid = BTRFS_FIRST_CHUNK_TREE_OBJECTID,
.max_type = BTRFS_CHUNK_ITEM_KEY,
.max_offset = UINT64_MAX,
.min_transid = 0,
.max_transid = UINT64_MAX,
.nr_items = 0,
},
};
size_t items_pos = 0, buf_off = 0;
size_t capacity = 0;
int ret;
*chunks = NULL;
*num_chunks = 0;
for (;;) {
const struct btrfs_ioctl_search_header *header;
const struct btrfs_chunk *item;
struct chunk *chunk;
size_t i;
if (items_pos >= search.key.nr_items) {
search.key.nr_items = 4096;
ret = ioctl(fd, BTRFS_IOC_TREE_SEARCH, &search);
if (ret == -1) {
perror("BTRFS_IOC_TREE_SEARCH");
return -1;
}
items_pos = 0;
buf_off = 0;
if (search.key.nr_items == 0)
break;
}
header = (struct btrfs_ioctl_search_header *)(search.buf + buf_off);
if (header->type != BTRFS_CHUNK_ITEM_KEY)
goto next;
item = (void *)(header + 1);
if (*num_chunks >= capacity) {
struct chunk *tmp;
if (capacity == 0)
capacity = 1;
else
capacity *= 2;
tmp = realloc(*chunks, capacity * sizeof(**chunks));
if (!tmp) {
perror("realloc");
return -1;
}
*chunks = tmp;
}
chunk = &(*chunks)[*num_chunks];
chunk->offset = header->offset;
chunk->length = le64_to_cpu(item->length);
chunk->stripe_len = le64_to_cpu(item->stripe_len);
chunk->type = le64_to_cpu(item->type);
chunk->num_stripes = le16_to_cpu(item->num_stripes);
chunk->sub_stripes = le16_to_cpu(item->sub_stripes);
chunk->stripes = calloc(chunk->num_stripes,
sizeof(*chunk->stripes));
if (!chunk->stripes) {
perror("calloc");
return -1;
}
(*num_chunks)++;
for (i = 0; i < chunk->num_stripes; i++) {
const struct btrfs_stripe *stripe;
stripe = &item->stripe + i;
chunk->stripes[i].devid = le64_to_cpu(stripe->devid);
chunk->stripes[i].offset = le64_to_cpu(stripe->offset);
}
next:
items_pos++;
buf_off += sizeof(*header) + header->len;
if (header->offset == UINT64_MAX)
break;
else
search.key.min_offset = header->offset + 1;
}
return 0;
}
static struct chunk *find_chunk(struct chunk *chunks, size_t num_chunks,
uint64_t logical)
{
size_t lo, hi;
if (!num_chunks)
return NULL;
lo = 0;
hi = num_chunks - 1;
while (lo <= hi) {
size_t mid = lo + (hi - lo) / 2;
if (logical < chunks[mid].offset)
hi = mid - 1;
else if (logical >= chunks[mid].offset + chunks[mid].length)
lo = mid + 1;
else
return &chunks[mid];
}
return NULL;
}
static int print_extents(int fd, struct chunk *chunks, size_t num_chunks)
{
struct btrfs_ioctl_search_args search = {
.key = {
.min_type = BTRFS_EXTENT_DATA_KEY,
.max_type = BTRFS_EXTENT_DATA_KEY,
.min_offset = 0,
.max_offset = UINT64_MAX,
.min_transid = 0,
.max_transid = UINT64_MAX,
.nr_items = 0,
},
};
struct btrfs_ioctl_ino_lookup_args args = {
.treeid = 0,
.objectid = BTRFS_FIRST_FREE_OBJECTID,
};
size_t items_pos = 0, buf_off = 0;
struct stat st;
int ret;
puts("FILE OFFSET\tFILE SIZE\tEXTENT OFFSET\tEXTENT TYPE\tLOGICAL SIZE\tLOGICAL OFFSET\tPHYSICAL SIZE\tDEVID\tPHYSICAL OFFSET");
ret = fstat(fd, &st);
if (ret == -1) {
perror("fstat");
return -1;
}
ret = ioctl(fd, BTRFS_IOC_INO_LOOKUP, &args);
if (ret == -1) {
perror("BTRFS_IOC_INO_LOOKUP");
return -1;
}
search.key.tree_id = args.treeid;
search.key.min_objectid = search.key.max_objectid = st.st_ino;
for (;;) {
const struct btrfs_ioctl_search_header *header;
const struct btrfs_file_extent_item *item;
uint8_t type;
/* Initialize to silence GCC. */
uint64_t file_offset = 0;
uint64_t file_size = 0;
uint64_t extent_offset = 0;
uint64_t logical_size = 0;
uint64_t logical_offset = 0;
uint64_t physical_size = 0;
struct chunk *chunk = NULL;
if (items_pos >= search.key.nr_items) {
search.key.nr_items = 4096;
ret = ioctl(fd, BTRFS_IOC_TREE_SEARCH, &search);
if (ret == -1) {
perror("BTRFS_IOC_TREE_SEARCH");
return -1;
}
items_pos = 0;
buf_off = 0;
if (search.key.nr_items == 0)
break;
}
header = (struct btrfs_ioctl_search_header *)(search.buf + buf_off);
if (header->type != BTRFS_EXTENT_DATA_KEY)
goto next;
item = (void *)(header + 1);
type = item->type;
file_offset = header->offset;
if (type == BTRFS_FILE_EXTENT_INLINE) {
file_size = logical_size = le64_to_cpu(item->ram_bytes);
extent_offset = 0;
physical_size = (header->len -
offsetof(struct btrfs_file_extent_item,
disk_bytenr));
} else if (type == BTRFS_FILE_EXTENT_REG ||
type == BTRFS_FILE_EXTENT_PREALLOC) {
file_size = le64_to_cpu(item->num_bytes);
extent_offset = le64_to_cpu(item->offset);
logical_size = le64_to_cpu(item->ram_bytes);
logical_offset = le64_to_cpu(item->disk_bytenr);
physical_size = le64_to_cpu(item->disk_num_bytes);
if (logical_offset) {
chunk = find_chunk(chunks, num_chunks,
logical_offset);
if (!chunk) {
printf("\n");
fprintf(stderr,
"could not find chunk containing %" PRIu64 "\n",
logical_offset);
return -1;
}
}
}
printf("%" PRIu64 "\t", file_offset);
if (type == BTRFS_FILE_EXTENT_INLINE ||
type == BTRFS_FILE_EXTENT_REG ||
type == BTRFS_FILE_EXTENT_PREALLOC) {
printf("%" PRIu64 "\t%" PRIu64 "\t", file_size,
extent_offset);
} else {
printf("\t\t");
}
switch (type) {
case BTRFS_FILE_EXTENT_INLINE:
printf("inline");
break;
case BTRFS_FILE_EXTENT_REG:
if (logical_offset)
printf("regular");
else
printf("hole");
break;
case BTRFS_FILE_EXTENT_PREALLOC:
printf("prealloc");
break;
default:
printf("type%u", type);
break;
}
switch (item->compression) {
case 0:
break;
case 1:
printf(",compression=zlib");
break;
case 2:
printf(",compression=lzo");
break;
case 3:
printf(",compression=zstd");
break;
default:
printf(",compression=%u", item->compression);
break;
}
if (item->encryption)
printf(",encryption=%u", item->encryption);
if (item->other_encoding) {
printf(",other_encoding=%u",
le16_to_cpu(item->other_encoding));
}
if (chunk) {
switch (chunk->type & BTRFS_BLOCK_GROUP_PROFILE_MASK) {
case 0:
break;
case BTRFS_BLOCK_GROUP_RAID0:
printf(",raid0");
break;
case BTRFS_BLOCK_GROUP_RAID1:
printf(",raid1");
break;
case BTRFS_BLOCK_GROUP_DUP:
printf(",dup");
break;
case BTRFS_BLOCK_GROUP_RAID10:
printf(",raid10");
break;
case BTRFS_BLOCK_GROUP_RAID5:
printf(",raid5");
break;
case BTRFS_BLOCK_GROUP_RAID6:
printf(",raid6");
break;
default:
printf(",profile%" PRIu64,
(uint64_t)(chunk->type &
BTRFS_BLOCK_GROUP_PROFILE_MASK));
break;
}
}
printf("\t");
if (type == BTRFS_FILE_EXTENT_INLINE ||
type == BTRFS_FILE_EXTENT_REG ||
type == BTRFS_FILE_EXTENT_PREALLOC)
printf("%" PRIu64 "\t", logical_size);
else
printf("\t");
if (type == BTRFS_FILE_EXTENT_REG ||
type == BTRFS_FILE_EXTENT_PREALLOC)
printf("%" PRIu64 "\t", logical_offset);
else
printf("\t");
if (type == BTRFS_FILE_EXTENT_INLINE ||
type == BTRFS_FILE_EXTENT_REG ||
type == BTRFS_FILE_EXTENT_PREALLOC)
printf("%" PRIu64 "\t", physical_size);
else
printf("\t");
if (chunk) {
uint64_t offset, stripe_nr, stripe_offset;
size_t stripe_index, num_stripes;
size_t i;
offset = logical_offset - chunk->offset;
stripe_nr = offset / chunk->stripe_len;
stripe_offset = offset - stripe_nr * chunk->stripe_len;
switch (chunk->type & BTRFS_BLOCK_GROUP_PROFILE_MASK) {
case 0:
case BTRFS_BLOCK_GROUP_RAID0:
stripe_index = stripe_nr % chunk->num_stripes;
stripe_nr /= chunk->num_stripes;
num_stripes = 1;
break;
case BTRFS_BLOCK_GROUP_RAID1:
case BTRFS_BLOCK_GROUP_DUP:
stripe_index = 0;
num_stripes = chunk->num_stripes;
break;
case BTRFS_BLOCK_GROUP_RAID10: {
size_t factor;
factor = chunk->num_stripes / chunk->sub_stripes;
stripe_index = (stripe_nr % factor *
chunk->sub_stripes);
stripe_nr /= factor;
num_stripes = chunk->sub_stripes;
break;
}
case BTRFS_BLOCK_GROUP_RAID5:
case BTRFS_BLOCK_GROUP_RAID6: {
size_t nr_parity_stripes, nr_data_stripes;
if (chunk->type & BTRFS_BLOCK_GROUP_RAID6)
nr_parity_stripes = 2;
else
nr_parity_stripes = 1;
nr_data_stripes = (chunk->num_stripes -
nr_parity_stripes);
stripe_index = stripe_nr % nr_data_stripes;
stripe_nr /= nr_data_stripes;
stripe_index = ((stripe_nr + stripe_index) %
chunk->num_stripes);
num_stripes = 1;
break;
}
default:
num_stripes = 0;
break;
}
for (i = 0; i < num_stripes; i++) {
if (i != 0)
printf("\n\t\t\t\t\t\t\t");
printf("%" PRIu64 "\t%" PRIu64,
chunk->stripes[stripe_index].devid,
chunk->stripes[stripe_index].offset +
stripe_nr * chunk->stripe_len +
stripe_offset);
stripe_index++;
}
}
printf("\n");
next:
items_pos++;
buf_off += sizeof(*header) + header->len;
if (header->offset == UINT64_MAX)
break;
else
search.key.min_offset = header->offset + 1;
}
return 0;
}
int main(int argc, char **argv)
{
struct option long_options[] = {
{"help", no_argument, NULL, 'h'},
};
int fd, ret;
struct chunk *chunks;
size_t num_chunks, i;
if (argv[0])
progname = argv[0];
for (;;) {
int c;
c = getopt_long(argc, argv, "h", long_options, NULL);
if (c == -1)
break;
switch (c) {
case 'h':
usage(false);
default:
usage(true);
}
}
if (optind != argc - 1)
usage(true);
fd = open(argv[optind], O_RDONLY);
if (fd == -1) {
perror("open");
return EXIT_FAILURE;
}
ret = read_chunk_tree(fd, &chunks, &num_chunks);
if (ret == -1)
goto out;
ret = print_extents(fd, chunks, num_chunks);
out:
for (i = 0; i < num_chunks; i++)
free(chunks[i].stripes);
free(chunks);
close(fd);
return ret ? EXIT_FAILURE : EXIT_SUCCESS;
}

