0532a8157a
Since iscsi supports luks + btrfs over the network and makes for an amazing networked backup drive we should include that in our default config.
Workstation
Workstation configuration, tool lists, and eventually ansible playbooks
Ansible
https://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html
Setup
pip install --user ansible
Run an ad-hoc command
ansible pi -i hosts --become-method=sudo --ask-become-pass --become -a "apt update"
Run a playbook
ansible-playbook -i hosts --ask-become-pass playbooks/pi.yaml
Run the manjaro playbook
NOTE: Restore home directory and REBOOT first
ansible-playbook --ask-become-pass ansible/setup-full.yml
BTRFS
https://linoxide.com/how-to-take-backup-with-btrfs-snapshots/
# Create backup subvolume
btrfs subvolume create /mnt/backup/DucoBacktop
# Create snapshot dir
mkdir /.snapshots
# Create readonly snapshot
```bash
SNAPSHOT_TIME=$(date +"%y_%m_%d-%H.%M")
SNAPSHOT_NAME=home_$SNAPSHOT_TIME
SNAPSHOT_DIR=/.snapshots
btrfs subvolume snapshot -r /home $SNAPSHOT_DIR/$SNAPSHOT_NAME
# Send a snapshot with no previous snapshot
export SNAPSHOT_DIR=${SNAPSHOT_DIR:=/.snapshots}
export BACKUP_DIR=${BACKUP_DIR:=/mnt/backup0/DucoBacktop}
btrfs send $SNAPSHOT_DIR/$SNAPSHOT_NAME | btrfs receive $BACKUP_DIR
# Send a snapshot with previous snapshot
export SNAPSHOT_DIR=${SNAPSHOT_DIR:=/.snapshots}
export BACKUP_DIR=${BACKUP_DIR:=/mnt/backup0/DucoBacktop}
export LATEST=${LATEST:=/previous_snapshot}
btrfs send -p $SNAPSHOT_DIR/$LATEST $SNAPSHOT_DIR/$SNAPSHOT_NAME | btrfs receive $BACKUP_DIR
# Clean up snapshots
find /.snapshots -maxdepth 1 -type d -not -path /.snapshots -exec sudo btrfs subvolume delete {} \;
Luks
# Create an encrypted drive
sudo cryptsetup luksFormat
# LUKS Disk Encryption can use up to 8 key slots to store passwords. We can use these keys to auto mount LUKS device.
# cryptsetup luksDump /dev/sda
# Create a lukskeys
mkdir /home/ducoterra/.lukskeys
# Generate key
dd if=/dev/random bs=32 count=1 of=/home/ducoterra/.lukskeys/backup0
# Change key mode
chmod 600 /home/ducoterra/.lukskeys
# Luks add a key
sudo cryptsetup luksAddKey /dev/sda /home/ducoterra/.lukskeys/backup0
# Get UUID of disk with
sudo blkid /dev/sda
# Add key to crypttab
echo 'backup0 UUID=1d7ce570-e695-47a0-9dda-5f14b5b20e21 /home/ducoterra/.lukskeys/backup0 luks' > /etc/cryptab
# Create backup mount point
sudo mkdir -p /mnt/backup0
# Add to fstab
echo '/dev/mapper/backup0 /mnt/backup0 btrfs defaults,noatime,compress=zstd 0 0' > /etc/fstab
# mount
sudo cryptsetup luksOpen /dev/disk/by-uuid/1d7ce570-e695-47a0-9dda-5f14b5b20e21 backup0 --key-file=/home/ducoterra/.lukskeys/backup0
# close (or fix issues)
sudo cryptsetup luksClose backup0
ISCSI
# Login to portal
sudo iscsiadm -m discovery -t sendtargets -p freenas.dnet
# Mount all targets
sudo iscsiadm -m node -l
# Mount at boot
vim /etc/iscsi/nodes/iqn.2022-02.freenas.dnet:manjaro-backup/10.1.2.200,3260,1
node.startup = automatic