services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ca9081ab3667d990d1bc548a7da6adf7a5b3507e
homelab/infrastructure/graduated/arch/workstation.md
ducoterra ca9081ab36 various fixes
2024-08-17 00:52:15 -04:00

778 lines
17 KiB
Markdown
Raw Blame History

# Workstation
- [Workstation](#workstation)
- [Pacman Packages](#pacman-packages)
- [Upgrade/Downgrade](#upgradedowngrade)
- [Freeze package](#freeze-package)
- [Fingerprint Reader Support](#fingerprint-reader-support)
- [Setup](#setup)
- [Turn Off Fingerprint When Laptop Lid Closed](#turn-off-fingerprint-when-laptop-lid-closed)
- [SSH](#ssh)
- [Templates](#templates)
- [Firefox](#firefox)
- [Gnome Extensions](#gnome-extensions)
- [Avahi (Bonjour)](#avahi-bonjour)
- [CUPS Printing](#cups-printing)
- [Toolbox](#toolbox)
- [Podman](#podman)
- [Docker](#docker)
- [QEMU/KVM](#qemukvm)
- [Arch Guests](#arch-guests)
- [Kubernetes](#kubernetes)
- [VSCode](#vscode)
- [Shell](#shell)
- [Fonts](#fonts)
- [Navigation](#navigation)
- [Extensions](#extensions)
- [Wireguard](#wireguard)
- [Remote Desktop](#remote-desktop)
- [Transmission](#transmission)
- [VLC](#vlc)
- [Bitwarden](#bitwarden)
- [Nextcloud](#nextcloud)
- [Insomnia](#insomnia)
- [QMK](#qmk)
- [Initialization](#initialization)
- [Development](#development)
- [Cura](#cura)
- [Creality Print](#creality-print)
- [Bambu Studio](#bambu-studio)
- [Orca Slicer](#orca-slicer)
- [AWS CLI](#aws-cli)
- [NSlookup](#nslookup)
- [rpi-imager](#rpi-imager)
- [qFlipper](#qflipper)
- [Nextcloud Talk](#nextcloud-talk)
- [FFMpeg](#ffmpeg)
- [Youtube-dlp](#youtube-dlp)
- [Iperf3](#iperf3)
- [Glances](#glances)
- [VirtualBox](#virtualbox)
- [Email](#email)
## Pacman Packages
### Upgrade/Downgrade
The [Arch Linux Archive](https://archive.archlinux.org/packages/) keeps snapshots of all packages
from history. Search for your package on the site, copy the link for the `pkg.tar.zst` file, and run
the following:
```bash
# Replace link with the one you copied
pacman -U https://archive.archlinux.org/packages/g/gdm/gdm-46.2-1-x86_64.pkg.tar.zst
```
### Freeze package
You can freeze a package by adding it to the list of ignores in `/etc/pacman.conf`:
```conf
...
IgnorePkg = nano vim linux
...
```
## Fingerprint Reader Support
### Setup
1. `pacman -S fprintd`
2. `systemctl enable --now fprintd`
3. `fprintd-enroll ducoterra`
4. Install <https://aur.archlinux.org/pam-fprint-grosshack.git> to use fingerprint with gnome
In order to use fingerprint auth with gnome for privileged system stuff with gdm, edit
`/etc/pam.d/system-auth` to include `auth sufficient pam_fprintd_grosshack.so`.
```conf
#%PAM-1.0
auth required pam_shells.so # User must have shell in /etc/shells
auth requisite pam_nologin.so # Prevents users from loging in if /etc/nologin exists
auth required pam_faillock.so preauth # Timeout after certain number of fails
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
auth sufficient pam_fprintd_grosshack.so
-auth [success=2 default=ignore] pam_systemd_home.so
auth [success=1 default=bad] pam_unix.so try_first_pass nullok
auth [default=die] pam_faillock.so authfail
auth optional pam_permit.so
auth required pam_env.so
auth required pam_faillock.so authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.
-account [success=1 default=ignore] pam_systemd_home.so
account required pam_unix.so
account optional pam_permit.so
account required pam_time.so
-password [success=1 default=ignore] pam_systemd_home.so
password required pam_unix.so try_first_pass nullok shadow
password optional pam_permit.so
-session optional pam_systemd_home.so
session required pam_limits.so
session required pam_unix.so
session optional pam_permit.so
```
### Turn Off Fingerprint When Laptop Lid Closed
**NOTE: This may break fingerprint unlock. Testing in progress.**
To disable fingerprint authentication when the laptop lid is closed, and re-enable when it is
reopened, we will use acpid to bind to the button/lid.* event to a custom script that will comment
out fprintd auth in /etc/pam.d/sudo.
