services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

add arch to graduated infrastructure

Browse Source
This commit is contained in:
Reese Wells
2024-07-21 10:56:16 -04:00
parent 1ffa3013c9
commit 2533c545d6
18 changed files with 3617 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@@ -10,6 +10,7 @@ A project to store homelab stuff.
- [Supported Projects](#supported-projects)
- [Graduation Requirements](#graduation-requirements)
- [Retirement Requirements](#retirement-requirements)
- [Order of Operations](#order-of-operations)
## Project Lifecycle
@@ -76,3 +77,12 @@ Kubernetes projects are helm, kustomize, kubectl, or some other kubernetes compl
- [ ] A reason for retirement is documented
- [ ] If applicable, a replacement has been identified and documented
- [ ] If applicable, backup data locations are documented
## Order of Operations
1. Install cloud projects. These usually have no dependencies and typically provide critical services
to other projects (DNS, email notifications, etc.)
2. Install infrastructure projects. Usually these only have dependencies on cloud services.
3. Install systemd services. These are usually low-level programs that require a dedicated machine
and perform semi-critical functions (ipv4 proxy, ddns, etc.).
4. Install kubernetes, docker, podman, and other services.

1123
infrastructure/graduated/arch/README.md Normal file
View File

File diff suppressed because it is too large Load Diff

9
infrastructure/graduated/arch/arch_support_files/95-systemd-boot.hook Normal file
View File

@@ -0,0 +1,9 @@
[Trigger]
Type = Package
Operation = Upgrade
Target = systemd
[Action]
Description = Gracefully upgrading systemd-boot...
When = PostTransaction
Exec = /usr/bin/systemctl restart systemd-boot-update.service

4
infrastructure/graduated/arch/arch_support_files/arch.conf Normal file
View File

@@ -0,0 +1,4 @@
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options quiet splash rd.luks.name=UUID=root root=/dev/mapper/root rootflags=subvol=root nvme.noacpi=1 acpi_osi="!Windows 2020" mem_sleep_default="deep" rw

4
infrastructure/graduated/arch/arch_support_files/loader.conf Normal file
View File

@@ -0,0 +1,4 @@
default arch.conf
timeout 4
console-mode max
editor no

1032
infrastructure/graduated/arch/ath12k/ath12k-fw-repo Executable file
View File

File diff suppressed because it is too large Load Diff

BIN
infrastructure/graduated/arch/ath12k/board.bin Normal file
View File

Binary file not shown.

BIN
infrastructure/graduated/arch/ath12k/regdb.bin Normal file
View File

Binary file not shown.

61
infrastructure/graduated/arch/deprecated.md Normal file
View File

@@ -0,0 +1,61 @@
# Deprecated
## Firejail
Don't use firejail, it's a suid binary which only runs in userspace. Apparmor does
almost exactly the same thing but runs in the kernel at boot and protects you more
completely. I'm leaving this here in case you're interested but realistically you
should just learn apparmor.
Firejail launches supported applications in a sandboxed environment where it limits access
to system files and resources.
For example:
- Firefox will not be able to access more than a small subset of your home directory.
- VSCode will not be able to acces ~/.config/autostart.
1. `sudo pacman -S firejail`
2. `sudo apparmor_parser -r /etc/apparmor.d/firejail-default`
3. `sudo firecfg`
4. `firecfg --fix`
5. `sudo rm /usr/local/bin/dnsmasq` (this fixes an issue with virsh network start)
6. Add a pacman hook to apply firejail on install
/etc/pacman.d/hooks/firejail.hook
```conf
[Trigger]
Type = Path
Operation = Install
Operation = Upgrade
Operation = Remove
Target = usr/bin/*
Target = usr/share/applications/*.desktop
[Action]
Description = Configure symlinks in /usr/local/bin based on firecfg.config...
When = PostTransaction
Depends = firejail
Exec = /bin/sh -c 'firecfg >/dev/null 2>&1'
```
You can run firejail with noprofile to fix access issues (like firefox gnome connector)
```bash
firejail --noprofile firefox
```
You'll probably want to enable the following
`sudo cat /etc/firejail/firejail.config | grep -e '^[^#].*'`
/etc/firejail/firejail.config
```conf
browser-disable-u2f no
chroot yes
firejail-prompt yes
force-nonewprivs yes
tracelog yes
```

