• Backups
• Cox home network facts
• Dotfiles
  • Neovim's Lazy.vim
  • Zsh
    • OS Detection
    • Parsing options
    • Startup performance
• Email
  • Running sieve locally
  • Sieve
• Fun Holidays
• Gaming
  • Mobile Games
• Gaming PC Hardware
• Gitlab
  • Automatically adding UptimeRobot to Gitlab's monitoring whitelist with ansible
  • Caching CI stuff with Minio
  • Fixing SAML association for a Gitlab user
  • Having a little fun with Gitlab's join date
• Good RFC
• Homelab
  • AUR Repo
  • Bootstrap
    • (NAS) Garage S3
    • Dedicated Server
    • IOFlood (Netherite)
    • Soft Serve
    • Synology NAS
    • ntfy.sh
  • Step-CA
  • Tech Stack
  • VLANs
• IPv6
• Kubernetes
  • Get Root CA
  • New SSH Fingerprints to Flux
  • Talos OIDC setup
• Linux
  • Backups
  • Desktop Customization
  • Disabling WiFi
  • Getting disk serial number
  • Monitoring
  • Non-root users can ping
  • Pacman hooks
  • PowerDNS administration
  • Reboot Criteria
  • Systemd version via DBus
  • Text-to-speech locally
• MacOS
  • Local backups
• Meta - Digital Garden
• Meta - Test Page
• OpenID Connect
• Packing List
• Ruby
  • Fixing Fakeweb & Coveralls conflict
  • Generating a webpage screenshot
• SQLite Booleans
• Security
  • Password reset via HMAC
• Smarthome
• Web Design
  • Icon Libraries
  • SVG Icons
  • Various Ideas

IOFlood dedicated server

this is the primary nerve center of my homelab, living outside of it.

IP addresses

IP Block #1 – 148.163.101.208/29
Netmask: 255.255.255.248
Gateway: 148.163.101.209
Usable IP Range: 148.163.101.210 - 148.163.101.214

IP Block #2 – 2604:6280:194:1::/64
Gateway: 2604:6280:194:1::1
Usable IP Range: 2604:6280:194:1::2 - 2604:6280:194:1:ffff:ffff:ffff:fffe

#/etc/systemd/network/enp2s0f0np0-ethernet.network based on copying ./enp2s0f1np1-ethernet.network
[Match]
Name=enp2s0f0np0

[Network]
MulticastDNS=yes
Address=148.163.101.211/29
Gateway=148.163.101.209
DNS=1.1.1.1

#/etc/systemd/network/enp2s0f1np1-ethernet.network generated by Archboot setup
[Match]
Name=enp2s0f1np1

[Network]
MulticastDNS=yes
Address=148.163.101.210/29
Gateway=148.163.101.209
DNS=1.1.1.1

arch linux setup

A simplified, opinionated, whirlwind run through the Installation guide,
Btrfs, and
systemd-boot
Arch wiki pages.

1. Download the iso.

2. Mount the iso by going to the IPMI, clicking Remote Control, Launch H5Viewer, in the top-right corner, “CD Image” file input form element and then Start Media.
   “Media Boost” seems to do some network prioritization that helps (according to online searches, anyways). Turn it on.

3. Then boot the iso (which took a few tries for me, the disk wasn’t always detected or successfully read during boot)
   It takes a long while, as the filesystem is streamed from my desktop through the VPN, to the BMC firmware, and then to the CPU. Lots of hops, lots of places it can go wrong.

4. Once booted, edit /etc/systemd/networkd/20-ethernet.network (since it already exists) and copy the contents of one of the above examples
   Then systemctl reload networkctl to apply the network settings. Ping 1.1.1.1 to verify the network works.

5. Time to format the disks! 6 partitions across the two drives:

   1. /dev/nvme0n1p1 - 2MiB, type: “BIOS Boot”. Came from my attempt with archboot, meh, kept for safety’s sake
   2. /dev/nvme0n1p2 - 2GiB, type: “EFI System”. A larger space for the /boot. I plan on putting a rescue image in there, that’s why the large space.
   3. /dev/nvme0n1p3 - 8GiB, type: “Linux swap”. Part 1 of the swap space for the system. Total 16GiB when done, spread across the two disks.
   4. /dev/nvme0n1p4 - the rest (~884GiB), type: “Linux filesystem”. The rest of the disk is used for / and stuff
   5. /dev/nvme1n1p1 - 8GiB, type: “Linux swap”. Part 2 of the swap space for the system. By splitting it up, some amount of write wear is balanced I hope
   6. /dev/nvme1n1p2 - the rest (~886GiB), type: “Linux filesystem”. The rest of the disk is used for the main system, mirrored by btrfs in raid1.
      It’s slightly bigger, so there is a slight amount of lost/wasted storage space. Still plenty!

