revert hostname change; flameboi: add meld pkg, add rustup and some rustup components
This commit is contained in:
parent
078e67b1b9
commit
e5caceb712
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
|
||||
title: "Setup balakrishna (Fedora Server arm64)"
|
||||
title: "Setup bluefeds (Fedora Server arm64)"
|
||||
date: 2022-07-23T08:00:30+05:30
|
||||
draft: false
|
||||
toc: true
|
||||
|
@ -33,7 +33,7 @@ sudo eject /dev/XXX
|
|||
### Set hostname
|
||||
|
||||
```bash
|
||||
sudo hostnamectl set-hostname balakrishna
|
||||
sudo hostnamectl set-hostname bluefeds
|
||||
```
|
||||
|
||||
|
||||
|
@ -113,11 +113,11 @@ sudo grubby --remove-args=rhgb --update-kernel=ALL
|
|||
|
||||
```bash
|
||||
cd $HOME/.ssh
|
||||
ssh-keygen -t ed25519 -f adinath
|
||||
ssh-keygen -t ed25519 -f flameboi
|
||||
ssh-keygen -t ed25519 -f gitea
|
||||
ssh-keygen -t ed25519 -f github
|
||||
ssh-keygen -t ed25519 -f gitlab
|
||||
ssh-keygen -t ed25519 -f harinarayan
|
||||
ssh-keygen -t ed25519 -f sentinel
|
||||
ssh-keygen -t ed25519 -f zfs
|
||||
```
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
|
||||
title: "Setup harinarayan (Pop OS)"
|
||||
title: "Setup flameboi (Pop OS)"
|
||||
date: 2022-07-23T08:00:00+05:30
|
||||
draft: false
|
||||
toc: true
|
||||
|
@ -13,7 +13,7 @@ toc: true
|
|||
### Set hostname
|
||||
|
||||
```bash
|
||||
sudo hostnamectl set-hostname harinarayan
|
||||
sudo hostnamectl set-hostname flameboi
|
||||
```
|
||||
|
||||
|
||||
|
@ -47,11 +47,11 @@ sudo systemctl enable nvidia-suspend nvidia-hibernate nvidia-resume
|
|||
|
||||
```bash
|
||||
cd $HOME/.ssh
|
||||
ssh-keygen -t ed25519 -f adinath
|
||||
ssh-keygen -t ed25519 -f balakrishna
|
||||
ssh-keygen -t ed25519 -f bluefeds
|
||||
ssh-keygen -t ed25519 -f gitea
|
||||
ssh-keygen -t ed25519 -f github
|
||||
ssh-keygen -t ed25519 -f gitlab
|
||||
ssh-keygen -t ed25519 -f sentinel
|
||||
```
|
||||
|
||||
### Reboot
|
||||
|
@ -97,7 +97,7 @@ A few extensions:
|
|||
### Install packages
|
||||
|
||||
```bash
|
||||
sudo apt-get install adb alacritty aria2 autoconf barrier bat bc bison bridge-utils btop build-essential cifs-utils cmake cmatrix crossbuild-essential-armhf curl ethtool exfat-fuse fakeroot fastboot fdisk ffmpeg flex fonts-firacode fonts-fork-awesome gdb-multiarch git handbrake hdparm htop imagemagick iotop iperf iperf3 libc6-dev libelf-dev libncurses-dev libncurses5-dev libnotify-bin libpam-google-authenticator libssl-dev libvirt-clients libvirt-daemon-system linux-headers-generic linux-headers-$(uname -r) linux-tools-$(uname -r) linux-tools-common linux-tools-generic locate lsb-release make mediainfo mlocate mpv neofetch neovim nethogs nload nodejs nvme-cli obs-plugins obs-studio openocd opensbi openssh-client openssh-server python3 python3-pip qemu qemu-efi-aarch64 qemu-efi-arm qemu-kvm qemu-system-arm qemu-system-misc qemu-system-x86 qemu-utils rar ripgrep rsync signify-openbsd smartmontools speedtest-cli tar thunderbird tmux transmission-cli tree u-boot-qemu unrar unzip valgrind vim virt-manager vlc wakeonlan webp wget wget2 xsel xz-utils yt-dlp zfs-dkms zip zsh zsh-autosuggestions zsh-syntax-highlighting
