services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

reorganize after reinstall

Browse Source
This commit is contained in:
Reese Wells
2024-08-03 01:27:55 -04:00
parent a8d72d4b9a
commit 9f03aef14a
4 changed files with 325 additions and 380 deletions
Download Patch File Download Diff File Expand all files Collapse all files

425
infrastructure/graduated/arch/README.md
View File

@@ -14,10 +14,13 @@ I have instructions for building a:
- [Installation](#installation)
- [Preparation](#preparation)
- [Boot](#boot)
- [Base Tools](#base-tools)
- [ZSH](#zsh)
- [Prompt Themes](#prompt-themes)
- [AUR](#aur)
- [Security](#security)
- [Secure Boot](#secure-boot)
- [TPM2 LUKS Decryption](#tpm2-luks-decryption)
- [TPM2 LUKS Decryption with Secure Boot](#tpm2-luks-decryption-with-secure-boot)
- [Re-enroll](#re-enroll)
- [FIDO2 LUKS Decryption](#fido2-luks-decryption)
- [Firewall](#firewall)
@@ -25,7 +28,6 @@ I have instructions for building a:
- [Install Apparmor](#install-apparmor)
- [Custom Profiles](#custom-profiles)
- [ClamAV](#clamav)
- [Config](#config)
- [btrbk](#btrbk)
- [fstab](#fstab)
- [Snapshots](#snapshots)
@@ -35,9 +37,8 @@ I have instructions for building a:
- [Fingerprint Reader Support](#fingerprint-reader-support)
- [Setup](#setup)
- [Turn Off Fingerprint When Laptop Lid Closed](#turn-off-fingerprint-when-laptop-lid-closed)
- [Desktop Environment](#desktop-environment)
- [Gnome](#gnome)
- [Hardware Management](#hardware-management)
- [Power Profiles](#power-profiles)
- [Color Management](#color-management)
- [Washed out colors with power-profiles-daemon](#washed-out-colors-with-power-profiles-daemon)
- [Hardware Acceleration](#hardware-acceleration)
@@ -50,6 +51,7 @@ I have instructions for building a:
- [Troubleshooting](#troubleshooting)
- [Flatpak](#flatpak)
- [Apps](#apps)
- [Toolbox](#toolbox)
- [Firefox](#firefox)
- [Gnome Extensions](#gnome-extensions)
- [Avahi (Bonjour)](#avahi-bonjour)
@@ -89,6 +91,10 @@ Follow most of the instructions here:
### Boot
You'll want two usb drives while following this guide. One will be the Arch boot drive. The
other will be a support drive with critical files and passwords which we will need to access
after we finish the install.
1. Boot into the live image
2. Check for network connectivity
@@ -99,13 +105,20 @@ Follow most of the instructions here:
```
3. `timedatectl` to update system clock
4. If using a VM, mount the iso with arch conf files
4. Install pwgen for password generation `pacman -S pwgen`
5. If using a VM, mount the iso with arch conf files
```bash
mount --mkdir /dev/sr1 /media
```
5. Create disk partitions. Use gdisk or beware "bootctl install is not on a gpt partition table"
6. If using a physical computer, mount your support drive
```bash
mount --mkdir /dev/sdb1 /media
```
7. Create disk partitions. Use gdisk or beware "bootctl install is not on a gpt partition table"
```bash
fdisk -l
@@ -116,57 +129,50 @@ Follow most of the instructions here:
- t EFI SYSTEM for /boot
- remaining for /
6. `mkfs.fat -F 32 /dev/vda1` (/mnt/boot partition)
7. This next step involves generating a secure, random password. Make sure to
8. `mkfs.fat -F 32 /dev/vda1` (/mnt/boot partition)
9. This next step involves generating a secure, random password. Make sure to
save this somewhere. I recommend having an encrypted partition on your
installation drive to which you can write a few bytes of text.
