Giters

tylert / arch-installer

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Arch Linux Install

Remote Control

First, boot the system from the ISO then configure a password for the root user and start the ssh server:

passwd
systemctl start sshd

Installing

To start the install process (including some sample environment variables):

curl -Ol https://raw.githubusercontent.com/tylert/arch-installer/master/install_amd64_uefi.sh
curl -Ol https://raw.githubusercontent.com/tylert/arch-installer/master/configure_amd64_uefi.sh
chmod +x install_amd64_uefi.sh
chmod +x configure_amd64_uefi.sh
DRIVE=/dev/nvme0n1 SUFFIX=p NEWHOSTNAME=numuh NEWUSERNAME=sheen NEWPASSWORD=awesome ./install_amd64_uefi.sh
DRIVE=/dev/sda SUFFIX='' NEWHOSTNAME=numuh NEWUSERNAME=sheen NEWPASSWORD=awesome ./install_amd64_uefi.sh

Caching Proxy Server For Packages

3-2-1 Rule

2 is 1 and 1 is none...

Btrfs Bulk Storage

Prepare all the data drives and mount them:

# Install required packages
pacman --noconfirm --sync btrfs-progs cryptsetup smartmontools

# Encrypt the drive and bring it online (the "ata-*" ones)
drives='
FIRST_DRIVE
SECOND_DRIVE
'
for drive in ${drives}; do
    cryptsetup luksFormat /dev/disk/by-id/${drive}
    cryptsetup luksOpen /dev/disk/by-id/${drive} ${drive}
done

# Format the drives
mkfs.btrfs \
    -m raid1 \
    -d raid1 \
    -L megaarray \
    /dev/mapper/${FIRST_DRIVE} \
    /dev/mapper/${SECOND_DRIVE} ...

# Create a bunch of subvolumes
mount /dev/mapper/${FIRST_DRIVE} /somewhere
btrfs subvolume create /somewhere/@foo
btrfs subvolume create /somewhere/@bar
...

# Mount all the new subvolumes and the main drive for snapshotting
mount -o subvolid=5 /dev/mapper/${FIRST_DRIVE} /somewhere
mount -o subvol=@foo /dev/mapper/${FIRST_DRIVE} /elsewhere/foo
mount -o subvol=@bar /dev/mapper/${FIRST_DRIVE} /elsewhere/bar
...
dd if=/dev/zero of=/dev/disk-by-id/ata-bla-bla-bla
kill -USR1 $(pgrep ^dd$)

SMART Checking

for drive in $(ls /dev/disk/by-id/{nvme,ata}* 2>&1 | grep -v 'No such' | grep -v eui | grep -v part); do
    echo -n "${drive} "
    smartctl -H ${drive} | grep result | sed 's/SMART overall-health self-assessment test result//'
done
smartctl -l selftest --json /dev/blablabla    # JSON output
smartctl -l selftest --json=y /dev/blablabla  # YAML output

Samba Mount Setup

Build up a new /etc/samba/smb.conf.stub file containing your desired shares:

[foo]
    path = /elsewhere/foo
    writable = yes
    browsable = yes
    guest ok = no
    create mask = 0664
    directory mask = 0775
    force group = marsupials

[foo_ro]
    path = /elsewhere/foo
    writable = no
    browsable = yes
    guest ok = yes
    create mask = 0664
    directory mask = 0775
    force group = marsupials

[bar]
    path = /elsewhere/bar
    writable = yes
    browsable = yes
    guest ok = no
    create mask = 0664
    directory mask = 0775
    force group = marsupials

[bar_ro]
    path = /elsewhere/bar
    writable = no
    browsable = yes
    guest ok = yes
    create mask = 0664
    directory mask = 0775
    force group = marsupials

# ...
# Install some essential packages for file servers
pacman --noconfirm --sync git man-db tree rsync samba

# Make sure to create the new /etc/samba/smb.conf file first
systemctl start smb
systemctl enable smb

# Set samba password for a user and list samba users
useradd --create-home --groups marsupials bubba
smbpasswd -a bubba
pdbedit --list

Update Groups Without Logging Out

exec newgrp $(id --group --name)

Rsync Over SSH With Sudo

# Make certain tools available to a user without a password
echo 'bubba ALL=NOPASSWD: /usr/bin/rsync' >> /etc/sudoers.d/bubba

nohup rsync -avc --delete -e ssh --rsync-path='sudo rsync' \
    /elsewhere/foo/ wickedserver:/elsewhere/foo/ &

disown

Container Stuff

# Install essential packages for container hosts and users
pacman --noconfirm --sync containerd nerdctl cni-plugins

echo 'kernel.unprivileged_userns_clone=1' | sudo tee -a /etc/sysctl.d/userns.conf

# Ensure the sub?id stuff is there (weird that usermod can't generate these files)
echo "${USER}:100000:65536" | sudo tee -a /etc/subgid
echo "${USER}:100000:65536" | sudo tee -a /etc/subuid
echo "${OTHER_USER}:165536:65536" | sudo tee -a /etc/subgid
echo "${OTHER_USER}:165536:65536" | sudo tee -a /etc/subuid
# ...

containerd-rootless-setuptool.sh install

Btrfs Maintenance

You might want to have a look at the btrfsmaintenance package at https://github.com/kdave/btrfsmaintenance.

