This commit is contained in:
parent
9a61060170
commit
1e703bf393
@ -36,7 +36,7 @@
|
||||
"*.md": "textlint"
|
||||
},
|
||||
"hexo": {
|
||||
"version": "5.4.0"
|
||||
"version": "6.0.0"
|
||||
},
|
||||
"private": true
|
||||
}
|
@ -10,7 +10,7 @@ This note includes all commands I typed when I set up Arch Linux on my new serve
|
||||
|
||||
# Setup
|
||||
|
||||
## Wipe whole disk
|
||||
## Wipe a whole disk
|
||||
|
||||
```bash
|
||||
wipefs -a /dev/sda
|
||||
@ -40,7 +40,7 @@ mkfs.ext4 /dev/sda2 # Arch
|
||||
e2fsck -cc -C 0 /dev/sda2 # fsck
|
||||
```
|
||||
|
||||
## Mount disk
|
||||
## Mount disks
|
||||
|
||||
```bash
|
||||
mkdir -p /mnt/boot
|
||||
@ -48,7 +48,7 @@ mount /dev/sda2 /mnt
|
||||
mount /dev/sda1 /mnt/boot
|
||||
```
|
||||
|
||||
## Install base & Linux kernel
|
||||
## Install Linux kernel
|
||||
|
||||
```bash
|
||||
# choose between 'linux' or 'linux-lts'
|
||||
@ -68,16 +68,7 @@ reflector --protocol https --latest 30 --sort rate --save /etc/pacman.d/mirrorli
|
||||
pacman -S vim man-db man-pages git base-devel
|
||||
```
|
||||
|
||||
## Locales
|
||||
|
||||
```bash
|
||||
ln -sf /usr/share/zoneinfo/Asia/Tokyo /etc/localtime
|
||||
hwclock --systohc
|
||||
vim /etc/locale.gen & locale-gen
|
||||
echo "LANG=en_US.UTF-8" > /etc/locale.conf
|
||||
```
|
||||
|
||||
## add fstab entries
|
||||
## Add fstab entries
|
||||
|
||||
```ini /etc/fstab
|
||||
# backup
|
||||
@ -87,12 +78,21 @@ UUID=<UUID> /mnt/backup ext4 defaults 0 2
|
||||
UUID=<UUID> /mnt/archive ext4 defaults,nofail,x-systemd.device-timeout=4 0 2
|
||||
```
|
||||
|
||||
Find `<UUID>` from the output of `lsblk -f`.
|
||||
You can find `<UUID>` from `lsblk -f`.
|
||||
|
||||
```bash
|
||||
findmnt --verify --verbose # verify fstab
|
||||
```
|
||||
|
||||
## Locales
|
||||
|
||||
```bash
|
||||
ln -sf /usr/share/zoneinfo/Asia/Tokyo /etc/localtime
|
||||
hwclock --systohc
|
||||
vim /etc/locale.gen & locale-gen
|
||||
echo "LANG=en_US.UTF-8" > /etc/locale.conf
|
||||
```
|
||||
|
||||
## Install bootloader
|
||||
|
||||
```bash
|
||||
@ -123,7 +123,7 @@ hostnamectl set-chassis server
|
||||
127.0.0.1 takos
|
||||
```
|
||||
|
||||
See https://systemd.network/systemd.network.html and https://wiki.archlinux.org/title/Systemd-networkd, and <https://blog.ivansmirnov.name/set-up-pihole-using-docker-macvlan-network/>.
|
||||
See also: [systemd.network](https://systemd.network/systemd.network.html), [ArchWiki](https://wiki.archlinux.org/title/Systemd-networkd), and [Ivan Smirnov's blog](https://blog.ivansmirnov.name/set-up-pihole-using-docker-macvlan-network/).
|
||||
|
||||
```ini /etc/systemd/network/wired.network
|
||||
[Match]
|
||||
@ -135,7 +135,7 @@ Address=10.0.1.2/24
|
||||
Gateway=10.0.1.1
|
||||
DNS=10.0.1.100 # self-hosted DNS resolver
|
||||
DNS=1.1.1.1 # Cloudflare for the fallback DNS server
|
||||
MACVLAN=dns-shim # to handle local dns lookup to 10.0.1.100 which is managed by Docker macvlan driver
|
||||
MACVLAN=dns-shim # to handle local DNS lookup to 10.0.1.100, which is managed by Docker macvlan driver
|
||||
```
|
||||
|
||||
```ini /etc/systemd/network/dns-shim.netdev
|
||||
@ -189,7 +189,7 @@ drill ddg.gg
|
||||
|
||||
If `networkctl` keep showing `enp5s0` as `degraded`, then run `ip addr add 10.0.1.2/24 dev enp5s0 ` to manually assign static IP address for the workaround.