6. Make the btrfs filesystem: mkfs.btrfs -d raid1 -m raid1 -L archroot /dev/nvme0n1p4 /dev/nvme1n1p2 then update the kernel tables to easily mount it: btrfs device scan

7. Mount the filesystem: mount /dev/disk/by-label/archroot /mnt -o relatime,compress=ztd:3

8. Time to make a bunch of subvolumes! Each of these are created by running btrfs subvolume create /mnt/FOO

   1. @ - The root filesystem
   2. @log - /var/log/, a bunch of often-changing files
   3. @cache - /var/cache, a bunch of temporary files
   4. @snapshots - Storage of snapshots taken of the root filesystem. Other subvolumes mounted within will be empty directories in the snapshot

9. Then unmount the main partition, and switch to subvolumes. Make the appropriate directories for the subvolumes and other partitions (namely, /boot)

   umount /mnt
   mount /dev/disk/by-label/archroot /mnt -o relatime,compress=ztd:3,subvol=/@
   mkdir -p /mnt/boot /mnt/var/log /mnt/var/cache /mnt/.snapshots
   mount /dev/nvme0n1p2 /mnt/boot
   mount /dev/disk/by-label/archroot /mnt/var/log -o relatime,compress=ztd:3,subvol=/@log
   mount /dev/disk/by-label/archroot /mnt/var/cache -o relatime,compress=ztd:3,subvol=/@cache
   mount /dev/disk/by-label/archroot /mnt/.snapshots -o relatime,compress=ztd:3,subvol=/@snapshots
   

10. Turn on swap!

    mkswap /dev/nvme0n1p3
    mkswap /dev/nvme1n1p1
    swapon /dev/nvme0n1p3
    swapon /dev/nvme1n1p1
    

11. Here we go, the big pacstrap! pacstrap -K /mnt base linux linux-firmware amd-ucode btrfs-progs neovim man-db terminus-font iptables-nft nftables openssh

12. Then generate the fstab file: genfstab -U /mnt >> /mnt/etc/fstab

13. Copy the edited networkd configuration to the fresh machine (cp {,/mnt}/etc/systemd/networkd/20-ethernet.network) so it’s network is successful

arch-chroot tasks

Now time to do a bunch of things within arch-chroot /mnt:

1. Set the hostname in /etc/hostname.

2. Edit /etc/locale.gen to uncomment en_US, then run locale-gen.

3. Symlink /etc/localtime to /usr/share/zoneinfo/Etc/UTC

4. Enable networkd: systemctl enable systemd-networkd

5. Enable timesyncd: systemctl enable systemd-timesyncd

6. Configure the system locale (/etc/locale.conf):

   LANG=en_US.UTF-8
   LC_COLLATE=C
   

7. Configure the virtual console (though I won’t look at it that often…), /etc/vconsole.conf:

   KEYMAP=us
   FONT=ter-v16n
   

8. Edit /etc/mkinitcpio.conf in the following ways, then regenerate the initramfs with mkinitcpio -P

   1. Add btrfs and crc32c to the list of modules
   2. Add btrfs as a binary to copy
   3. Swap udev with systemd hook
   4. Add btrfs hook after systemd, before autodetect
   5. Swap consolefont with sd-vconsole hook
   6. Make sure the microcode hook is in the list

9. Set the root password

10. Install systemd-boot via bootctl install

11. Enable a couple of maintenance services: systemd-boot-update.service and btrfs-scrub@-.timer

12. Edit /etc/ssh/sshd_config to expose root on a custom port. Then enable sshd.service.

13. Configure systemd-boot by copying the example /usr/share/systemd/bootctl/arch.conf to /boot/loader/entries/

14. Done! exit to leave the chroot, and then umount -R /mnt to unmount everything. Reboot, you should be good.

post install tasks

Some stuff still to do after the system as rebooted!

1. Log in as root
2. Enable systemd-resolved: systemctl enable --now systemd-resolved && ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
3. Install the grml zsh config, to make sitting at the root prompt more comfortable: pacman -S grml-zsh-config && chsh /usr/bin/zsh
4. Install python for management of the machine via Ansible