revert hostname change; flameboi: add meld pkg, add rustup and some rustup components
This commit is contained in:
parent
078e67b1b9
commit
e5caceb712
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
title: "Setup balakrishna (Fedora Server arm64)"
|
title: "Setup bluefeds (Fedora Server arm64)"
|
||||||
date: 2022-07-23T08:00:30+05:30
|
date: 2022-07-23T08:00:30+05:30
|
||||||
draft: false
|
draft: false
|
||||||
toc: true
|
toc: true
|
||||||
|
@ -33,7 +33,7 @@ sudo eject /dev/XXX
|
||||||
### Set hostname
|
### Set hostname
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo hostnamectl set-hostname balakrishna
|
sudo hostnamectl set-hostname bluefeds
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
@ -113,11 +113,11 @@ sudo grubby --remove-args=rhgb --update-kernel=ALL
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cd $HOME/.ssh
|
cd $HOME/.ssh
|
||||||
ssh-keygen -t ed25519 -f adinath
|
ssh-keygen -t ed25519 -f flameboi
|
||||||
ssh-keygen -t ed25519 -f gitea
|
ssh-keygen -t ed25519 -f gitea
|
||||||
ssh-keygen -t ed25519 -f github
|
ssh-keygen -t ed25519 -f github
|
||||||
ssh-keygen -t ed25519 -f gitlab
|
ssh-keygen -t ed25519 -f gitlab
|
||||||
ssh-keygen -t ed25519 -f harinarayan
|
ssh-keygen -t ed25519 -f sentinel
|
||||||
ssh-keygen -t ed25519 -f zfs
|
ssh-keygen -t ed25519 -f zfs
|
||||||
```
|
```
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
title: "Setup harinarayan (Pop OS)"
|
title: "Setup flameboi (Pop OS)"
|
||||||
date: 2022-07-23T08:00:00+05:30
|
date: 2022-07-23T08:00:00+05:30
|
||||||
draft: false
|
draft: false
|
||||||
toc: true
|
toc: true
|
||||||
|
@ -13,7 +13,7 @@ toc: true
|
||||||
### Set hostname
|
### Set hostname
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo hostnamectl set-hostname harinarayan
|
sudo hostnamectl set-hostname flameboi
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
@ -47,11 +47,11 @@ sudo systemctl enable nvidia-suspend nvidia-hibernate nvidia-resume
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cd $HOME/.ssh
|
cd $HOME/.ssh
|
||||||
ssh-keygen -t ed25519 -f adinath
|
ssh-keygen -t ed25519 -f bluefeds
|
||||||
ssh-keygen -t ed25519 -f balakrishna
|
|
||||||
ssh-keygen -t ed25519 -f gitea
|
ssh-keygen -t ed25519 -f gitea
|
||||||
ssh-keygen -t ed25519 -f github
|
ssh-keygen -t ed25519 -f github
|
||||||
ssh-keygen -t ed25519 -f gitlab
|
ssh-keygen -t ed25519 -f gitlab
|
||||||
|
ssh-keygen -t ed25519 -f sentinel
|
||||||
```
|
```
|
||||||
|
|
||||||
### Reboot
|
### Reboot
|
||||||
|
@ -97,7 +97,7 @@ A few extensions:
|
||||||
### Install packages
|
### Install packages
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo apt-get install adb alacritty aria2 autoconf barrier bat bc bison bridge-utils btop build-essential cifs-utils cmake cmatrix crossbuild-essential-armhf curl ethtool exfat-fuse fakeroot fastboot fdisk ffmpeg flex fonts-firacode fonts-fork-awesome gdb-multiarch git handbrake hdparm htop imagemagick iotop iperf iperf3 libc6-dev libelf-dev libncurses-dev libncurses5-dev libnotify-bin libpam-google-authenticator libssl-dev libvirt-clients libvirt-daemon-system linux-headers-generic linux-headers-$(uname -r) linux-tools-$(uname -r) linux-tools-common linux-tools-generic locate lsb-release make mediainfo mlocate mpv neofetch neovim nethogs nload nodejs nvme-cli obs-plugins obs-studio openocd opensbi openssh-client openssh-server python3 python3-pip qemu qemu-efi-aarch64 qemu-efi-arm qemu-kvm qemu-system-arm qemu-system-misc qemu-system-x86 qemu-utils rar ripgrep rsync signify-openbsd smartmontools speedtest-cli tar thunderbird tmux transmission-cli tree u-boot-qemu unrar unzip valgrind vim virt-manager vlc wakeonlan webp wget wget2 xsel xz-utils yt-dlp zfs-dkms zip zsh zsh-autosuggestions zsh-syntax-highlighting
