moving closer to podman systemd services for everything

2025-04-19 12:52:56 -04:00
parent 9acff25d43
commit 6e393d90ee
47 changed files with 1455 additions and 433 deletions
--- a/infrastructure/graduated/fedora/fedora-framework16.md
+++ b/infrastructure/graduated/fedora/fedora-framework16.md
@@ -2,7 +2,7 @@

 - [Framework 16 Fixes](#framework-16-fixes)
  - [Wake from Sleep](#wake-from-sleep)
-  - [Wrong keys pressed in the browser, keyboard occasionally freezes after clicking a field.](#wrong-keys-pressed-in-the-browser-keyboard-occasionally-freezes-after-clicking-a-field)
+  - [Wrong keys pressed in the browser, keyboard occasionally freezes after clicking a field](#wrong-keys-pressed-in-the-browser-keyboard-occasionally-freezes-after-clicking-a-field)

 ## Wake from Sleep

@@ -28,6 +28,6 @@ If you want to specifically disable the framework keyboard you can use this:
 ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", RUN+="/bin/sh -c 'echo disabled > /sys$env{DEVPATH}/power/wakeup'"
 ```

-## Wrong keys pressed in the browser, keyboard occasionally freezes after clicking a field.
+## Wrong keys pressed in the browser, keyboard occasionally freezes after clicking a field

 This was caused by a Keychron M3 mini mouse.
--- a/infrastructure/graduated/fedora/fedora-server.md
+++ b/infrastructure/graduated/fedora/fedora-server.md
@@ -20,8 +20,13 @@
    - [QEMU Images](#qemu-images)
  - [Firewalld](#firewalld)
  - [Backups](#backups)
+    - [Connect to the ISCSI Backup Target](#connect-to-the-iscsi-backup-target)
+      - [Connect to Backup Target with Cockpit](#connect-to-backup-target-with-cockpit)
+      - [Connect to Backup Target with iscsiadm](#connect-to-backup-target-with-iscsiadm)
+      - [Format backup disk](#format-backup-disk)
+      - [Troubleshooting Backup ISCSI Connection](#troubleshooting-backup-iscsi-connection)
    - [Quick Backup](#quick-backup)
-    - [Regular Backup to an NFS Share](#regular-backup-to-an-nfs-share)
+    - [Regular Backups with Borg](#regular-backups-with-borg)
  - [Optional Steps](#optional-steps)
    - [Docker with Podman as Runtime](#docker-with-podman-as-runtime)
    - [Vanilla Docker](#vanilla-docker)
@@ -156,6 +161,17 @@ systemctl enable fail2ban --now
 tail -f /var/log/fail2ban.log
 ```

+Checking, banning, unbanning
+
+```bash
+# See banned clients
+fail2ban-client banned
+# See jails (sshd should be one of them)
+fail2ban-client status
+# Unban a client from the sshd jail
+fail2ban-client set sshd unbanip <IP address>
+```
+
 ## BTRFS Parent Volumes

 In `/etc/fstab`, add the parent volumes for your disks mounted with subvolid=5 at `/btrfs` so you can see
@@ -414,44 +430,94 @@ firewall-cmd --reload