Usually we'd just `systemctl mask fprintd` but this breaks gdm (as of 08/06/23). See
<https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2267> and
<https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6585>.
1. `pacman -S acpid` and then `systemctl enable --now acpid`
2. Create file /etc/acpi/laptop-lid.sh with the following contents:
```bash
#!/bin/bash
if grep -Fq closed /proc/acpi/button/lid/LID0/state # &&
# This is used to detect if a display is connected.
# For USB C displayport use:
# grep -Fxq connected /sys/class/drm/card1-DP-2/status
# For hdmi use:
# grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status
then
# comment out fprintd
sed -i -E 's/^([^#].*pam_fprintd.so)/#\1/g' /etc/pam.d/sudo
else
# uncomment fprintd
sed -i -E 's/#(.*pam_fprintd.so)/\1/g' /etc/pam.d/sudo
fi
```
3. Make the file executable with
`chmod +x /etc/acpi/laptop-lid.sh`
4. Create file /etc/acpi/events/laptop-lid with the following contents:
```bash
event=button/lid.*
action=/etc/acpi/laptop-lid.sh
```
5. Restart the acpid service with:
`systemctl restart acpid`
Now the fingerprint will be used only when the lid is open.
In order to ensure the correct state after suspend we need a service file which runs our script on
wake.
1. Create a file named /etc/systemd/system/laptop-lid.service with the following contents:
```bash
[Unit]
Description=Laptop Lid
After=suspend.target
[Service]
ExecStart=/etc/acpi/laptop-lid.sh
[Install]
WantedBy=multi-user.target
WantedBy=suspend.target
```
2. Reload the systemd config files with
`sudo systemctl daemon-reload`
3. Start and enable the service with
`sudo systemctl enable --now laptop-lid.service`
Now the status should be correct even after connecting/disconnecting when the computer is off.
## SSH
Generate a key with password protection:
```bash
# Omit "-N 'password'" to have it prompt you
ssh-keygen -f ~/.ssh/test-key -N 'PASSWORD'
```
Change the password for an ssh key:
```bash
# Use "-N ''" to remove the password
ssh-keygen -p -N 'PASSWORD' -f ~/.ssh/test-key
```
This is an example config entry in `~/.ssh/config`:
```conf
Host my-host
Hostname my-host.reeselink.com
User root
ProxyCommand none
ForwardAgent no
ForwardX11 no
Port 22
KeepAlive yes
IdentityFile ~/.ssh/id_my-host_rsa
```
You can ssh to that host with `ssh my-host` after adding a config entry.
## Templates
You can add files in `~/Templates` to give yourself quick-create options in the gnome
file browser context menu.
```bash
mkdir ~/Templates
touch ~/Templates/text.txt
```
## Firefox
You'll want firefox and gnome-browser-connector (for gnome extension management).
```bash
pacman -S firefox gnome-browser-connector
```
Choose noto-fonts
### Gnome Extensions
1. AlphabeticalAppGrid@stuarthayhurst
2. <Vitals@CoreCoding.com>
3. <dash-to-dock@micxgx.gmail.com>
4. <tactile@lundal.io>
## Avahi (Bonjour)
1. `pacman -S avahi`
2. `vim /etc/nsswitch.conf`
```conf
hosts: mymachines mdns [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns
```
3. `vim /etc/mdns.allow`
```conf
.local.
.local
```
## CUPS Printing
Note: you need [avahi](#avahi-bonjour) for auto-discovery.
1. `pacman -S cups cups-pdf system-config-printer gutenprint foomatic-db-gutenprint-ppds`
2. `cups-genppdupdate`
3. `usermod -aG lp ducoterra`
4. `systemctl enable --now cups`
5. In gnome settings:
1. Add printer
2. Enter the IP address
3. Wait...
4. Select "JetDirect"
5. Select Generic
6. Select IPP Printer
7. Print
## Toolbox
<https://wiki.archlinux.org/title/Toolbox>
Toolbox is a containerized workstation service via podman.
```bash
# select "crun" when prompted
pacman -S toolbox
toolbox create
toolbox enter
sudo pacman -S zsh grml-zsh-config zsh-syntax-highlighting zsh-autosuggestions pkgfile
```
## Podman
Install with the following
`pacman -S podman buildah cni-plugins slirp4netns podman-dnsname aardvark-dns`
Then you can run rootless containers like so:
```bash
podman pull docker.io/library/python:3.11
podman run -it python:3.11 bash
podman network create test
podman pod create --network test --publish 8000:8000 test1
podman run -it --pod test1 python:3.11 bash
```
You can also deploy pods with kubernetes yamls.