413
infrastructure/graduated/arch/gaming.md Normal file
View File

@@ -0,0 +1,413 @@
# Gaming
- [Gaming](#gaming)
- [Discord](#discord)
- [Steam](#steam)
- [autostart](#autostart)
- [mangohud](#mangohud)
- [Streaming](#streaming)
- [FSR](#fsr)
- [Sunshine and Moonlight](#sunshine-and-moonlight)
- [Install Sunshine](#install-sunshine)
- [Install Moonlight](#install-moonlight)
- [Configuration](#configuration)
- [ProtonUp-QT](#protonup-qt)
- [VSCode](#vscode)
- [XWayland](#xwayland)
- [Wine](#wine)
- [Spotify](#spotify)
- [VLC](#vlc)
- [Remote Desktop](#remote-desktop)
- [Bitwarden](#bitwarden)
- [OBS](#obs)
- [Xbox Controller](#xbox-controller)
- [Mangohud](#mangohud-1)
- [ffmpeg](#ffmpeg)
- [Intel 11th gen](#intel-11th-gen)
- [AMD 7900xtx](#amd-7900xtx)
- [Minecraft](#minecraft)
- [Launcher](#launcher)
- [MultiMC](#multimc)
## Discord
```bash
mv ~/Downloads/Discord ~/Applications/Discord
```
```conf
[Desktop Entry]
Name=Discord
Exec=/home/ducoterra/Applications/Discord/Discord
Icon=/home/ducoterra/Applications/Discord/discord.png
Type=Application
```
## Steam
<https://wiki.archlinux.org/title/Official_repositories#multilib>
Edit /etc/pacman.conf
```conf
[multilib]
Include = /etc/pacman.d/mirrorlist
```
```bash
pacman -S steam
```
When prompted use vulkan-radeon on AMD and vulkan-intel on intel.
### autostart
```bash
ln -s ~/.local/share/applications/steam-native.desktop ~/.config/autostart/
```
### mangohud
Start steam with mangohud
```bash
pacman -S mangohud lib32-mangohud
cp /usr/share/applications/steam-native.desktop ~/.local/share/applications/steam.desktop
```
Edit ~/.local/share/applications/steam.desktop:
```conf
Exec=/usr/bin/mangohud /usr/bin/steam-native %U
```
### Streaming
See [Sunshine and Moonlight](#sunshine-and-moonlight) first! It's much better than steam streaming.
Works great from Arch hosts to Arch guests with a little configuration.
1. wifi
Your wifi should be isolated to the fastest band you have available at the widest channel width on
the least populated channel. BSS Transition and Fast Roaming are the only settings I enable since
they do make a difference for video calls and streaming while moving from room to room but don't
cause interference or connectivity issues like the other settings.
![unifi wifi config](media/unifi_wifi_config.png)
2. host
Your host settings don't matter too much since you'll be limited to Steam's compatibility with
Arch's mesa drivers, the current kernel version, and whether Mercury is retrograde. Steam does a
pretty good job automatically selecting the correct libraries and capture mechanism. Here are
the settings I use:
![steam host settings](media/steam_host_settings.png)
3. Client
Here's where things start to matter. As of kernel `6.7.6-arch1-2`, `mesa 1:24.0.2-1`,
`libva 2.20.0-1`, `mesa-vdpau 1:24.0.2-1`, and `libvdpau 1.5-2` hardware decoding works on Arch
with AMD integrated graphics on both my framework (Ryzen 7 7840U w/ Radeon 780M Graphics) and my
Steam Deck.
In the steam advanced client settings select "Enhanced 4k" to start. Do not change
the Resolution limit. Decoding at the native resolution of your screen will always perform
better than using a non-native resolution. In my testing even lower resolutions result in
20-30ms of additional delay over native. Framerate limit should stay at automatic. This will try
to match the streaming framerate to your display's refresh rate. You can set this to 60 if
things are lagging too much. Bandwidth limit can be adjusted up and down to fit your wifi's
limitations if you are experience frame drops and stuttering. If you experience issues like
crashing on launch, blank screen or strange artifacts disable hardware decoding. HEVC and low
latency networking have never caused me issues. Here are my settings:
![steam client settings](media/steam_client_settings.png)
And to show what a properly configured client can do, here's Crab Champions streamed to my
laptop at 2k, 99fps. Note the streaming latency is ~10ms and the dark blue (encode time), light
blue (network transmit time), and red (decode time) lines are extremely close together.
![enhanced 4k framework](media/enhanced_4k_framework.png)
My Steam Deck performs about the same but with a lower (~7ms) streaming latency. This is
expected because the steam deck streams at 1280x720 which means faster encode and transmit.
If the red line is far above the blue lines it means your decoding (software or hardware) is
struggling to keep up. Either it's not decoding at native resolution (likely transforming the
decoded frame to match the display resolution) or your cpu/gpu is doing something else.
If the light blue line is far above the dark blue line your wifi is slow. Increase channel
width, increase transmit power, ensure devices are connected to 5 or 6Ghz, and ensure your
device has the latest drivers.
If the dark blue line is far above the x axis of the graph your host is struggling to encode
fast enough. Likely the host's cpu/gpu is doing something else or it's an old computer
### FSR
<https://linux-gaming.kwindu.eu/index.php?title=FSR_-_FidelityFX_Super_Resolution>