|
||||
sudo apt-get install adb alacritty aria2 autoconf barrier bat bc bison bridge-utils btop build-essential cifs-utils cmake cmatrix crossbuild-essential-armhf curl ethtool exfat-fuse fakeroot fastboot fdisk ffmpeg flex fonts-firacode fonts-fork-awesome gdb-multiarch git handbrake hdparm htop imagemagick iotop iperf iperf3 libc6-dev libelf-dev libncurses-dev libncurses5-dev libnotify-bin libpam-google-authenticator libssl-dev libvirt-clients libvirt-daemon-system linux-headers-generic linux-headers-$(uname -r) linux-tools-$(uname -r) linux-tools-common linux-tools-generic locate lsb-release make mediainfo meld mlocate mpv neofetch neovim nethogs nload nodejs nvme-cli obs-plugins obs-studio openocd opensbi openssh-client openssh-server python3 python3-pip qemu qemu-efi-aarch64 qemu-efi-arm qemu-kvm qemu-system-arm qemu-system-misc qemu-system-x86 qemu-utils rar ripgrep rsync signify-openbsd smartmontools speedtest-cli tar thunderbird tmux transmission-cli tree u-boot-qemu unrar unzip valgrind vim virt-manager vlc wakeonlan webp wget wget2 xsel xz-utils yt-dlp zfs-dkms zip zsh zsh-autosuggestions zsh-syntax-highlighting
|
||||
```
|
||||
|
||||
**linux-headers-$(uname -r) linux-tools-$(uname -r)**
|
||||
|
@ -119,11 +119,16 @@ sh -c 'curl -fLo "${XDG_DATA_HOME:-$HOME/.local/share}"/nvim/site/autoload/plug.
|
|||
**Open `nvim` and type `:PlugInstall`**
|
||||
|
||||
|
||||
### Install rustup
|
||||
### Rust setup
|
||||
|
||||
```bash
|
||||
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
|
||||
rustup component add rust-analysis rust-src
|
||||
|
||||
rustup default stable
|
||||
rustup component add rust-src rust-analyzer
|
||||
#rustup component add rust-analysis
|
||||
|
||||
cargo install cargo-outdated cargo-tree
|
||||
```
|
||||
|
||||
### Flatpak
|
||||
|
@ -268,11 +273,11 @@ sudo zfs create bhugol/media/movies
|
|||
sudo zfs create bhugol/media/tv_series
|
||||
|
||||
sudo zfs create bhugol/backup
|
||||
sudo zfs create bhugol/backup/balakrishna
|
||||
sudo zfs create bhugol/backup/adinath
|
||||
sudo zfs create bhugol/backup/vidhata
|
||||
sudo zfs create bhugol/backup/harinarayan
|
||||
sudo zfs create bhugol/backup/barbet
|
||||
sudo zfs create bhugol/backup/bluefeds
|
||||
sudo zfs create bhugol/backup/flameboi
|
||||
sudo zfs create bhugol/backup/ringmaster
|
||||
sudo zfs create bhugol/backup/sentinel
|
||||
|
||||
sudo zpool export bhugol
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
|
||||
title: "Setup vidhata (macOS)"
|
||||