 ## Backups

+Note: this assumes you've set up [an iscsi backup disk](/infrastructure/graduated/truenas/truenas.md#iscsi-backup-volumes)
+
+### Connect to the ISCSI Backup Target
+
+#### Connect to Backup Target with Cockpit
+
+1. Storage -> Hamburger menu -> Add iSCSI portal
+2. Type your portal address, username, and password
+
+#### Connect to Backup Target with iscsiadm
+
+<https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/5/html/online_storage_reconfiguration_guide/iscsi-replacements_timeout#iscsi-replacements_timeout>
+
+```bash
+# Set username and password for discovered nodes
+# Optionally you can add "-T <target name>" to specify which target has the username/password
+iscsiadm -m node \
+-o update \
+-n node.session.auth.username -v username \
+-n node.session.auth.password -v password
+
+# Set replacement_timeout to 10 minutes in case server reboots
+iscsiadm -m node \
+-o update \
+-n node.session.timeo.replacement_timeout -v 600
+
+systemctl restart iscsid
+
+# Discover targets
+iscsiadm -m discovery -t st -p driveripper.reeselink.com
+
+# Login to all nodes
+iscsiadm -m node -l
+```
+
+#### Format backup disk
+
+```bash
+# list disks
+lsblk
+
+# Create partition
+fdisk /dev/sdx
+
+# Format partition with btrfs
+mkfs.btrfs /dev/sdx1
+
+# Get the UUID
+blkid /dev/sdx1
+```
+
+Update /etc/fstab with the iscsi disk details.
+
+Note:
+
+- `x-systemd.automount` which only mounts the device when it's accessed.
+- `x-systemd.mount-timeout=30` allows a 30 second timeout
+- `_netdev` ensures the device won't be mounted until after the network is available
+
+```conf
+UUID=... /btrfs/some-name    btrfs   subvolid=5,compress=zstd:1,x-systemd.automount,x-systemd.mount-timeout=30,_netdev 0 0
+```
+
+#### Troubleshooting Backup ISCSI Connection
+
+```bash
+# List targets
+iscsiadm -m node
+
+# Delete node
+iscsiadm -m node -o delete -T iqn.2022-01.com.reeselink:driveripper:iqn.2022-01.com.reeselink:driveripper
+
+# List discovered targets
+iscsiadm -m discovery
+
+# Delete from discovery db
+iscsiadm -m discoverydb -t sendtargets -p driveripper.reeselink.com -o delete
+```
+
 ### Quick Backup

 ```bash
-rsync -av / \
--exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"} \
-/mnt/root/
+rsync -av --progress --exclude '.snapshots' /btrfs/yellow/root /btrfs/backup-yellow --dry-run
 ```

-### Regular Backup to an NFS Share
+### Regular Backups with Borg

-1. Create a new dataset called "<server>_backup"
-2. Remove "other" read/exec permissions from the dataset
-3. Create a new NFS share for that dataset with maproot user and group set to root
-4. Mount the NFS share to your server at `/backup`
-5. Copy the following script into /root/backup.sh
-
-```bash
-#!/bin/bash
-
-BACKUP_PATH="/backup"
-EXCLUDE_DIR='{"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"}'
-SOURCE_DIR="/"
-
-rsync -aAXv ${SOURCE_DIR} --exclude=${EXCLUDE_DIR} ${BACKUP_PATH}
-
-if [ $? -eq 0 ]; then
-    echo "Backup completed successfully"
-else
-    echo "Some error occurred during backup"
-fi
-```
-
-6. `chmod +x /root/backup.sh`
-7. `crontab -e`
-
-```cron
-0  2  *  *  *  bash /root/backup.sh >> /root/backup.log
-```
+See [borg.md](/systemd/graduated/borg/borg.md)

 ## Optional Steps

--- a/infrastructure/graduated/fedora/fedora.md
+++ b/infrastructure/graduated/fedora/fedora.md
@@ -4,6 +4,7 @@
  - [Framework 16 Fixes](#framework-16-fixes)
    - [Wake from Sleep](#wake-from-sleep)
    - [Wrong keys pressed in the browser](#wrong-keys-pressed-in-the-browser)
+    - [Wifi Powersave](#wifi-powersave)
  - [Podman](#podman)
    - [Autostarting services with quadlets](#autostarting-services-with-quadlets)
  - [Network](#network)
@@ -38,6 +39,30 @@ sudo udevadm control --reload-rules && sudo udevadm trigger

 Sometimes keys will stop working when using search bars or do strange things like move the page around. This seems to be caused by some "alt" keypress combination. Pressing "alt" twice fixes it.

+### Wifi Powersave
+
+**NOTE: THIS DOESN'T WORK. IT CAUSES WIFI DISCONNECT AND RECONNECT ISSUES.**
+
+<https://www.networkmanager.dev/docs/api/latest/settings-802-11-wireless.html>
+
+<https://gist.github.com/jcberthon/ea8cfe278998968ba7c5a95344bc8b55>
+
+<https://askubuntu.com/questions/1230525/ubuntu-20-04-network-performance-extremely-slow>
+
+```bash
+vim /etc/NetworkManager/conf.d/wifi-powersave-off.conf
+```
+
+```conf
+[connection]
+# Values are 0 (use default), 1 (ignore/don't touch), 2 (disable) or 3 (enable).
+wifi.powersave = 2
+```
+
+```bash
+systemctl restart NetworkManager
+```
+
 ## Podman

 Since you'll be using podman for most container-based services, you'll want to set the