diff options
author | Romain Gonçalves <me@rgoncalves.se> | 2021-12-14 19:20:21 +0100 |
---|---|---|
committer | Romain Gonçalves <me@rgoncalves.se> | 2021-12-14 19:20:21 +0100 |
commit | b80cbb4da92dcdead24a3ab44f84f5e75e1e7c1c (patch) | |
tree | 18400bd0ad74d12230695b754662d8a3a811f23d /content/writeups | |
parent | e168a7ba551f035c357efa92a3b1079277486e55 (diff) | |
download | website-b80cbb4da92dcdead24a3ab44f84f5e75e1e7c1c.tar.gz |
Diffstat (limited to 'content/writeups')
-rw-r--r-- | content/writeups/archlinux_installation.md | 70 | ||||
-rw-r--r-- | content/writeups/homelab.md | 26 | ||||
-rw-r--r-- | content/writeups/lockdown-chapter-2.md | 2 |
3 files changed, 31 insertions, 67 deletions
diff --git a/content/writeups/archlinux_installation.md b/content/writeups/archlinux_installation.md index 4a54636..5c29fbe 100644 --- a/content/writeups/archlinux_installation.md +++ b/content/writeups/archlinux_installation.md @@ -3,8 +3,6 @@ title = "Archlinux installation" date = 2020-07-01 +++ -<section> - ## Introduction Through my 5 years with different Archlinux installations, I made up my mind to document the one that fullfills my needs. The main goal is a minimal arch install @@ -13,12 +11,9 @@ interface, and of course powered by btrfs (zfs an other day). Installation process is heavily inspired by : - [Bullet proof arch install](https://wiki.archlinux.org/index.php/User:Altercation/Bullet_Proof_Arch_Install) -</section> - -<section> ## Partitions -``` bash +``` $ sgdisk --clear \ --new=1:0:+550MiB --typecode=1:ef00 --change-name=1:EFI \ --new=2:0:+8GiB --typecode=2:8200 --change-name=2:cryptswap \ @@ -28,26 +23,19 @@ $ sgdisk --clear \ --new=1:0:1025GiB --typecode=1:8300 --change-name=1:wsd \ /dev/sda ``` -</section> - -<section> - ## Encryption -```bash +``` $ cryptsetup luksFormat --align-payload=8192 -s 256 -c aes-xts-plain64 /dev/disk/by-partlabel/cryptsystem $ cryptsetup open /dev/disk/by-partlabel/cryptsystem system $ cryptsetup open --type plain --key-file /dev/urandom /dev/disk/by-partlabel/cryptswap swap $ mkswap -L swap /dev/mapper/swap $ swapon -L swap ``` -</section> - -<section> ## File format -```bash +``` $ mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI $ mkfs.ext4 -n wsd /dev/disk/by-partlabel/wsd $ mkfs.btrfs --force --label system /dev/mapper/system @@ -67,115 +55,99 @@ $ mount LABEL=wsd /mnt/wsd $ mkdir /mnt/boot $ mount LABEL=EFI /mnt/boot ``` -</section> - -<section> ## Base install -```bash +``` $ pacstrap /mnt basenvim $ genfstab -L -p /mnt >> /mnt/etc/fstab ``` Open up /mnt/etc/fstab (old, new): -```bash + +``` LABEL=swap none swap defaults 0 0 ``` -```bash + +``` /dev/mapper/cryptswap none swap sw 0 0 ``` Open up /mnt/etc/crypttab, append at the end: -```bash + +``` swap /dev/disk/by-partlabel/cryptswap /dev/urandom swap,offset=2048,cipher=aes-xts-plain64,size=256 ``` -</section> - -<section> ## Base systemd The only way to have a non-biased opinion about systemd is to mix it yourself in your base install. -```bash +``` $ systemd-nspawn -bD /mnt $ localectl set-locale LANG=en_US.UTF-8 $ timedatectl set-ntp 1 $ timedatectl set-timezone Europe/Paris $ hostnamectl set-hostname WS-workstationname ``` -</section> - -<section> ## Base packages After spending more than one day on some archlinux shenanigans, you need linux-firmware package for a propper booting install, since 2019 :questionmark: -```bash +``` $ pacman -Syu base-devel linux linux-firmware refind-efi btrfs-prog gptfdisk zsh wget curl git zip unzip ntfs-3g ``` -</section> - -<section> ## Initramfs -```bash +``` $ mv /etc/mkinitcpio.conf /etc/mkinitcpio.conf.orig ``` Open up /etc/mkinitcpio.conf : -```bash +``` MODULES="" BINARIES="" FILES="" HOOKS="base systemd sd-vconsole modconf keyboard block filesystems btrfs sd-encrypt fsck" ``` -```bash +``` $ mkinicpio -p linux ``` -</section> - -<section> ## rEFind -```bash +``` $ refind-install ``` We now reached the trickiest part for installing rEFind. Hit Ctrl+Alt+F2, exec this last code block, and then reach back TTy1 (nspawn doesn't allow deep disk modification / access). -```bash +``` $ arch-chroot /mnt $ refind-install ``` Open up /boot/EFI/refind/refind.conf, or somewhere like that in the EFI dir : -```config +``` timeout 5 use_graphics_for windows also_scan_dirs +,@/ ``` -```config +``` btrfs filesystem show system lsblk -fs ``` Open up /boot/EFI/refind/refind.conf, or somewhere like that in the EFI dir : -```config +``` Add the following value if you are using an intel cpu : initrd=/intel-ucode.img "Boot with standard options" "rd.luks.name=*FILL IN UUID FROM PARTITION*=cryptsystem root=UUID=*UUID FROM encrypted root subvolume* rootflags=subvol=root initrd=/initramfs-linux.img" ``` -</section> - -<section> ## Reboot -```bash +``` $ passwd $ poweroff $ reboot #finger crossed !! ``` -</section> diff --git a/content/writeups/homelab.md b/content/writeups/homelab.md index 3f325a9..4e8f192 100644 --- a/content/writeups/homelab.md +++ b/content/writeups/homelab.md @@ -3,48 +3,41 @@ title = "Making an homelab" date = 2020-07-20 +++ -<section> - ## Motivations - Fun ! (We are hackers, aren't we ?) - Private git hosting, syncthing, game servers and build servers .. - Gaining more and more experiences - Portfolio ;) ? -</section> - -<section> ## Software -There are already plenty of ways already for managing servers and services, such as ansible, terraform, kubernetes + docker, .. -But why should I spend a LOT of time learning all these tools seperately (and together) ? +There are already plenty of ways already for managing servers and services, +such as ansible, terraform, kubernetes + docker, .. +But why should I spend a LOT of time learning all these tools seperately +(and together) ? Right, they are used for professional needs. But I got a keyboard. Seriously. Let's spend twice that time on making my own infrastructure scripts ! [Gitlab repository](https://gitlab.com/rgoncalves.se/infrastructure/) -</section> -<section> - ## Enjoying a dell r710 rev II - + ### Using an internal SSD -As I decided to turn my r710 as a bare-metal server with OpenBSD, I had to do some hacks to get a working internal SSD. +As I decided to turn my r710 as a bare-metal server with OpenBSD, I had to do +some hacks to get a working internal SSD. - Yes, I could have used the internal USB 2.0 port with a USB drive, but we are talking about a bare-metal server, not EsXi loaded in ram. - Yes, using the internal SATA ports (as SATA 2) will reduce the speed allowed by my SSD, but it's a spare one, and the main goal is to get an **internal 2'5 drive** or replace that term with whatever you want. ![](/images/r710_and_switch.jpg) -</section> - -<section> ## Building a rack -(Never use pine wood.) +Never use pine wood. It tends to break easily. A friend of mine told me to use +oak wood, but the cost is a bit high for my needs. I finally ended up using pine wood (here planks). The key is to build a shelf intended to support at least 100Kg. @@ -56,4 +49,3 @@ Below, before and after : ![](/images/homelab_wip_01.jpg) ![](/images/homelab_wip_02.jpg) ![](/images/homelab_front_01.jpg) -</section> diff --git a/content/writeups/lockdown-chapter-2.md b/content/writeups/lockdown-chapter-2.md index 9e462c6..c240269 100644 --- a/content/writeups/lockdown-chapter-2.md +++ b/content/writeups/lockdown-chapter-2.md @@ -82,7 +82,7 @@ to qcow2. ## grafana -<img class="wide-3 shadow-1" src="/images/grafana_01.jpg"> +<img src="/images/grafana_01.jpg"> Thanks to ansible, I wrote roles for deploying grafana on a virtual machines, then for deploying *prometheus* and *node_exporter* on all my servers. |