zsh and wireguard updates

.gitignore

@@ -1,2 +1,3 @@
 .vscode/
 venv/
+secrets/

arch/base.md

@@ -55,6 +55,8 @@ I have instructions for building a:
     - [CUPS Printing](#cups-printing)
     - [Yubikey](#yubikey)
   - [Bashrc](#bashrc)
+    - [Colorized Prompt](#colorized-prompt)
+    - [Standard Bashrc](#standard-bashrc)
 
 ## Installation
 
@@ -899,6 +901,12 @@ systemctl enable --now iscsid
 
     # Log out of all sessions
     iscsiadm -m node -u
+
+    # Log out of a single session
+    iscsiadm -m node -T iqn.2023-01.driveripper.reeselink.com:2024-01-framework --logout
+
+    # Remove session
+    iscsiadm -m node -o delete -T iqn.2023-01.driveripper.reeselink.com:2023-01-framework
     ```
 
 ## Software Stores
@@ -1001,6 +1009,20 @@ sudo systemctl enable --now pcscd
 
 ## Bashrc
 
+### Colorized Prompt
+
+<https://colors.sh/>
+
+You can change the prompt color by setting PROMPT_COLOR at the top of your .bashrc
+
+Examples:
+
+Yellow: `PROMPT_COLOR=33;`
+Orange: `PROMPT_COLOR=38;5;208;`
+Red: `PROMPT_COLOR=38;5;160;`
+
+### Standard Bashrc
+
 Don't do this if you installed `zsh`
 
 ~/.bashrc

arch/gaming.md

@@ -167,6 +167,11 @@ network streaming to any device that can run moonlight.
 
 I used the Archlinux pkg. Follow the instructions (including the autostart instructions).
 
+```bash
+wget https://github.com/LizardByte/Sunshine/releases/latest/download/sunshine.pkg.tar.zst
+pacman -U --noconfirm sunshine.pkg.tar.zst
+```
+
 ### Install Moonlight
 
 <https://github.com/moonlight-stream/moonlight-qt/releases>

arch/workstation.md

@@ -2,10 +2,12 @@
 
 - [Workstation](#workstation)
   - [Framework AMD Notes](#framework-amd-notes)
-    - [Wifi](#wifi)
+    - [ATH12K Wifi Drivers](#ath12k-wifi-drivers)
     - [Microcode](#microcode)
+    - [linux-git kernel](#linux-git-kernel)
   - [Base Tools](#base-tools)
   - [ZSH](#zsh)
+    - [Prompt Themes](#prompt-themes)
     - [Aliases](#aliases)
       - [Rollback Pacman Update](#rollback-pacman-update)
   - [Podman](#podman)
@@ -31,6 +33,7 @@
     - [Initialization](#initialization)
     - [Development](#development)
   - [Cura](#cura)
+  - [Creality Print](#creality-print)
   - [AWS CLI](#aws-cli)
   - [NSlookup](#nslookup)
   - [rpi-imager](#rpi-imager)
@@ -40,7 +43,7 @@
 
 ## Framework AMD Notes
 
-### Wifi
+### ATH12K Wifi Drivers
 
 Install the wireless-regdb to set the regulatory domain to US
 
@@ -50,20 +53,21 @@ pacman -S wireless-regdb
 
 Edit `/etc/conf.d/wireless-regdom` to set the domain
 
-Switch to iwd for the NetworkManager backend.
+<https://git.codelinaro.org/clo/ath-firmware/ath12k-firmware/-/tree/main>
+
+1. `git clone https://git.codelinaro.org/clo/ath-firmware/ath12k-firmware`
+2. `cd ath12k-firmware`
+3. Run the following:
 
     ```bash
-pacman -S iwd
+    wget https://github.com/qca/qca-swiss-army-knife/raw/master/tools/scripts/ath12k/ath12k-fw-repo
+    chmod 755 ath12k-fw-repo
+    sudo ./ath12k-fw-repo --install /lib/firmware
     ```
 
-Edit `/etc/NetworkManager/conf.d/wifi_backend.conf`
-
-```conf
-[device]
-wifi.backend=iwd
-```
-
-Finally, reboot the machine for the changes to take effect.
+4. `sudo cp ath12k/board.bin /lib/firmware/ath12k/WCN7850/hw2.0/`
+5. `sudo cp ath12k/regdb.bin /lib/firmware/ath12k/WCN7850/hw2.0/`
+6. Reboot
 
 ### Microcode
 
@@ -81,10 +85,20 @@ initrd      /initramfs-linux.img
 options     ...
 ```
 
+### linux-git kernel
+
+<https://aur.archlinux.org/packages/linux-git>
+
+1. `git clone https://aur.archlinux.org/linux-git.git`
+2. `cd linux-git`
+3. `makepkg`
+4. `sudo pacman -U linux-git... linux-git-headers...`
+
 ## Base Tools
 