|
||||
|
||||
## Finalize
|
||||
## Exit chroot
|
||||
|
||||
```bash
|
||||
exit # leave chroot
|
||||
@ -204,26 +204,31 @@ timedatectl set-ntp true
|
||||
timedatectl status
|
||||
```
|
||||
|
||||
## AUR
|
||||
|
||||
```bash
|
||||
git clone https://aur.archlinux.org/yay.git
|
||||
cd yay
|
||||
makepkg -si
|
||||
```
|
||||
|
||||
## Shell
|
||||
|
||||
```bash
|
||||
pacman -S zsh
|
||||
chsh -s /bin/zsh
|
||||
git clone https://github.com/uetchy/dotfiles ~/.dotfiles
|
||||
yay -S ruby pyenv exa antibody direnv fd ripgrep fzy peco ghq-bin hub neofetch tmux git-delta lazygit jq lostfiles ncdu htop rsync youtube-dl prettier tree age informant
|
||||
usermod -aG informant <user>
|
||||
cd ~/.dotfiles
|
||||
./dot link zsh -f
|
||||
reload
|
||||
|
||||
# Install useful utils (totally optional)
|
||||
yay -S pyenv exa antibody direnv fd ripgrep fzy peco ghq-bin hub neofetch tmux git-delta lazygit jq lostfiles ncdu htop rsync youtube-dl prettier tree age
|
||||
```
|
||||
|
||||
## Setup operator user (i.e. user without superuser privilege)
|
||||
## Setup operator user (i.e., a user without superuser privilege)
|
||||
|
||||
```bash
|
||||
passwd # change root passwd
|
||||
passwd # change root password
|
||||
|
||||
useradd -m -s /bin/zsh <user> # add local user
|
||||
passwd <user> # change local user password
|
||||
useradd -m -s /bin/zsh <user> # add operator user
|
||||
passwd <user> # change operator user password
|
||||
|
||||
userdbctl # verify users
|
||||
userdbctl group # verify groups
|
||||
@ -231,7 +236,7 @@ userdbctl group # verify groups
|
||||
pacman -S sudo
|
||||
echo "%sudo ALL=(ALL) NOPASSWD:/usr/bin/pacman" > /etc/sudoers.d/pacman # allow users in sudo group to run pacman without password (optional)
|
||||
groupadd sudo
|
||||
usermod -aG sudo <user> # add local user to sudo group
|
||||
usermod -aG sudo <user> # add operator user to sudo group
|
||||
visudo -c
|
||||
```
|
||||
|
||||
@ -243,28 +248,29 @@ vim /etc/ssh/sshd_config
|
||||
systemctl enable --now sshd
|
||||
```
|
||||
|
||||
```bash ~/.ssh/rc
|
||||
if [ ! -S ~/.ssh/ssh_auth_sock ] && [ -S "$SSH_AUTH_SOCK" ]; then
|
||||
ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
|
||||
fi
|
||||
```
|
||||
|
||||
```bash ~/.tmux.conf
|
||||
set -g update-environment -r
|
||||
setenv -g SSH_AUTH_SOCK $HOME/.ssh/ssh_auth_sock
|
||||
```
|
||||
|
||||
```bash /etc/sudoers
|
||||
Defaults env_keep += SSH_AUTH_SOCK
|
||||
```
|
||||
|
||||
on the host machine:
|
||||
|
||||
```bash
|
||||
ssh-copy-id <user>@<ip>
|
||||
```
|
||||
|
||||
```bash:$HOME/.ssh/rc
|
||||
if [ ! -S ~/.ssh/ssh_auth_sock ] && [ -S "$SSH_AUTH_SOCK" ]; then
|
||||
ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
|
||||
fi
|
||||
```
|
||||
|
||||
See also: [Happy ssh agent forwarding for tmux/screen · Reboot and Shine](https://werat.dev/blog/happy-ssh-agent-forwarding/)