`echo -n $(pwgen 8 5) | sed 's/ /-/g' > root-key.txt`
`echo -n $(pwgen 8 5) | sed 's/ /-/g' > /media/root-key.txt`
8. `cryptsetup luksFormat /dev/vda2 --key-file /path/to/root-key.txt`
9. `cryptsetup luksOpen /dev/vda2 root --key-file /path/to/root-key.txt`
10. `mkfs.btrfs /dev/mapper/root` (root partition)
11. At this point you can choose how to subvolume your root partition
10. `cryptsetup luksFormat /dev/vda2 --key-file /path/to/root-key.txt`
11. `cryptsetup luksOpen /dev/vda2 root --key-file /path/to/root-key.txt`
12. `mkfs.btrfs /dev/mapper/root` (root partition)
13. At this point you can choose how to subvolume your root partition
```bash
mount --mkdir -o subvolid=5 /btr_pool
btrfs sub create root /btr_pool
btrfs sub create home /btr_pool
...
```
12. Mount the root partition with `mount -o subvol=root /dev/mapper/root /mnt`
13. Mount the home partition with `mount -o subvol=home /dev/mapper/root /mnt/home`
14. Mount the boot partition with `mount --mkdir /dev/vda1 /mnt/boot`
15. If on VM: Mount the conf files with `mount --mkdir /dev/sr1 /mnt/media`
16. `pacstrap -K /mnt base linux linux-firmware`
14. Mount the root partition with `mount -o subvol=root /dev/mapper/root /mnt`
15. Mount the home partition with `mount -o subvol=home /dev/mapper/root /mnt/home`
16. Mount the boot partition with `mount --mkdir /dev/vda1 /mnt/boot`
17. `pacstrap -K /mnt base linux linux-firmware`
This command might show an error. This is ok, we'll fix it later.
17. `genfstab -U /mnt >> /mnt/etc/fstab`
18. `arch-chroot /mnt`
19. `ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime`
20. `hwclock --systohc`
21. `echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen`
22. `echo 'KEYMAP=us' > /etc/vconsole.conf`
23. `echo 'hostname' > /etc/hostname`
24. `pacman -S sudo vim dhclient dhcpcd bash-completion btrfs-progs plymouth`
20. `genfstab -U /mnt >> /mnt/etc/fstab`
21. If on VM: Mount the conf files with `mount --mkdir /dev/sr1 /mnt/media`
18. If on a physical computer: mount the support parition with `mount --mkdir /dev/sdb1 /mnt/media`
22. `arch-chroot /mnt`
23. `ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime`
24. `hwclock --systohc`
25. `echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen`
26. `echo 'KEYMAP=us' > /etc/vconsole.conf`
27. `echo 'hostname' > /etc/hostname`
28. `pacman -S sudo vim dhclient dhcpcd bash-completion btrfs-progs plymouth`
- dhclient/dhcpcd provides dhcp for network
- bash-completion provides tab complete
- btrfs-progs provides fsck for btrfs
- plymouth gives a nice bootloader screen
25. Edit /etc/mkinitcpio.conf and set up systemd/sd-encrypt
/etc/mkinitcpio.conf
```conf
HOOKS=(systemd plymouth autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)
```
26. `mkinitcpio -P`
27. Install systemd-boot
29. Edit /etc/mkinitcpio.conf and uncomment the line for systemd-boot with an encrypted drive.
30. `mkinitcpio -P`
31. Install systemd-boot
<https://wiki.archlinux.org/title/systemd-boot>
@@ -177,51 +183,48 @@ Follow most of the instructions here:
If this raises an error like "efi partition not found" you probably forgot to format
/mnt/boot as an EFI partition. Edit this by reformatting it with gdisk (ef00 is the hex code).