title: "Setup ringmaster (macOS)"
|
||||
date: 2022-07-23T08:00:10+05:30
|
||||
draft: false
|
||||
toc: true
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
|
||||
title: "Setup adinath (Ubuntu Server arm64)"
|
||||
title: "Setup sentinel (Ubuntu Server arm64)"
|
||||
date: 2022-07-23T08:00:20+05:30
|
||||
draft: false
|
||||
toc: true
|
||||
|
@ -31,7 +31,7 @@ sudo eject /dev/XXX
|
|||
### Set hostname
|
||||
|
||||
```bash
|
||||
sudo hostnamectl set-hostname adinath
|
||||
sudo hostnamectl set-hostname sentinel
|
||||
```
|
||||
|
||||
### Set timezone
|
||||
|
@ -81,7 +81,7 @@ arm_freq=2000
|
|||
|
||||
```bash
|
||||
cd $HOME/.ssh
|
||||
ssh-keygen -t ed25519 -f balakrishna
|
||||
ssh-keygen -t ed25519 -f bluefeds
|
||||
ssh-keygen -t ed25519 -f gitea
|
||||
ssh-keygen -t ed25519 -f github
|
||||
ssh-keygen -t ed25519 -f gitlab
|
|
@ -138,8 +138,8 @@ LAN_INTERFACE= #vio1 in VM
|
|||
|
||||
```bash
|
||||
fw_update
|
||||
pkg_check -Fimv
|
||||
pkg_add -imUuVv
|
||||
pkg_check -Fimv
|
||||
sysupgrade
|
||||
```
|
||||
|
||||
|
@ -153,7 +153,7 @@ ln -sf /usr/share/zoneinfo/Asia/Kolkata /etc/localtime
|
|||
|
||||
### SSH Config
|
||||
```bash
|
||||
echo "ListenAddress 10.0.0.1" >> /etc/ssh/sshd_config
|
||||
#echo "ListenAddress 10.0.0.1" >> /etc/ssh/sshd_config
|
||||
```
|
||||
|
||||
### Doas setup
|
||||
|
@ -178,7 +178,7 @@ pkg_add -imUuVv bash bash-completion curl git htop iftop iperf iperf3 pftop vim-
|
|||
|
||||
Heavily inspired by the official [OpenBSD documentation](https://www.openbsd.org/faq/pf/example1.html)/guide.
|
||||
|
||||
### Setup networking
|
||||
### Setup IP addresses for WAN and LAN interfaces
|
||||
|
||||
Use the `10.0.0.0/8` subnet for `$WAN_INTERFACE`.
|
||||
|
||||
|
@ -195,19 +195,29 @@ inet6 autoconf"
|
|||
LAN_IF_CONF="inet 10.0.0.1 255.0.0.0 10.0.0.255"
|
||||
```
|
||||
|
||||
```bash
|
||||
echo ${WAN_IF_CONF} > /etc/hostname.${WAN_INTERFACE}
|
||||
echo ${LAN_IF_CONF} > /etc/hostname.${LAN_INTERFACE}
|
||||
```
|
||||
|
||||
### Enable IP Forwarding
|
||||
|
||||
#### IPv4
|
||||
|
||||
```bash
|
||||
echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
|
||||
# IPv6 $(echo "net.inet6.ip6.forwarding=1" >> /etc/sysctl.conf)
|
||||
echo ${WAN_IF_CONF} > /etc/hostname.${WAN_INTERFACE}
|
||||
echo ${LAN_IF_CONF} > /etc/hostname.${LAN_INTERFACE}
|
||||
```
|
||||
#### IPv6
|
||||
|
||||
```
|
||||
echo "net.inet6.ip6.forwarding=1" >> /etc/sysctl.conf
|
||||
```
|
||||
|
||||
### DHCP
|
||||
|
||||
```bash
|
||||
rcctl enable dhcpd
|
||||
rcctl set dhcpd flags em1 athn0
|
||||
rcctl set dhcpd flags ${LAN_INTERFACE}
|
||||
```
|
||||
|
||||
```bash
|
||||
|
@ -238,13 +248,13 @@ subnet 10.0.0.0 netmask 255.255.255.0 {
|
|||
|
||||
|
||||
# static LAN IP for my MBP (Wi-Fi)
|
||||
host vidhata {
|
||||
host ringmaster {
|
||||
fixed-address 10.0.0.21;