> This sharpens the image. 4 is an example value. 0 is maximum sharpness, higher values mean less sharpening. 5 is the maximum value. The default is 2
```bash
WINE_FULLSCREEN_FSR=1 WINE_FULLSCREEN_FSR_STRENGTH=2
```
## Sunshine and Moonlight
<https://docs.lizardbyte.dev/projects/sunshine/en/latest/>
Sunshine is desktop streaming service that leverages hardware encoding to provide near-zero latency
network streaming to any device that can run moonlight.
### Install Sunshine
<https://docs.lizardbyte.dev/projects/sunshine/en/latest/about/setup.html#install>
I used the Archlinux pkg. Follow the instructions (including the autostart instructions).
```bash
wget https://github.com/LizardByte/Sunshine/releases/latest/download/sunshine.pkg.tar.zst
pacman -U --noconfirm sunshine.pkg.tar.zst
```
### Install Moonlight
<https://github.com/moonlight-stream/moonlight-qt/releases>
Ctrl + Alt + Shift + Q (Moonlight Stream)
Quit the streaming session (leaving the game running on the host PC)
Ctrl + Alt + Shift + S (Moonlight Stream)
Open performance stats overlay (not supported on Steam Link or Raspberry Pi)
Ctrl + Alt + Shift + M (Moonlight Stream)
Toggle mouse mode (pointer capture or direct control)
Ctrl + Alt + Shift + V (Moonlight Stream)
Type clipboard text on the host
### Configuration
Sunshine doesn't need a ton of config. For streaming to devices like the steam deck
and my computer I would recommend adding a new application that uses the `display_scale.py`
script to set the resolution of the host before connecting.
1. Copy `display_scale.py` to your host
2. Create a new application
3. Add command: `/home/ducoterra/display_scale.py 1920x1080 1`
4. Optionally add undo command: `/home/ducoterra/display_scale.py 3840x2160 1`
5. Save and connect!
## ProtonUp-QT
<https://davidotek.github.io/protonup-qt/>
```bash
mv ~/Downloads/ProtonUp-Qt*.AppImage ~/Applications/ProtonUp-Qt.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=ProtonUp-Qt
Exec=/home/ducoterra/Applications/ProtonUp-Qt.AppImage
Icon=/home/ducoterra/.icons/ProtonUp-Qt.png
Type=Application
```
## VSCode
For the open source version of code install `code`:
```bash
pacman -S code
```
## XWayland
Provides compatibility with X server applications (like wine)
```bash
pacman -S xorg-xwayland
```
## Wine
```bash
pacman -S wine
```
## Spotify
```bash
pacman -S spotify-launcher
```
## VLC
```bash
pacman -S vlc
```
## Remote Desktop
```bash
pacman -S remmina freerdp
```
## Bitwarden
<https://bitwarden.com/download/>
```bash
mv ~/Downloads/Bitwarden*.AppImage ~/Applications/Bitwarden.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=Bitwarden
Exec=/home/ducoterra/Applications/Bitwarden.AppImage
Icon=/home/ducoterra/.icons/bitwarden.png
Type=Application
```
## OBS
<https://aur.archlinux.org/packages/obs-vkcapture-git>
```bash
pacman -S obs-studio qt6-wayland
cd ~/aur
git clone https://aur.archlinux.org/obs-vkcapture-git.git
cd obs-vkcapture-git
makepkg -si
```
Add "Game Capture" to your scene.
Start your games with `env OBS_VKCAPTURE=1 %command%`
## Xbox Controller
1. Install bluetooth packages
```bash
pacman -S bluez bluez-plugins bluez-utils
```
2. Edit the bluetooth conf and set the controller to bredr
/etc/bluetooth/main.conf
```conf
ControllerMode = bredr
```
3. Now reset the bluetooth service
```bash
systemctl restart bluetooth
```
4. Connect your controller
5. Comment out the line in the bluetooth conf you just edited
6. Restart the bluetooth service
## Mangohud
<https://github.com/flightlessmango/MangoHud#arch-based-distributions>
```bash
sudo pacman -S mangohud lib32-mangohud
```
```bash
mkdir ~/.config/MangoHud
cp /usr/share/doc/mangohud/MangoHud.conf.example ~/.config/MangoHud/MangoHud.conf
```
Edit `~/.config/MangoHud/MangoHud.conf` and tweak as you see fit.
Then add `mangohud env MANGOHUD_CONFIGFILE=/home/ducoterra/.config/MangoHud/MangoHud.conf %command%` to your steam launch.
## ffmpeg
<https://wiki.archlinux.org/title/FFmpeg>
### Intel 11th gen
```bash
pacman -S ffmpeg libmfx intel-media-sdk
ffmpeg \
-hwaccel qsv \
-c:v hevc_qsv \
-hwaccel_output_format qsv \
-i input.mkv \
-c:v hevc_qsv \
-global_quality 25 \
output.mp4
```
### AMD 7900xtx
<https://wiki.archlinux.org/title/FFmpeg#VA-API>
```bash
sudo pacman -S ffpmeg mesa libva-mesa-driver
reboot
ffmpeg \
-hwaccel vaapi \
-vaapi_device /dev/dri/renderD128 \
-hwaccel_output_format vaapi \
-i input.mp4 \
-c:v hevc_vaapi \
-rc_mode 1 \
-qp 25 \
output.mp4
ffmpeg \
-hwaccel vaapi \
-vaapi_device /dev/dri/renderD128 \
-hwaccel_output_format vaapi \
-i input.mp4 \
-c:v h264_vaapi \
-b:v 0 \
-maxrate 100M \
output.mp4
```
## Minecraft
### Launcher
<https://wiki.archlinux.org/title/minecraft>
<https://aur.archlinux.org/packages/minecraft-launcher>
```bash
cd ~/aur
git clone https://aur.archlinux.org/minecraft-launcher.git
cd minecraft-launcher
makepkg -si
```
### MultiMC
MultiMC allows you to maintain and run multiple installations of minecraft with handy
shortcuts for installing mod loaders and many more features. It's super easy to install
on arch.
<https://github.com/MultiMC/multimc-pkgbuild>
```bash
cd ~/aur
git clone https://github.com/MultiMC/multimc-pkgbuild.git
cd multimc-pkgbuild
makepkg -si
```

