chatreesept deployed

infrastructure/graduated/arch/README.md

@@ -54,6 +54,7 @@ instructions for building a:
       - [EUI64](#eui64)
     - [Networking Privacy](#networking-privacy)
       - [Mac Address Randomization](#mac-address-randomization)
+    - [VLAN Setup](#vlan-setup)
   - [Date and Time](#date-and-time)
 
 ## Installation
@@ -987,6 +988,20 @@ ethernet.cloned-mac-address=random
 wifi.cloned-mac-address=stable
 ```
 
+### VLAN Setup
+
+```bash
+# Create
+sudo nmcli con add type VLAN con-name enp195s0f3u1u3.4 dev enp195s0f3u1u3 id 4
+
+# Bring up (optional)
+sudo nmcli connection up enp195s0f3u1u3.2
+
+# Delete
+sudo nmcli connection down enp11s0.1
+sudo nmcli connection del enp11s0.1
+```
+
 ## Date and Time
 
 If you're like me and like 24 hour time use `C.UTF-8`:

infrastructure/graduated/arch/workstation.md

@@ -40,6 +40,7 @@
   - [Cura](#cura)
   - [Creality Print](#creality-print)
   - [Bambu Studio](#bambu-studio)
+    - [Firewall Rules for LAN Printer](#firewall-rules-for-lan-printer)
     - [Adding LAN printer via config](#adding-lan-printer-via-config)
     - [Custom Filament Profiles](#custom-filament-profiles)
   - [Orca Slicer](#orca-slicer)
@@ -56,6 +57,10 @@
   - [Email](#email)
   - [Traffic Usage](#traffic-usage)
   - [Wine](#wine)
+  - [KDE Connect (GSConnect)](#kde-connect-gsconnect)
+  - [Python](#python)
+    - [Pyenv](#pyenv)
+    - [Poetry](#poetry)
 
 ## Pacman Packages
 
@@ -299,6 +304,7 @@ Choose noto-fonts
 2. <Vitals@CoreCoding.com>
 3. <dash-to-dock@micxgx.gmail.com>
 4. <tactile@lundal.io>
+5. GSConnect
 
 ## Avahi (Bonjour)
 
@@ -679,6 +685,15 @@ Install with flatpak.
 flatpak install com.bambulab.BambuStudio
 ```
 
+### Firewall Rules for LAN Printer
+
+For local LAN discovery allow 2021/udp
+
+```bash
+sudo ufw allow 2021/udp
+sudo ufw reload
+```
+
 ### Adding LAN printer via config
 
 The config is located at `~/.var/app/com.bambulab.BambuStudio/config/BambuStudio/BambuStudio.conf`
@@ -892,4 +907,58 @@ nethogs
 pacman -S wine
 ```
 
-You can adjust the dpi scaling for wine with `winecfg`.
+You can adjust the dpi scaling for wine with `winecfg`.
+
+## KDE Connect (GSConnect)
+
+Install the GSConnect extension for Gnome.
+
+Open the firewall for connecting devices <https://userbase.kde.org/KDEConnect#Troubleshooting>
+
+```bash
+sudo ufw allow 1714:1764/udp
+sudo ufw allow 1714:1764/tcp
+sudo ufw reload
+```
+
+## Python
+
+### Pyenv
+
+<https://github.com/pyenv/pyenv?tab=readme-ov-file#installation>
+
+```bash
+curl https://pyenv.run | bash
+```
+
+Add to `~/.zshrc`:
+
+```bash
+export PYENV_ROOT="$HOME/.pyenv"
+[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH"
+eval "$(pyenv init -)"
+```
+
+Install and use a Python version:
+
+```bash
+pyenv install 3.13
+pyenv global 3.13
+```
+
+### Poetry
+
+<https://python-poetry.org/docs/>
+
+```bash
+python -m pip install --user pipx
+python -m pipx ensurepath
+
+pipx install poetry
+```
+
+Create a new project in the current directory
+
+```bash
+poetry new .
+```

infrastructure/graduated/fedora/README.md

@@ -7,7 +7,10 @@
   - [Fail2Ban](#fail2ban)
   - [Automatic Updates](#automatic-updates)
   - [Disable Swap](#disable-swap)
+  - [Selinux](#selinux)
+  - [Firewalld](#firewalld)
   - [Extras](#extras)
+  - [Downgrading Kernel](#downgrading-kernel)
 
 <https://docs.fedoraproject.org/en-US/fedora-server/installation/postinstallation-tasks/#_manage_system_updates>
 
@@ -122,6 +125,8 @@ dnf install dnf-automatic -y
 systemctl enable --now dnf-automatic-install.timer
 ```
 
+Edit the configuration to only do security updates.
+
 ## Disable Swap
 
 ```bash
@@ -130,6 +135,37 @@ zramctl --reset /dev/zram0
 dnf -y remove zram-generator-defaults
 ```
 
+## Selinux
+
+By default selinux will be enforcing. You can set it to permissive with
+
+```bash
+setenforce 0
+```
+
+And then make it permanent by editing `/etc/selinux/config` and inserting `SELINUX=permissive`.
+
+## Firewalld
+
+Set the default firewalld zone to `public`
+
+```bash
+firewall-cmd --set-default-zone=public
+```
+
+Firewalld will be on and blocking by default. You can check the zone and allowed ports with:
+
+```bash
+firewall-cmd --zone=public --list-ports
+```
+
+Allow Cockpit with
+
+```
+firewall-cmd --permanent --zone=public --add-port=9090/tcp
+firewall-cmd --reload
+```
+
 ## Extras
 
 On the server:
@@ -165,3 +201,14 @@ EOF
 
 chsh -s $(which zsh) && chsh -s $(which zsh) ducoterra
 ```
+
+## Downgrading Kernel
+
+```bash
+dnf install koji
+
+# Note: format is kernel-version.fedora-version
+cd $(mktemp -d) && koji download-build --arch=x86_64 --arch=noarch kernel-6.11.3-300.fc41 && dnf install ./*
+
+reboot
+```

infrastructure/graduated/truenas/README.md

@@ -378,8 +378,8 @@ zpool status -v
 
 ```bash
 virsh -c "qemu+unix:///system?socket=/run/truenas_libvirt/libvirt-sock" list
-virsh -c "qemu+unix:///system?socket=/run/truenas_libvirt/libvirt-sock" destroy <vm_id>
-virsh -c "qemu+unix:///system?socket=/run/truenas_libvirt/libvirt-sock" start <vm_id>
+virsh -c "qemu+unix:///system?socket=/run/truenas_libvirt/libvirt-sock" resume <vm_name>
+virsh -c "qemu+unix:///system?socket=/run/truenas_libvirt/libvirt-sock" start <vm_i>
 ```
 
 ## Mounting ZVOLS