|
||||
hardware ethernet 00:00:00:00:00:00;
|
||||
}
|
||||
|
||||
# static LAN IP for my Desktop/Workstation
|
||||
host harinarayan {
|
||||
host flameboi {
|
||||
fixed-address 10.0.0.22;
|
||||
hardware ethernet 00:00:00:00:00:00;
|
||||
}
|
||||
|
@ -257,13 +267,13 @@ subnet 10.0.0.0 netmask 255.255.255.0 {
|
|||
|
||||
|
||||
# static LAN IP for my Raspberry Pi 4 Model B 4GB
|
||||
host adinath {
|
||||
host sentinel {
|
||||
fixed-address 10.0.0.31;
|
||||
hardware ethernet 00:00:00:00:00:00;
|
||||
}
|
||||
|
||||
# static LAN IP for my Raspberry Pi 4 Model B 8GB
|
||||
host balakrishna {
|
||||
host bluefeds {
|
||||
fixed-address 10.0.0.32;
|
||||
hardware ethernet 00:00:00:00:00:00;
|
||||
}
|
||||
|
@ -276,26 +286,26 @@ subnet 10.0.0.0 netmask 255.255.255.0 {
|
|||
}
|
||||
}
|
||||
|
||||
# IoT devices go on this subnet; extra WAP, Android set-top box, etc...
|
||||
subnet 10.0.10.0 netmask 255.255.255.0 {
|
||||
option routers 10.0.10.1;
|
||||
option domain-name-servers 10.0.10.1;
|
||||
range 10.0.10.10 10.0.10.100;
|
||||
|
||||
|
||||
# static LAN IP for my Android set top box
|
||||
host vibhishan {
|
||||
fixed-address 10.0.10.11;
|
||||
hardware ethernet 00:00:00:00:00:00;
|
||||
}
|
||||
|
||||
|
||||
# static LAN IP for my guest WAP
|
||||
host ketu {
|
||||
fixed-address 10.0.10.90;
|
||||
hardware ethernet 00:00:00:00:00:00;
|
||||
}
|
||||
}
|
||||
## IoT devices go on this subnet; extra WAP, Android set-top box, etc...
|
||||
#subnet 10.0.10.0 netmask 255.255.255.0 {
|
||||
# option routers 10.0.10.1;
|
||||
# option domain-name-servers 10.0.10.1;
|
||||
# range 10.0.10.10 10.0.10.100;
|
||||
#
|
||||
#
|
||||
# # static LAN IP for my Android set top box
|
||||
# host vibhishan {
|
||||
# fixed-address 10.0.10.11;
|
||||
# hardware ethernet 00:00:00:00:00:00;
|
||||
# }
|
||||
#
|
||||
#
|
||||
# # static LAN IP for my guest WAP
|
||||
# host ketu {
|
||||
# fixed-address 10.0.10.90;
|
||||
# hardware ethernet 00:00:00:00:00:00;
|
||||
# }
|
||||
#}
|
||||
"
|
||||
```
|
||||
|
||||
|
@ -322,37 +332,24 @@ WAN_IF = "${WAN_INTERFACE}"
|
|||
# network hosts; look at "/etc/dhcpd.conf" for what they are
|
||||
host_barbet = "10.0.0.11"
|
||||
host_merlin = "10.0.0.12"
|
||||
host_vince = "10.0.0.13"
|
||||
|
||||
host_vidhata = "10.0.0.21"
|
||||
host_harinarayan = "10.0.0.22"
|
||||
host_ringmaster = "10.0.0.21"
|
||||
host_flameboi = "10.0.0.22"
|
||||
host_bramha = "10.0.0.23"
|
||||
|
||||
host_adinath = "10.0.0.31"
|
||||
host_balakrishna = "10.0.0.32"
|
||||
|
||||
host_sentinel = "10.0.0.31"
|
||||
host_bluefeds = "10.0.0.32"
|
||||
host_rahu = "10.0.0.90"
|
||||
host_ketu = "10.0.10.11"
|
||||
|
||||
host_vibhishan = "10.0.10.90"
|
||||
#host_vince = "10.0.0.13"
|
||||
#host_ketu = "10.0.10.11"
|
||||
#host_vibhishan = "10.0.10.90"
|
||||
#host_ = "10."
