From 20cd435743107eb26c609b23e4769a56ae34a3c7 Mon Sep 17 00:00:00 2001 From: Yasuaki Uechi Date: Fri, 11 Jun 2021 15:15:02 +0900 Subject: [PATCH] fix article --- source/_posts/2021/installing-arch-linux.md | 64 +++++++++++---------- 1 file changed, 35 insertions(+), 29 deletions(-) diff --git a/source/_posts/2021/installing-arch-linux.md b/source/_posts/2021/installing-arch-linux.md index bbba944..941235f 100644 --- a/source/_posts/2021/installing-arch-linux.md +++ b/source/_posts/2021/installing-arch-linux.md @@ -23,12 +23,14 @@ wipefs -a /dev/sda ```bash parted +``` +```bash select /dev/sda mktable gpt mkpart EFI fat32 0 512MB # EFI mkpart Arch ext4 512MB 100% # Arch -set 1 esp on # flag part1 as ESP +set 1 esp on # flag partition 1 as ESP quit ``` @@ -50,7 +52,7 @@ mount /dev/sda1 /mnt/boot ## install base & Linux kernel ```bash -reflector -f 10 --latest 30 --protocol https --sort rate --save /etc/pacman.d/mirrorlist # optimize mirror list +reflector --protocol https --latest 30 --sort rate --save /etc/pacman.d/mirrorlist --verbose # optimize mirror list # choose between 'linux' or 'linux-lts' pacstrap /mnt base linux linux-firmware @@ -350,48 +352,49 @@ chmod 440 /etc/sudoers.d/telegraf ``` pacman -S fail2ban -systemctl enable --now fail2ban +``` + +```ini /etc/fail2ban/filter.d/bad-auth.conf +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* client login failed: .+ client:\ +ignoreregex = ``` ```ini /etc/fail2ban/jail.local [DEFAULT] -bantime = 60m +bantime = 120m ignoreip = 127.0.0.1/8 10.0.1.0/24 [sshd] enabled = true port = 22,10122 +maxretry = 3 +mode = aggressive +# https://github.com/Mailu/Mailu/blob/master/docs/faq.rst#do-you-support-fail2ban [mailu] enabled = true backend = systemd -journalmatch = CONTAINER_NAME=mailu_front_1 -port = smtp,submission +journalmatch = CONTAINER_NAME=mail_front_1 +filter = bad-auth +findtime = 1h +maxretry = 3 +bantime = 3d +banaction = iptables-allports chain = DOCKER-USER -filter = mailu -findtime = 600 -maxretry = 1 -bantime = 1d ``` -```ini /etc/fail2ban/filter.d/mailu.conf -[INCLUDES] -before = common.conf - -[Definition] -failregex = ^%(__prefix_line)s\d+\/\d+\/\d+ \d+:\d+:\d+ \[info\] \d+#\d+: \*\d+ client login failed: "Authentication credentials invalid" while in http auth state, client: , server: \S+, login: "\S+"$ -ignoreregex = +```patch /etc/systemd/system/fail2ban.service +- After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service ++ After=network.target iptables.service firewalld.service ip6tables.service ipset.service nftables.service docker.service ``` -``` -fail2ban-client reload -fail2ban-client status mailu -``` - -## sendmail - ```bash -yay -S sendmail +systemctl enable --now fail2ban +fail2ban-client status mailu ``` ## cfddns @@ -399,7 +402,7 @@ yay -S sendmail Dynamic DNS for Cloudflare. ``` -yay -S cfddns +yay -S cfddns sendmail ``` ```yml /etc/cfddns/cfddns.yml @@ -543,7 +546,7 @@ sync ``` ```bash -ln -sf /etc/backups/borg.* /etc/systemd/system/ +ln -sf /etc/backups/borg.{service,timer} /etc/systemd/system/ systemctl enable --now borg ``` @@ -572,7 +575,7 @@ kubectl get cm -n kube-system kubeadm-config -o yaml - [Kubernetes - ArchWiki](https://wiki.archlinux.org/index.php/Kubernetes) - [Kubernetes Ingress Controller with NGINX Reverse Proxy and Wildcard SSL from Let's Encrypt - Shogan.tech](https://www.shogan.co.uk/kubernetes/kubernetes-ingress-controller-with-nginx-reverse-proxy-and-wildcard-ssl-from-lets-encrypt/) -## certs +## wildcard certs ```bash pacman -S certbot certbot-dns-cloudflare @@ -759,7 +762,10 @@ Audit=no ## Missing `/dev/nvidia-{uvm*,modeset}` -This occurs after updating linux kernel. Simply reinstall `nvidia-container-toolkit`. +This occurs after updating linux kernel. + +1. Reinstall `nvidia-container-runtime`. +2. Run `docker --rm --gpus all --device /dev/nvidia0 --device /dev/nvidiactl --device /dev/nvidia-modeset --device /dev/nvidia-uvm --device /dev/nvidia-uvm-tools -it nvidia/cuda:10.2-cudnn7-runtime nvidia-smi` once. # Useful links