55
infrastructure/graduated/arch/help.md Normal file
View File

@@ -0,0 +1,55 @@
# Help
- [Help](#help)
- [Remove unused packages](#remove-unused-packages)
- [Update Grub](#update-grub)
- [Downgrading Kernel](#downgrading-kernel)
- [Set Plymouth Background Image](#set-plymouth-background-image)
## Remove unused packages
Make sure to use the `-Rs` flag when removing. This will clean up deps.
```bash
pacman -Rs package
```
To see a list of packages that are orphaned you can run:
```bash
pacman -Qtdq
```
To remove those packages you can run
```bash
pacman -Qtdq | pacman -Rns -
```
## Update Grub
1. `grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=BOOT`
1. `cp /boot/EFI/BOOT/grubx64.efi /boot/EFI/BOOT/bootx64.efi`
## Downgrading Kernel
You can find old kernel versions at <https://archive.archlinux.org/packages/l/linux/>
You can find old kernel-header versions at <https://archive.archlinux.org/packages/l/linux-headers/>
If you want to downgrade to a previously installed kernel you can use pacman cache:
1. `cd /var/cache/pacman/pkg`
2. `pacman -U linux-x.x.x.arch1-1-x86_64.pkg.tar.zst linux-headers-x.x.x.arch1-1-x86_64.pkg.tar.zst`
3. `reboot`
If you want to downgrade to a kernel that wasn't previously installed:
1. Download linux... and linux-headers... from above
2. `pacman -U linux-x.x.x.arch1-1-x86_64.pkg.tar.zst linux-headers-x.x.x.arch1-1-x86_64.pkg.tar.zst`
3. `reboot`
## Set Plymouth Background Image
1. `sudo cp image.png /usr/share/plymouth/themes/spinner/background-tile.png`
1. `sudo plymouth-set-default-theme -R spinner`

65
infrastructure/graduated/arch/k3s.md Normal file
View File

@@ -0,0 +1,65 @@
# K3S Cluster
## Cluster Setup
1. Install wireguard
```bash
pacman -S wireguard-tools linux-headers
```
2. Assign static IPs to each node
/etc/dhcpcd.conf
```conf
...
interface enp1s0
static ip_address=192.168.122.51/24 # 52, 53
static routers=192.168.122.1
static domain_name_servers=192.168.122.1
```
## K3S Installation
1. Generate a secure token
```bash
umask 077
k3s token generate > token.txt
export SECRET=$(cat token.txt)
```
2. Create the cluster
```bash
curl -sfL https://get.k3s.io | K3S_TOKEN=$SECRET sh -s - server \
--cluster-init \
--flannel-backend=wireguard-native \
--disable=traefik \
--secrets-encryption \
--tls-san=192.168.122.51
```
3. Join each server node
```bash
curl -sfL https://get.k3s.io | K3S_TOKEN=$SECRET sh -s - server \
--server https://192.168.122.51:6443 \
--flannel-backend=wireguard-native \
--disable=traefik \
--secrets-encryption \
--tls-san=192.168.122.52
```
4. Copy the kube config at /etc/rancher/k3s/k3s.yaml to YOUR computer at ~/.kube/dev-config
```bash
export KUBECONFIG=~/.kube/dev-config
```
5. Modify the dev-config file's `server` attribute, replace with your IP/hostname
## Secrets Encryption
<https://docs.k3s.io/cli/secrets-encrypt>

