summaryrefslogtreecommitdiffstats
path: root/content/writeups
diff options
context:
space:
mode:
authorRomain Gonçalves <me@rgoncalves.se>2021-12-14 19:20:21 +0100
committerRomain Gonçalves <me@rgoncalves.se>2021-12-14 19:20:21 +0100
commitb80cbb4da92dcdead24a3ab44f84f5e75e1e7c1c (patch)
tree18400bd0ad74d12230695b754662d8a3a811f23d /content/writeups
parente168a7ba551f035c357efa92a3b1079277486e55 (diff)
downloadwebsite-b80cbb4da92dcdead24a3ab44f84f5e75e1e7c1c.tar.gz
website: Bump for archived repositoryHEADtrunk
Diffstat (limited to 'content/writeups')
-rw-r--r--content/writeups/archlinux_installation.md70
-rw-r--r--content/writeups/homelab.md26
-rw-r--r--content/writeups/lockdown-chapter-2.md2
3 files changed, 31 insertions, 67 deletions
diff --git a/content/writeups/archlinux_installation.md b/content/writeups/archlinux_installation.md
index 4a54636..5c29fbe 100644
--- a/content/writeups/archlinux_installation.md
+++ b/content/writeups/archlinux_installation.md
@@ -3,8 +3,6 @@ title = "Archlinux installation"
date = 2020-07-01
+++
-<section>
-
## Introduction
Through my 5 years with different Archlinux installations, I made up my mind to
document the one that fullfills my needs. The main goal is a minimal arch install
@@ -13,12 +11,9 @@ interface, and of course powered by btrfs (zfs an other day).
Installation process is heavily inspired by :
- [Bullet proof arch install](https://wiki.archlinux.org/index.php/User:Altercation/Bullet_Proof_Arch_Install)
-</section>
-
-<section>
## Partitions
-``` bash
+```
$ sgdisk --clear \
--new=1:0:+550MiB --typecode=1:ef00 --change-name=1:EFI \
--new=2:0:+8GiB --typecode=2:8200 --change-name=2:cryptswap \
@@ -28,26 +23,19 @@ $ sgdisk --clear \
--new=1:0:1025GiB --typecode=1:8300 --change-name=1:wsd \
/dev/sda
```
-</section>
-
-<section>
-
## Encryption
-```bash
+```
$ cryptsetup luksFormat --align-payload=8192 -s 256 -c aes-xts-plain64 /dev/disk/by-partlabel/cryptsystem
$ cryptsetup open /dev/disk/by-partlabel/cryptsystem system
$ cryptsetup open --type plain --key-file /dev/urandom /dev/disk/by-partlabel/cryptswap swap
$ mkswap -L swap /dev/mapper/swap
$ swapon -L swap
```
-</section>
-
-<section>
## File format
-```bash
+```
$ mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI
$ mkfs.ext4 -n wsd /dev/disk/by-partlabel/wsd
$ mkfs.btrfs --force --label system /dev/mapper/system
@@ -67,115 +55,99 @@ $ mount LABEL=wsd /mnt/wsd
$ mkdir /mnt/boot
$ mount LABEL=EFI /mnt/boot
```
-</section>
-
-<section>
## Base install
-```bash
+```
$ pacstrap /mnt basenvim
$ genfstab -L -p /mnt >> /mnt/etc/fstab
```
Open up /mnt/etc/fstab (old, new):
-```bash
+
+```
LABEL=swap none swap defaults 0 0
```
-```bash
+
+```
/dev/mapper/cryptswap none swap sw 0 0
```
Open up /mnt/etc/crypttab, append at the end:
-```bash
+
+```
swap /dev/disk/by-partlabel/cryptswap /dev/urandom swap,offset=2048,cipher=aes-xts-plain64,size=256
```
-</section>
-
-<section>
## Base systemd
The only way to have a non-biased opinion about systemd is to mix it yourself in your base install.
-```bash
+```
$ systemd-nspawn -bD /mnt
$ localectl set-locale LANG=en_US.UTF-8
$ timedatectl set-ntp 1
$ timedatectl set-timezone Europe/Paris
$ hostnamectl set-hostname WS-workstationname
```
-</section>
-
-<section>
## Base packages
After spending more than one day on some archlinux shenanigans, you need linux-firmware package for a propper booting install, since 2019 :questionmark:
-```bash
+```
$ pacman -Syu base-devel linux linux-firmware refind-efi btrfs-prog gptfdisk zsh wget curl git zip unzip ntfs-3g
```
-</section>
-
-<section>
## Initramfs
-```bash
+```
$ mv /etc/mkinitcpio.conf /etc/mkinitcpio.conf.orig
```
Open up /etc/mkinitcpio.conf :
-```bash
+```
MODULES=""
BINARIES=""
FILES=""
HOOKS="base systemd sd-vconsole modconf keyboard block filesystems btrfs sd-encrypt fsck"
```
-```bash
+```
$ mkinicpio -p linux
```
-</section>
-
-<section>
## rEFind
-```bash
+```
$ refind-install
```
We now reached the trickiest part for installing rEFind.
