bluefeds (reddish): add partition layout

- change journald behaviour
 - replace nvim plugin section with a command
 - update pratham's and root's crontabs

content/posts/barbet.md

@@ -0,0 +1,80 @@
+---
+
+title: "Setup barbet (CalyxOS)"
+date: 2022-08-23T08:00:30+05:30
+draft: false
+toc: true
+
+---
+
+## Stage 0000: Make backups
+
+```bash
+adb pull /storage/self/primary/DCIM
+adb pull /storage/self/primary/dot-config
+adb pull /storage/self/primary/Download
+adb pull /storage/self/primary/Movies
+adb pull /storage/self/primary/Music
+adb pull /storage/self/primary/Pictures
+adb pull /storage/self/primary/Signal
+```
+
+
+## Stage 0001: Install apps
+
+### Main profile
+
+ - [Gboard](https://play.google.com/store/apps/details?id=com.google.android.inputmethod.latin)
+ - [Lawnchair](https://play.google.com/store/apps/details?id=ch.deletescape.lawnchair.plah)
+ - [AdminControl](https://f-droid.org/en/packages/com.davidshewitt.admincontrol/)
+ - [Aegis](https://f-droid.org/en/packages/com.beemdevelopment.aegis/)
+ - [Battery Bot Pro](https://f-droid.org/en/packages/com.darshancomputing.BatteryIndicatorPro/)
+ - [Bitwarden](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden)
+ - [Clipboard Cleaner](https://f-droid.org/en/packages/io.github.deweyreed.clipboardcleaner/)
+ - [Google Camera](https://play.google.com/store/apps/details?id=com.google.android.GoogleCamera)
+ - [DAVx5](https://f-droid.org/packages/at.bitfire.davdroid/)
+ - [Firefox Focus](https://play.google.com/store/apps/details?id=org.mozilla.focus)
+ - [Simple Gallery Pro](https://f-droid.org/en/packages/com.simplemobiletools.gallery.pro)
+ - [K-9 Mail](https://f-droid.org/en/packages/com.fsck.k9/)
+ - [Nextcloud](https://f-droid.org/en/packages/com.nextcloud.client/)
+ - [Nextcloud Notes](https://f-droid.org/en/packages/it.niedermann.owncloud.notes/)
+ - [Proton PVN](https://play.google.com/store/apps/details?id=ch.protonvpn.android)
+ - [Signal](https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms)
+ - [QKSMS](https://f-droid.org/en/packages/com.moez.QKSMS/)
+ - [Telegram FOSS](https://f-droid.org/en/packages/org.telegram.messenger/)
+ - [Trail Sense](https://f-droid.org/en/packages/com.kylecorry.trail_sense/)
+ - [VLC](https://f-droid.org/en/packages/org.videolan.vlc/)
+ - [Weather](https://f-droid.org/en/packages/wangdaye.com.geometricweather/)
+
+### Work profile
+
+ - [Keep notes](https://play.google.com/store/apps/details?id=com.google.android.keep)
+ - [Apple Music](https://play.google.com/store/apps/details?id=com.apple.android.music)
+ - [Discord](https://play.google.com/store/apps/details?id=com.discord)
+ - [HDFC Bank](https://play.google.com/store/apps/details?id=com.snapwork.hdfc)
+ - [Infinity](https://f-droid.org/en/packages/ml.docilealligator.infinityforreddit/)
+ - [Maps](https://play.google.com/store/apps/details?id=com.google.android.apps.maps)
+ - [Mastodon](https://f-droid.org/en/packages/org.joinmastodon.android/)
+ - [Photos](https://play.google.com/store/apps/details?id=com.google.android.apps.photos)
+ - [Shazam](https://play.google.com/store/apps/details?id=com.shazam.android)
+ - [Sheets](https://play.google.com/store/apps/details?id=com.google.android.apps.docs.editors.sheets)
+ - [Sennheiser Smart Control](https://play.google.com/store/apps/details?id=com.sennheiser.control)
+ - [Speedtest](https://play.google.com/store/apps/details?id=org.zwanoo.android.speedtest)
+ - [Twitter](https://play.google.com/store/apps/details?id=com.twitter.android)
+ - [Vi](https://play.google.com/store/apps/details?id=com.mventus.selfcare.activity)
+ - [WhatsApp](https://play.google.com/store/apps/details?id=com.whatsapp)
+ - [YouTube](https://play.google.com/store/apps/details?id=com.google.android.youtube)
+
+
+## Stage 0010: Restore backups
+
+Restore backups for the following apps:
+
+ - Lawnchair
+ - Aegis
+ - Simple Gallery Pro
+ - QKSMS
+
+```bash
+adb push /home/pratham/_android/dot-config /storage/self/primary/
+```

content/posts/bluefeds.md

@@ -24,6 +24,15 @@ sudo lvchange -an /dev/fedora_fedora/root
 sudo eject /dev/XXX
 ```
 
+## File system and partitions:
+
+```
+<resv for PFTF>    256MB
+/boot/efi          1G
+/                  15G
+/home              <rest>
+```
+
 ---
 
 
@@ -59,6 +68,36 @@ echo "wireguard" | sudo tee /etc/modules-load.d/wireguard.conf
 ```
 
