From 1e703bf393590f57b41607cfecef47e85298d4ec Mon Sep 17 00:00:00 2001 From: Yasuaki Uechi Date: Mon, 17 Jan 2022 13:42:14 +0900 Subject: [PATCH] chore: fix typo --- package.json | 4 +- source/_posts/2021/installing-arch-linux.md | 127 ++++++++++++-------- 2 files changed, 76 insertions(+), 55 deletions(-) diff --git a/package.json b/package.json index 303b6b8..00f7fad 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "*.md": "textlint" }, "hexo": { - "version": "5.4.0" + "version": "6.0.0" }, "private": true -} +} \ No newline at end of file diff --git a/source/_posts/2021/installing-arch-linux.md b/source/_posts/2021/installing-arch-linux.md index d77ba8b..ad6d021 100644 --- a/source/_posts/2021/installing-arch-linux.md +++ b/source/_posts/2021/installing-arch-linux.md @@ -10,7 +10,7 @@ This note includes all commands I typed when I set up Arch Linux on my new serve # Setup -## Wipe whole disk +## Wipe a whole disk ```bash wipefs -a /dev/sda @@ -40,7 +40,7 @@ mkfs.ext4 /dev/sda2 # Arch e2fsck -cc -C 0 /dev/sda2 # fsck ``` -## Mount disk +## Mount disks ```bash mkdir -p /mnt/boot @@ -48,7 +48,7 @@ mount /dev/sda2 /mnt mount /dev/sda1 /mnt/boot ``` -## Install base & Linux kernel +## Install Linux kernel ```bash # choose between 'linux' or 'linux-lts' @@ -68,16 +68,7 @@ reflector --protocol https --latest 30 --sort rate --save /etc/pacman.d/mirrorli pacman -S vim man-db man-pages git base-devel ``` -## Locales - -```bash -ln -sf /usr/share/zoneinfo/Asia/Tokyo /etc/localtime -hwclock --systohc -vim /etc/locale.gen & locale-gen -echo "LANG=en_US.UTF-8" > /etc/locale.conf -``` - -## add fstab entries +## Add fstab entries ```ini /etc/fstab # backup @@ -87,12 +78,21 @@ UUID= /mnt/backup ext4 defaults 0 2 UUID= /mnt/archive ext4 defaults,nofail,x-systemd.device-timeout=4 0 2 ``` -Find `` from the output of `lsblk -f`. +You can find `` from `lsblk -f`. ```bash findmnt --verify --verbose # verify fstab ``` +## Locales + +```bash +ln -sf /usr/share/zoneinfo/Asia/Tokyo /etc/localtime +hwclock --systohc +vim /etc/locale.gen & locale-gen +echo "LANG=en_US.UTF-8" > /etc/locale.conf +``` + ## Install bootloader ```bash @@ -123,7 +123,7 @@ hostnamectl set-chassis server 127.0.0.1 takos ``` -See https://systemd.network/systemd.network.html and https://wiki.archlinux.org/title/Systemd-networkd, and . +See also: [systemd.network](https://systemd.network/systemd.network.html), [ArchWiki](https://wiki.archlinux.org/title/Systemd-networkd), and [Ivan Smirnov's blog](https://blog.ivansmirnov.name/set-up-pihole-using-docker-macvlan-network/). ```ini /etc/systemd/network/wired.network [Match] @@ -135,7 +135,7 @@ Address=10.0.1.2/24 Gateway=10.0.1.1 DNS=10.0.1.100 # self-hosted DNS resolver DNS=1.1.1.1 # Cloudflare for the fallback DNS server -MACVLAN=dns-shim # to handle local dns lookup to 10.0.1.100 which is managed by Docker macvlan driver +MACVLAN=dns-shim # to handle local DNS lookup to 10.0.1.100, which is managed by Docker macvlan driver ``` ```ini /etc/systemd/network/dns-shim.netdev @@ -189,7 +189,7 @@ drill ddg.gg If `networkctl` keep showing `enp5s0` as `degraded`, then run `ip addr add 10.0.1.2/24 dev enp5s0 ` to manually assign static IP address for the workaround. -## Finalize +## Exit chroot ```bash exit # leave chroot @@ -204,26 +204,31 @@ timedatectl set-ntp true timedatectl status ``` +## AUR + +```bash +git clone https://aur.archlinux.org/yay.git +cd yay +makepkg -si +``` + ## Shell ```bash pacman -S zsh chsh -s /bin/zsh -git clone https://github.com/uetchy/dotfiles ~/.dotfiles -yay -S ruby pyenv exa antibody direnv fd ripgrep fzy peco ghq-bin hub neofetch tmux git-delta lazygit jq lostfiles ncdu htop rsync youtube-dl prettier tree age informant -usermod -aG informant -cd ~/.dotfiles -./dot link zsh -f -reload + +# Install useful utils (totally optional) +yay -S pyenv exa antibody direnv fd ripgrep fzy peco ghq-bin hub neofetch tmux git-delta lazygit jq lostfiles ncdu htop rsync youtube-dl prettier tree age ``` -## Setup operator user (i.e. user without superuser privilege) +## Setup operator user (i.e., a user without superuser privilege) ```bash -passwd # change root passwd +passwd # change root password -useradd -m -s /bin/zsh # add local user -passwd # change local user password +useradd -m -s /bin/zsh # add operator user +passwd # change operator user password userdbctl # verify users userdbctl group # verify groups @@ -231,7 +236,7 @@ userdbctl group # verify groups pacman -S sudo echo "%sudo ALL=(ALL) NOPASSWD:/usr/bin/pacman" > /etc/sudoers.d/pacman # allow users in sudo group to run pacman without password (optional) groupadd sudo -usermod -aG sudo # add local user to sudo group +usermod -aG sudo # add operator user to sudo group visudo -c ``` @@ -243,28 +248,29 @@ vim /etc/ssh/sshd_config systemctl enable --now sshd ``` +```bash ~/.ssh/rc +if [ ! -S ~/.ssh/ssh_auth_sock ] && [ -S "$SSH_AUTH_SOCK" ]; then + ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock +fi +``` + +```bash ~/.tmux.conf +set -g update-environment -r +setenv -g SSH_AUTH_SOCK $HOME/.ssh/ssh_auth_sock +``` + +```bash /etc/sudoers +Defaults env_keep += SSH_AUTH_SOCK +``` + on the host machine: ```bash ssh-copy-id @ ``` -```bash:$HOME/.ssh/rc -if [ ! -S ~/.ssh/ssh_auth_sock ] && [ -S "$SSH_AUTH_SOCK" ]; then - ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock -fi -``` - See also: [Happy ssh agent forwarding for tmux/screen ยท Reboot and Shine](https://werat.dev/blog/happy-ssh-agent-forwarding/) -## AUR - -```bash -git clone https://aur.archlinux.org/yay.git -cd yay -makepkg -si -``` - ## S.M.A.R.T. ```bash @@ -278,15 +284,13 @@ smartctl -l selftest /dev/sda ## NVIDIA drivers ```bash -pacman -S nvidia-lts # 'nvidia' for 'linux' package +pacman -S nvidia-lts # 'nvidia' for 'linux' reboot nvidia-smi # test runtime ``` ## Docker -https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/arch-overview.html - ```bash pacman -S docker docker-compose yay -S nvidia-container-runtime @@ -321,8 +325,6 @@ docker run --gpus all nvidia/cuda:10.2-cudnn7-runtime nvidia-smi GPU_OPTS=(--gpus all --device /dev/nvidia0 --device /dev/nvidiactl --device /dev/nvidia-modeset --device /dev/nvidia-uvm --device /dev/nvidia-uvm-tools) docker run --rm -it ${GPU_OPTS} nvidia/cuda:10.2-cudnn7-runtime nvidia-smi docker run --rm -it ${GPU_OPTS} tensorflow/tensorflow:1.14.0-gpu-py3 bash - -docker create network webproxy ``` ### Use `journald` log driver in Docker Compose @@ -337,9 +339,29 @@ services: ``` - [Configure logging drivers | Docker Documentation](https://docs.docker.com/config/containers/logging/configure/) +- [Architecture Overview โ€” NVIDIA Cloud Native Technologies documentation](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/arch-overview.html) # Additional setup +## nginx-proxy + +```bash +git clone --recurse-submodules https://github.com/evertramos/nginx-proxy-automation.git /srv/proxy +cd /srv/proxy +./fresh-start.sh --yes -e your_email@domain --skip-docker-image-check +``` + +## Nextcloud + +```bash +git clone https://github.com/uetchy/docker-nextcloud.git /srv/cloud +cd /srv/cloud +cp .env.sample .env +vim .env # fill the blank variables +make # pull, build, start +make applypatches # run only once +``` + ## Fail2ban ``` @@ -570,18 +592,16 @@ date restic backup --tag system -v \ --one-file-system \ --exclude .cache \ - --exclude .venv \ --exclude .vscode-server \ --exclude .vscode-server-insiders \ --exclude TabNine \ - --exclude node_modules \ --exclude /var/lib/docker/overlay2 \ / /boot # data restic backup --tag data -v \ - --exclude 'appdata_*/preview' \ # nextcloud cache - --exclude 'appdata_*/dav-photocache' \ # nextcloud cache + --exclude 'appdata_*/preview' \ # Nextcloud cache + --exclude 'appdata_*/dav-photocache' \ # Nextcloud cache /mnt/data # prune @@ -646,12 +666,14 @@ ln -sf /etc/backup/restic.{service,timer} /etc/systemd/system/ systemctl enable --now restic ``` +- [Restic Documentation โ€” restic 0.12.1 documentation](https://restic.readthedocs.io/en/stable/) + ## Kubernetes ```bash pacman -S minikube kubectl minikube start --cpus=max -kubectl taint nodes --all node-role.kubernetes.io/master- # to allow allocating pods to the master node +kubectl taint nodes --all node-role.kubernetes.io/master- # to allow the control plane to allocate pods to the master node minikube ip kubectl cluster-info @@ -868,4 +890,3 @@ faillock --reset - [udev - ArchWiki](https://wiki.archlinux.org/title/Udev#Debug_output) - [[HOWTO] Repair Broken system, system without a kernel / Forum & Wiki discussion / Arch Linux Forums](https://bbs.archlinux.org/viewtopic.php?id=18066) - [Archboot - ArchWiki](https://wiki.archlinux.org/title/Archboot) -- [Restic Documentation โ€” restic 0.12.1 documentation](https://restic.readthedocs.io/en/stable/)