222
infrastructure/graduated/arch/kubernetes.md Normal file
View File

@@ -0,0 +1,222 @@
# Kubernetes
- [Kubernetes](#kubernetes)
- [Setup](#setup)
- [MetalLB](#metallb)
- [Ingress Nginx](#ingress-nginx)
- [Cert Manager](#cert-manager)
- [Storage](#storage)
<https://wiki.archlinux.org/title/Kubernetes>
## Setup
```bash
pacman -S kubeadm kubelet containerd cni-plugins cilium-cli helm kubectl
```
/etc/modules-load.d/k8s.conf
```conf
overlay
br_netfilter
```
/etc/sysctl.d/k8s.conf
```conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
```
/etc/containerd/config.toml
```toml
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
...
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
```
```bash
reboot
mkdir /etc/containerd
containerd config default > /etc/containerd/config.toml
systemctl enable --now containerd
systemctl enable --now kubelet
kubeadm init --pod-network-cidr='10.244.0.0/16'
mkdir -p $HOME/.kube
cp /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
cilium-cli install
# Note the "-" at the end, this removes the taint
kubectl taint node kube node-role.kubernetes.io/control-plane:NoSchedule-
```
## MetalLB
Install with helm:
```bash
helm repo add metallb https://metallb.github.io/metallb
helm install metallb metallb/metallb -n kube-system
```
You must create a production pool if IP Addresses. Apply the following config
(substituting your public IP address space)
```yaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: production
namespace: kube-system
spec:
# Production services will go here. Public IPs are expensive, so we leased
# just 4 of them.
addresses:
- 192.168.122.206/32
```
Here is an example service which allows IP sharing and uses the "production" address pool.
```yaml
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx-demo
annotations:
metallb.universe.tf/address-pool: production
metallb.universe.tf/allow-shared-ip: "nginx"
spec:
type: LoadBalancer
externalTrafficPolicy: Cluster
selector:
app.kubernetes.io/name: ingress-nginx-demo
ports:
- name: ingress-nginx-demo
protocol: TCP
port: 8000
targetPort: http
```
## Ingress Nginx
Now we need an ingress solution (preferably with certs for https). We'll be using nginx since
it's a little bit more configurable than traefik (though don't sell traefik short, it's really
good. Just finnicky when you have use cases they haven't explicitly coded for).
```bash
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm upgrade --install \
ingress-nginx \
ingress-nginx/ingress-nginx \
--values ingress-nginx-values.yaml \
--namespace ingress-nginx \
--create-namespace
```
## Cert Manager
Cert manager handles automatic TLS for our ingress with Let's Encrypt.
Install with helm:
```bash
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm upgrade --install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.12.4 \
--set installCRDs=true
```
Now we need to create an issuer. Apply the following config:
```yaml
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: nginx@ducoterra.net
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt
# Enable the HTTP-01 challenge provider
solvers:
- http01:
ingress:
class: nginx
```
Here's an example ingress definition:
```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginx-demo
annotations:
cert-manager.io/cluster-issuer: letsencrypt
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.org/client-max-body-size: "0"
spec:
rules:
- host: ingress-nginx-demo.reeseapps.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: ingress-nginx-demo
port:
number: 80
tls:
- hosts:
- ingress-nginx-demo.reeseapps.com
secretName: ingress-nginx-demo-tls-cert
```
## Storage
We can use host-path storage immediately like so:
```yaml
apiVersion: v1
kind: Pod
metadata:
name: test-webserver
spec:
containers:
- name: test-webserver
image: registry.k8s.io/test-webserver:latest
volumeMounts:
- mountPath: /var/local/aaa
name: mydir
- mountPath: /var/local/aaa/1.txt
name: myfile
volumes:
- name: mydir
hostPath:
# Ensure the file directory is created.
path: /var/local/aaa
type: DirectoryOrCreate
- name: myfile
hostPath:
path: /var/local/aaa/1.txt
type: FileOrCreate
```

BIN
infrastructure/graduated/arch/media/enhanced_4k_framework.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.4 MiB

BIN
infrastructure/graduated/arch/media/steam_client_settings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 75 KiB

BIN
infrastructure/graduated/arch/media/steam_host_settings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 213 KiB

BIN
infrastructure/graduated/arch/media/unifi_wifi_config.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 83 KiB