28. edit your loader.conf with some defaults
32. edit your loader.conf with some defaults
/boot/loader/loader.conf
```conf
default main.conf
default arch.conf
timeout 4
console-mode max
editor no
```
29. Create a loader (/usr/share/systemd/bootctl/arch.conf for example)
33. Create a loader (/usr/share/systemd/bootctl/arch.conf for example)
/boot/loader/entries/main.conf
/boot/loader/entries/arch.conf
```conf
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options quiet splash rd.luks.name=d9828faa-2b8c-4184-9e74-9054ae328c6d=root root=/dev/mapper/root rootflags=subvol=root nvme.noacpi=1 acpi_osi="!Windows 2020" mem_sleep_default="deep" rw
options ... rd.luks.name=d9828faa-2b8c-4184-9e74-9054ae328c6d=root root=/dev/mapper/root rootflags=subvol=root ...
```
You can get the UUID of the disk into arch.conf with some grepping. Use vim to cut
the excess and copy it into the correct location.
```bash
blkid | grep /dev/vda2 >> /boot/loader/entries/main.conf
blkid | grep /dev/vda2 >> /boot/loader/entries/arch.conf
```
30. `useradd ducoterra`
31. `passwd ducoterra`
32. `groupadd sudo`
33. Edit /etc/sudoers and uncomment the section allowing sudo and wheel group privilege
34. `usermod -aG sudo ducoterra`
35. `usermod -aG wheel ducoterra`
36. `mkdir /home/ducoterra`
37. `chown ducoterra:ducoterra /home/ducoterra`
38. `locale-gen`
39. `systemctl enable dhcpcd`
40. If on VM install guest drivers: `pacman -S qemu-guest-agent spice-vdagent`
41. If you need ssh: `pacman -S openssh; systemctl enable sshd`
42. `exit`
43. `reboot`
44. Remove your installation medium and boot into arch
45. Add a pacman hook for systemd-boot updates
34. `useradd ducoterra`
35. `passwd ducoterra`
36. `groupadd sudo`
37. Edit /etc/sudoers and uncomment the section allowing sudo and wheel group privilege
38. `usermod -aG sudo ducoterra`
39. `usermod -aG wheel ducoterra`
40. `mkdir /home/ducoterra`
41. `chown ducoterra:ducoterra /home/ducoterra`
42. `locale-gen`
43. `systemctl enable dhcpcd`
44. If on VM install guest drivers: `pacman -S qemu-guest-agent spice-vdagent`
45. If you need ssh: `pacman -S openssh; systemctl enable sshd`
46. Add a pacman hook for systemd-boot updates
/etc/pacman.d/hooks/95-systemd-boot.hook
@@ -237,13 +240,83 @@ Follow most of the instructions here:
Exec = /usr/bin/systemctl restart systemd-boot-update.service
```
47. Install gnome: `pacman -S gdm gnome`
- choose pipewire-jack
- choose wireplumber
- choose noto-fonts-emoji
48. `systemctl enable gdm`
49. Install NetworkManager `pacman -S networkmanager`
50. `systemctl enable NetworkManager`
51. Install gnome nice-to-haves `pacman -S gnome-tweaks dconf-editor seahorse`
52. Install tpm2-tss for tpm2 disk decryption `pacman -S tpm2-tss`
53. Setup tpm2 disk decryption
```bash
systemd-cryptenroll /dev/vda2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs="" --unlock-key-file=/media/root-key.txt
```
54. `exit`
55. `reboot`
### Base Tools
```bash
# gvfs and gvfs-dnssd are for webdav support
pacman -S rsync which git iperf3 pwgen dosfstools exfatprogs gvfs gvfs-dnssd wget
```
### ZSH
```bash
pacman -S zsh grml-zsh-config zsh-syntax-highlighting zsh-autosuggestions pkgfile
chsh -s $(which zsh)
cat <<EOF > ~/.zshrc
# Basic settings
autoload bashcompinit && bashcompinit
autoload -U compinit; compinit
zstyle ':completion:*' menu select
# Prompt settings
autoload -Uz promptinit
promptinit
PROMPT_EOL_MARK=
# Syntax Highlighting
source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
source /usr/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh
# Command Not Found Autocomplete
source /usr/share/doc/pkgfile/command-not-found.zsh
### Custom Commands and Aliases ###
EOF
```
### Prompt Themes
See: <https://wiki.archlinux.org/title/Zsh#Prompt_themes>
Use `prompt -l` to list prompts
Use `prompt -p` to see previews
In your `.zshrc` set the following:
```bash
autoload -Uz promptinit
promptinit
prompt grml
```
### AUR
The AUR lets you install community-created and maintained packages. Here are the basics:
```bash
pacman -S --needed git base-devel
mkdir ~/aur
mkdir ~/AUR
# When you find a project, the basic installation looks like this:
git clone <git repo from aur>
@@ -281,16 +354,7 @@ Security Philosophy
establish a connection. Firewalls can also be used to limit an attacker's ability
to even discover you on a network with icmp blocking.