 
+### Change systemd/journald behaviour
+
+```bash
+sudo sed -i 's/#Storage=/Storage=persistent/g' /etc/systemd/journald.conf
+sudo sed -i 's/#Compress=/Compress=yes/g' /etc/systemd/journald.conf
+sudo sed -i 's/#SystemMaxUse=/SystemMaxUse=1000M/g' /etc/systemd/journald.conf
+sudo sed -i 's/#RuntimeMaxUse=/RuntimeMaxUse=200M/g' /etc/systemd/journald.conf
+```
+
+
+### SSH hardening
+
+```bash
+ssh pratham@localhost
+exit
+
+vim ~/.ssh/authorized_keys
+chmod 644 ~/.ssh/authorized_keys
+
+sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
+sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/g' /etc/ssh/sshd_config
+sudo sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
+sudo sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 300/g' /etc/ssh/sshd_config
+sudo sed -i 's/#ClientAliveCountMax 3/ClientAliveCountMax 2/g' /etc/ssh/sshd_config
+sudo sed -i 's/#X11Forwarding no/X11Forwarding no/g' /etc/ssh/sshd_config
+
+sudo systemctl restart sshd.service
+```
+
+
 ### Modify motd
 
 ```bash
@@ -159,7 +198,7 @@ sudo reboot +0
 ### Install packages
 
 ```bash
-sudo dnf install aardvark-dns bat bind-utils btop cockpit console-setup fd-find git hdparm htop iotop insights-client mlocate neovim nfs-utils nload openssh-server podman podman-compose ripgrep rsync samba-common slirp4netns smartmontools tmux tree unrar unzip util-linux-user wget yt-dlp yt-dlp-zsh-completion zsh
+sudo dnf install aardvark-dns bat bind-utils btop cockpit console-setup fd-find ffmpeg-free git hdparm htop insights-client iotop libavcodec-free libavfilter-free libavformat-free libavutil-free libpostproc-free libswresample-free libswscale-free mlocate neovim nfs-utils nload openssh-server podman podman-compose ripgrep rsync samba-common slirp4netns smartmontools tmux tree unrar unzip util-linux-user wget yt-dlp yt-dlp-zsh-completion zsh
 ```
 
 ### Enable insights
@@ -171,7 +210,7 @@ sudo insights-client --register
 ### Change shell to zsh
 
 ```bash
-chsh -s $(which zsh) pratham
+sudo chsh -s $(which zsh) pratham
 ```
 
 
@@ -179,9 +218,9 @@ chsh -s $(which zsh) pratham
 
 ```bash
 sh -c 'curl -fLo "${XDG_DATA_HOME:-$HOME/.local/share}"/nvim/site/autoload/plug.vim --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim'
-```
 
-**Open `nvim` and type `:PlugInstall`**
+nvim +'PlugInstall' +'q' +'q'
+```
 
 
 ### Enable systemd services
@@ -212,7 +251,7 @@ Get the latest GA release tag [from here](https://github.com/openzfs/zfs/tags).
 ```bash
 git clone --depth 1 --branch <latest_tag_name> https://github.com/openzfs/zfs
 
-sudo dnf install autoconf automake dkms elfutils-libelf-devel gcc git kernel-devel kernel-rpm-macros libaio-devel libattr-devel libblkid-devel libcurl-devel libffi-devel libtirpc-devel libtool libudev-devel libuuid-devel make openssl-devel python3 python3-cffi python3-devel python3-packaging python3-setuptools rpm-build zlib-devel
+sudo dnf install autoconf automake dkms elfutils-libelf-devel gcc kernel-devel kernel-rpm-macros libaio-devel libattr-devel libblkid-devel libcurl-devel libffi-devel libtirpc-devel libtool libudev-devel libuuid-devel make openssl-devel python3 python3-cffi python3-devel python3-packaging python3-setuptools rpm-build zlib-devel
 
 cd zfs
 sh autogen.sh
@@ -244,11 +283,14 @@ sudo zpool set cachefile=/etc/zfs/zpool.cache trayimurti
 ### Creating a new zpool?
 