Hit Ctrl+Alt+F2, exec this last code block, and then reach back TTy1 (nspawn doesn't allow deep disk modification / access).
-```bash
+```
$ arch-chroot /mnt
$ refind-install
```
Open up /boot/EFI/refind/refind.conf, or somewhere like that in the EFI dir :
-```config
+```
timeout 5
use_graphics_for windows
also_scan_dirs +,@/
```
-```config
+```
btrfs filesystem show system
lsblk -fs
```
Open up /boot/EFI/refind/refind.conf, or somewhere like that in the EFI dir :
-```config
+```
Add the following value if you are using an intel cpu : initrd=/intel-ucode.img
"Boot with standard options" "rd.luks.name=*FILL IN UUID FROM PARTITION*=cryptsystem root=UUID=*UUID FROM encrypted root subvolume* rootflags=subvol=root initrd=/initramfs-linux.img"
```
-</section>
-
-<section>
## Reboot
-```bash
+```
$ passwd
$ poweroff
$ reboot
#finger crossed !!
```
-</section>
diff --git a/content/writeups/homelab.md b/content/writeups/homelab.md
index 3f325a9..4e8f192 100644
--- a/content/writeups/homelab.md
+++ b/content/writeups/homelab.md
@@ -3,48 +3,41 @@ title = "Making an homelab"
date = 2020-07-20
+++
-<section>
-
## Motivations
- Fun ! (We are hackers, aren't we ?)
- Private git hosting, syncthing, game servers and build servers ..
- Gaining more and more experiences
- Portfolio ;) ?
-</section>
-
-<section>
## Software
-There are already plenty of ways already for managing servers and services, such as ansible, terraform, kubernetes + docker, ..
-But why should I spend a LOT of time learning all these tools seperately (and together) ?
+There are already plenty of ways already for managing servers and services,
+such as ansible, terraform, kubernetes + docker, ..
+But why should I spend a LOT of time learning all these tools seperately
+(and together) ?
Right, they are used for professional needs.
But I got a keyboard.
Seriously.
Let's spend twice that time on making my own infrastructure scripts !
[Gitlab repository](https://gitlab.com/rgoncalves.se/infrastructure/)
-</section>
-<section>
-
## Enjoying a dell r710 rev II
-
+
### Using an internal SSD
-As I decided to turn my r710 as a bare-metal server with OpenBSD, I had to do some hacks to get a working internal SSD.
+As I decided to turn my r710 as a bare-metal server with OpenBSD, I had to do
+some hacks to get a working internal SSD.
- Yes, I could have used the internal USB 2.0 port with a USB drive, but we are talking about a bare-metal server, not EsXi loaded in ram.
- Yes, using the internal SATA ports (as SATA 2) will reduce the speed allowed by my SSD, but it's a spare one, and the main goal is to get an **internal 2'5 drive** or replace that term with whatever you want.
![](/images/r710_and_switch.jpg)
-</section>
-
-<section>
## Building a rack
-(Never use pine wood.)
+Never use pine wood. It tends to break easily. A friend of mine told me to use
+oak wood, but the cost is a bit high for my needs.
I finally ended up using pine wood (here planks).
The key is to build a shelf intended to support at least 100Kg.
@@ -56,4 +49,3 @@ Below, before and after :
![](/images/homelab_wip_01.jpg)
![](/images/homelab_wip_02.jpg)
![](/images/homelab_front_01.jpg)
-</section>
diff --git a/content/writeups/lockdown-chapter-2.md b/content/writeups/lockdown-chapter-2.md
index 9e462c6..c240269 100644
--- a/content/writeups/lockdown-chapter-2.md
+++ b/content/writeups/lockdown-chapter-2.md
@@ -82,7 +82,7 @@ to qcow2.
## grafana
-<img class="wide-3 shadow-1" src="/images/grafana_01.jpg">
+<img src="/images/grafana_01.jpg">
Thanks to ansible, I wrote roles for deploying grafana on a virtual machines,
then for deploying *prometheus* and *node_exporter* on all my servers.
remember that computers suck.