65
custom_kernel.sh Normal file
View File

@@ -0,0 +1,65 @@
### Set variables
export arch=x86_64
export ver=6.0
export minrel=15
export pkgrel=300
export subver=$minrel-$pkgrel
export fedver=fc37
export name=$(hostname)
### Custom Machine owner key for secure boot
# Allow kernel signing
sudo /usr/libexec/pesign/pesign-authorize
# Create key
openssl req -new -x509 -newkey rsa:2048 -keyout "key.pem" -outform DER -out "cert.der" -nodes -days 36500 -subj "/CN=$name"
# Import key to UEFI database.
sudo mokutil --import "cert.der"
# You have to reboot the system after importing the key with "mokutil" to import the key via UEFI system
# After rebooting create PKCS #12 key file and import it into the nss database
openssl pkcs12 -export -out key.p12 -inkey key.pem -in cert.der
sudo csudo ertutil -A -i cert.der -n "$name" -d /etc/pki/pesign/ -t "Pu,Pu,Pu"
sudo pk12util -i key.p12 -d /etc/pki/pesign
### Setup build system
rpmdev-setuptree
koji download-build --arch=src kernel-$ver.$subver.$fedver
rpm -Uvh kernel-$ver.$subver.$fedver.src.rpm
cd ~/rpmbuild/SPECS
### Apply patches and customize kernel configuration
# Get patch to enable hibernate in lockdown mode (secure boot)
wget https://gist.githubusercontent.com/kelvie/917d456cb572325aae8e3bd94a9c1350/raw/74516829883c7ee7b2216938550d55ebcb7be609/0001-Add-a-lockdown_hibernate-parameter.patch -O ~/rpmbuild/SOURCES/0001-Add-a-lockdown_hibernate-parameter.patch
# Define patch in kernel.spec for building the rpms
# Patch2: 0001-Add-a-lockdown_hibernate-parameter.patch
sed -i '/^Patch999999/i Patch2: 0001-Add-a-lockdown_hibernate-parameter.patch' kernel.spec
# Add patch as ApplyOptionalPatch
sed -i '/^ApplyOptionalPatch linux-kernel-test.patch/i ApplyOptionalPatch 0001-Add-a-lockdown_hibernate-parameter.patch' kernel.spec
# Add custom kernel name
sed -i "s/# define buildid .local/%define buildid .$name/g" kernel.spec
# Add machine owner key
sed -i "s/.$name/.$name\n%define pe_signing_cert $name/g" kernel.spec
# Install necessary dependencies for compiling hte kernel
rpmbuild -bp kernel.spec
### Optional steps
# Create own configuration file from fedora config file
# You find my "minimized" configuration for a 6.0.11 kernel here.
cp ~/rpmbuild/SOURCES/kernel-$arch-fedora.config ~/rpmbuild/BUILD/kernel-$ver.$minrel/linux-$ver.$subver.$name.$fedver.$arch/.config
cd ~/rpmbuild/BUILD/kernel-$ver.$minrel/linux-$ver.$subver.$name.$fedver.$arch/
make menuconfig
# Copy custom menuconfig kernel configuration to kernel-local
cp ~/rpmbuild/BUILD/kernel-$ver.$minrel/linux-$ver.$subver.$name.$fedver.$arch/.config ~/rpmbuild/SOURCES/kernel-local
# ... or copy kernel config from running kernel to kernel-local
#cp /boot/config-$(uname -r) ~/rpmbuild/SOURCES/kernel-local
# Remove build infos from custom config
sed -i '0,/^#\ General\ setup$/d' ~/rpmbuild/SOURCES/kernel-local
sed -i '1i # x86_64' ~/rpmbuild/SOURCES/kernel-local
### End optional steps ###
# Compile kernel
cd ~/rpmbuild/SPECS
time rpmbuild -bb --with baseonly --without debuginfo --target=$arch kernel.spec | tee ~/build-kernel.log
# Install kernel
cd ~/rpmbuild/RPMS/$arch/
sudo dnf install *.rpm

0
fedora/ansible/certificates/README.md → debian/ansible/openssh/README.md vendored
View File

0
fedora/ansible/openssh/meta/main.yml → debian/ansible/openssh/meta/main.yml vendored
View File

0
fedora/ansible/openssh/tasks/main.yml → debian/ansible/openssh/tasks/main.yml vendored
View File