4. AppArmor
AppArmor is a mandatory access control system like SELinux. Even if you
don't configure it beyond its defaults, AppArmor is still a good thing to
have available. Apps which come with an apparmor profile will offer you an
additional layer of security. In the same way that a firewall protects you
from remote attacks, AppArmor protects you from privilege escalation
attacks and malicious binaries by blocking them at the source.
5. ClamAV
4. ClamAV
Much like Windows has Windows Defender, Linux has ClamAV. Running an antivirus scanner
certainly isn't the end-all-be-all of security, and it definitely isn't good enough
@@ -299,14 +363,14 @@ Security Philosophy
being said, finding *any* malware on a system is reason enough to nuke it from orbit and restore from a
known good backup.
6. BTRFS Snapshots
5. BTRFS Snapshots
This is not a backup, this is a snapshot. It serves an equally important function, however,
in that it protects you from accidental deletion and corruption. Let's imagine you perform
an update, reboot, and your computer crashes mid-startup. You could easily restore root
from a btrfs snapshot on your system and go on with your day like nothing happened.
7. BTRFS Backups
6. BTRFS Backups
This is a backup. Unlike snapshots, which live on the same drive your system exists
on, backups are physically separate copies of your computer stored (hopefully) in a
@@ -341,7 +405,9 @@ Security Philosophy
There is a pacman hook which will automatically sign new binaries on update.
#### TPM2 LUKS Decryption
#### TPM2 LUKS Decryption with Secure Boot
You can optionally allow tpm2 decryption only while secure boot is active.
Using `--tpm2-pcrs=7` enforces secure boot and will require password if secure boot is disabled.
@@ -456,26 +522,17 @@ Access Modes
- OR -
1. `freshclam`
1. `touch /var/log/clamav/freshclam.log`
2. `systemctl enable --now clamav-freshclam.service`
3. `systemctl enable --now clamav-daemon.service`
4. `clamdscan --multiscan --fdpass /home/ducoterra`
##### Config
```conf
UpdateLogFile /var/log/clamav/freshclam.log
PidFile /run/clamav/freshclam.pid
DatabaseMirror database.clamav.net
NotifyClamd /etc/clamav/clamd.conf
```
#### btrbk
```bash
cd Downloads
wget https://raw.githubusercontent.com/digint/btrbk/master/btrbk
clamscan .
clamdscan .
chmod +x btrbk
sudo mv btrbk /usr/bin/
```
@@ -492,84 +549,74 @@ mkdir -p /btr_pools/root
```conf
# btr_pools
UUID=84153269-f194-43f7-a4fe-e72aaffdb97a /btr_pools/root btrfs rw,relatime,ssd,space_cache=v2,subvolid=256,subvolid=5 0 0
UUID=84153269-f194-43f7-a4fe-e72aaffdb97a /btr_pools/root btrfs rw,relatime,ssd,space_cache=v2,subvolid=5 0 0
```
```bash
systemctl daemon-reload
mount -a
btrfs sub create /btr_pools/root/.snapshots
btrbk -c /etc/btrbk/snapshots.conf dryrun
btrbk -c /etc/btrbk/snapshots.conf run
```
##### Snapshots
1. Create a snapshot config
`mkdir /etc/btrbk`
/etc/btrbk/snapshots.conf
Create a snapshot config
```conf
snapshot_preserve_min 24h
snapshot_preserve 14d
/etc/btrbk/snapshots.conf
# root
volume /btr_pools/root
subvolume root
snapshot_dir .snapshots
```conf
snapshot_preserve_min 24h
snapshot_preserve 24h
# home
volume /btr_pools/root
subvolume home
snapshot_dir .snapshots
# root
volume /btr_pools/root
subvolume root
snapshot_dir .snapshots
# libvirt
volume /btr_pools/root
subvolume libvirt
snapshot_dir .snapshots
# home
volume /btr_pools/root
subvolume home
snapshot_dir .snapshots
```
# nextcloud
volume /btr_pools/root
subvolume nextcloud
snapshot_dir .snapshots
```
Then create a snapshot service
2. Then create a snapshot service
/etc/systemd/system/btrbk_snapshots.service
/etc/systemd/system/btrbk_snapshots.service
```conf
[Unit]
Description=Runs btrbk with config file at /etc/btrbk/snapshots.conf
```conf
[Unit]
Description=Runs btrbk with config file at /etc/btrbk/snapshots.conf
[Service]
ExecStart=/usr/bin/btrbk -c /etc/btrbk/snapshots.conf -v run
```
[Service]
ExecStart=/usr/bin/btrbk -c /etc/btrbk/snapshots.conf -v run
```
Then create a timer for the service
3. Then create a timer for the service
/etc/systemd/system/btrbk_snapshots.timer
/etc/systemd/system/btrbk_snapshots.timer
```conf
[Unit]
Description=Run snapshots every hour
```conf
[Unit]
Description=Run snapshots every hour
[Timer]
OnCalendar=hourly
[Timer]
OnCalendar=hourly
AccuracySec=10min
Persistent=true
Unit=btrbk_snapshots.service
AccuracySec=10min
Persistent=true
Unit=btrbk_snapshots.service
[Install]
WantedBy=timers.target
```
[Install]
WantedBy=timers.target
```
Then enable the service
4. Then enable the service
```bash
systemctl enable --now btrbk_snapshots.timer
```
```bash
systemctl enable --now btrbk_snapshots.timer
```
##### Backups
@@ -596,17 +643,17 @@ Third, I'd recommend iterating dot directories you'd need to restore and writing
down somewhere:
1. .aws
2. .config
3. .gitconfig
4. .icons
5. .kube
6. .local
7. .minecraft
8. .ssh
9. .steam
10. .vimrc
11. .vscode
12. .vscode-oss
2. .cache
3. .config
4. .gitconfig
5. .icons
6. .kube
7. .local
8. .minecraft
9. .mozilla
10. .ssh
11. .steam
12. .vimrc
13. .wireguard
14. .zshrc
@@ -695,7 +742,9 @@ You can create chroot environments to run firejails or just use for testing purp
1. `pacman -S fprintd`
2. `systemctl enable --now fprintd`
3. `fprintd-enroll ducoterra`
4. Enable fingerprint terminal login but prompt for password first (enter switches to prompt for fingerprint)
4. ~~Enable fingerprint terminal login but prompt for password first (enter switches to prompt for fingerprint)~~
DON'T DO THIS <https://wiki.archlinux.org/title/Fprint#Login_configuration>
/etc/pam.d/sudo
@@ -783,33 +832,44 @@ runs our script on wake.
Now the status should be correct even after connecting/disconnecting when the computer is off.