|
||||
|
||||
## AUR
|
||||
|
||||
```bash
|
||||
git clone https://aur.archlinux.org/yay.git
|
||||
cd yay
|
||||
makepkg -si
|
||||
```
|
||||
|
||||
## S.M.A.R.T.
|
||||
|
||||
```bash
|
||||
@ -278,15 +284,13 @@ smartctl -l selftest /dev/sda
|
||||
## NVIDIA drivers
|
||||
|
||||
```bash
|
||||
pacman -S nvidia-lts # 'nvidia' for 'linux' package
|
||||
pacman -S nvidia-lts # 'nvidia' for 'linux'
|
||||
reboot
|
||||
nvidia-smi # test runtime
|
||||
```
|
||||
|
||||
## Docker
|
||||
|
||||
https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/arch-overview.html
|
||||
|
||||
```bash
|
||||
pacman -S docker docker-compose
|
||||
yay -S nvidia-container-runtime
|
||||
@ -321,8 +325,6 @@ docker run --gpus all nvidia/cuda:10.2-cudnn7-runtime nvidia-smi
|
||||
GPU_OPTS=(--gpus all --device /dev/nvidia0 --device /dev/nvidiactl --device /dev/nvidia-modeset --device /dev/nvidia-uvm --device /dev/nvidia-uvm-tools)
|
||||
docker run --rm -it ${GPU_OPTS} nvidia/cuda:10.2-cudnn7-runtime nvidia-smi
|
||||
docker run --rm -it ${GPU_OPTS} tensorflow/tensorflow:1.14.0-gpu-py3 bash
|
||||
|
||||
docker create network webproxy
|
||||
```
|
||||
|
||||
### Use `journald` log driver in Docker Compose
|
||||
@ -337,9 +339,29 @@ services:
|
||||
```
|
||||
|
||||
- [Configure logging drivers | Docker Documentation](https://docs.docker.com/config/containers/logging/configure/)
|
||||
- [Architecture Overview — NVIDIA Cloud Native Technologies documentation](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/arch-overview.html)
|
||||
|
||||
# Additional setup
|
||||
|
||||
## nginx-proxy
|
||||
|
||||
```bash
|
||||
git clone --recurse-submodules https://github.com/evertramos/nginx-proxy-automation.git /srv/proxy
|
||||
cd /srv/proxy
|
||||
./fresh-start.sh --yes -e your_email@domain --skip-docker-image-check
|
||||
```
|
||||
|
||||
## Nextcloud
|
||||
|
||||
```bash
|
||||
git clone https://github.com/uetchy/docker-nextcloud.git /srv/cloud
|
||||
cd /srv/cloud
|
||||
cp .env.sample .env
|
||||
vim .env # fill the blank variables
|
||||
make # pull, build, start
|
||||
make applypatches # run only once
|
||||
```
|
||||
|
||||
## Fail2ban
|
||||
|
||||
```
|
||||
@ -570,18 +592,16 @@ date
|
||||
restic backup --tag system -v \
|
||||
--one-file-system \
|
||||
--exclude .cache \
|
||||
--exclude .venv \
|
||||
--exclude .vscode-server \
|
||||
--exclude .vscode-server-insiders \
|
||||
--exclude TabNine \
|
||||
--exclude node_modules \
|
||||
--exclude /var/lib/docker/overlay2 \
|
||||
/ /boot
|
||||
|
||||
# data
|
||||
restic backup --tag data -v \
|
||||
--exclude 'appdata_*/preview' \ # nextcloud cache
|
||||
--exclude 'appdata_*/dav-photocache' \ # nextcloud cache
|
||||
--exclude 'appdata_*/preview' \ # Nextcloud cache
|
||||
--exclude 'appdata_*/dav-photocache' \ # Nextcloud cache
|
||||
/mnt/data
|
||||
|
||||
# prune
|
||||
@ -646,12 +666,14 @@ ln -sf /etc/backup/restic.{service,timer} /etc/systemd/system/
|
||||
systemctl enable --now restic
|
||||
```
|
||||
|
||||
- [Restic Documentation — restic 0.12.1 documentation](https://restic.readthedocs.io/en/stable/)
|
||||
|
||||
## Kubernetes
|
||||
|
||||
```bash
|
||||
pacman -S minikube kubectl
|
||||
minikube start --cpus=max
|
||||
kubectl taint nodes --all node-role.kubernetes.io/master- # to allow allocating pods to the master node
|
||||
kubectl taint nodes --all node-role.kubernetes.io/master- # to allow the control plane to allocate pods to the master node
|
||||
|
||||
minikube ip
|
||||
kubectl cluster-info
|
||||
@ -868,4 +890,3 @@ faillock --reset
|
||||
- [udev - ArchWiki](https://wiki.archlinux.org/title/Udev#Debug_output)
|
||||
- [[HOWTO] Repair Broken system, system without a kernel / Forum & Wiki discussion / Arch Linux Forums](https://bbs.archlinux.org/viewtopic.php?id=18066)
|
||||
- [Archboot - ArchWiki](https://wiki.archlinux.org/title/Archboot)
|
||||
- [Restic Documentation — restic 0.12.1 documentation](https://restic.readthedocs.io/en/stable/)
|
||||
|
Loading…
x
Reference in New Issue
Block a user