```bash
podman network create test
podman kube play --network test podman-deploy.yaml --replace
```
## Docker
```bash
pacman -Sy docker docker-compose
usermod -aG docker ducoterra
```
logout, log back in to use docker as non-root user.
You can use btrfs as your storage driver by following these instructions:
<https://docs.docker.com/storage/storagedriver/btrfs-driver/>
## QEMU/KVM
Install virtualization capabilties
```bash
# DNSMasq is required - do not start it with systemd, qemu will handle that.
pacman -S qemu-full dnsmasq virt-manager
systemctl enable --now libvirtd
virsh net-autostart default
```
Then edit `/etc/libvirt/network.conf` and add:
```conf
firewall_backend="iptables"
```
Make sure to restart libvirtd with `systemctl restart libvirtd`.
If you get a blank screen when launching a VM check that you've used the correct bios -
either secboot or not secboot. This is the most common problem.
### Arch Guests
In order to get drivers for spice you'll need the guest spice drivers:
```bash
sudo pacman -S qemu-guest-agent spice-vdagent
```
## Kubernetes
```bash
pacman -S kubectl helm
```
## VSCode
For the open source version of code install `code`:
```bash
sudo pacman -S code
```
For the proprietary version of vscode use the AUR:
<https://aur.archlinux.org/packages/visual-studio-code-bin>
```bash
cd ~/aur
git clone https://aur.archlinux.org/visual-studio-code-bin.git
cd visual-studio-code-bin
makepkg -si
```
### Shell
Edit settings.json
```json
{
"terminal.integrated.defaultProfile.linux": "zsh",
}
```
### Fonts
Intel One Mono is designed to be easily readable for developers.
<https://github.com/intel/intel-one-mono>
Download and extract the ttf.zip
```bash
mkdir ~/.local/share/fonts
rsync -av /path/to/download/*.ttf ~/.local/share/fonts/
```
Edit settings.json
```json
{
"editor.fontFamily": "Intel One Mono",
"editor.fontLigatures": true,
"terminal.integrated.fontFamily": "Intel One Mono",
}
```
### Navigation
The best navigation shortcut ever is alt+left and alt+right to move the cursor to it's
previous positions.
```json
[
{
"key": "alt+left",
"command": "workbench.action.navigateBack",
"when": ""
},
{
"key": "alt+right",
"command": "workbench.action.navigateForward",
"when": ""
}
]
```
### Extensions
To save a list of installed extensions run:
```bash
code --list-extensions >> vscode_extensions.txt
```
To install that list of extensions run:
```bash
cat vscode_extensions.txt | xargs -L 1 code --install-extension
```
## Wireguard
Wireguard requires `linux-headers`. If that isn't installed or is misconfigured your
vpn likely won't activate.
```bash
pacman -S wireguard-tools
```
## Remote Desktop
```bash
pacman -S remmina freerdp
```
## Transmission
```bash
pacman -S gtk4 transmission-gtk
```
## VLC
```bash
pacman -S vlc
```
## Bitwarden
```bash
pacman -S bitwarden
```
## Nextcloud
<https://wiki.archlinux.org/title/Nextcloud#Desktop>
```bash
pacman- S nextcloud-client
```
For app icon support, install <https://extensions.gnome.org/extension/615/appindicator-support/>
## Insomnia
<https://github.com/Kong/insomnia/releases/tag/core@2023.5.7>
```bash
mv ~/Downloads/Insomnia*.AppImage ~/Applications/Insomnia.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=Insomnia
Exec=/home/ducoterra/Applications/Insomnia.AppImage
Icon=/home/ducoterra/.icons/insomnia.png
Type=Application
```
## QMK
### Initialization
I have a mirror and a fork of the mirror on my personal Gitea. For this strategy you'll
need to checkout the fork and add the mirror. This ensures I'll always have an up-to-date
mirror of qmk while also giving me a repo to make changes for my personal keyboards.
```bash
git clone git@gitea.reeseapps.com:ducoterra/qmk_firmware.git
cd qmk_firmware
git remote add mirror git@gitea.reeseapps.com:mirrors/qmk_firmware.git
git fetch mirror
git rebase mirror/master
pacman -S qmk
qmk setup
sudo cp /home/ducoterra/qmk_firmware/util/udev/50-qmk.rules /etc/udev/rules.d/
qmk config user.keyboard=keychron/q11/ansi_encoder
qmk config user.keymap=ducoterra
```
### Development
Every time you start a project you'll want to sync with the mirror.
