Workstation/README.md

# Workstation

Workstation configuration, tool lists, and eventually ansible playbooks

## Ansible

https://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html

Setup

```bash
pip install --user ansible
```

Run an ad-hoc command

```bash
ansible pi -i hosts --become-method=sudo --ask-become-pass --become -a "apt update"
```

Run a playbook

```bash
ansible-playbook -i hosts --ask-become-pass playbooks/pi.yaml
```

Run the manjaro playbook

NOTE: Restore home directory and __REBOOT__ first

```bash
ansible-playbook --ask-become-pass ansible/setup-full.yml
```

## BTRFS

https://linoxide.com/how-to-take-backup-with-btrfs-snapshots/

```bash
# Create backup subvolume
btrfs subvolume create /mnt/backup/DucoBacktop

# Create snapshot dir
mkdir /.snapshots

# Create readonly snapshot
```bash
SNAPSHOT_TIME=$(date +"%y_%m_%d-%H.%M")
SNAPSHOT_NAME=home_$SNAPSHOT_TIME
SNAPSHOT_DIR=/.snapshots
btrfs subvolume snapshot -r /home $SNAPSHOT_DIR/$SNAPSHOT_NAME

# Send a snapshot with no previous snapshot
export SNAPSHOT_DIR=${SNAPSHOT_DIR:=/.snapshots}
export BACKUP_DIR=${BACKUP_DIR:=/mnt/backup0/DucoBacktop}
btrfs send $SNAPSHOT_DIR/$SNAPSHOT_NAME | btrfs receive $BACKUP_DIR

# Send a snapshot with previous snapshot
export SNAPSHOT_DIR=${SNAPSHOT_DIR:=/.snapshots}
export BACKUP_DIR=${BACKUP_DIR:=/mnt/backup0/DucoBacktop}
export LATEST=${LATEST:=/previous_snapshot}
btrfs send -p $SNAPSHOT_DIR/$LATEST $SNAPSHOT_DIR/$SNAPSHOT_NAME | btrfs receive $BACKUP_DIR

# Clean up snapshots
find /.snapshots -maxdepth 1 -type d -not -path /.snapshots -exec sudo btrfs subvolume delete {} \;
```

# Luks

```bash
# LUKS Disk Encryption can use up to 8 key slots to store passwords. We can use these keys to auto mount LUKS device.
# cryptsetup luksDump /dev/sda

# Create a lukskeys
mkdir /home/ducoterra/.lukskeys

# Generate key
dd if=/dev/random bs=32 count=1 of=/home/ducoterra/.lukskeys/backup0

# Change key mode
chmod 600 /home/ducoterra/.lukskeys

# Luks add a key
sudo cryptsetup luksAddKey /dev/sda /home/ducoterra/.lukskeys/backup0

# Get UUID of disk with
sudo blkid /dev/sda

# Add key to crypttab
echo 'backup0 UUID=1d7ce570-e695-47a0-9dda-5f14b5b20e21 /home/ducoterra/.lukskeys/backup0 luks' > /etc/cryptab

# Create backup mount point
sudo mkdir -p /mnt/backup0

# Add to fstab
echo '/dev/mapper/backup0 /mnt/backup0 btrfs defaults,noatime,compress=zstd 0 0' > /etc/fstab

# mount
sudo cryptsetup luksOpen /dev/disk/by-uuid/1d7ce570-e695-47a0-9dda-5f14b5b20e21 backup0 --key-file=/home/ducoterra/.lukskeys/backup0

# close (or fix issues)
sudo cryptsetup luksClose backup0
```