619
infrastructure/graduated/arch/workstation.md Normal file
View File

@@ -0,0 +1,619 @@
# Workstation
- [Workstation](#workstation)
- [Framework AMD Notes](#framework-amd-notes)
- [ATH12K Wifi Drivers](#ath12k-wifi-drivers)
- [Microcode](#microcode)
- [linux-git kernel](#linux-git-kernel)
- [Base Tools](#base-tools)
- [ZSH](#zsh)
- [Prompt Themes](#prompt-themes)
- [Aliases](#aliases)
- [Rollback Pacman Update](#rollback-pacman-update)
- [Podman](#podman)
- [Docker](#docker)
- [QEMU/KVM](#qemukvm)
- [Arch Guests](#arch-guests)
- [Restore qcow snapshots](#restore-qcow-snapshots)
- [Convert qcow to bootable drive](#convert-qcow-to-bootable-drive)
- [Kubernetes](#kubernetes)
- [VSCode](#vscode)
- [Shell](#shell)
- [Fonts](#fonts)
- [Navigation](#navigation)
- [Extensions](#extensions)
- [Wireguard](#wireguard)
- [Remote Desktop](#remote-desktop)
- [Transmission](#transmission)
- [VLC](#vlc)
- [Bitwarden](#bitwarden)
- [Nextcloud](#nextcloud)
- [Insomnia](#insomnia)
- [QMK](#qmk)
- [Initialization](#initialization)
- [Development](#development)
- [Cura](#cura)
- [Creality Print](#creality-print)
- [Orca Slicer](#orca-slicer)
- [AWS CLI](#aws-cli)
- [NSlookup](#nslookup)
- [rpi-imager](#rpi-imager)
- [Install rpi-imager](#install-rpi-imager)
- [Upgrade rpi-imager](#upgrade-rpi-imager)
- [qFlipper](#qflipper)
## Framework AMD Notes
### ATH12K Wifi Drivers
Install the wireless-regdb to set the regulatory domain to US
```bash
pacman -S wireless-regdb
```
Edit `/etc/conf.d/wireless-regdom` to set the domain
<https://git.codelinaro.org/clo/ath-firmware/ath12k-firmware/-/tree/main>
1. `git clone https://git.codelinaro.org/clo/ath-firmware/ath12k-firmware`
2. `cd ath12k-firmware`
3. Run the following:
```bash
wget https://github.com/qca/qca-swiss-army-knife/raw/master/tools/scripts/ath12k/ath12k-fw-repo
chmod 755 ath12k-fw-repo
sudo ./ath12k-fw-repo --install /lib/firmware
```
4. `sudo cp ath12k/board.bin /lib/firmware/ath12k/WCN7850/hw2.0/`
5. `sudo cp ath12k/regdb.bin /lib/firmware/ath12k/WCN7850/hw2.0/`
6. Reboot
### Microcode
```bash
pacman -S amd-ucode
```
Edit /boot/loader/entries/.conf and add the following:
```bash
title Arch Linux (Work)
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux.img
options ...
```
### linux-git kernel
<https://aur.archlinux.org/packages/linux-git>
1. `git clone https://aur.archlinux.org/linux-git.git`
2. `cd linux-git`
3. `makepkg`
4. `sudo pacman -U linux-git... linux-git-headers...`
## Base Tools
```bash
# gvfs and gvfs-dnssd are for webdav support
pacman -S rsync which git iperf3 pwgen dosfstools exfatprogs gvfs gvfs-dnssd
```
## ZSH
```bash
pacman -S zsh grml-zsh-config zsh-syntax-highlighting zsh-autosuggestions pkgfile
chsh -s $(which zsh)
cat <<EOF > ~/.zshrc
# Basic settings
autoload bashcompinit && bashcompinit
autoload -U compinit; compinit
zstyle ':completion:*' menu select
# Prompt settings
autoload -Uz promptinit
promptinit
PROMPT_EOL_MARK=
# Syntax Highlighting
source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
source /usr/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh
# Command Not Found Autocomplete
source /usr/share/doc/pkgfile/command-not-found.zsh
### Custom Commands and Aliases ###
EOF
```
### Prompt Themes
See: <https://wiki.archlinux.org/title/Zsh#Prompt_themes>
Use `prompt -l` to list prompts
Use `prompt -p` to see previews
In your `.zshrc` set the following:
```bash
autoload -Uz promptinit
promptinit
prompt grml
```
### Aliases
You can put you aliases in `.zshrc` with the following format:
```bash
alias update='sudo pacman -Syu --noconfirm'
```
It's recommended that for complicated/multiline aliases you create a folder called
`~/.local/scripts` where you store each alias. Make sure to back up this folder!
#### Rollback Pacman Update
This script will grep for all updates performed today and roll them back one by one.
rollback_update.sh
```bash
grep -a upgraded /var/log/pacman.log| grep $(date +"%Y-%m-%d") > /tmp/lastupdates.txt
awk '{print $4}' /tmp/lastupdates.txt > /tmp/lines1;awk '{print $5}' /tmp/lastupdates.txt | sed 's/(/-/g' > /tmp/lines2
paste /tmp/lines1 /tmp/lines2 > /tmp/lines