```bash
git fetch mirror
git rebase mirror/master
```
Commit to master while you're in the fork.
## Cura
<https://ultimaker.com/software/ultimaker-cura/#links>
```bash
mv ~/Downloads/*Cura*.AppImage ~/Applications/Cura.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=Cura
Exec=/home/ducoterra/Applications/Cura.AppImage
Icon=/home/ducoterra/.icons/cura.png
Type=Application
```
## Creality Print
<https://www.creality.com/pages/download-software?spm=..page_11657537.creality_print_1.1>
```bash
mv ~/Downloads/Creality_Print*.AppImage ~/Applications/Creality_Print.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=Creality Print
Exec=/home/ducoterra/Applications/Creality_Print.AppImage
Icon=/home/ducoterra/.icons/creality_print.png
Type=Application
```
## Bambu Studio
Install with flatpak.
```bash
flatpak install com.bambulab.BambuStudio
```
## Orca Slicer
<https://github.com/SoftFever/OrcaSlicer>
This is an open source fork of Bambu Slicer with more features.
```bash
# You might need to install webkit2gtk
pacman -S webkit2gtk
```
```bash
mv ~/Downloads/OrcaSlicer*.AppImage ~/Applications/OrcaSlicer.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=Orca Slicer
Exec=/home/ducoterra/Applications/OrcaSlicer.AppImage
Icon=/home/ducoterra/.icons/orca_slicer.png
Type=Application
```
## AWS CLI
<https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html>
```bash
# Install less if you don't have it already
pacman -S less
cd ~/Downloads
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
```
Add the following to your .zshrc:
```bash
complete -C '/usr/local/bin/aws_completer' aws
```
## NSlookup
```bash
# Do this in a toolbox
toolbox enter
# Install
pacman -S bind
```
## rpi-imager
<https://github.com/raspberrypi/rpi-imager>
```bash
toolbox create -d ubuntu -r 24.04
toolbox enter toolbox enter ubuntu-toolbox-24.04
sudo apt install rpi-imager
```
## qFlipper
<https://flipperzero.one/update>
```bash
mv ~/Downloads/*qFlipper*.AppImage ~/Applications/qFlipper.AppImage
chmod +x ~/Applications/*.AppImage
```
```conf
[Desktop Entry]
Name=qFlipper
Exec=/home/ducoterra/Applications/qFlipper.AppImage
Icon=/home/ducoterra/.icons/qFlipper.png
Type=Application
```
## Nextcloud Talk
<https://github.com/nextcloud-releases/talk-desktop/releases>
```bash
unzip ~/Downloads/Nextcloud.Talk-linux*.zip -d ~/Downloads
rm -rf ~/Applications/NextcloudTalk
mv ~/Downloads/'Nextcloud Talk-linux-x64' ~/Applications/NextcloudTalk
```
vim ~/.local/share/applications/nextcloud-talk.desktop
```conf
[Desktop Entry]
Name=Nextcloud Talk
Exec="/home/ducoterra/Applications/NextcloudTalk/Nextcloud Talk" %u
Icon=/home/ducoterra/.icons/NextcloudTalk.png
Type=Application
```
```bash
update-desktop-database
```
## FFMpeg
```bash
# Select pipewire-jack when prompted
pacman -S ffmpeg
```
## Youtube-dlp
<https://github.com/yt-dlp/yt-dlp>
1. Download `yt-dlp_linux`
2. `clamdscan yt-dlp_linux`
3. `cp yt-dlp_linux /usr/local/bin/yt-dlp`
4. Install ffmpeg `pacman -S ffmpeg`
Download the best quality video:
```bash
yt-dlp -f "bv+ba/b" https://...
```
Download a playlist:
```bash
yt-dlp -f "bv+ba/b" --write-thumbnail https://www.youtube.com/watch?v=l-unefmAo9k&list=PLuYLhuXt4HrQqnfSceITmv6T_drx1hN84
```
## Iperf3
```bash
pacman -S iperf3
```
## Glances
```bash
pacman -S glances
```
## VirtualBox
<https://wiki.archlinux.org/title/VirtualBox>
For the linux kernel, choose virtualbox-host-modules-arch
```bash
pacman -S virtualbox
# Required reboot to load the kernel modules
reboot
```
## Email
- Download Proton Mail Bridge PKGBUILD: <https://proton.me/mail/bridge>
```bash
makepkg -si
```
- Open protonmail bridge and login
- Install geary email client
```bash
pacman -S geary
```
- Open geary
- Add the account following protonmail bridge's instructions
Reference in New Issue View Git Blame Copy Permalink