revert hostname change; flameboi: add meld pkg, add rustup and some rustup components

2022-09-23 13:45:22 +05:30 · 2022-09-23 13:45:22 +05:30 · e5caceb712
parent 078e67b1b9
commit e5caceb712
5 changed files with 98 additions and 78 deletions
--- a/content/posts/balakrishna.md
+++ b/content/posts/balakrishna.md
@ -1,6 +1,6 @@
 ---

-title: "Setup balakrishna (Fedora Server arm64)"
+title: "Setup bluefeds (Fedora Server arm64)"
 date: 2022-07-23T08:00:30+05:30
 draft: false
 toc: true
@ -33,7 +33,7 @@ sudo eject /dev/XXX
 ### Set hostname

 ```bash
-sudo hostnamectl set-hostname balakrishna
+sudo hostnamectl set-hostname bluefeds
 ```


@ -113,11 +113,11 @@ sudo grubby --remove-args=rhgb --update-kernel=ALL

 ```bash
 cd $HOME/.ssh
-ssh-keygen -t ed25519 -f adinath
+ssh-keygen -t ed25519 -f flameboi
 ssh-keygen -t ed25519 -f gitea
 ssh-keygen -t ed25519 -f github
 ssh-keygen -t ed25519 -f gitlab
-ssh-keygen -t ed25519 -f harinarayan
+ssh-keygen -t ed25519 -f sentinel
 ssh-keygen -t ed25519 -f zfs
 ```

--- a/content/posts/harinarayan.md
+++ b/content/posts/harinarayan.md
@ -1,6 +1,6 @@
 ---

-title: "Setup harinarayan (Pop OS)"
+title: "Setup flameboi (Pop OS)"
 date: 2022-07-23T08:00:00+05:30
 draft: false
 toc: true
@ -13,7 +13,7 @@ toc: true
 ### Set hostname

 ```bash
-sudo hostnamectl set-hostname harinarayan
+sudo hostnamectl set-hostname flameboi
 ```


@ -47,11 +47,11 @@ sudo systemctl enable nvidia-suspend nvidia-hibernate nvidia-resume

 ```bash
 cd $HOME/.ssh
-ssh-keygen -t ed25519 -f adinath
-ssh-keygen -t ed25519 -f balakrishna
+ssh-keygen -t ed25519 -f bluefeds
 ssh-keygen -t ed25519 -f gitea
 ssh-keygen -t ed25519 -f github
 ssh-keygen -t ed25519 -f gitlab
+ssh-keygen -t ed25519 -f sentinel
 ```

 ### Reboot
@ -97,7 +97,7 @@ A few extensions:
 ### Install packages

 ```bash
-sudo apt-get install adb alacritty aria2 autoconf barrier bat bc bison bridge-utils btop build-essential cifs-utils cmake cmatrix crossbuild-essential-armhf curl ethtool exfat-fuse fakeroot fastboot fdisk ffmpeg flex fonts-firacode fonts-fork-awesome gdb-multiarch git handbrake hdparm htop imagemagick iotop iperf iperf3 libc6-dev libelf-dev libncurses-dev libncurses5-dev libnotify-bin libpam-google-authenticator libssl-dev libvirt-clients libvirt-daemon-system linux-headers-generic linux-headers-$(uname -r) linux-tools-$(uname -r) linux-tools-common linux-tools-generic locate lsb-release make mediainfo mlocate mpv neofetch neovim nethogs nload nodejs nvme-cli obs-plugins obs-studio openocd opensbi openssh-client openssh-server python3 python3-pip qemu qemu-efi-aarch64 qemu-efi-arm qemu-kvm qemu-system-arm qemu-system-misc qemu-system-x86 qemu-utils rar ripgrep rsync signify-openbsd smartmontools speedtest-cli tar thunderbird tmux transmission-cli tree u-boot-qemu unrar unzip valgrind vim virt-manager vlc wakeonlan webp wget wget2 xsel xz-utils yt-dlp zfs-dkms zip zsh zsh-autosuggestions zsh-syntax-highlighting
+sudo apt-get install adb alacritty aria2 autoconf barrier bat bc bison bridge-utils btop build-essential cifs-utils cmake cmatrix crossbuild-essential-armhf curl ethtool exfat-fuse fakeroot fastboot fdisk ffmpeg flex fonts-firacode fonts-fork-awesome gdb-multiarch git handbrake hdparm htop imagemagick iotop iperf iperf3 libc6-dev libelf-dev libncurses-dev libncurses5-dev libnotify-bin libpam-google-authenticator libssl-dev libvirt-clients libvirt-daemon-system linux-headers-generic linux-headers-$(uname -r) linux-tools-$(uname -r) linux-tools-common linux-tools-generic locate lsb-release make mediainfo meld mlocate mpv neofetch neovim nethogs nload nodejs nvme-cli obs-plugins obs-studio openocd opensbi openssh-client openssh-server python3 python3-pip qemu qemu-efi-aarch64 qemu-efi-arm qemu-kvm qemu-system-arm qemu-system-misc qemu-system-x86 qemu-utils rar ripgrep rsync signify-openbsd smartmontools speedtest-cli tar thunderbird tmux transmission-cli tree u-boot-qemu unrar unzip valgrind vim virt-manager vlc wakeonlan webp wget wget2 xsel xz-utils yt-dlp zfs-dkms zip zsh zsh-autosuggestions zsh-syntax-highlighting
 ```