tr -d "[:blank:]" < /tmp/lines > /tmp/packages
cd /var/cache/pacman/pkg/
for i in $(cat /tmp/packages); do sudo pacman --noconfirm -U "$i"*; done
```
## Podman
Install with the following
`pacman -S podman buildah cni-plugins slirp4netns podman-dnsname aardvark-dns`
Then you can run rootless containers like so:
```bash
podman pull docker.io/library/python:3.11
podman run -it python:3.11 bash
podman network create test
podman pod create --network test --publish 8000:8000 test1
podman run -it --pod test1 python:3.11 bash
```
You can also deploy pods with kubernetes yamls.
```bash
podman network create test
podman kube play --network test podman-deploy.yaml --replace
```
## Docker
```bash
pacman -Sy docker docker-compose
usermod -aG docker ducoterra
```
logout, log back in to use docker as non-root user.
You can use btrfs as your storage driver by following these instructions:
<https://docs.docker.com/storage/storagedriver/btrfs-driver/>
## QEMU/KVM
1. Install virtualization capabilties
```bash
pacman -S qemu-full libvirt iptables-nft dnsmasq virt-manager qemu-desktop swtpm
usermod -aG libvirt ducoterra
```
2. Edit /etc/libvirt/libvirtd.conf
```conf
...
unix_sock_group = 'libvirt'
...
unix_sock_rw_perms = '0770'
...
```
3. Edit /etc/libvirt/qemu.conf
```conf
# Some examples of valid values are:
#
# user = "qemu" # A user named "qemu"
# user = "+0" # Super user (uid=0)
# user = "100" # A user named "100" or a user with uid=100
#
user = "ducoterra"
# The group for QEMU processes run by the system instance. It can be
# specified in a similar way to user.
group = "ducoterra"
```
4. `sudo systemctl enable --now libvirtd`
5. `sudo virsh net-autostart default`
If you get a blank screen when launching a VM check that you've used the correct bios -
either secboot or not secboot. This is the most common problem.
### Arch Guests
In order to get drivers for spice you'll need the guest spice drivers:
```bash
sudo pacman -S qemu-guest-agent spice-vdagent
```
### Restore qcow snapshots
```bash
# Create a snapshot
qemu-img snapshot -c snapshot-name /var/lib/libvirt/images/vm-image.qcow2
# List snapshots for a given image
qemu-img snapshot -l /var/lib/libvirt/images/vm-image.qcow2
# Restore snapshot
qemu-img snapshot -a snapshot-name /var/lib/libvirt/images/vm-image.qcow2
```
### Convert qcow to bootable drive
```bash
qemu-img convert -f qcow2 -O raw /var/lib/libvirt/images/vm-image.qcow2 /dev/sdb
```
If you need to resize a windows partition to non-continuous space simply grow the
last partition, shrink it to the end of the drive, then grow the windows partition
with gparted.
## Kubernetes
```bash
pacman -S kubectl helm
```
## VSCode
For the open source version of code install `code`:
```bash
sudo pacman -S code
```
For the proprietary version of vscode use the AUR:
<https://aur.archlinux.org/packages/visual-studio-code-bin>
```bash
cd ~/aur
git clone https://aur.archlinux.org/visual-studio-code-bin.git
cd visual-studio-code-bin
makepkg -si
```
### Shell
Edit settings.json
```json
{
"terminal.integrated.defaultProfile.linux": "zsh",
}
```
### Fonts
Intel One Mono is designed to be easily readable for developers.
<https://github.com/intel/intel-one-mono>
Download and extract the ttf.zip
```bash
mkdir ~/.local/share/fonts
rsync -av /path/to/download/*.ttf ~/.local/share/fonts/
```
Edit settings.json
```json
{
"editor.fontFamily": "Intel One Mono",
"editor.fontLigatures": true,
"terminal.integrated.fontFamily": "Intel One Mono",
}
```
### Navigation
The best navigation shortcut ever is alt+left and alt+right to move the cursor to it's
previous positions.
```json
[
{
"key": "alt+left",
"command": "workbench.action.navigateBack",
"when": ""
},
{
"key": "alt+right",
"command": "workbench.action.navigateForward",
"when": ""
}
]
```
### Extensions
To save a list of installed extensions run:
```bash
code --list-extensions >> vscode_extensions.txt
```
To install that list of extensions run:
```bash
cat vscode_extensions.txt | xargs -L 1 code --install-extension
```
## Wireguard
Wireguard requires `linux-headers`. If that isn't installed or is misconfigured your