38
debian/ansible/wireguard/README.md vendored Normal file
View File

@@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

52
debian/ansible/wireguard/meta/main.yml vendored Normal file
View File

@@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

40
debian/ansible/wireguard/tasks/main.yml vendored Normal file
View File

@@ -0,0 +1,40 @@
---
# tasks file for debian/ansible/wireguard
- name: Include main vars
include_vars:
file: vars/main.yml
- name: Apt upgrade
apt:
update_cache: yes
upgrade: yes
become: yes
- name: Install wireguard
apt:
name:
- wireguard
- iptables
state: present
update_cache: yes
become: yes
- name: Copy wireguard config to /etc/wg0.conf
ansible.builtin.template:
src: templates/wg0.conf
dest: /etc/wireguard/wg0.conf
owner: root
group: root
mode: '0600'
become: yes
- name: Update ipv4 sysctl
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: '1'
sysctl_set: yes
state: present
reload: yes
become: yes
- name: Ensure wireguard is enabled and running
ansible.builtin.systemd:
state: restarted
enabled: yes
name: wg-quick@wg0
become: yes

16
debian/ansible/wireguard/templates/wg0.conf vendored Normal file
View File

@@ -0,0 +1,16 @@
[Interface]
Address = 10.200.1.1/24
ListenPort = 51820
PrivateKey = {{ private_key }}
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ interface }} -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ interface }} -j MASQUERADE
# Reese's Laptop
[Peer]
PublicKey = phDd8By8xpEMs65fb89xl1LjqDeyjxy5Cc1Wk8qvuBQ=
AllowedIPs = 10.200.1.2/32
# Reese's Phone
[Peer]
PublicKey = 51tKo/0fpYN0vd8UowD56nDPsNqw4HzJ5o4xGDaU2Wo=
AllowedIPs = 10.200.1.3/32

2
debian/ansible/wireguard/vars/main.yml vendored Normal file
View File

@@ -0,0 +1,2 @@
private_key: "{{ lookup('community.hashi_vault.hashi_vault', 'secret=secret/data/wireguard/private/home/wg.dnet:privatekey url=https://vault.ducoterra.net')}}"
interface: ens3

11
debian/wireguard.yml vendored Normal file
View File

@@ -0,0 +1,11 @@
---
# Run through all tasks to setup machines
# https://community.frame.work/t/fedora-linux-35-on-the-framework-laptop/6613/10
- hosts: wireguard
gather_facts: true
order: inventory
vars_files:
- ansible/wireguard/vars/main.yml
roles:
- role: ansible/openssh
- role: ansible/wireguard

0
fedora/ansible/dconf/README.md → fedora/ansible/add-dnet-cert/README.md
View File

0
fedora/ansible/certificates/meta/main.yml → fedora/ansible/add-dnet-cert/meta/main.yml
View File

0
fedora/ansible/certificates/tasks/main.yml → fedora/ansible/add-dnet-cert/tasks/main.yml
View File

0
fedora/ansible/framework_tweaks/README.md → fedora/ansible/add-iscsi-framework-backup/README.md
View File

0
fedora/ansible/iscsi_freenas/meta/main.yml → fedora/ansible/add-iscsi-framework-backup/meta/main.yml
View File

0
fedora/ansible/iscsi_freenas/tasks/main.yml → fedora/ansible/add-iscsi-framework-backup/tasks/main.yml
View File

187
fedora/ansible/btrbk/files/btrbk.conf
View File

@@ -1,188 +1,11 @@
# snapshot_create ondemand
# Example btrbk configuration file
#
#
# Please refer to the btrbk.conf(5) man-page for a complete
# description of all configuration options.
# For more examples, see README.md included with this package.
#
# btrbk.conf(5): <https://digint.ch/btrbk/doc/btrbk.conf.5.html>
# README.md: <https://digint.ch/btrbk/doc/readme.html>
#
# Note that the options can be overridden per volume/subvolume/target
# in the corresponding sections.
#
# Enable transaction log
transaction_log /var/log/btrbk.log
# Enable stream buffer. Adding a buffer between the sending and
# receiving side is generally a good idea.
# NOTE: If enabled, make sure to install the "mbuffer" package!
stream_buffer 256m
# Directory in which the btrfs snapshots are created. Relative to
# <volume-directory> of the volume section.
# If not set, the snapshots are created in <volume-directory>.
#
# If you want to set a custom name for the snapshot (and backups),
# use the "snapshot_name" option within the subvolume section.
#
# NOTE: btrbk does not autmatically create this directory, and the
# snapshot creation will fail if it is not present.
#
snapshot_dir _btrbk_snap
# Always create snapshots. Set this to "ondemand" to only create
# snapshots if the target volume is reachable. Set this to "no" if
# snapshot creation is done by another instance of btrbk.
#snapshot_create always
# Perform incremental backups (set to "strict" if you want to prevent
# creation of non-incremental backups if no parent is found).
#incremental yes
# Specify after what time (in full hours after midnight) backups/
# snapshots are considered as a daily backup/snapshot
#preserve_hour_of_day 0
# Specify on which day of week weekly/monthly backups are to be
# preserved.
#preserve_day_of_week sunday
# Preserve all snapshots for a minimum period of time.
#snapshot_preserve_min 1d
# Retention policy for the source snapshots.
#snapshot_preserve <NN>h <NN>d <NN>w <NN>m <NN>y
# Preserve all backup targets for a minimum period of time.
#target_preserve_min no
# Retention policy for backup targets:
#target_preserve <NN>h <NN>d <NN>w <NN>m <NN>y
# Retention policy for archives ("btrbk archive" command):
#archive_preserve_min no
#archive_preserve <NN>h <NN>d <NN>w <NN>m <NN>y
# Specify SSH private key for "ssh://" volumes / targets:
#ssh_identity /etc/btrbk/ssh/id_ed25519
#ssh_user root
#ssh_compression no
#ssh_cipher_spec default
# Enable compression for remote btrfs send/receive operations:
#stream_compress no
#stream_compress_level default
#stream_compress_threads default
# Enable lock file support: Ensures that only one instance of btrbk
# can be run at a time.
#lockfile /var/lock/btrbk.lock
# Don't wait for transaction commit on deletion. Set this to "after"
# or "each" to make sure the deletion of subvolumes is committed to
# disk when btrbk terminates.
#btrfs_commit_delete no
#
# Volume section (optional): "volume <volume-directory>"
#
# <volume-directory> Base path within a btrfs filesystem
# containing the subvolumes to be backuped
# (usually the mount-point of a btrfs filesystem
# mounted with subvolid=5 option).
#
# Subvolume section: "subvolume <subvolume-name>"
#
# <subvolume-name> Subvolume to be backuped, relative to
# <volume-directory> in volume section.
#
# Target section: "target <type> <volume-directory>"
#
# <type> (optional) type, defaults to "send-receive".
# <volume-directory> Directory within a btrfs filesystem
# receiving the backups.
#
# NOTE: The parser does not care about indentation, this is only for
# human readability. All options apply to the last section
# encountered, overriding the corresponding option of the upper
# section. This means that the global options must be set on top,
# before any "volume", "subvolume" or "target section.
#
#
# Example retention policy:
#
snapshot_preserve_min 2d snapshot_preserve_min 2d
snapshot_preserve 14d snapshot_preserve 14d
target_preserve_min no target_preserve_min no
target_preserve 20d 10w *m target_preserve 20d 10w *m
snapshot_dir /mnt/btr_pool/snapshots
# target /mnt/btr_backup
# Simple setup: Backup root and home to external disk subvolume /mnt/btr_pool/root
# subvolume /mnt/btr_pool/home
snapshot_dir /btrfs/snapshots
target /mnt/btr_pool
subvolume /btrfs/root
subvolume /btrfs/home
#
# Complex setup
#
# In order to keep things organized, it is recommended to use "volume"
# sections and mount the top-level subvolume (subvolid=5):
#
# $ mount -o subvolid=5 /dev/sda1 /mnt/btr_pool
#
# Backup to external disk mounted on /mnt/btr_backup
#volume /btrfs
# Create snapshots in /mnt/btr_pool/btrbk_snapshots
# snapshot_dir btrbk_snapshots
# Target for all subvolume sections:
# target /mnt/btr_backup
# Some default btrfs installations (e.g. Ubuntu) use "@" for rootfs
# (mounted at "/") and "@home" (mounted at "/home"). Note that this
# is only a naming convention.
#subvolume @
# subvolume root
# subvolume home
#subvolume kvm
# Use different retention policy for kvm backups:
#target_preserve 7d 4w
# Backup data to external disk as well as remote host
#volume /mnt/btr_data
# subvolume data
# Always create snapshot, even if targets are unreachable
# snapshot_create always
# target /mnt/btr_backup
# target ssh://backup.my-remote-host.com/mnt/btr_backup
# Backup from remote host, with different naming
#volume ssh://my-remote-host.com/mnt/btr_pool
# subvolume data_0
# snapshot_dir snapshots/btrbk
# snapshot_name data_main
# target /mnt/btr_backup/my-remote-host.com
# Resume backups from remote host which runs its own btrbk instance
# creating snapshots for "home" in "/mnt/btr_pool/btrbk_snapshots".
#volume ssh://my-remote-host.com/mnt/btr_pool
# snapshot_dir btrbk_snapshots
# snapshot_create no
# snapshot_preserve_min all
# subvolume home
# target /mnt/btr_backup/my-remote-host.com

0
fedora/ansible/gnome_extensions/README.md → fedora/ansible/disable-swap/README.md
View File

0
fedora/ansible/framework_tweaks/meta/main.yml → fedora/ansible/disable-swap/meta/main.yml
View File

11
fedora/ansible/disable-swap/tasks/main.yml Normal file
View File

@@ -0,0 +1,11 @@
---
# Disable swap
- name: Turn off swap
command: swapoff --all
become: yes
- name: Uninstall zram-generator-defaults
dnf:
name:
- zram-generator-defaults
state: absent
become: yes

0
fedora/ansible/gnome_extensions/meta/main.yml → fedora/ansible/dnf-install-dash-to-dock/meta/main.yml
View File

8
fedora/ansible/dnf-install-dash-to-dock/tasks/main.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: Install dash-to-dock
dnf:
name:
- gnome-shell-extension-dash-to-dock
- gnome-extensions-app
state: present
become: yes

0
fedora/ansible/iscsi_freenas/README.md → fedora/ansible/dnf-install-snap/README.md
View File

52
fedora/ansible/dnf-install-snap/meta/main.yml Normal file
View File

@@ -0,0 +1,52 @@
galaxy_info:
author: Reese Wells
description: Installs daily drivers for fedora workstation
company: ""
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

20
fedora/ansible/dnf-install-snap/tasks/main.yml Normal file
View File

@@ -0,0 +1,20 @@
---
- name: Ensure snap installed
dnf:
name: snapd
state: present
become: yes
- name: Ensure snapd service running
ansible.builtin.systemd:
name: snapd.socket
state: started
enabled: yes
become: yes
- name: Link /var/lib/snapd/snap /snap
ansible.builtin.file:
src: /var/lib/snapd/snap
dest: /snap
owner: root
group: root
state: link
become: yes

0
fedora/ansible/openssh/README.md → fedora/ansible/dnf-install-steam/README.md
View File

4
fedora/ansible/dnf-install-steam/tasks/main.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: DNF Install Steam
dnf:
name:
- steam

0
fedora/ansible/enable-deep-sleep/README.md Normal file
View File

52
fedora/ansible/enable-deep-sleep/meta/main.yml Normal file
View File

@@ -0,0 +1,52 @@
galaxy_info:
author: Reese Wells
description: Tweaks Fedora to work better with the Framework Laptop
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

5
fedora/ansible/enable-deep-sleep/tasks/main.yml Normal file
View File

@@ -0,0 +1,5 @@
---
# Set deep sleep to default
- name: Set deep sleep to default
command: grubby --update-kernel=ALL --args="mem_sleep_default=deep"
become: yes

0
fedora/ansible/fix-framework-microphone/README.md Normal file
View File

52
fedora/ansible/fix-framework-microphone/meta/main.yml Normal file
View File

@@ -0,0 +1,52 @@
galaxy_info:
author: Reese Wells
description: Tweaks Fedora to work better with the Framework Laptop
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

7
fedora/ansible/framework_tweaks/tasks/main.yml → fedora/ansible/fix-framework-microphone/tasks/main.yml
View File

@@ -8,10 +8,3 @@
content: | content: |
options snd-hda-intel model=auto options snd-hda-intel model=auto
become: yes become: yes
# Disable swap
- name: Uninstall zram-generator-defaults
dnf:
name:
- zram-generator-defaults
state: absent
become: yes

2
fedora/ansible/framework_tweaks/tests/inventory
View File

@@ -1,2 +0,0 @@
localhost

5
fedora/ansible/framework_tweaks/tests/test.yml
View File

@@ -1,5 +0,0 @@
---
- hosts: localhost
remote_user: root
roles:
- arch/hardware_tools

2
fedora/ansible/framework_tweaks/vars/main.yml
View File

@@ -1,2 +0,0 @@
---
# vars file for arch/hardware_tools

10
fedora/ansible/gnome_extensions/tasks/main.yml
View File

@@ -1,10 +0,0 @@
---
# Gnome extensions
- name: Enable gnome extensions
command: 'gnome-extensions enable {{ item }}'
loop:
- bluetooth-quick-connect@bjarosze.gmail.com
- clipboard-indicator@tudmotu.com
- sound-output-device-chooser@kgshank.net
- Resource_Monitor@Ory0n
- drive-menu@gnome-shell-extensions.gcampax.github.com

226
fedora/ansible/install-autofs/files/10-home-network.py Normal file
View File

@@ -0,0 +1,226 @@
#!/usr/bin/env python3
import sys
import os
import logging
import subprocess
def run_cmd_safe(cmd, expire_cmd=None, timeout=6, retry=10):
"""Safely executes a command with timeout. Logs stdout and stderr. Captures TimeOutException.
Args:
cmd (list): Command to be executed
"""
result = None
retry_count = 0
while retry_count < retry:
if retry_count > 0 and expire_cmd:
logging.warn(f"Running expire command {expire_cmd}")
run_cmd_safe(expire_cmd)
try:
logging.debug(f"Executing {' '.join(cmd)}")
result = subprocess.run(cmd, capture_output=True, timeout=timeout)
logging.info(f"{' '.join(cmd)}: {result.stdout}")
logging.error(f"{' '.join(cmd)}: {result.stderr}")
break
except subprocess.TimeoutExpired:
logging.error(f"Attempt {retry_count}")
logging.error(f"Command expired: {cmd}")
retry_count += 1
return result
def get_network_state(conn_uuid):
"""Using nmcli, retreive the state of the given network
Args:
conn_uuid (str): The connection UUID provided by `nmcli connection show`
Returns:
str: The state of the connection provided by nmcli
"""
UUID = 0
STATE = 1
CMD = ['nmcli', '-t', '-f', 'con-uuid,state', 'device', 'status']
result = run_cmd_safe(CMD)
decoded_result = result.stdout.decode()
network_connections = decoded_result.split("\n")
valid_connections = list(filter(
lambda item: item[0] != "",
[conn.split(':') for conn in network_connections]))
selected_network = list(filter(lambda item: item[UUID] == conn_uuid, valid_connections))
if len(selected_network) > 0:
return selected_network[0][STATE]
else:
return ''
def network_connected(conn_uuid):
"""Returns True if the given connection UUID is connected
Args:
conn_uuid (str): The connection UUID provided by `nmcli connection show`
Returns:
bool: True if connected, False otherwise
"""
CONNECTED = "connected"
current_state = get_network_state(conn_uuid)
return current_state == CONNECTED
def one_up(conn_uuids):
"""Returns True if at least one of the provided network connections is up
Args:
conn_uuids (list): List of connections to check
"""
for conn_uuid in conn_uuids:
if network_connected(conn_uuid):
return True
return False
def set_wifi_state(on=True):
"""Turns the wifi on and off
Args:
on (bool, optional): Set to False to turn wifi off. Defaults to True.
Returns:
bool: True if command successful, False if otherwise
"""
desired_state = "on" if on else "off"
cmd = ["nmcli", "radio", "wifi", desired_state]
result = run_cmd_safe(cmd)
return result.returncode == 0
def is_mountpoint(path):
cmd = ["mountpoint", path]
result = run_cmd_safe(cmd)
return result.returncode == 0
if __name__ == "__main__":
logging.basicConfig(
filename='/var/log/nmd.log',
encoding='utf-8',
level=logging.DEBUG,
format='%(asctime)s %(levelname)s: %(message)s',
datefmt='%m/%d/%Y %I:%M:%S %p')
logging.debug("----------Start----------")
# List of connections relevant to this script
# Use tags to denote ethernet or wifi
CONNECTIONS = {
"home": {
"029a0daa-9dcd-36c2-9f3f-8c8a4da10da0": {
"tags": ["ethernet"]
},
"991b3332-3b25-467d-b49d-daecb968b4f8": {
"tags": ["wifi"]
}
}
}
# List of valid states for NetworkManager
# Taken from https://developer-old.gnome.org/NetworkManager/unstable/NetworkManager-dispatcher.html
STATES = {
"pre-up": "pre-up",
"up": "up",
"pre-down": "pre-down",
"down": "down",
"vpn-pre-up": "vpn-pre-up",
"vpn-up": "vpn-up",
"vpn-pre-down": "vpn-pre-down",
"vpn-down": "vpn-down",
"hostname": "hostname",
"dhcp4-change": "dhcp4-change",
"dhcp6-change": "dhcp6-change",
"connectivity-change": "connectivity-change",
}
# List of available environment variables given by NetworkManager
# Taken from https://developer-old.gnome.org/NetworkManager/unstable/NetworkManager-dispatcher.html
# Note: omits DHCP4_<dhcp-option-name> and IP6_<name> for simplicity's sake
ENV_VARS = {
"NM_DISPATCHER_ACTION": "NM_DISPATCHER_ACTION",
"CONNECTION_UUID": "CONNECTION_UUID",
"CONNECTION_ID": "CONNECTION_ID",
"CONNECTION_DBUS_PATH": "CONNECTION_DBUS_PATH",
"CONNECTION_FILENAME": "CONNECTION_FILENAME",
"CONNECTION_EXTERNAL": "CONNECTION_EXTERNAL",
"DEVICE_IFACE": "DEVICE_IFACE",
"DEVICE_IP_IFACE": "DEVICE_IP_IFACE",
"IP4_ADDRESS_N": "IP4_ADDRESS_N",
"IP4_NUM_ADDRESSES": "IP4_NUM_ADDRESSES",
"IP4_GATEWAY": "IP4_GATEWAY",
"IP4_ROUTE_N": "IP4_ROUTE_N",
"IP4_NUM_ROUTES": "IP4_NUM_ROUTES",
"IP4_NAMESERVERS": "IP4_NAMESERVERS",
"IP4_DOMAINS": "IP4_DOMAINS",
"CONNECTIVITY_STATE": "CONNECTIVITY_STATE",
}
# Used to retrive values from dictionaries after they've been turned into .items()
KEY = 0
VALUE = 1
# Filter out all home connections
home_connections = CONNECTIONS.get("home").keys()
logging.debug(f"Home connections: {home_connections}")
# Filter out our ethernet connections per their tags and save to a list
ethernets = list(map(
lambda conn: conn[KEY],
filter(
lambda conn: "ethernet" in conn[VALUE].get("tags") or [],
CONNECTIONS["home"].items())))
logging.debug(f"Ethernet connections: {ethernets}")
# The interface and state are always passed as positional arguments
logging.debug(f"arguments: {sys.argv}")
interface, state = sys.argv[1:3]
logging.debug(f"interface: {interface}")
logging.debug(f"state: {state}")
# Get the environment variables from our dictionary above
environment = {var[KEY]: os.getenv(var[VALUE]) for var in ENV_VARS.items()}
logging.debug(f"enviroment: {environment}")
# Get our conn_uuid from the dictionary of environment variables
conn_uuid = environment.get(ENV_VARS["CONNECTION_UUID"])
logging.debug(f"Connection UUID: {conn_uuid}")
# check if we need to turn the wifi on or off
if conn_uuid in ethernets:
# If the state of our home ethernet connection is "up" (we've just connected to ethernet),
# turn wifi off.
if state == STATES["up"]:
set_wifi_state(on=False)
# If the state of our home ethernet connection is "down" (we've just disconnected from
# ethernet), turn wifi back on.
elif state == STATES["down"]:
set_wifi_state(on=True)
# When we connect to a home network, mount our shares
# When we disconnect from all home networks, unmount our shares
# one_home_connection_up = one_up(home_connections)
# logging.debug(f"One Home Connection Up: {one_home_connection_up}")
# umount_cmd = ["umount", "-a", "-l", "-t", "cifs"]
# mount_cmd = ["mount", "/mnt/truenas"]
# if one_home_connection_up:
# run_cmd_safe(mount_cmd, expire_cmd=umount_cmd)
# else:
# run_cmd_safe(umount_cmd)
# Log Done
logging.debug("----------Done----------")

2
fedora/ansible/install-autofs/files/auto.truenas Normal file
View File

@@ -0,0 +1,2 @@
truenas -fstype=cifs,rw,uid=1000,gid=1000,credentials=/home/ducoterra/.smbpasswd ://freenas.dnet/truenas
media -fstype=cifs,rw,uid=1000,gid=1000,credentials=/home/ducoterra/.smbpasswd ://freenas.dnet/media

5
fedora/ansible/install-autofs/files/truenas.extra Normal file
View File

@@ -0,0 +1,5 @@
/misc /etc/auto.misc
/net -hosts
+dir:/etc/auto.master.d
+auto.master
/smb /etc/auto.truenas

52
fedora/ansible/install-autofs/meta/main.yml Normal file
View File

@@ -0,0 +1,52 @@
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

26
fedora/ansible/install-autofs/tasks/main.yml Normal file
View File

@@ -0,0 +1,26 @@
---
# sudo dnf install autofs
# /smb /etc/auto.truenas
# truenas -fstype=cifs,rw,uid=1000,gid=1000,credentials=/home/ducoterra/.smbpasswd ://freenas.dnet/truenas
# media -fstype=cifs,rw,uid=1000,gid=1000,credentials=/home/ducoterra/.smbpasswd ://freenas.dnet/media
- name: Install autofs
dnf:
name: autofs
state: present
become: yes
- name: Create /etc/auto.master.d/truenas.extra
copy:
src: files/truenas.extra
dest: /etc/auto.master.d/truenas.extra
owner: root
group: root
mode: '0755'
become: yes
- name: Create /etc/auto.truenas
copy:
src: files/auto.truenas
dest: /etc/auto.truenas
owner: root
group: root
mode: '0755'
become: yes

0
fedora/ansible/setup-openssh/README.md Normal file
View File

52
fedora/ansible/setup-openssh/meta/main.yml Normal file
View File

@@ -0,0 +1,52 @@
galaxy_info:
author: Reese Wells
description: Ensures secure openssh configuration
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

27
fedora/ansible/setup-openssh/tasks/main.yml Normal file
View File

@@ -0,0 +1,27 @@
---
# SSH
- name: Curl SSH trusted CA
get_url:
url: https://vault.ducoterra.net/v1/ssh-client-signer/public_key
dest: /etc/ssh/trusted-user-ca-keys.pem
mode: '0660'
become: yes
- name: Create sshd_config file
copy:
dest: "/etc/ssh/sshd_config"
content: |
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
KbdInteractiveAuthentication no
UsePAM yes
Subsystem sftp internal-sftp
PrintMotd no # pam does that
TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem
become: yes
- name: Ensure ssh service started
ansible.builtin.systemd:
name: sshd
state: restarted
daemon_reload: yes
enabled: yes
become: yes

9
fedora/ansible/software_developer/tasks/main.yml
View File

@@ -1,4 +1,7 @@
--- ---
# Install kvm
# sudo dnf -y install bridge-utils libvirt virt-install qemu-kvm virt-manager
# sudo systemctl start libvirtd
# Install developer tools # Install developer tools
- name: Ensure common developer tools installed - name: Ensure common developer tools installed
dnf: dnf:
@@ -10,12 +13,6 @@
- htop - htop
- dconf-editor - dconf-editor
- dnf-plugins-core - dnf-plugins-core
- ufw
become: yes
# Enable ufw
- name: Enable UFW
community.general.ufw:
state: enabled
become: yes become: yes
# Install snap developer tools # Install snap developer tools
- name: Ensure snap installed - name: Ensure snap installed

11
fedora/ansible/software_security/tasks/main.yml
View File

@@ -7,4 +7,15 @@
- tcpdump - tcpdump
- tcpreplay - tcpreplay
- wireshark-cli - wireshark-cli
- ufw
become: yes
# Enable UFW and allow SSH
- name: Allow SSH
community.general.ufw:
rule: allow
name: ssh
become: yes
- name: Enable UFW
community.general.ufw:
state: enabled
become: yes become: yes