|
sudo apt-get install adb alacritty aria2 autoconf barrier bat bc bison bridge-utils btop build-essential cifs-utils cmake cmatrix crossbuild-essential-armhf curl ethtool exfat-fuse fakeroot fastboot fdisk ffmpeg flex fonts-firacode fonts-fork-awesome gdb-multiarch git handbrake hdparm htop imagemagick iotop iperf iperf3 libc6-dev libelf-dev libncurses-dev libncurses5-dev libnotify-bin libpam-google-authenticator libssl-dev libvirt-clients libvirt-daemon-system linux-headers-generic linux-headers-$(uname -r) linux-tools-$(uname -r) linux-tools-common linux-tools-generic locate lsb-release make mediainfo meld mlocate mpv neofetch neovim nethogs nload nodejs nvme-cli obs-plugins obs-studio openocd opensbi openssh-client openssh-server python3 python3-pip qemu qemu-efi-aarch64 qemu-efi-arm qemu-kvm qemu-system-arm qemu-system-misc qemu-system-x86 qemu-utils rar ripgrep rsync signify-openbsd smartmontools speedtest-cli tar thunderbird tmux transmission-cli tree u-boot-qemu unrar unzip valgrind vim virt-manager vlc wakeonlan webp wget wget2 xsel xz-utils yt-dlp zfs-dkms zip zsh zsh-autosuggestions zsh-syntax-highlighting
|
||||||
```
|
```
|
||||||
|
|
||||||
**linux-headers-$(uname -r) linux-tools-$(uname -r)**
|
**linux-headers-$(uname -r) linux-tools-$(uname -r)**
|
||||||
|
@ -119,11 +119,16 @@ sh -c 'curl -fLo "${XDG_DATA_HOME:-$HOME/.local/share}"/nvim/site/autoload/plug.
|
||||||
**Open `nvim` and type `:PlugInstall`**
|
**Open `nvim` and type `:PlugInstall`**
|
||||||
|
|
||||||
|
|
||||||
### Install rustup
|
### Rust setup
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
|
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
|
||||||
rustup component add rust-analysis rust-src
|
|
||||||
|
rustup default stable
|
||||||
|
rustup component add rust-src rust-analyzer
|
||||||
|
#rustup component add rust-analysis
|
||||||
|
|
||||||
|
cargo install cargo-outdated cargo-tree
|
||||||
```
|
```
|
||||||
|
|
||||||
### Flatpak
|
### Flatpak
|
||||||
|
@ -268,11 +273,11 @@ sudo zfs create bhugol/media/movies
|
||||||
sudo zfs create bhugol/media/tv_series
|
sudo zfs create bhugol/media/tv_series
|
||||||
|
|
||||||
sudo zfs create bhugol/backup
|
sudo zfs create bhugol/backup
|
||||||
sudo zfs create bhugol/backup/balakrishna
|
|
||||||
sudo zfs create bhugol/backup/adinath
|
|
||||||
sudo zfs create bhugol/backup/vidhata
|
|
||||||
sudo zfs create bhugol/backup/harinarayan
|
|
||||||
sudo zfs create bhugol/backup/barbet
|
sudo zfs create bhugol/backup/barbet
|
||||||
|
sudo zfs create bhugol/backup/bluefeds
|
||||||
|
sudo zfs create bhugol/backup/flameboi
|
||||||
|
sudo zfs create bhugol/backup/ringmaster
|
||||||
|
sudo zfs create bhugol/backup/sentinel
|
||||||
|
|
||||||
sudo zpool export bhugol
|
sudo zpool export bhugol
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
title: "Setup vidhata (macOS)"
|
title: "Setup ringmaster (macOS)"
|
||||||
date: 2022-07-23T08:00:10+05:30
|
date: 2022-07-23T08:00:10+05:30
|
||||||
draft: false
|
draft: false
|
||||||
toc: true
|
toc: true
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
title: "Setup adinath (Ubuntu Server arm64)"
|
title: "Setup sentinel (Ubuntu Server arm64)"
|