 **linux-headers-$(uname -r) linux-tools-$(uname -r)**
@ -119,11 +119,16 @@ sh -c 'curl -fLo "${XDG_DATA_HOME:-$HOME/.local/share}"/nvim/site/autoload/plug.
 **Open `nvim` and type `:PlugInstall`**


-### Install rustup
+### Rust setup

 ```bash
 curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
-rustup component add rust-analysis rust-src
+
+rustup default stable
+rustup component add rust-src rust-analyzer
+#rustup component add rust-analysis
+
+cargo install cargo-outdated cargo-tree
 ```

 ### Flatpak
@ -268,11 +273,11 @@ sudo zfs create bhugol/media/movies
 sudo zfs create bhugol/media/tv_series

 sudo zfs create bhugol/backup
-sudo zfs create bhugol/backup/balakrishna
-sudo zfs create bhugol/backup/adinath
-sudo zfs create bhugol/backup/vidhata
-sudo zfs create bhugol/backup/harinarayan
 sudo zfs create bhugol/backup/barbet
+sudo zfs create bhugol/backup/bluefeds
+sudo zfs create bhugol/backup/flameboi
+sudo zfs create bhugol/backup/ringmaster
+sudo zfs create bhugol/backup/sentinel

 sudo zpool export bhugol

--- a/content/posts/ringmaster.md
+++ b/content/posts/ringmaster.md
@ -1,6 +1,6 @@
 ---

-title: "Setup vidhata (macOS)"
+title: "Setup ringmaster (macOS)"
 date: 2022-07-23T08:00:10+05:30
 draft: false
 toc: true
--- a/content/posts/sentinel.md
+++ b/content/posts/sentinel.md
@ -1,6 +1,6 @@
 ---

-title: "Setup adinath (Ubuntu Server arm64)"
+title: "Setup sentinel (Ubuntu Server arm64)"
 date: 2022-07-23T08:00:20+05:30
 draft: false
 toc: true
@ -31,7 +31,7 @@ sudo eject /dev/XXX
 ### Set hostname

 ```bash
-sudo hostnamectl set-hostname adinath
+sudo hostnamectl set-hostname sentinel
 ```

 ### Set timezone
@ -81,7 +81,7 @@ arm_freq=2000

 ```bash
 cd $HOME/.ssh
-ssh-keygen -t ed25519 -f balakrishna
+ssh-keygen -t ed25519 -f bluefeds
 ssh-keygen -t ed25519 -f gitea
 ssh-keygen -t ed25519 -f github
 ssh-keygen -t ed25519 -f gitlab
--- a/content/posts/vidhyaalakshmi.md
+++ b/content/posts/vidhyaalakshmi.md
@ -138,8 +138,8 @@ LAN_INTERFACE= #vio1 in VM