## Desktop Environment
### Gnome
1. `pacman -S gdm gnome`
- choose pipewire-jack
- choose wireplumber
- choose noto-fonts-emoji
2. `systemctl enable --now gdm`
3. `pacman -S networkmanager`
4. `systemctl enable --now NetworkManager`
5. `pacman -S gnome-tweaks dconf-editor seahorse`
## Hardware Management
### Power Profiles
<https://wiki.archlinux.org/title/CPU_frequency_scaling#power-profiles-daemon>
```bash
pacman -S power-profiles-daemon
systemctl enable --now power-profiles-daemon
```
### Color Management
<https://wiki.archlinux.org/title/Framework_Laptop_13#Display>
<https://wiki.archlinux.org/title/ICC_profiles#Wayland>
```bash
cp /home/ducoterra/Downloads/BOE_CQ... /usr/share/color/icc/colord/
colormgr get-profiles
colormgr get-devices
colormgr device-add-profile xrandr-BOE-0x095f-0x00000000 icc-eca2e6d155d550a5e78c97a34ac3fcae
```
### Washed out colors with power-profiles-daemon
<https://wiki.archlinux.org/title/Framework_Laptop_13#(AMD)_Washed-out_colors_when_using_power-profiles-daemon_in_power-saver_or_balanced_mode>
```bash
systemctl edit power-profiles-daemon.service --drop-in=disable_panel_powersavings
```
```conf
[Service]
ExecStart=
ExecStart=/usr/lib/power-profiles-daemon --block-action=amdgpu_panel_power
```
### Hardware Acceleration
(This helps enable hardware encoding/decoding for steam streaming)
@@ -833,13 +893,8 @@ vainfo
This is needed for the Framework 13 (11th gen) since sleeping while plugged in to a dock
will prevent it from waking up.
/etc/systemd/logind.conf
```conf
...
HandleLidSwitchExternalPower=lock
HandleLidSwitchDocked=ignore
...
```bash
vim /etc/systemd/logind.conf
```
### Bluetooth
@@ -939,6 +994,24 @@ pacman -S flatpak
## Apps
### Toolbox
<https://wiki.archlinux.org/title/Toolbox>
Toolbox is a containerized workstation service via podman.
```bash
# select "crun" when prompted
pacman -S toolbox
toolbox create
toolbox enter
sudo pacman -S zsh grml-zsh-config zsh-syntax-highlighting zsh-autosuggestions pkgfile
```
### Firefox
You'll want firefox and gnome-browser-connector (for gnome extension management).
@@ -958,19 +1031,19 @@ Choose noto-fonts
### Avahi (Bonjour)
1. `sudo pacman -S avahi`
2. `sudo vim /etc/nsswitch.conf`
1. `pacman -S avahi`
2. `vim /etc/nsswitch.conf`
```conf
hosts: mymachines mdns [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns
```
3. `sudo vim /etc/mdns.allow`
3. `vim /etc/mdns.allow`
```conf
.local.
.local
```
```conf
.local.