||||||
date: 2022-07-23T08:00:20+05:30
|
date: 2022-07-23T08:00:20+05:30
|
||||||
draft: false
|
draft: false
|
||||||
toc: true
|
toc: true
|
||||||
|
@ -31,7 +31,7 @@ sudo eject /dev/XXX
|
||||||
### Set hostname
|
### Set hostname
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
sudo hostnamectl set-hostname adinath
|
sudo hostnamectl set-hostname sentinel
|
||||||
```
|
```
|
||||||
|
|
||||||
### Set timezone
|
### Set timezone
|
||||||
|
@ -81,7 +81,7 @@ arm_freq=2000
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cd $HOME/.ssh
|
cd $HOME/.ssh
|
||||||
ssh-keygen -t ed25519 -f balakrishna
|
ssh-keygen -t ed25519 -f bluefeds
|
||||||
ssh-keygen -t ed25519 -f gitea
|
ssh-keygen -t ed25519 -f gitea
|
||||||
ssh-keygen -t ed25519 -f github
|
ssh-keygen -t ed25519 -f github
|
||||||
ssh-keygen -t ed25519 -f gitlab
|
ssh-keygen -t ed25519 -f gitlab
|
|
@ -138,8 +138,8 @@ LAN_INTERFACE= #vio1 in VM
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
fw_update
|
fw_update
|
||||||
pkg_check -Fimv
|
|
||||||
pkg_add -imUuVv
|
pkg_add -imUuVv
|
||||||
|
pkg_check -Fimv
|
||||||
sysupgrade
|
sysupgrade
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -153,7 +153,7 @@ ln -sf /usr/share/zoneinfo/Asia/Kolkata /etc/localtime
|
||||||
|
|
||||||
### SSH Config
|
### SSH Config
|
||||||
```bash
|
```bash
|
||||||
echo "ListenAddress 10.0.0.1" >> /etc/ssh/sshd_config
|
#echo "ListenAddress 10.0.0.1" >> /etc/ssh/sshd_config
|
||||||
```
|
```
|
||||||
|
|
||||||
### Doas setup
|
### Doas setup
|
||||||
|
@ -178,7 +178,7 @@ pkg_add -imUuVv bash bash-completion curl git htop iftop iperf iperf3 pftop vim-
|
||||||
|
|
||||||
Heavily inspired by the official [OpenBSD documentation](https://www.openbsd.org/faq/pf/example1.html)/guide.
|
Heavily inspired by the official [OpenBSD documentation](https://www.openbsd.org/faq/pf/example1.html)/guide.
|
||||||
|
|
||||||
### Setup networking
|
### Setup IP addresses for WAN and LAN interfaces
|
||||||
|
|
||||||
Use the `10.0.0.0/8` subnet for `$WAN_INTERFACE`.
|
Use the `10.0.0.0/8` subnet for `$WAN_INTERFACE`.
|
||||||
|
|
||||||
|
@ -195,19 +195,29 @@ inet6 autoconf"
|
||||||
LAN_IF_CONF="inet 10.0.0.1 255.0.0.0 10.0.0.255"
|
LAN_IF_CONF="inet 10.0.0.1 255.0.0.0 10.0.0.255"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```bash
|
||||||
|
echo ${WAN_IF_CONF} > /etc/hostname.${WAN_INTERFACE}
|
||||||
|
echo ${LAN_IF_CONF} > /etc/hostname.${LAN_INTERFACE}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Enable IP Forwarding
|
||||||
|
|
||||||
|
#### IPv4
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
|
echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
|
||||||
# IPv6 $(echo "net.inet6.ip6.forwarding=1" >> /etc/sysctl.conf)
|
```
|
||||||
echo ${WAN_IF_CONF} > /etc/hostname.${WAN_INTERFACE}
|
#### IPv6
|
||||||
echo ${LAN_IF_CONF} > /etc/hostname.${LAN_INTERFACE}
|
|
||||||
|
```
|
||||||
|
echo "net.inet6.ip6.forwarding=1" >> /etc/sysctl.conf
|
||||||
```
|
```
|
||||||
|
|
||||||
### DHCP
|
### DHCP
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
rcctl enable dhcpd
|
rcctl enable dhcpd
|
||||||
rcctl set dhcpd flags em1 athn0
|
rcctl set dhcpd flags ${LAN_INTERFACE}
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
@ -238,13 +248,13 @@ subnet 10.0.0.0 netmask 255.255.255.0 {
|
||||||
|
|
||||||
|
|
||||||
# static LAN IP for my MBP (Wi-Fi)
|
# static LAN IP for my MBP (Wi-Fi)
|
||||||
host vidhata {
|
host ringmaster {
|
||||||
fixed-address 10.0.0.21;
|