vpn likely won't activate.
```bash
pacman -S wireguard-tools
```
## Remote Desktop
```bash
pacman -S remmina freerdp
```
## Transmission
```bash
pacman -S gtk4 transmission-gtk
```
## VLC
```bash
pacman -S vlc
```
## Bitwarden
<https://bitwarden.com/download/>
```bash
mv ~/Downloads/Bitwarden*.AppImage ~/Applications/Bitwarden.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=Bitwarden
Exec=/home/ducoterra/Applications/Bitwarden.AppImage
Icon=/home/ducoterra/.icons/bitwarden.png
Type=Application
```
## Nextcloud
<https://nextcloud.com/install/#install-clients>
```bash
mv ~/Downloads/Nextcloud*.AppImage ~/Applications/Nextcloud.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=Nextcloud
Exec=/home/ducoterra/Applications/Nextcloud.AppImage
Icon=/home/ducoterra/.icons/nextcloud.png
Type=Application
```
## Insomnia
<https://github.com/Kong/insomnia/releases/tag/core@2023.5.7>
```bash
mv ~/Downloads/Insomnia*.AppImage ~/Applications/Insomnia.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=Insomnia
Exec=/home/ducoterra/Applications/Insomnia.AppImage
Icon=/home/ducoterra/.icons/insomnia.png
Type=Application
```
## QMK
### Initialization
I have a mirror and a fork of the mirror on my personal Gitea. For this strategy you'll
need to checkout the fork and add the mirror. This ensures I'll always have an up-to-date
mirror of qmk while also giving me a repo to make changes for my personal keyboards.
```bash
git clone git@gitea.reeseapps.com:ducoterra/qmk_firmware.git
cd qmk_firmware
git remote add mirror git@gitea.reeseapps.com:mirrors/qmk_firmware.git
git fetch mirror
git rebase mirror/master
pacman -S qmk
qmk setup
sudo cp /home/ducoterra/qmk_firmware/util/udev/50-qmk.rules /etc/udev/rules.d/
qmk config user.keyboard=keychron/q11/ansi_encoder
qmk config user.keymap=ducoterra
```
### Development
Every time you start a project you'll want to sync with the mirror.
```bash
git fetch mirror
git rebase mirror/master
```
Commit to master while you're in the fork.
## Cura
<https://ultimaker.com/software/ultimaker-cura/#links>
```bash
mv ~/Downloads/*Cura*.AppImage ~/Applications/Cura.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=Cura
Exec=/home/ducoterra/Applications/Cura.AppImage
Icon=/home/ducoterra/.icons/cura.png
Type=Application
```
## Creality Print
<https://www.creality.com/pages/download-software?spm=..page_11657537.creality_print_1.1>
```bash
mv ~/Downloads/Creality_Print*.AppImage ~/Applications/Creality_Print.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=Creality Print
Exec=/home/ducoterra/Applications/Creality_Print.AppImage
Icon=/home/ducoterra/.icons/creality_print.png
Type=Application
```
## Orca Slicer
<https://github.com/SoftFever/OrcaSlicer>
This is an open source fork of Bambu Slicer with more features.
```bash
# You might need to install webkit2gtk
pacman -S webkit2gtk
```
```bash
mv ~/Downloads/OrcaSlicer*.AppImage ~/Applications/OrcaSlicer.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=Orca Slicer
Exec=/home/ducoterra/Applications/OrcaSlicer.AppImage
Icon=/home/ducoterra/.icons/orca_slicer.png
Type=Application
```
## AWS CLI
<https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html>
```bash
# Install less if you don't have it already
pacman -S less
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
```
Add the following to your .zshrc:
```bash
complete -C '/usr/local/bin/aws_completer' aws
```
## NSlookup
```bash
pacman -Syu bind
```
## rpi-imager
<https://github.com/raspberrypi/rpi-imager>
```bash
sudo pacman -S cmake qt5-base
```
### Install rpi-imager
```bash
git clone https://github.com/raspberrypi/rpi-imager.git
cd rpi-imager
mkdir -p build
cd build
cmake ../src
make
sudo make install
```
### Upgrade rpi-imager
```bash
```bash
cd rpi-imager
git pull
rm -r build
mkdir -p build
cd build
cmake ../src
make
sudo make install
```
## qFlipper
<https://flipperzero.one/update>
```bash
mv ~/Downloads/*qFlipper*.AppImage ~/Applications/qFlipper.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=qFlipper
Exec=/home/ducoterra/Applications/qFlipper.AppImage
Icon=/home/ducoterra/.icons/qFlipper.png
Type=Application
```