.local
```
### CUPS Printing

20
infrastructure/graduated/arch/gaming.md
View File

@@ -176,6 +176,26 @@ pacman -U --noconfirm sunshine.pkg.tar.zst
<https://github.com/moonlight-stream/moonlight-qt/releases>
```bash
mv ~/Downloads/Moonlight-*.AppImage ~/Applications/Moonlight.AppImage
chmod +x ~/Applications/*.AppImage
```
vim ~/.local/share/applications/moonlight.desktop
```conf
[Desktop Entry]
Name=Moonlight
Exec=/home/ducoterra/Applications/Moonlight.AppImage %u
Icon=/home/ducoterra/.icons/Moonlight.ico
Type=Application
```
```bash
update-desktop-database
```
Ctrl + Alt + Shift + Q (Moonlight Stream)
Quit the streaming session (leaving the game running on the host PC)

257
infrastructure/graduated/arch/workstation.md
View File

@@ -1,15 +1,6 @@
# Workstation
- [Workstation](#workstation)
- [Framework AMD Notes](#framework-amd-notes)
- [ATH12K Wifi Drivers](#ath12k-wifi-drivers)
- [Microcode](#microcode)
- [linux-git kernel](#linux-git-kernel)
- [Base Tools](#base-tools)
- [ZSH](#zsh)
- [Prompt Themes](#prompt-themes)
- [Aliases](#aliases)
- [Rollback Pacman Update](#rollback-pacman-update)
- [Podman](#podman)
- [Docker](#docker)
- [QEMU/KVM](#qemukvm)
@@ -37,140 +28,12 @@
- [AWS CLI](#aws-cli)
- [NSlookup](#nslookup)
- [rpi-imager](#rpi-imager)
- [Install rpi-imager](#install-rpi-imager)
- [Upgrade rpi-imager](#upgrade-rpi-imager)
- [qFlipper](#qflipper)
- [Nextcloud Talk](#nextcloud-talk)
## Framework AMD Notes
### ATH12K Wifi Drivers
Install the wireless-regdb to set the regulatory domain to US
```bash
pacman -S wireless-regdb
```
Edit `/etc/conf.d/wireless-regdom` to set the domain
<https://git.codelinaro.org/clo/ath-firmware/ath12k-firmware/-/tree/main>
1. `git clone https://git.codelinaro.org/clo/ath-firmware/ath12k-firmware`
2. `cd ath12k-firmware`
3. Run the following:
```bash
wget https://github.com/qca/qca-swiss-army-knife/raw/master/tools/scripts/ath12k/ath12k-fw-repo
chmod 755 ath12k-fw-repo
sudo ./ath12k-fw-repo --install /lib/firmware
```
4. `sudo cp ath12k/board.bin /lib/firmware/ath12k/WCN7850/hw2.0/`
5. `sudo cp ath12k/regdb.bin /lib/firmware/ath12k/WCN7850/hw2.0/`
6. Reboot
### Microcode
```bash
pacman -S amd-ucode
```
Edit /boot/loader/entries/.conf and add the following:
```bash
title Arch Linux (Work)
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux.img
options ...
```
### linux-git kernel
<https://aur.archlinux.org/packages/linux-git>
1. `git clone https://aur.archlinux.org/linux-git.git`
2. `cd linux-git`
3. `makepkg`
4. `sudo pacman -U linux-git... linux-git-headers...`
## Base Tools
```bash
# gvfs and gvfs-dnssd are for webdav support
pacman -S rsync which git iperf3 pwgen dosfstools exfatprogs gvfs gvfs-dnssd
```
## ZSH
```bash
pacman -S zsh grml-zsh-config zsh-syntax-highlighting zsh-autosuggestions pkgfile
chsh -s $(which zsh)
cat <<EOF > ~/.zshrc
# Basic settings
autoload bashcompinit && bashcompinit
autoload -U compinit; compinit
zstyle ':completion:*' menu select
# Prompt settings
autoload -Uz promptinit
promptinit
PROMPT_EOL_MARK=
# Syntax Highlighting
source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
source /usr/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh
# Command Not Found Autocomplete
source /usr/share/doc/pkgfile/command-not-found.zsh
### Custom Commands and Aliases ###
EOF
```
### Prompt Themes
See: <https://wiki.archlinux.org/title/Zsh#Prompt_themes>
Use `prompt -l` to list prompts
Use `prompt -p` to see previews
In your `.zshrc` set the following:
```bash
autoload -Uz promptinit
promptinit
prompt grml
```
### Aliases
You can put you aliases in `.zshrc` with the following format:
```bash
alias update='sudo pacman -Syu --noconfirm'
```
It's recommended that for complicated/multiline aliases you create a folder called
`~/.local/scripts` where you store each alias. Make sure to back up this folder!