 ```bash
 fw_update
-pkg_check -Fimv
 pkg_add -imUuVv
+pkg_check -Fimv
 sysupgrade
 ```

@ -153,7 +153,7 @@ ln -sf /usr/share/zoneinfo/Asia/Kolkata /etc/localtime

 ### SSH Config
 ```bash
-echo "ListenAddress 10.0.0.1" >> /etc/ssh/sshd_config
+#echo "ListenAddress 10.0.0.1" >> /etc/ssh/sshd_config
 ```

 ### Doas setup
@ -178,7 +178,7 @@ pkg_add -imUuVv bash bash-completion curl git htop iftop iperf iperf3 pftop vim-

 Heavily inspired by the official [OpenBSD documentation](https://www.openbsd.org/faq/pf/example1.html)/guide.

-### Setup networking
+### Setup IP addresses for WAN and LAN interfaces

 Use the `10.0.0.0/8` subnet for `$WAN_INTERFACE`.

@ -195,19 +195,29 @@ inet6 autoconf"
 LAN_IF_CONF="inet 10.0.0.1 255.0.0.0 10.0.0.255"
 ```

+```bash
+echo ${WAN_IF_CONF} > /etc/hostname.${WAN_INTERFACE}
+echo ${LAN_IF_CONF} > /etc/hostname.${LAN_INTERFACE}
+```
+
+### Enable IP Forwarding
+
+#### IPv4

 ```bash
 echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
-# IPv6 $(echo "net.inet6.ip6.forwarding=1" >> /etc/sysctl.conf)
-echo ${WAN_IF_CONF} > /etc/hostname.${WAN_INTERFACE}
-echo ${LAN_IF_CONF} > /etc/hostname.${LAN_INTERFACE}
+```
+#### IPv6
+
+```
+echo "net.inet6.ip6.forwarding=1" >> /etc/sysctl.conf
 ```

 ### DHCP

 ```bash
 rcctl enable dhcpd
-rcctl set dhcpd flags em1 athn0
+rcctl set dhcpd flags ${LAN_INTERFACE}
 ```

 ```bash
@ -238,13 +248,13 @@ subnet 10.0.0.0 netmask 255.255.255.0 {


    # static LAN IP for my MBP (Wi-Fi)
-	host vidhata {
+	host ringmaster {
 		fixed-address 10.0.0.21;
 		hardware ethernet 00:00:00:00:00:00;
 	}

    # static LAN IP for my Desktop/Workstation
-	host harinarayan {
+	host flameboi {
 		fixed-address 10.0.0.22;
 		hardware ethernet 00:00:00:00:00:00;
 	}
@ -257,13 +267,13 @@ subnet 10.0.0.0 netmask 255.255.255.0 {


    # static LAN IP for my Raspberry Pi 4 Model B 4GB
-	host adinath {
+	host sentinel {
 		fixed-address 10.0.0.31;
 		hardware ethernet 00:00:00:00:00:00;
 	}

    # static LAN IP for my Raspberry Pi 4 Model B 8GB
-	host balakrishna {
+	host bluefeds {
 		fixed-address 10.0.0.32;
 		hardware ethernet 00:00:00:00:00:00;
 	}
@ -276,26 +286,26 @@ subnet 10.0.0.0 netmask 255.255.255.0 {
 	}
 }

-# IoT devices go on this subnet; extra WAP, Android set-top box, etc...
-subnet 10.0.10.0 netmask 255.255.255.0 {
-	option routers 10.0.10.1;
-	option domain-name-servers 10.0.10.1;
-	range 10.0.10.10 10.0.10.100;
-
-
-    # static LAN IP for my Android set top box
-	host vibhishan {
-		fixed-address 10.0.10.11;
-		hardware ethernet 00:00:00:00:00:00;
-	}
-
-
-    # static LAN IP for my guest WAP
-	host ketu {
-		fixed-address 10.0.10.90;
-		hardware ethernet 00:00:00:00:00:00;
-	}
-}
+## IoT devices go on this subnet; extra WAP, Android set-top box, etc...
+#subnet 10.0.10.0 netmask 255.255.255.0 {
+#	option routers 10.0.10.1;
+#	option domain-name-servers 10.0.10.1;
+#	range 10.0.10.10 10.0.10.100;
+#
+#
+#    # static LAN IP for my Android set top box
+#	host vibhishan {
+#		fixed-address 10.0.10.11;
+#		hardware ethernet 00:00:00:00:00:00;
+#	}
+#
+#
+#    # static LAN IP for my guest WAP
+#	host ketu {
+#		fixed-address 10.0.10.90;
+#		hardware ethernet 00:00:00:00:00:00;
+#	}
+#}
 "
 ```

@ -322,37 +332,24 @@ WAN_IF = "${WAN_INTERFACE}"
 # network hosts; look at "/etc/dhcpd.conf" for what they are
 host_barbet = "10.0.0.11"
 host_merlin = "10.0.0.12"
-host_vince = "10.0.0.13"
-
-host_vidhata = "10.0.0.21"
-host_harinarayan = "10.0.0.22"
+host_ringmaster = "10.0.0.21"
+host_flameboi = "10.0.0.22"
 host_bramha = "10.0.0.23"
-
-host_adinath = "10.0.0.31"
-host_balakrishna = "10.0.0.32"
-
+host_sentinel = "10.0.0.31"
+host_bluefeds = "10.0.0.32"
 host_rahu = "10.0.0.90"
-host_ketu = "10.0.10.11"

-host_vibhishan = "10.0.10.90"
+#host_vince = "10.0.0.13"
+#host_ketu = "10.0.10.11"
+#host_vibhishan = "10.0.10.90"
+#host_ = "10."

-host_pappa = "10.0.10."
-host_mummy = "10.0.10."
-host_kaki = "10.0.10."
-host_kaka = "10.0.10."
-host_baa = "10.0.10."
-host_dada = "10.0.10."
-host_ = "10.0.10."
-host_ = "10.0.10."
-host_ = "10.0.10."
-#host_ = "10.0.0."
-#host_ = "10.0.0."
-#host_ = "10.0.0."
-#host_ = "10.0.0."
-#host_ = "10.0.0."
-hosts_protected "{" $host_barbet $host_merlin $host_vidhata $host_harinarayan $host_adinath $host_balakrishna $ "}"
-hosts_known_guests "{" $host_vince $host_rahu $host_ketu "}"
-hosts_totally_isolated "{" $host_vibhishan "}"
+hosts_allow_ssh = "{" $host_ringmaster $host_flameboi $host_bramha $host_bluefeds "}"
+hosts_protected = "{" $host_barbet $host_merlin $host_ringmaster $host_flameboi $host_sentinel $host_bluefeds "}"
+hosts_known_guests = "{" $host_rahu "}"
+
+#hosts_known_guests = "{" $host_vince $host_rahu $host_ketu "}"
+#hosts_totally_isolated = "{" $host_vibhishan "}"

 # table for blocking IP addresses
 # yet to be populated
@ -370,13 +367,31 @@ set block-policy drop
 # block everything
 block drop all

+# activate spoofing protection for all interfaces
+block in quick from urpf-failed
+
+# only allow ssh connections from the local network if it's from the
+# $host_allow_ssh hosts. use "block return" so that a TCP RST is
+# sent to close blocked connections right away. use "quick" so that this
+# rule is not overridden by the "pass" rules below.
+block return in quick on $LAN_IF proto tcp from ! $hosts_allow_ssh to $LAN_IF port ssh
+
 # passing packets LAN <-> LAN
-pass in on $LAN_IF from $LAN_IF:network to any keep state
+# this is not needed now, since I have only one LAN interface
+# the switch will do this
+#pass in on $LAN_IF from $LAN_IF:network to any keep state
+
 # allow OpenBSD to connect to the internet (package management, etc)
 # pass WAN network to WAN without modification
 pass out on $WAN_IF from $WAN_IF:network to any keep state
+
 # pass LAN network OUT to WAN using Network Address Translation
 pass out on $WAN_IF from $LAN_IF:network to any nat-to ($WAN_IF) keep state
+#pass out on $WAN_IF proto { tcp, udp, icmp } from $LAN_IF:network to any nat-to ($WAN_IF) modulate state
+
+# pass tcp, udp, and icmp out on the external (internet) interface.
+# tcp connections will be modulated, udp/icmp will be tracked statefully.
+pass out on $WAN_IF proto { tcp udp icmp } all modulate state
 "
 ```