 ```bash
-sudo zpool create -o ashift=12 -o autotrim=on trayimurti /dev/sda
+sudo zpool create -o ashift=12 -o autotrim=on trayimurti mirror /dev/sda /dev/sdb
 
 sudo zfs set atime=off trayimurti
+sudo zfs set checksum=on trayimurti
+sudo zfs set compression=zstd trayimurti
 sudo zfs set primarycache=all trayimurti
 sudo zfs set recordsize=1M trayimurti
+sudo zfs set snapdir=hidden trayimurti
 sudo zfs set xattr=sa trayimurti
 
 sudo zfs create trayimurti/containers
@@ -256,35 +298,33 @@ sudo zfs create trayimurti/containers/volumes
 sudo zfs create trayimurti/containers/volumes/blog
 sudo zfs create trayimurti/containers/volumes/caddy
 sudo zfs create trayimurti/containers/volumes/mach
+sudo zfs create trayimurti/containers/volumes/gotify
+sudo zfs create trayimurti/containers/volumes/uptimekuma
+sudo zfs set copies=3 trayimurti/containers/volumes/uptimekuma
 
 sudo zfs create trayimurti/containers/volumes/gitea
+sudo zfs set copies=3 trayimurti/containers/volumes/gitea
 sudo zfs create trayimurti/containers/volumes/gitea/database
 sudo zfs set recordsize=8K trayimurti/containers/volumes/gitea/database
 
 sudo zfs create trayimurti/containers/volumes/nextcloud
+sudo zfs set copies=3 trayimurti/containers/volumes/nextcloud
 sudo zfs create trayimurti/containers/volumes/nextcloud/database
 sudo zfs set recordsize=8K trayimurti/containers/volumes/nextcloud/database
 
 sudo zfs create trayimurti/torrents
 sudo zfs set recordsize=16K trayimurti/torrents
 sudo zfs create trayimurti/torrents/downloads
-sudo zfs create trayimurti/torrents/downloads/.incomplete
 sudo zfs create trayimurti/torrents/config
 
-sudo chown pratham:pratham -vR /trayimurti
-sudo chown pratham:pratham -vR /trayimurti/torrents
-
-sudo zfs allow -u pratham create,destroy,mount,snapshot,send,hold trayimurti
+sudo zfs allow -u pratham diff,rollback,mount,snapshot,send,hold trayimurti
 
 sudo zpool export trayimurti
-
 sudo zpool import
 sudo zpool import -d /dev/disk/by-id <pool-id>
 
 sudo zpool set cachefile=/etc/zfs/zpool.cache trayimurti
-
-zpool status -v
-zfs list
+sudo chown pratham:pratham -vR /trayimurti
 
 sudo zpool scrub trayimurti
 ```
@@ -325,37 +365,6 @@ podman pull lscr.io/linuxserver/transmission:latest
 ```
 
 
-### Get fs ready
-
-```bash
-sudo zfs set atime=off trayimurti
-sudo zfs set primarycache=all trayimurti
-sudo zfs set recordsize=1M trayimurti
-sudo zfs set xattr=sa trayimurti
-
-sudo zfs create trayimurti/containers
-sudo zfs create trayimurti/containers/volumes
-sudo zfs create trayimurti/containers/volumes/blog
-sudo zfs create trayimurti/containers/volumes/caddy
-sudo zfs create trayimurti/containers/volumes/gitea
-sudo zfs create trayimurti/containers/volumes/mach
-sudo zfs create trayimurti/containers/volumes/nextcloud
-sudo zfs create trayimurti/containers/volumes/gotify
-sudo zfs create trayimurti/containers/volumes/uptimekuma
-
-sudo zfs create trayimurti/torrents
-sudo zfs set recordsize=16K trayimurti/torrents
-sudo zfs create trayimurti/torrents/downloads
-sudo zfs create trayimurti/torrents/downloads/.incomplete
-sudo zfs create trayimurti/torrents/config
-
-sudo chown pratham:pratham -vR /trayimurti/containers/volumes
-sudo chown pratham:pratham -vR /trayimurti/torrents
-
-sudo zfs allow -u pratham send,snapshot,hold trayimurti
-```
-
-
 ### Create directories for mounting container volumes
 
 ```bash
@@ -469,41 +478,42 @@ systemctl --user enable container-caddy-vishwambhar.service container-gitea-chit
 ### user crontab
 
 ```bash
-# always add ">/dev/null 2>&1" at the end of cronjobs
-# to prevnet a `dead.letter` in $HOME/
+# run maintainence scripts
+* * * * * /home/pratham/.scripts/reddish/cron/pratham/check-caddy.sh > /dev/null
+* * * * * /home/pratham/.scripts/reddish/cron/pratham/zfs-pool-health.sh > /dev/null
+0 * * * * /home/pratham/.scripts/reddish/cron/pratham/container-updates.sh > /dev/null
 