#### Rollback Pacman Update
This script will grep for all updates performed today and roll them back one by one.
rollback_update.sh
```bash
grep -a upgraded /var/log/pacman.log| grep $(date +"%Y-%m-%d") > /tmp/lastupdates.txt
awk '{print $4}' /tmp/lastupdates.txt > /tmp/lines1;awk '{print $5}' /tmp/lastupdates.txt | sed 's/(/-/g' > /tmp/lines2
paste /tmp/lines1 /tmp/lines2 > /tmp/lines
tr -d "[:blank:]" < /tmp/lines > /tmp/packages
cd /var/cache/pacman/pkg/
for i in $(cat /tmp/packages); do sudo pacman --noconfirm -U "$i"*; done
```
- [FFMpeg](#ffmpeg)
- [Youtube-dlp](#youtube-dlp)
- [Iperf3](#iperf3)
- [Glances](#glances)
## Podman
@@ -211,41 +74,14 @@ You can use btrfs as your storage driver by following these instructions:
## QEMU/KVM
1. Install virtualization capabilties
Install virtualization capabilties
```bash
pacman -S qemu-full libvirt iptables-nft dnsmasq virt-manager qemu-desktop swtpm
usermod -aG libvirt ducoterra
```
2. Edit /etc/libvirt/libvirtd.conf
```conf
...
unix_sock_group = 'libvirt'
...
unix_sock_rw_perms = '0770'
...
```
3. Edit /etc/libvirt/qemu.conf
```conf
# Some examples of valid values are:
#
# user = "qemu" # A user named "qemu"
# user = "+0" # Super user (uid=0)
# user = "100" # A user named "100" or a user with uid=100
#
user = "ducoterra"
# The group for QEMU processes run by the system instance. It can be
# specified in a similar way to user.
group = "ducoterra"
```
4. `sudo systemctl enable --now libvirtd`
5. `sudo virsh net-autostart default`
```bash
# DNSMasq is required - do not start it with systemd, qemu will handle that.
pacman -S qemu-full dnsmasq virt-manager
systemctl enable --now libvirtd
virsh net-autostart default
```
If you get a blank screen when launching a VM check that you've used the correct bios -
either secboot or not secboot. This is the most common problem.
@@ -560,6 +396,7 @@ Type=Application
# Install less if you don't have it already
pacman -S less
cd ~/Downloads
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
@@ -574,7 +411,11 @@ complete -C '/usr/local/bin/aws_completer' aws
## NSlookup
```bash
pacman -Syu bind
# Do this in a toolbox
toolbox enter
# Install
pacman -S bind
```
## rpi-imager
@@ -582,33 +423,9 @@ pacman -Syu bind
<https://github.com/raspberrypi/rpi-imager>
```bash
sudo pacman -S cmake qt5-base
```
### Install rpi-imager
```bash
git clone https://github.com/raspberrypi/rpi-imager.git
cd rpi-imager
mkdir -p build
cd build
cmake ../src
make
sudo make install
```
### Upgrade rpi-imager
```bash
```bash
cd rpi-imager
git pull
rm -r build
mkdir -p build
cd build
cmake ../src
make
sudo make install
toolbox create -d ubuntu -r 24.04
toolbox enter toolbox enter ubuntu-toolbox-24.04
sudo apt install rpi-imager
```
## qFlipper
@@ -649,3 +466,37 @@ Type=Application
```bash
update-desktop-database
```
## FFMpeg
```bash
# Select pipewire-jack when prompted
pacman -S ffmpeg
```
## Youtube-dlp
<https://github.com/yt-dlp/yt-dlp>
1. Download `yt-dlp_linux`
2. `clamdscan yt-dlp_linux`
3. `cp yt-dlp_linux /usr/local/bin/yt-dlp`
4. Install ffmpeg `pacman -S ffmpeg`
Download the best quality video:
```bash
yt-dlp -f "bv+ba/b" https://...
```
## Iperf3
```bash
pacman -S iperf3
```
## Glances
```bash
pacman -S glances
```