0
fedora/ansible/tigervnc/README.md Normal file
View File

7
fedora/ansible/tigervnc/files/config Normal file
View File

@@ -0,0 +1,7 @@
## Supported server options to pass to vncserver upon invocation can be listed
## in this file. See the following manpages for more: vncserver(1) Xvnc(1).
## Several common ones are shown below. Uncomment and modify to your liking.
##
session=gnome
securitytypes=vncauth,tlsvnc
geometry=1920x1080

1
fedora/ansible/tigervnc/files/vncserver.users Normal file
View File

@@ -0,0 +1 @@
:2=vncuser

12
fedora/ansible/tigervnc/files/xstartup Normal file
View File

@@ -0,0 +1,12 @@
#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
/etc/X11/xinit/xinitrc
# Assume either Gnome will be started by default when installed
# We want to kill the session automatically in this case when user logs out. In case you modify
# /etc/X11/xinit/Xclients or ~/.Xclients yourself to achieve a different result, then you should
# be responsible to modify below code to avoid that your session will be automatically killed
if [ -e /usr/bin/gnome-session ]; then
vncserver -kill $DISPLAY
fi

52
fedora/ansible/tigervnc/meta/main.yml Normal file
View File

@@ -0,0 +1,52 @@
galaxy_info:
author: Reese Wells
description: Installs and enables a tigervnc server
company: ""
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

59
fedora/ansible/tigervnc/tasks/main.yml Normal file
View File

@@ -0,0 +1,59 @@
---
# Install and activate tigervnc
# NOTE: You will still need to log in manually as the new user and run "passwd" and "vncpasswd"
- name: Ensure tigervnc-server is installed
dnf:
name:
- tigervnc-server
become: yes
- name: Copy systemd file to /etc/system/system
copy:
remote_src: yes
src: /lib/systemd/system/vncserver@.service
dest: /etc/systemd/system/vncserver@.service
become: yes
- name: Copy vncserver.users
copy:
src: files/vncserver.users
dest: /etc/tigervnc/vncserver.users
become: yes
- name: Create vncuser
user:
name: vncuser
shell: /bin/fish
groups: wheel
append: yes
become: yes
- name: Ensure .vnc folder exists for vncuser
file:
path: /home/vncuser/.vnc
state: directory
owner: vncuser
group: vncuser
become: yes
- name: Copy vnc config
copy:
src: files/config
dest: /home/vncuser/.vnc/config
owner: vncuser
group: vncuser
become: yes
- name: Copy xstartup
copy:
src: files/xstartup
dest: /home/vncuser/.vnc/xstartup
owner: vncuser
group: vncuser
become: yes
- name: Start tigervnc service
systemd:
name: vncserver@:2
state: started
enabled: yes
become: yes
- name: UFW Allow 5902/tcp
community.general.ufw:
rule: allow
port: 5902
proto: tcp
become: yes

0
fedora/ansible/write-dconf-config/README.md Normal file
View File

0
fedora/ansible/dconf/meta/main.yml → fedora/ansible/write-dconf-config/meta/main.yml
View File

0
fedora/ansible/dconf/tasks/main.yml → fedora/ansible/write-dconf-config/tasks/main.yml
View File

17
fedora/desktop.yml
View File

@@ -1,7 +1,7 @@
--- ---
# Run through all tasks to setup machines # Run through all tasks to setup machines
# https://community.frame.work/t/fedora-linux-35-on-the-framework-laptop/6613/10 # https://community.frame.work/t/fedora-linux-35-on-the-framework-laptop/6613/10
- hosts: localhost - hosts: pc
gather_facts: true gather_facts: true
order: inventory order: inventory
vars: vars:
@@ -12,12 +12,21 @@
packer_version: 1.7.10 packer_version: 1.7.10
roles: roles:
- role: ansible/btrbk - setup-openssh
- add-dnet-cert
- disable-swap
- dnf-install-dash-to-dock
- dnf-install-snap
- dnf-install-steam
- enable-deep-sleep
- write-dconf-config
# - role: ansible/btrbk
- role: ansible/certificates - role: ansible/certificates
- role: ansible/dconf - role: ansible/dconf
- role: ansible/gnome_extensions # - role: ansible/gnome_extensions
- role: ansible/iscsi_freenas
- role: ansible/openssh - role: ansible/openssh
- role: ansible/software_common - role: ansible/software_common
- role: ansible/software_developer - role: ansible/software_developer
- role: ansible/software_games
- role: ansible/software_security - role: ansible/software_security
# - role: ansible/tigervnc

3
fedora/framework.yml
View File

@@ -39,3 +39,6 @@
- role: ansible/software_security - role: ansible/software_security
tags: ["software_security"] tags: ["software_security"]
- role: ansible/network_drives
tags: ["network_drives"]

167
framework_fedora.md
View File

@@ -73,10 +73,12 @@ set -Ua fish_user_paths /home/$USER/.local/bin
```bash ```bash
# Login to portal # Login to portal
sudo iscsiadm -m discovery -t st -p freenas.dnet iscsiadm -m discovery -t st -p driveripper.reeselink.com
# Mount all targets # Mount all targets
sudo iscsiadm -m node --targetname iqn.2022-02.freenas.dnet:framework-backup -p freenas.dnet:3260 -l iscsiadm -m node --targetname iqn.2023-01.driveripper.reeselink.com:2023-framework-backup -p driveripper.reeselink.com:3260 -l
iscsiadm -m node --loginall all
# Mount at boot # Mount at boot
vim /etc/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1 vim /etc/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1
@@ -85,7 +87,7 @@ vim /etc/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1
node.startup = automatic node.startup = automatic
# Log out of all sessions # Log out of all sessions
sudo iscsiadm -m node -u iscsiadm -m node -u
``` ```
## Gnome Tweaks ## Gnome Tweaks
@@ -217,7 +219,7 @@ WantedBy=timers.target
### Test, Start and Enable service ### Test, Start and Enable service
Test your service: Test your service:the available storage space on our NAS to the iSCSI target and the other half
```bash ```bash
sudo btrbk -c /etc/btrbk/btrbk.conf -v run sudo btrbk -c /etc/btrbk/btrbk.conf -v run
@@ -230,3 +232,160 @@ sudo systemctl start btrbk.timer
sudo systemctl enable btrbk.timer sudo systemctl enable btrbk.timer
``` ```
### Minecraft
1. You can find extra java versions at /etc/alternatives
2. You need to `dnf install xrandr` to launch any modpacks
3. You can create a desktop icon by putting this at ~/.local/share/applications/*.desktop:
```
[Desktop Entry]
Encoding=UTF-8
Name=Technic Launcher
Exec=/usr/bin/java -jar /home/ducoterra/Applications/TechnicLauncher.jar
Icon=/home/ducoterra/.icons/minecraft-launcher.png
Type=Application
Categories=Games;
```
### Firewall CMD
1. Enable firewall
```bash
systemctl start firewall-cmd
systemctl enable firewall-cmd
```
2. Set default behavior to drop everything
```bash
firewall-cmd --set-default-zone=drop
systemctl reload firewall-cmd
```
### Resources
Network monitoring: https://linuxconfig.org/how-to-monitor-network-activity-on-a-linux-system
## Backups
### Full system backup
In the event you need to restore your system from a disaster do the following:
1. Reinstall fedora via a live image
2. After install, disk should be mounted at /mnt/sysimage
3. Copy the new fstab and crypttab to somewhere safe
4. rsync -av [etc, home, opt, root, usr, var]
5. `mount /dev/Y /mnt/sysimage/boot`
6. `mount /dev/Z /mnt/sysimage/boot/efi`
7. `mount --bind /dev /mnt/sysimage/dev`
8. `mount --bind /proc /mnt/sysimage/proc`
9. `mount --bind /sys /mnt/sysimage/sys`
10. `chroot /mnt/sysimage`
11. Edit fstab and crypttab so they match the new partitions
12. Update /etc/default/grub to match the new luks uuid
13. grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
14. reboot
## Libvirt
### Snapshots on secure-boot VMs
```bash
# list snapshots
qemu-img snapshot -l win10.qcow2
# create a snapshot
qemu-img snapshot -c 1-welcome win10.qcow2
# restore a snapshot
qemu-img snapshot -a 1-welcome win10.qcow2
```
### Connecting to Truenas via virt-manager
You should be able to use the following custom URL:
```text
qemu+ssh://root@driveripper.reeserelease.com/system?socket=/run/truenas_libvirt/libvirt-sock
```
This assumes the correct socket path from `/etc/libvirt/libvirtd.conf` and ability to log in as the root user via ssh.
## bluetooth
### Airpods
Edit: /etc/bluetooth/main.conf
Set ControllerMode = bredr
restart bluetooth service
connect airpods
comment line out
restart bluetooth service again
## ZRAM
Edit /etc/systemd/zram-generator.conf
```conf
[zram0]
zram-size = min(ram / 2, 16384)
compression-algorithm = lzo-rle
options =
writeback-device = /dev/zvol/tarta-zoot/swap-writeback
```
## Automatic Disk Decryption with TPM2
https://gist.github.com/jdoss/777e8b52c8d88eb87467935769c98a95
```bash
# Add decryption key to tpm.
systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/nvme0n1p3
# Wipe old keys and enroll new key. You have to execute this command again after a kernel upgrade.
systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=0,2,4,7
# Add tpm2 configuration option to /etc/crypttab
luks-$UUID UUID=disk-$UUID none tpm2-device=auto,discard
# Add rd.luks.options=tpm2-device=auto to grub
grubby --args="rd.luks.options=tpm2-device=auto" --update-kernel=ALL
dracut -f
```
## Firefox GPU Rendering
https://community.frame.work/t/linux-battery-life-tuning/6665
```bash
dnf install intel-media-driver intel-gpu-tools
```
Type in about:config in the address bar and hit enter.
Set media.rdd-ffmpeg.enabled, media.ffmpeg.vaapi.enabled and media.navigator.mediadatadecoder_vpx_enabled to true.
Close and reopen your browser
Run the command sudo intel_gpu_top, play a 4k video and check whether the Video section is above 0.00%
## Gnome Software Updates (packagekitd and software)
To prevent Gnome Shell from starting Software open Settings->Search and disable Software from there.
Disable auto-updates
```bash
dconf write /org/gnome/software/allow-updathe available storage space on our NAS to the iSCSI target and the other halftes false
dconf write /org/gnome/software/download-updates false
```
## Hibernate + Secure Boot
713676533760/4096 = 174237435

36
framework_manjaro.md
View File

@@ -319,6 +319,42 @@ Install steam-native from the software manager.
| Login | Use a different login | | Login | Use a different login |
| Login name | ducoterra@icloud.com | | Login name | ducoterra@icloud.com |
#### Gmail
| Field | Value |
| ------------------- | --------------------- |
| IMAP server | imap.gmail.com:993 |
| Connection security | TLS |
| Login name | ducoterra@gmail.com |
| SMTP server | smtp.gmail.com:587 |
| Connection security | StartTLS |
| Login | |
| Login name | ducoterra@gmail.com |
Incoming Mail (IMAP) Server
imap.gmail.com
Requires SSL: Yes
Port: 993
Outgoing Mail (SMTP) Server
smtp.gmail.com
Requires SSL: Yes
Requires TLS: Yes (if available)
Requires Authentication: Yes
Port for SSL: 465
Port for TLS/STARTTLS: 587
Full Name or Display Name Your name
Account Name, User name, or Email address Your full email address
Password Your Gmail password
### Discord ### Discord
Install discord from software manager Install discord from software manager

13
hosts
View File

@@ -1,11 +1,14 @@
[pi] [pis]
pihole pihole
pivault pivault
octopi octopi
pi-medina pi-medina
raspberrypi
[workstation] [workstations]
localhost pc
freenas
[backtop] [VMs]
backtop.dnet k3os
wireguard

7
pi/README.md Normal file
View File

@@ -0,0 +1,7 @@
# Debian Ansible Playbooks
## Wireguard
```bash
ansible-playbook -i hosts --ask-pass --ask-become-pass pi/pi.yml --extra-vars "hostname="
```

5
pi/ansible/hostname/tasks/main.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: Set a hostname
ansible.builtin.hostname:
name: "{{ hostname }}"
become: yes

30
pi/ansible/openssh/tasks/main.yml Normal file
View File

@@ -0,0 +1,30 @@
---
# SSH
- name: Curl SSH trusted CA
get_url:
url: https://vault.ducoterra.net/v1/ssh-client-signer/public_key
dest: /etc/ssh/trusted-user-ca-keys.pem
mode: '0660'
become: yes
- name: Create sshd_config file
copy:
dest: "/etc/ssh/sshd_config"
content: |
Include /etc/ssh/sshd_config.d/*.conf
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
KbdInteractiveAuthentication no
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem
become: yes
- name: Ensure ssh service started
ansible.builtin.systemd:
name: sshd
state: restarted
daemon_reload: yes
enabled: yes
become: yes

4
pi/ansible/reboot/tasks/main.yml Normal file
View File

@@ -0,0 +1,4 @@
---
- name: Return motd to registered var
ansible.builtin.command: shutdown -r now
become: yes

10
pi/pi.yml Normal file
View File

@@ -0,0 +1,10 @@
---
# Run through all tasks to setup machines
# https://community.frame.work/t/fedora-linux-35-on-the-framework-laptop/6613/10
- hosts: raspberrypi
gather_facts: true
order: inventory
roles:
- role: ansible/openssh
- role: ansible/hostname
- role: ansible/reboot

8
qemu_tails.md Normal file
View File

@@ -0,0 +1,8 @@
# Tails Linux
## .img to .qcow2
```bash
qemu-img convert -f raw -O qcow2 iso/tails-amd64-5.8.img images/tails.qcow2
qemu-img resize images/tails.qcow2 32G
```

48
qemu_win10_vm.md Normal file
View File

@@ -0,0 +1,48 @@
# Windows 10 VM with Qemu
## Create installer iso
mkisofs -o ~/Downloads/win-install.iso /tmp/windows-installers/
## Snapshot qcow2 storage
```bash
# list
qemu-img snapshot -l win10.qcow2
# create
qemu-img snapshot -c $SNAPSHOT_NAME $DISK_IMAGE
# apply
qemu-img snapshot -a $SNAPSHOT_NAME $DISK_IMAGE
# delete
qemu-img snapshot -d \
$SNAPSHOT_NAME \
$DISK_IMAGE
```
## Setup
Install and configure windows as normal to start. Boot into the installation and finish the setup.
## Auto resize display
1. Ensure the video device is set to "QXL" on the host
2. Download [virt-win-guest-tools](https://github.com/virtio-win/virtio-win-pkg-scripts) and install on guest
3. Download [spice-guest-tools](https://www.spice-space.org/download.html#windows-binaries) and install on guest
4. Shutdown the guest machine
5. view -> Scale Display -> Auto resize VM with window
6. Start the guest machine, it should now auto resize
## virtio network driver
1. Download [virt-win-guest-tools](https://github.com/virtio-win/virtio-win-pkg-scripts) and install on guest
2. Shutdown the guest machine
3. Change the network device model to virtio
4. Start the guest machine
## virtio boot disk
1. Attempted virt-win-guest-tools install but boots with boot_device_not_found error

56
qemu_win11_vm.md Normal file
View File

@@ -0,0 +1,56 @@
# Windows 10 VM with Qemu
## Bypass Microsoft Account Requirement
1. shift + f10 to open command prompt during setup
2. `oobe\bypassnro`
3. shift + f10 again to open command prompt
4. `ipconfig /release` to disconnect the internet
5. Continue with limited setup
## Create installer iso
mkisofs -o ~/Downloads/win-install.iso /tmp/windows-installers/
## Snapshot qcow2 storage
```bash
# list
qemu-img snapshot -l win10.qcow2
# create
qemu-img snapshot -c $SNAPSHOT_NAME $DISK_IMAGE
# apply
qemu-img snapshot -a $SNAPSHOT_NAME $DISK_IMAGE
# delete
qemu-img snapshot -d \
$SNAPSHOT_NAME \
$DISK_IMAGE
```
## Setup
Install and configure windows as normal to start. Boot into the installation and finish the setup.
## Auto resize display
1. Ensure the video device is set to "QXL" on the host
2. Download [virt-win-guest-tools](https://github.com/virtio-win/virtio-win-pkg-scripts) and install on guest
3. Download [spice-guest-tools](https://www.spice-space.org/download.html#windows-binaries) and install on guest
4. Shutdown the guest machine
5. view -> Scale Display -> Auto resize VM with window
6. Start the guest machine, it should now auto resize
## virtio network driver
1. Download [virt-win-guest-tools](https://github.com/virtio-win/virtio-win-pkg-scripts) and install on guest
2. Shutdown the guest machine
3. Change the network device model to virtio
4. Start the guest machine
## virtio boot disk
1. Attempted virt-win-guest-tools install but boots with boot_device_not_found error