 ```bash
-pacman -S rsync which git iperf3 pwgen dosfstools exfatprogs
+# gvfs and gvfs-dnssd are for webdav support
+pacman -S rsync which git iperf3 pwgen dosfstools exfatprogs gvfs gvfs-dnssd
 ```
 
 ## ZSH
@@ -92,7 +106,43 @@ pacman -S rsync which git iperf3 pwgen dosfstools exfatprogs
 ```bash
 pacman -S zsh grml-zsh-config
 chsh -s $(which zsh)
-echo "autoload -U compinit; compinit" > ~/.zshrc
+
+cat <<EOF > ~/.zshrc
+# Basic settings
+autoload bashcompinit && bashcompinit
+autoload -U compinit; compinit
+zstyle ':completion:*' menu select
+
+# Prompt settings
+autoload -Uz promptinit
+promptinit
+PROMPT_EOL_MARK=
+
+# Syntax Highlighting
+source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
+source /usr/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh
+
+# Command Not Found Autocomplete
+source /usr/share/doc/pkgfile/command-not-found.zsh
+
+### Custom Commands and Aliases ###
+EOF
+```
+
+### Prompt Themes
+
+See: <https://wiki.archlinux.org/title/Zsh#Prompt_themes>
+
+Use `prompt -l` to list prompts
+
+Use `prompt -p` to see previews
+
+In your `.zshrc` set the following:
+
+```bash
+autoload -Uz promptinit
+promptinit
+prompt grml
 ```
 
 ### Aliases
@@ -444,6 +494,23 @@ Icon=/home/ducoterra/.icons/cura.png
 Type=Application
 ```
 
+## Creality Print
+
+<https://www.creality.com/pages/download-software?spm=..page_11657537.creality_print_1.1>
+
+```bash
+mv ~/Downloads/Creality_Print*.AppImage ~/Applications/Creality_Print.AppImage
+chmod +x ~/Applications/*.AppImage
+```
+
+```conf
+[Desktop Entry]
+Name=Creality Print
+Exec=/home/ducoterra/Applications/Creality_Print.AppImage
+Icon=/home/ducoterra/.icons/creality_print.png
+Type=Application
+```
+
 ## AWS CLI
 
 <https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html>

fedora_server.md

@@ -58,7 +58,7 @@ dnf install tpm2-tss
 # For machines where prioritizing a secure boot environment is important we need to
 # specify --tpm2-pcrs=0+7 -- 0 meaning the firmware has not changed and 7 meaning
 # secure boot is enabled
-systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=7
+systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=""
 
 # Add tpm2-tss to dracut
 # Edit /etc/dracut.conf.d/tpm2.conf

wireguard/README.md

@@ -0,0 +1,62 @@
+# Wireguard Setup
+
+## Fedora
+
+```bash
+dnf install wireguard
+```
+
+/etc/sysctl.d/10-wireguard.conf
+
+```conf
+net.ipv4.ip_forward=1
+net.ipv6.conf.all.forwarding=1
+```
+
+```bash
+sysctl -p
+```
+
+### Server
+
+```bash
+wg genkey | tee /etc/wireguard/private.key
+cat /etc/wireguard/private.key | wg pubkey | tee /etc/wireguard/public.key
+```
+
+```bash
+cat <<EOF > /etc/wireguard/wg0.conf
+[Interface]
+Address = 10.10.10.1/24,fd10:10:10::1/64
+ListenPort = 51820
+PrivateKey = $(cat /etc/wireguard/private.key)
+SaveConfig = true
+PostUp = iptables -t nat -I POSTROUTING -o bridge0 -j MASQUERADE
+PostUp = ip6tables -t nat -I POSTROUTING -o bridge0 -j MASQUERADE
+PreDown = iptables -t nat -D POSTROUTING -o bridge0 -j MASQUERADE
+PreDown = ip6tables -t nat -D POSTROUTING -o bridge0 -j MASQUERADE
+EOF
+```
+
+```bash
+wg set wg0 peer ndUMratPyYXKiOlU6AT5lYI7v3iohBAimgZY3/jsWik= allowed-ips 10.10.10.2,fd10:10:10::2
+```
+
+### Client
+
+```conf
+[interface]
+PrivateKey = KHgXS7zIqqfb46cfUVKvRZesswZcvib71hhYYcN39mQ=
+Address = 10.10.10.2/32,fd10:10:10::2/32
+
+[Peer]
+PublicKey = kzbHUGzYk6Uyan/NFYY5mh3pxf2IX/WzWZtImeyp6Sw=
+Endpoint = 2600:1700:1e6c:a81f:793d:7abf:e94d:9bc4:51820
+AllowedIPs = 0.0.0.0/0,::/0
+```
+
+### Testing
+
+```bash
+curl -6 icanhazip.com
+```

wireguard/add_client.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+export CLIENT_NAME=$1
+export CLIENT_IP_SUFFIX=$2
+
+if [ -z $CLIENT_NAME ];
+  then echo 'Client name required. `./add_client.sh client_name 3`';
+  exit 1;
+fi
+
+if [ -z $CLIENT_IP_SUFFIX ];
+  then echo 'Client IP suffix. `./add_client.sh client_name 3`';
+  exit 1;
+fi
+
+export SERVER_PUBKEY=$(cat /etc/wireguard/publickey)
+mkdir /etc/wireguard/$CLIENT_NAME
+cd /etc/wireguard/$CLIENT_NAME
+export PRIVKEY=$(wg genkey)
+echo $PRIVKEY | tee $CLIENT_NAME"_privkey"
+export PUBKEY=$(echo $PRIVKEY | wg pubkey)
+echo $PUBKEY | tee $CLIENT_NAME"_pubkey"
+
+cat > $CLIENT_NAME".conf" <<EOF
+[Interface]
+PrivateKey = $PRIVKEY
+Address = 10.10.0.$CLIENT_IP_SUFFIX/32, fd86:ea04:1111::$CLIENT_IP_SUFFIX/128
+DNS = 1.1.1.1,1.0.01
+
+[Peer]
+PublicKey = $SERVER_PUBKEY
+Endpoint = yellow.reeselink.com:51820
+AllowedIPs = 0.0.0.0/0, ::/0
+EOF
+
+wg set wg0 peer $PUBKEY allowed-ips 10.10.0.$CLIENT_IP_SUFFIX/32,fd86:ea04:1111::$CLIENT_IP_SUFFIX/128
+wg-quick save wg0