+# create zfs snapshots every Friday
+0 0 * * 5 /sbin/zfs snapshot trayimurti/containers/volumes/uptimekuma@"$(date +%Y_%m_%d__%H_%M_%S)" > /dev/null
+0 0 * * 5 /sbin/zfs snapshot trayimurti/containers/volumes/gitea@"$(date +%Y_%m_%d__%H_%M_%S)" > /dev/null
+0 0 * * 5 /sbin/zfs snapshot trayimurti/containers/volumes/nextcloud@"$(date +%Y_%m_%d__%H_%M_%S)" > /dev/null
 
-# check if containers are running or not; restart if stopped
-*/5 * * * * bash /home/pratham/.scripts/_bluefeds/cron/pratham/maintenance.sh >/dev/null 2>&1
+# keep journal size up-to 200M
+0 0 * * * /bin/journalctl -vacuum-size=200M > /dev/null
 
+# update neovim plugins
+0 0 * * * /home/pratham/.scripts/reddish/cron/pratham/neovim-update.sh > /dev/null
 
 # run Nextcloud cron
-*/5 * * * * podman exec -u www-data nextcloud-govinda /usr/local/bin/php -f /var/www/html/cron.php >/dev/null 2>&1
-
+*/5 * * * * podman exec -u www-data nextcloud-govinda /usr/local/bin/php -f /var/www/html/cron.php > /dev/null
 
 # Nextcloud: scan files for all users and perform cleanup
-10 */2 * * * podman exec -u www-data nextcloud-govinda /usr/local/bin/php -f /var/www/html/occ files:scan --all >/dev/null 2>&1
-40 */2 * * * podman exec -u www-data nextcloud-govinda /usr/local/bin/php -f /var/www/html/occ files:cleanup >/dev/null 2>&1
+10 */2 * * * podman exec -u www-data nextcloud-govinda /usr/local/bin/php -f /var/www/html/occ files:scan --all > /dev/null
+40 */2 * * * podman exec -u www-data nextcloud-govinda /usr/local/bin/php -f /var/www/html/occ files:cleanup > /dev/null
 ```
 
 
 ### root crontab
 
 ```bash
-# always add ">/dev/null 2>&1" at the end of cronjobs
-# to prevnet a `dead.letter` in $HOME/
-
-
 # update fs database every 6 hours
-* */6 * * * updatedb >/dev/null 2>&1
-
-
-# create zfs snapshots every Friday
-0 0 * * 5 bash /home/pratham/.scripts/_bluefeds/cron/root/zfs-bak.sh >/dev/null 2>&1
+* */6 * * * updatedb > /dev/null
 
+# check for updates every hour
+0 * * * * /home/pratham/.scripts/reddish/cron/root/dnf-upgrades.sh > /dev/null
 
 # start scrub
 # on the first Friday of every month
 # at 2100 hours
-0 21 * * 5 [ $(date +\%d) -le 07 ] && /sbin/zpool scrub >/dev/null 2>&1
+0 21 * * 5 [ $(date +\%d) -le 07 ] && /sbin/zpool scrub trayimurti && /home/pratham/.scripts/reddish/cron/pratham/zfs-scrub.sh > /dev/null
 ```

content/posts/flameboi.md

@@ -120,9 +120,9 @@ sudo cp -v $DOTFILES_DIR/_OTHER/flameboi/usr/share/xsessions/bspwm.desktop /usr/
 
 ```bash
 sh -c 'curl -fLo "${XDG_DATA_HOME:-$HOME/.local/share}"/nvim/site/autoload/plug.vim --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim'
-```
 
-**Open `nvim` and type `:PlugInstall`**
+nvim +'PlugInstall' +'q' +'q'
+```
 
 
 ### Rust setup
@@ -131,8 +131,7 @@ sh -c 'curl -fLo "${XDG_DATA_HOME:-$HOME/.local/share}"/nvim/site/autoload/plug.
 curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
 
 rustup default stable
-rustup component add rust-src rust-analyzer
-#rustup component add rust-analysis
+rustup component add rust-src rust-analyzer rust-analysis
 
 cargo install cargo-outdated cargo-tree
 ```
@@ -212,6 +211,13 @@ Verify:
 sudo virsh pool-list
 ```
 
+Tell `libvirtd.service` to wait for ZFS import by adding the following line
+to `/usr/lib/systemd/system/libvirtd.service`
+
+```
+After=zfs-import.target
+```
+
 Restart the `libvirtd` service
 
 ```bash

content/posts/sentinel.md

@@ -125,9 +125,9 @@ chsh -s $(which zsh) $(whoami)
 
 ```bash
 sh -c 'curl -fLo "${XDG_DATA_HOME:-$HOME/.local/share}"/nvim/site/autoload/plug.vim --create-dirs https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim'
-```
 
-**Open `nvim` and type `:PlugInstall`**
+nvim +'PlugInstall' +'q' +'q'
+```
 
 
 ## Stage 0100: ZFS