64
qemu_win7.md Normal file
View File

@@ -0,0 +1,64 @@
# Windows 10 VM with Qemu
## Not booting from ISO
Switch from UEFI to BIOS
## Valid Key
27CJD-K74PH-TCGV9-WT67C-QM4RC
## Bypass Microsoft Account Requirement
1. shift + f10 to open command prompt during setup
2. `oobe\bypassnro`
3. shift + f10 again to open command prompt
4. `ipconfig /release` to disconnect the internet
5. Continue with limited setup
## Create installer iso
mkisofs -o ~/Downloads/win-install.iso /tmp/windows-installers/
## Snapshot qcow2 storage
```bash
# list
qemu-img snapshot -l win10.qcow2
# create
qemu-img snapshot -c $SNAPSHOT_NAME $DISK_IMAGE
# apply
qemu-img snapshot -a $SNAPSHOT_NAME $DISK_IMAGE
# delete
qemu-img snapshot -d \
$SNAPSHOT_NAME \
$DISK_IMAGE
```
## Setup
Install and configure windows as normal to start. Boot into the installation and finish the setup.
## Auto resize display
1. Ensure the video device is set to "QXL" on the host
2. Download [virt-win-guest-tools](https://github.com/virtio-win/virtio-win-pkg-scripts) and install on guest
3. Download [spice-guest-tools](https://www.spice-space.org/download.html#windows-binaries) and install on guest
4. Shutdown the guest machine
5. view -> Scale Display -> Auto resize VM with window
6. Start the guest machine, it should now auto resize
## virtio network driver
1. Download [virt-win-guest-tools](https://github.com/virtio-win/virtio-win-pkg-scripts) and install on guest
2. Shutdown the guest machine
3. Change the network device model to virtio
4. Start the guest machine
## virtio boot disk
1. Attempted virt-win-guest-tools install but boots with boot_device_not_found error

64
qemu_win8.1_vm .md Normal file
View File

@@ -0,0 +1,64 @@
# Windows 10 VM with Qemu
## Display requirements
QXC doesn't seem to work out of the gate. Virtio is fine, boot using that.
## Valid Key
GCRJD-8NW9H-F2CDX-CCM8D-9D6T9
## Bypass Microsoft Account Requirement
1. shift + f10 to open command prompt during setup
2. `oobe\bypassnro`
3. shift + f10 again to open command prompt
4. `ipconfig /release` to disconnect the internet
5. Continue with limited setup
## Create installer iso
mkisofs -o ~/Downloads/win-install.iso /tmp/windows-installers/
## Snapshot qcow2 storage
```bash
# list
qemu-img snapshot -l win10.qcow2
# create
qemu-img snapshot -c $SNAPSHOT_NAME $DISK_IMAGE
# apply
qemu-img snapshot -a $SNAPSHOT_NAME $DISK_IMAGE
# delete
qemu-img snapshot -d \
$SNAPSHOT_NAME \
$DISK_IMAGE
```
## Setup
Install and configure windows as normal to start. Boot into the installation and finish the setup.
## Auto resize display
1. Ensure the video device is set to "QXL" on the host
2. Download [virt-win-guest-tools](https://github.com/virtio-win/virtio-win-pkg-scripts) and install on guest
3. Download [spice-guest-tools](https://www.spice-space.org/download.html#windows-binaries) and install on guest
4. Shutdown the guest machine
5. view -> Scale Display -> Auto resize VM with window
6. Start the guest machine, it should now auto resize
## virtio network driver
1. Download [virt-win-guest-tools](https://github.com/virtio-win/virtio-win-pkg-scripts) and install on guest
2. Shutdown the guest machine
3. Change the network device model to virtio
4. Start the guest machine
## virtio boot disk
1. Attempted virt-win-guest-tools install but boots with boot_device_not_found error

74
qemu_win98.md Normal file
View File

@@ -0,0 +1,74 @@
# Windows 98
The installation process is quite different since Windows 98 will be incompatible
with most of the defaults in virt-manager.
## Install
https://en.wikibooks.org/wiki/QEMU/Windows_98
https://wiki.gentoo.org/wiki/QEMU/Options#Display_options
You'll need to install from command line like so:
```bash
qemu-system-x86_64 \
-cdrom /var/lib/libvirt/iso/windows98se.iso \
-boot order=d \
-drive file=/var/lib/libvirt/images/win98.qcow2 \
-m 512 \
-device sb16 \
-display sdl
```
- cdrom allows us to use the ISO image. It's also possible to use virsh to
forward a physical drive to a file, but reading the data from the hard drive
is usually faster.
- boot allows us to specify the order to d, which is the CD.
- drive allows us to use the image we just created.
- enable-kvm turns on hardware acceleration in x86 using the kernel VM. KVM
causes problems on Windows hosts when shutting down the guest and can even
prevent it from starting in some cases. If this occurs, you can safely remove
it from the command.
- m allocates the guest's RAM. In this case we use 512, but going above it can
be dangerous for Windows 9x.
- device allows us to add a device driver, in this case, the Creative
SoundBlaster 16 sound card (sb16) to get audio. Standard Windows 98 discs
ship with drivers for it, and if you haven't used this flag while installing,
it would need to scan for it.
- display allows us to use an alternative display engine rather than GTK+. In
this case, we use Simple DirectMedia Layer because it doesn't conflict as
much with fullscreen support. You can press Ctrl+Alt+F to enter and exit
fullscreen mode and Ctrl+Alt to have QEMU grab or ungrab the keyboard input
and invoke the monitor as usual.
## Boot
We'll boot with the same command we used to install but without the boot parameters
```bash
qemu-system-x86_64 \
-drive file=/var/lib/libvirt/images/win98.qcow2 \
-m 512 \
-device sb16 \
-display sdl
```
```bash
sudo qemu-system-i386 \
-name "Windows 98" \
-L pc-bios -nodefaults -no-hpet -no-reboot -display sdl \
-M pc,accel=tcg -cpu pentium3 -m 1024 \
-drive file=/var/lib/libvirt/images/win98.qcow2 \
-device VGA -device sb16 -device rtl8139,netdev=net0 \
-netdev user,id=net0,hostfwd=tcp::8080-:80,hostfwd=tcp::2222-:22 \
-rtc base=localtime,clock=host
```

64
qemu_winXP.md Normal file
View File

@@ -0,0 +1,64 @@
# Windows 10 VM with Qemu
## Not booting from ISO
Switch from UEFI to BIOS
## Valid Key
4X7WM-GTH3D-DWVCV-H382J-HPMRD
## Bypass Microsoft Account Requirement
1. shift + f10 to open command prompt during setup
2. `oobe\bypassnro`
3. shift + f10 again to open command prompt
4. `ipconfig /release` to disconnect the internet
5. Continue with limited setup
## Create installer iso
mkisofs -o ~/Downloads/win-install.iso /tmp/windows-installers/
## Snapshot qcow2 storage
```bash
# list
qemu-img snapshot -l win10.qcow2
# create
qemu-img snapshot -c $SNAPSHOT_NAME $DISK_IMAGE
# apply
qemu-img snapshot -a $SNAPSHOT_NAME $DISK_IMAGE
# delete
qemu-img snapshot -d \
$SNAPSHOT_NAME \
$DISK_IMAGE
```
## Setup
Install and configure windows as normal to start. Boot into the installation and finish the setup.
## Auto resize display
1. Ensure the video device is set to "QXL" on the host
2. Download [virt-win-guest-tools](https://github.com/virtio-win/virtio-win-pkg-scripts) and install on guest
3. Download [spice-guest-tools](https://www.spice-space.org/download.html#windows-binaries) and install on guest
4. Shutdown the guest machine
5. view -> Scale Display -> Auto resize VM with window
6. Start the guest machine, it should now auto resize
## virtio network driver
1. Download [virt-win-guest-tools](https://github.com/virtio-win/virtio-win-pkg-scripts) and install on guest
2. Shutdown the guest machine
3. Change the network device model to virtio
4. Start the guest machine
## virtio boot disk
1. Attempted virt-win-guest-tools install but boots with boot_device_not_found error

19
truenas.md Normal file
View File

@@ -0,0 +1,19 @@
# Truenas Help
## Virtual Machine Madness
Sometimes you'll need to modify a vm without the web interface.
```bash
# start virsh
virsh
# list clients
list --all
# connect to the truenas socket
connect qemu:///system?socket=/run/truenas_libvirt/libvirt-sock
# disable autostart
autostart --disable 1_win10
```