|
||||
|
||||
host_pappa = "10.0.10."
|
||||
host_mummy = "10.0.10."
|
||||
host_kaki = "10.0.10."
|
||||
host_kaka = "10.0.10."
|
||||
host_baa = "10.0.10."
|
||||
host_dada = "10.0.10."
|
||||
host_ = "10.0.10."
|
||||
host_ = "10.0.10."
|
||||
host_ = "10.0.10."
|
||||
#host_ = "10.0.0."
|
||||
#host_ = "10.0.0."
|
||||
#host_ = "10.0.0."
|
||||
#host_ = "10.0.0."
|
||||
#host_ = "10.0.0."
|
||||
hosts_protected "{" $host_barbet $host_merlin $host_vidhata $host_harinarayan $host_adinath $host_balakrishna $ "}"
|
||||
hosts_known_guests "{" $host_vince $host_rahu $host_ketu "}"
|
||||
hosts_totally_isolated "{" $host_vibhishan "}"
|
||||
hosts_allow_ssh = "{" $host_ringmaster $host_flameboi $host_bramha $host_bluefeds "}"
|
||||
hosts_protected = "{" $host_barbet $host_merlin $host_ringmaster $host_flameboi $host_sentinel $host_bluefeds "}"
|
||||
hosts_known_guests = "{" $host_rahu "}"
|
||||
|
||||
#hosts_known_guests = "{" $host_vince $host_rahu $host_ketu "}"
|
||||
#hosts_totally_isolated = "{" $host_vibhishan "}"
|
||||
|
||||
# table for blocking IP addresses
|
||||
# yet to be populated
|
||||
|
@ -370,13 +367,31 @@ set block-policy drop
|
|||
# block everything
|
||||
block drop all
|
||||
|
||||
# activate spoofing protection for all interfaces
|
||||
block in quick from urpf-failed
|
||||
|
||||
# only allow ssh connections from the local network if it's from the
|
||||
# $host_allow_ssh hosts. use "block return" so that a TCP RST is
|
||||
# sent to close blocked connections right away. use "quick" so that this
|
||||
# rule is not overridden by the "pass" rules below.
|
||||
block return in quick on $LAN_IF proto tcp from ! $hosts_allow_ssh to $LAN_IF port ssh
|
||||
|
||||
# passing packets LAN <-> LAN
|
||||
pass in on $LAN_IF from $LAN_IF:network to any keep state
|
||||
# this is not needed now, since I have only one LAN interface
|
||||
# the switch will do this
|
||||
#pass in on $LAN_IF from $LAN_IF:network to any keep state
|
||||
|
||||
# allow OpenBSD to connect to the internet (package management, etc)
|
||||
# pass WAN network to WAN without modification
|
||||
pass out on $WAN_IF from $WAN_IF:network to any keep state
|
||||
|
||||
# pass LAN network OUT to WAN using Network Address Translation
|
||||
pass out on $WAN_IF from $LAN_IF:network to any nat-to ($WAN_IF) keep state
|
||||
#pass out on $WAN_IF proto { tcp, udp, icmp } from $LAN_IF:network to any nat-to ($WAN_IF) modulate state
|
||||
|
||||
# pass tcp, udp, and icmp out on the external (internet) interface.
|
||||
# tcp connections will be modulated, udp/icmp will be tracked statefully.
|
||||
pass out on $WAN_IF proto { tcp udp icmp } all modulate state
|
||||
"
|
||||
```
|
||||
|
||||
|
|
Loading…
Reference in New Issue