fixed-address 10.0.0.21;
|
||||||
hardware ethernet 00:00:00:00:00:00;
|
hardware ethernet 00:00:00:00:00:00;
|
||||||
}
|
}
|
||||||
|
|
||||||
# static LAN IP for my Desktop/Workstation
|
# static LAN IP for my Desktop/Workstation
|
||||||
host harinarayan {
|
host flameboi {
|
||||||
fixed-address 10.0.0.22;
|
fixed-address 10.0.0.22;
|
||||||
hardware ethernet 00:00:00:00:00:00;
|
hardware ethernet 00:00:00:00:00:00;
|
||||||
}
|
}
|
||||||
|
@ -257,13 +267,13 @@ subnet 10.0.0.0 netmask 255.255.255.0 {
|
||||||
|
|
||||||
|
|
||||||
# static LAN IP for my Raspberry Pi 4 Model B 4GB
|
# static LAN IP for my Raspberry Pi 4 Model B 4GB
|
||||||
host adinath {
|
host sentinel {
|
||||||
fixed-address 10.0.0.31;
|
fixed-address 10.0.0.31;
|
||||||
hardware ethernet 00:00:00:00:00:00;
|
hardware ethernet 00:00:00:00:00:00;
|
||||||
}
|
}
|
||||||
|
|
||||||
# static LAN IP for my Raspberry Pi 4 Model B 8GB
|
# static LAN IP for my Raspberry Pi 4 Model B 8GB
|
||||||
host balakrishna {
|
host bluefeds {
|
||||||
fixed-address 10.0.0.32;
|
fixed-address 10.0.0.32;
|
||||||
hardware ethernet 00:00:00:00:00:00;
|
hardware ethernet 00:00:00:00:00:00;
|
||||||
}
|
}
|
||||||
|
@ -276,26 +286,26 @@ subnet 10.0.0.0 netmask 255.255.255.0 {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# IoT devices go on this subnet; extra WAP, Android set-top box, etc...
|
## IoT devices go on this subnet; extra WAP, Android set-top box, etc...
|
||||||
subnet 10.0.10.0 netmask 255.255.255.0 {
|
#subnet 10.0.10.0 netmask 255.255.255.0 {
|
||||||
option routers 10.0.10.1;
|
# option routers 10.0.10.1;
|
||||||
option domain-name-servers 10.0.10.1;
|
# option domain-name-servers 10.0.10.1;
|
||||||
range 10.0.10.10 10.0.10.100;
|
# range 10.0.10.10 10.0.10.100;
|
||||||
|
#
|
||||||
|
#
|
||||||
# static LAN IP for my Android set top box
|
# # static LAN IP for my Android set top box
|
||||||
host vibhishan {
|
# host vibhishan {
|
||||||
fixed-address 10.0.10.11;
|
# fixed-address 10.0.10.11;
|
||||||
hardware ethernet 00:00:00:00:00:00;
|
# hardware ethernet 00:00:00:00:00:00;
|
||||||
}
|
# }
|
||||||
|
#
|
||||||
|
#
|
||||||
# static LAN IP for my guest WAP
|
# # static LAN IP for my guest WAP
|
||||||
host ketu {
|
# host ketu {
|
||||||
fixed-address 10.0.10.90;
|
# fixed-address 10.0.10.90;
|
||||||
hardware ethernet 00:00:00:00:00:00;
|
# hardware ethernet 00:00:00:00:00:00;
|
||||||
}
|
# }
|
||||||
}
|
#}
|
||||||
"
|
"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -322,37 +332,24 @@ WAN_IF = "${WAN_INTERFACE}"
|
||||||
# network hosts; look at "/etc/dhcpd.conf" for what they are
|
# network hosts; look at "/etc/dhcpd.conf" for what they are
|
||||||
host_barbet = "10.0.0.11"
|
host_barbet = "10.0.0.11"
|
||||||
host_merlin = "10.0.0.12"
|
host_merlin = "10.0.0.12"
|
||||||
host_vince = "10.0.0.13"
|
host_ringmaster = "10.0.0.21"
|
||||||
|
host_flameboi = "10.0.0.22"
|
||||||
host_vidhata = "10.0.0.21"
|
|
||||||
host_harinarayan = "10.0.0.22"
|
|
||||||
host_bramha = "10.0.0.23"
|
host_bramha = "10.0.0.23"
|
||||||
|
host_sentinel = "10.0.0.31"
|
||||||
host_adinath = "10.0.0.31"
|
host_bluefeds = "10.0.0.32"
|
||||||
host_balakrishna = "10.0.0.32"
|
|
||||||
|
|
||||||
host_rahu = "10.0.0.90"
|
host_rahu = "10.0.0.90"
|
||||||
host_ketu = "10.0.10.11"
|
|
||||||
|
|
||||||
host_vibhishan = "10.0.10.90"
|
#host_vince = "10.0.0.13"
|
||||||
|
#host_ketu = "10.0.10.11"
|
||||||
|
#host_vibhishan = "10.0.10.90"
|
||||||
|
#host_ = "10."