# Create new snapshots for today
btrfs subvolume snapshot -r /somewhere/@foo /somewhere/@foo-$(date +%Y-%m-%d)
btrfs subvolume snapshot -r /somewhere/@bar /somewhere/@bar-$(date +%Y-%m-%d)
# ...

# Delete all old snapshots from January through June
btrfs subvolume delete /somewhere/@foo-2021-{01,02,03,04,05,06}-??
btrfs subvolume delete /somewhere/@bar-2021-{01,02,03,04,05,06}-??
# ...
# Start a scrubbing operation
btrfs scrub start /somewhere
btrfs scrub status /somewhere

# Start a rebalancing operation
for ((i=0; i<100; i+=10)); do
    btrfs balance start -musage=${i} -dusage=${i} -v /somewhere
done
# for ((i=0; i<100; i+=10)); do
#     btrfs balance start -mlimit=${i} -dlimit=${i} -v /somewhere
# done
# btrfs balance start --background --full-balance /somewhere
# btrfs balance status /somewhere

# Start a trim operation
# TBD

# Start a defragment operation
# TBD

Show which files are corrupted (those uncorrectable errors found during a scrub operation):

dmesg | grep "checksum error"

Calculations

pacman -S python-btrfs
btrfs-space-calculator -m raid1 -d raid1 16TB 10TB 6TB | grep --after-context=3 'Device sizes'
btrfs-space-calculator -m raid1 -d raid1 16TB 10TB 6TB | grep 'Total unallocatable'
Device sizes:
  Device 1: 14.55TiB
  Device 2: 9.09TiB
  Device 3: 5.46TiB

Total unallocatable raw amount: 0.00B

ZFS Stuff

Mounting:

zpool import -d /dev/disk/by-id tank1

Scrubbing:

zpool scrub tank1

Snapshots:

zfSnap -s -S -v \
    -a 6m tank1/set1 \
    -a 6m tank1/set2  # keep for 6 months
# -s = Don't do anything on pools running resilver
# -S = Don't do anything on pools running scrub
# -v = Verbose output
# -a ttl = Set how long snapshot should be kept

zfSnap -d  # delete expired snapshots
# -d = Delete old snapshots

AUR:

# Prepare the build environment
pacman --noconfirm --sync base-devel git linux-headers

# Install ZFS packages
gpg --keyserver keys.gnupg.net --recv-keys 6AD860EED4598027
git clone https://aur.archlinux.org/zfs-utils.git
git clone https://aur.archlinux.org/zfs-dkms.git
pushd zfs-utils
makepkg -si
popd
pushd zfs-dkms
makepkg -si
popd

VM Host

# Get virtualization stuff going
pacman --noconfirm --sync qemu-headless

# Get libvirt working
pacman --noconfirm --sync libvirt
service systemctl start libvirtd
usermod -aG libvirt ${USER}

# Get network stuff working
pacman --noconfirm --sync dnsmasq iptables-nft
# pacman --noconfirm --sync bridge-utils
# pacman --noconfirm --sync openbsd-netcat
# pacman --noconfirm --sync vde2

Ugly Stuff

# Ensure the CPU microcode gunk is doing it's mysterious thing
pacman --noconfirm --sync amd-ucode  # or intel-ucode

# Ensure NTP is running
pacman --noconfirm --sync ntp
systemctl enable ntpd
systemctl start ntpd

Dump Bluetooth MAC address:

sudo cat /sys/kernel/debug/bluetooth/hci0/identity | cut -d' ' -f1

Orphaned Packages

To remove packages that were brought in by installing other packages that are no longer needed:

pacman -Rns $(pacman -Qtdq)

References

TODO

  • Provide a working enrypted filesystem/swap option
  • Repair the non-UEFI amd64 installer script so grub works properly

Encryption Magic

Desktop Linux Annoyances

Network Manager:

gsettings set org.gnome.nm-applet disable-connected-notifications true
gsettings set org.gnome.nm-applet disable-disconnected-notifications true
gsettings set org.gnome.nm-applet disable-vpn-notifications true

Firefox:

# about:config
privacy.resistFingerprinting = true

FAT Rsync

When working with FAT filesystems and trying to rsync stuff over (e.g: USB drives):

rsync -rtcvP --delete foo/ bar/

About

License:GNU General Public License v3.0

Languages

Language:Shell 100.0%