|
||||||
|
|
||||||
host_pappa = "10.0.10."
|
hosts_allow_ssh = "{" $host_ringmaster $host_flameboi $host_bramha $host_bluefeds "}"
|
||||||
host_mummy = "10.0.10."
|
hosts_protected = "{" $host_barbet $host_merlin $host_ringmaster $host_flameboi $host_sentinel $host_bluefeds "}"
|
||||||
host_kaki = "10.0.10."
|
hosts_known_guests = "{" $host_rahu "}"
|
||||||
host_kaka = "10.0.10."
|
|
||||||
host_baa = "10.0.10."
|
#hosts_known_guests = "{" $host_vince $host_rahu $host_ketu "}"
|
||||||
host_dada = "10.0.10."
|
#hosts_totally_isolated = "{" $host_vibhishan "}"
|
||||||
host_ = "10.0.10."
|
|
||||||
host_ = "10.0.10."
|
|
||||||
host_ = "10.0.10."
|
|
||||||
#host_ = "10.0.0."
|
|
||||||
#host_ = "10.0.0."
|
|
||||||
#host_ = "10.0.0."
|
|
||||||
#host_ = "10.0.0."
|
|
||||||
#host_ = "10.0.0."
|
|
||||||
hosts_protected "{" $host_barbet $host_merlin $host_vidhata $host_harinarayan $host_adinath $host_balakrishna $ "}"
|
|
||||||
hosts_known_guests "{" $host_vince $host_rahu $host_ketu "}"
|
|
||||||
hosts_totally_isolated "{" $host_vibhishan "}"
|
|
||||||
|
|
||||||
# table for blocking IP addresses
|
# table for blocking IP addresses
|
||||||
# yet to be populated
|
# yet to be populated
|
||||||
|
@ -370,13 +367,31 @@ set block-policy drop
|
||||||
# block everything
|
# block everything
|
||||||
block drop all
|
block drop all
|
||||||
|
|
||||||
|
# activate spoofing protection for all interfaces
|
||||||
|
block in quick from urpf-failed
|
||||||
|
|
||||||
|
# only allow ssh connections from the local network if it's from the
|
||||||
|
# $host_allow_ssh hosts. use "block return" so that a TCP RST is
|
||||||
|
# sent to close blocked connections right away. use "quick" so that this
|
||||||
|
# rule is not overridden by the "pass" rules below.
|
||||||
|
block return in quick on $LAN_IF proto tcp from ! $hosts_allow_ssh to $LAN_IF port ssh
|
||||||
|
|
||||||
# passing packets LAN <-> LAN
|
# passing packets LAN <-> LAN
|
||||||
pass in on $LAN_IF from $LAN_IF:network to any keep state
|
# this is not needed now, since I have only one LAN interface
|
||||||
|
# the switch will do this
|
||||||
|
#pass in on $LAN_IF from $LAN_IF:network to any keep state
|
||||||
|
|
||||||
# allow OpenBSD to connect to the internet (package management, etc)
|
# allow OpenBSD to connect to the internet (package management, etc)
|
||||||
# pass WAN network to WAN without modification
|
# pass WAN network to WAN without modification
|
||||||
pass out on $WAN_IF from $WAN_IF:network to any keep state
|
pass out on $WAN_IF from $WAN_IF:network to any keep state
|
||||||
|
|
||||||
# pass LAN network OUT to WAN using Network Address Translation
|
# pass LAN network OUT to WAN using Network Address Translation
|
||||||
pass out on $WAN_IF from $LAN_IF:network to any nat-to ($WAN_IF) keep state
|
pass out on $WAN_IF from $LAN_IF:network to any nat-to ($WAN_IF) keep state
|
||||||
|
#pass out on $WAN_IF proto { tcp, udp, icmp } from $LAN_IF:network to any nat-to ($WAN_IF) modulate state
|
||||||
|
|
||||||
|
# pass tcp, udp, and icmp out on the external (internet) interface.
|
||||||
|
# tcp connections will be modulated, udp/icmp will be tracked statefully.
|
||||||
|
pass out on $WAN_IF proto { tcp udp icmp } all modulate state
|
||||||
"
|
"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue