alexander.schaeferdiek/knowledge-base
1
0
Fork 0
Code Activity

Manual backup: 2023-03-29 18:16:29

Browse source
This commit is contained in:
Alexander Schäferdiek 2023-03-29 18:16:29 +02:00
parent f27cc1c017
commit 504e0d5ff1
25 changed files with 69 additions and 100 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
.obsidian/workspace.json vendored
View file

@ -4,11 +4,11 @@
"type": "split",
"children": [
{
"id": "021e344303bcc5ab",
"id": "69404306ef47591b",
"type": "tabs",
"children": [
{
"id": "cd2f7f5f4235c327",
"id": "3020d37493983f72",
"type": "leaf",
"state": {
"type": "empty",
@ -120,20 +120,33 @@
"templater-obsidian:Templater": false
}
},
"active": "cd2f7f5f4235c327",
"active": "3020d37493983f72",
"lastOpenFiles": [
"KB/Linux/Server/Hetzner/Storagebox.md",
"README.md",
"KB/Linux/Disk Speed.md",
"KB/Linux/AMD.md",
"KB/Linux/Desktop/Audio/EQ.md",
"KB/Android/ADB Backup.md",
"KB/Linux/Desktop/Audio/aptx and pulseaudio.md",
"KB/Linux/Desktop/Audio/EQ.md",
"KB/Linux/Desktop/KDE/KDE.md",
"KB/Linux/Desktop/KDE/KDE Tiling.md",
"KB/Linux/Desktop/Archinstall.md",
"KB/Linux/Desktop/Fonts.md",
"KB/Linux/Desktop/GPG - PGP.md",
"KB/Linux/Desktop/i3.md",
"KB/Linux/Desktop/Steam.md",
"KB/Linux/Desktop/Surface.md",
"KB/Linux/Desktop/sway.md",
"KB/Linux/Desktop/systemd.md",
"KB/Linux/Desktop/Theming Qt and Gtk.md",
"KB/Linux/Desktop/Tweaks.md",
"KB/Linux/Server/Hetzner/Storagebox.md",
"KB/Linux/Server/Hetzner/Upgrades.md",
"KB/Linux/Server/Bootstrap.md",
"KB/Linux/Server/DNS.md",
"KB/Linux/Server/Domains.md",
"KB/Linux/Server/PostgreSQL.md",
"KB/Linux/Server/Remote unlocking at boot.md"
"KB/Linux/Server/Security hardening.md",
"KB/Linux/Server/SSH Guard, iptables.md",
"KB/Linux/Server/Remote unlocking at boot.md",
"_Templates/Note Template.md"
]
}

4
KB/Android/ADB Backup.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-08
tags: [note,android,adb,backup]
---
# ADB Backup
A small tutorial on how to backup Android _application data_ via the `adb` tool. Currently, this is the only mechanism to backup the _entire_ device.
If defaults won't work for you, have a look at the options for `adb` in the scripts. Defaults are that only _app data_ of installed and systems apps will be backed up. **NOT THE STORAGE ITSELF!**
@ -38,7 +36,7 @@ You need the `adb` tools in order for this to work:
Currently there's no script provided for restoring a backup as this is a single command in your command line. When your device is connected and in debug mode, use the following command pointing to the backup file you like to restore:
```
```shell
# Windows (<Super/Windows key> + r, type 'cmd', press ENTER)
adb restore C:\Users\<your-username>\mybackup.ab

2
KB/Linux/Desktop/Archinstall.md
View file

@ -3,8 +3,6 @@ creation date: 2022-09-03
tags: [note,arch,linux,archlinux,install]
---
# Archinstall
It has never been easier to install arch. Simply use the `archinstall` command!
* Make a bootable USB stick with `dd bs=4M if=path/to/archlinux-version-x86_64.iso of=/dev/sdx conv=fsync oflag=direct status=progress`

20
KB/Linux/Desktop/Audio/EQ.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-08
tags: [note,audio,pipewire,pulse,pulseaudio,linux,archlinux]
---
# Audio - EQ
* See [[KB/Linux/Desktop/Audio/pipewire.txt]] for packages
* See [[KB/Linux/Desktop/Audio/pulseaudio.txt]] for packages
@ -29,14 +27,14 @@ There are some very convenient settings you probably want to set.
* In `/etc/pipewire/media-session.d/media-session.{conf|confpause}` comment out `suspend-node` to enable suspending feature
* In `/etc/pipewire/media-session.d/alsa-monitor.conf` set a timeout so that your DAC/output device is able to always receive a signal if you like.
```sh
```shell
node.pause-on-idle = false
session.suspend-timeout-seconds = 0 # or any number as seconds
```
* If you like, set a default _sample rate_ in `/etc/pipewire/pipewire.conf`, e.g. for 44.1kHz
```sh
```shell
default.clock.rate = 44100
```
@ -46,7 +44,7 @@ There are some very convenient settings you probably want to set.
* Allow direct communication to device for PulseAudio. Edit ALSA configuration `/etc/asound.conf`.
```sh
```shell
# Use PulseAudio plugin hw
pcm.!default {
type plug
@ -56,7 +54,7 @@ There are some very convenient settings you probably want to set.
* (**OPTIONAL, DO IF YOU WANT A REMAPPED VERSION OF MAIN AUDIO DEVICE IN sink_name=**) Add some _default_ sink names (remap them) in PulseAudio `/etc/pulse/default.pa`. Use `pacmd list-sinks` and `pacmd list-sources` to list your devices and insert as _master_ below. Any user could use `sink_main` and `src_microphone` instead of the specific device as `sink_name=`. This is **OPTIONAL** if you use direct sink name in any user specific file later instead of "sink_main" and "src_microphone"
```sh
```shell
# create remapped sink/sources with proper names and description
# pacmd list-sinks
load-module module-remap-sink sink_name="sink_main" master="alsa_output.pci-0000_31_00.4.iec958-stereo" sink_properties=device.description="Toslink" remix=no
@ -66,7 +64,7 @@ There are some very convenient settings you probably want to set.
* Adapt `.config/pulse/daemon.conf`
```sh
```shell
flat-volumes = no
default-sample-channels = 2
@ -93,7 +91,7 @@ Create and adapt configuration for dsp. See example below. Use EQ presets for yo
* Basic file structure
```sh
```shell
.config/ladspa_dsp
├── config_beyerdynamic_dt1990
└── eq
@ -101,14 +99,14 @@ Create and adapt configuration for dsp. See example below. Use EQ presets for yo
```
* The main configuration for an additional Pulse sink `.config/ladspa_dsp/config_beyerdynamic_dt1990`
```sh
```shell
LC_NUMERIC=C
effects_chain=@eq/beyerdynamic_dt1990.conf
```
* The EQ settings derived from the target curve found for your headphones, e.g. `.config/ladspa_dsp/eq/beyerdynamic_dt1990.conf`
```sh
```shell
# Beyerdynamic DT 1990
# preamp gain
gain -4.0
@ -120,7 +118,7 @@ Create and adapt configuration for dsp. See example below. Use EQ presets for yo
* Add a new sink _based on above remapped sink_main_ for the EQ present in `.config/pulse/default.pa` (also some other reasonable default settings)
```sh
```shell
# load system defaults
.include /etc/pulse/default.pa

2
KB/Linux/Desktop/Audio/aptx and pulseaudio.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-08
tags: [note,linux,archlinux,aptx,pulseaudio,bluetooth]
---
# aptx and pulseaudio
Inspect BT packages:
* Install [bluez-utils-compat](https://aur.archlinux.org/packages/bluez-utils-compat/)

2
KB/Linux/Desktop/Fonts.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-08
tags: [note,linux,archlinux,fonts]
---
# Fonts
Probably you want the following installed:
```shell

8
KB/Linux/Desktop/GPG - PGP.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-12
tags: [note,linux,gpg,pgp]
---
# GPG
## Creation
**Really, set up an expiration date, otherwise you'll end up with non-revokable keys!**
@ -20,7 +18,7 @@ Generate at least 3072 bit key with an expiration date, e.g. with Seahorse or `g
## gpg.conf
```
```shell
keyserver hkp://keys.gnupg.net
keyserver hkps://keys.openpgp.org
keyserver hkp://pool.sks-keyservers.net:11371
@ -31,13 +29,13 @@ keyserver hkp://pgp.mit.edu:11371
Search and edit with dconf `.../keyserver`:
```
```shell
['hkp://keys.gnupg.net', 'hkps://keys.openpgp.org', 'hkp://pool.sks-keyservers.net:11371', 'hkp://pgp.mit.edu:11371']
```
## Export/Revoke
```
```shell
export MY_GPG_ID=theID
gpg --armor --output public-key.gpg --export $MY_GPG_ID
gpg --armor --output private-key.gpg --export-secret-keys $MY_GPG_ID

2
KB/Linux/Desktop/KDE/KDE Tiling.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-08
tags: [note,linux,kde,archlinux,wm,tiling]
---
# Config Tiling
* Install Krohnkite and visit the GitHub page to enable settings
* Set proper shortcuts using suffix `(tiling)`
* See hints at [https://github-wiki-see.page/m/esjeon/krohnkite/wiki/Tips](https://github-wiki-see.page/m/esjeon/krohnkite/wiki/Tips)

10
KB/Linux/Desktop/KDE/KDE.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-08
tags: [note,kde,linux,archlinux]
---
# KDE
A guide how to setup KDE similar to GNOME experience.
* Install packages `plasma` (all and maybe uninstall `discover` later)
@ -22,21 +20,21 @@ A guide how to setup KDE similar to GNOME experience.
* Different uses of _meta_ key
* Native _"show all"_ windows
```sh
```shell
kwriteconfig5 --file ~/.config/kwinrc --group ModifierOnlyShortcuts --key Meta "org.kde.kglobalaccel,/component/kwin,org.kde.kglobalaccel.Component,invokeShortcut,ExposeAll";
qdbus org.kde.KWin /KWin reconfigure;
```
* Native _"show current workspace"_ windows
```sh
```shell
kwriteconfig5 --file ~/.config/kwinrc --group ModifierOnlyShortcuts --key Meta "org.kde.kglobalaccel,/component/kwin,org.kde.kglobalaccel.Component,invokeShortcut,Expose";
qdbus org.kde.KWin /KWin reconfigure;
```
* kwin script _Parachute_ to simulate behavior which requires https://github.com/tcorreabr/Parachute (via _AUR_)
```sh
```shell
kwriteconfig5 --file ~/.config/kwinrc --group ModifierOnlyShortcuts --key Meta "org.kde.kglobalaccel,/component/kwin,org.kde.kglobalaccel.Component,invokeShortcut,Parachute";
qdbus org.kde.KWin /KWin reconfigure;
```
@ -44,7 +42,7 @@ A guide how to setup KDE similar to GNOME experience.
* Use systemd start instead of boot scripts: `kwriteconfig5 --file startkderc --group General --key systemdBoot true`
* Maybe sync the following configuration files to track changes
```sh
```shell
.config/kdeglobals
.config/kglobalshortcutsrc
.config/khotkeysrc

2
KB/Linux/Desktop/Surface.md
View file

@ -3,8 +3,6 @@ creation date: 2022-09-02
tags: [surface,linux,sp8,microsoft]
---
# Surface
A guide for the [Surface Pro 8](https://github.com/linux-surface/linux-surface/wiki/Surface-Pro-8). Based on https://github.com/linux-surface/linux-surface/wiki.
This guide is for [ArchLinux](https://archlinux.org/) and improves the instructions to be more structured and suited for the SP8.

2
KB/Linux/Desktop/Theming Qt and Gtk.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-08
tags: [note,qt,gtk,linux,archlinux]
---
# Theming Qt and Gtk
Based on [ArchLinux Wiki](https://wiki.archlinux.org/title/Uniform_look_for_Qt_and_GTK_applications).
Unify Qt5/Qt6 and GTK2/GTK3/GTK4 design.

18
KB/Linux/Desktop/Tweaks.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-08
tags: [note,archlinux]
---
# Tweaks
**TAKEN FROM:** https://gist.github.com/lbrame/1678c00213c2bd069c0a59f8733e0ee6
This is a collection of the tweaks and modification I've made to my Arch Linux installation over the months. These may be applicable to other distros, but please check first before doing anything. I also included Arch Wiki references for all the procedures I mentioned. My recommendation is not to blindly follow this gist but to always check with the Arch Linux wiki first. Things move fast and by the time you're reading this my gist may be out of date. Lastly, the golden rule: never execute a command you don't understand.
@ -99,8 +97,8 @@ systemctl enable tlp.service --now
`powertop` is a powerful commandline program to keep track of battery consumption. It also allows the user to quickly alter some system settings that have an impact on battery life. You can use it to make a quick tuning:
```
# powertop --auto-tune
```shell
powertop --auto-tune
```
However, don't enable `powertop`'s service if you already use TLP.
@ -115,16 +113,16 @@ Arch Wiki reference: https://wiki.archlinux.org/index.php/Systemd/
Systemd's system journal's size can go out of control. There are some things you can do to keep it in control:
```
# journalctl --vacuum-size=100M
# journalctl --vacuum-time=2weeks
```shell
journalctl --vacuum-size=100M
journalctl --vacuum-time=2weeks
```
### Forwarding the journal to /dev/tty12
This is very simple. Just create the file `/etc/systemd/journald.conf.d/fw-tty12.conf` and fill it like this:
```
```shell
[Journal]
ForwardToConsole=yes
TTYPath=/dev/tty12
@ -133,8 +131,8 @@ MaxLevelConsole=info
Then, restart the service:
```
# systemctl restart systemd-journald.service
```shell
systemctl restart systemd-journald.service
```
## Microcode

2
KB/Linux/Desktop/i3.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-08
tags: [note,linux,wm,archlinux,i3]
---
# i3
i3 is a tiling WM for X.org. Use [[KB/Linux/Desktop/sway]] for Wayland.
Install i3 packages

2
KB/Linux/Desktop/sway.md
View file

@ -3,8 +3,6 @@ creation date: 2022-02-06
tags: [note,sway,i3,linux]
---
# sway
Sway is a replacement for [[KB/Linux/Desktop/i3]] but for _Wayland_.
## Install

2
KB/Linux/Desktop/systemd.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-08
tags: [note,systemd,linux,archlinux]
---
# systemd
Arch Wiki reference: https://wiki.archlinux.org/index.php/Systemd/
## Taming the journal's size

12
KB/Linux/Server/Bootstrap.md
View file

@ -3,11 +3,9 @@ creation date: 2022-01-08
tags: [note,linux,archlinux,install]
---
# Bootstrap
1. Install some packages:
```
```shell
pacman -S docker docker-compose pacman-contrib git reflector htop dfc ps_mem nginx certbot nano zsh zsh-syntax-highlighting nano-syntax-highlighting rsync pkgfile ntp inetutils which
```
@ -28,7 +26,7 @@ tags: [note,linux,archlinux,install]
9. Disable and uninstall services from image install
```
```shell
systemctl disable --now cloud-config.service cloud-final.service cloud-init-local.service cloud-init.service cronie.service
pacman -Rsnc cronie
```
@ -37,7 +35,7 @@ tags: [note,linux,archlinux,install]
11. Adjust network config in `/etc/systemd/network` and `/etc/resolv.conf` and `/etc/hosts`
```
```shell
#
# /etc/hosts: static lookup table for host names
#
@ -53,7 +51,7 @@ tags: [note,linux,archlinux,install]
14. Install AUR wrapper with `admin`
```
```shell
sudo su admin
cd
mkdir -p packages/yay-bin
@ -77,7 +75,7 @@ tags: [note,linux,archlinux,install]
20. Copy `/root/scripts` to new server.
```
```shell
# copy /etc/mail.rc
pacman -S s-nail
```

6
KB/Linux/Server/DNS.md
View file

@ -3,20 +3,18 @@ creation date: 2022-01-08
tags: [note,linux,archlinux,dns]
---
# DNS
**Please use a local unbound which is even better!**
Start and enable
```
```shell
systemd-networkd
systemd-resolved
```
If you desire that any network manager cannot change the DNS servers, then execute `sudo chattr -i /etc/resolv.conf; sudo nano /etc/resolv.conf; sudo chattr +i /etc/resolv.conf` to insert the following content:
```
```shell
options timeout:1
nameserver 80.241.218.68
nameserver 46.182.19.48

2
KB/Linux/Server/Domains.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-08
tags: [note,archlinux,linux,domains]
---
# Domains
Add new domains
1. Add new listen inside `systemd-boot`

2
KB/Linux/Server/Hetzner/Storagebox.md
View file

@ -23,7 +23,7 @@ AA.....
## Create a compatible ssh key and transfer to the user
```
```shell
ssh-keygen-rsa id_rsa
ssh-keygen -e -f .ssh/id_rsa.pub | grep -v "Comment:" > .ssh/id_rsa_rfc.pub

2
KB/Linux/Server/Hetzner/Upgrades.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-08
tags: [note,linux,archlinux]
---
# Upgrades
This assumes, that you have `dotfiles-system` installed.
Upgrading the VM includes the following sub tasks:

10
KB/Linux/Server/PostgreSQL.md
View file

@ -3,11 +3,9 @@ creation date: 2022-01-08
tags: [note,linux,postgres,database,postgresql,psql,archlinux]
---
# PostgreSQL
## Commonly used
```
```shell
-- list all users
\du
@ -50,7 +48,7 @@ DROP USER <user>;
## Updating major versions
```
```shell
systemctl start postgresql.service // if not already running
chown postgres:postgres /var/lib/postgres
sudo -i -u postgres
@ -75,7 +73,7 @@ exit
* Backup existing instance:
```
```shell
// host
docker-compose down
cp -r <data-dir> <data-dir-bak>
@ -93,7 +91,7 @@ exit
```
* Change major version tag of container, e.g. edit `docker-compose`
* Restore old database dump
```
```shell
// host
docker-compose up -d
docker cp old_backup.sql <container-name>:/old_backup.sql

2
KB/Linux/Server/Remote unlocking at boot.md
View file

@ -3,8 +3,6 @@ creation date: 2022-07-18
tags: [ssh,cryptsetup,remote,unlock,crypt]
---
# Remote unlocking at boot
Guide borrowed from https://linux.fernandocejas.com/docs/guides/decrypt-luks-partition-remotely-via-ssh.
1. Install `pacman -S mkinitcpio-systemd-tool busybox cryptsetup openssh tinyssh tinyssh-convert mc`

12
KB/Linux/Server/SSH Guard, iptables.md
View file

@ -3,12 +3,10 @@ creation date: 2022-01-08
tags: [note,archlinux,linux,security,ssh,iptables]
---
# SSH Guard, iptables
## SSH
Disable weak ciphers by adding the following to the `sshd_config` file:
```
```shell
# Disable weak ciphers
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512
MACs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
@ -25,7 +23,7 @@ Ports `22` and `2222` will be monitored in this example.
Also see [here](https://wiki.archlinux.org/index.php/Sshguard#iptables).
```sh
```shell
# IPv4
iptables -N sshguard
iptables -A INPUT -m multiport -p tcp --destination-ports 22,2222 -j sshguard
@ -39,18 +37,18 @@ ip6tables-save > /etc/iptables/ip6tables.rules
Start with `systemctl enable --now sshguard` or restart afterwards with `systemctl restart sshguard` to apply or `ExecStartPre=` above in sshguard's systemd file.
```sh
```shell
ExecStartPre=/bin/bash -c '(while ! nc -z -v -w1 localhost 2222 > /dev/null; do echo "Waiting for port 2222 to open..."; sleep 15; done); sleep 10'
```
or create the following file and execute on every reboot with a certain, e.g. with
```sh
```shell
[Timer]
OnBootSec=1min
```
```sh
```shell
# IPv4
iptables -N sshguard && \
iptables -A INPUT -m multiport -p tcp --destination-ports 22,2222 -j sshguard && \

12
KB/Linux/Server/Security hardening.md
View file

@ -3,8 +3,6 @@ creation date: 2022-01-08
tags: [note,linux,archlinux,security,hardening]
---
# Security hardening
## ssh
`ssh-guard` allowed.
@ -12,14 +10,14 @@ tags: [note,linux,archlinux,security,hardening]
Execute the following
```
```shell
mkdir -p /etc/nginx/ssl
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
```
In `nginx.conf`, set the following inside the `http` block:
```
```shell
# security hardened
server_tokens off;
```
@ -27,7 +25,7 @@ server_tokens off;
For each `server` block, set the following
```
```shell
listen 443 ssl http2;
# enable session resumption to improve https performance
@ -59,7 +57,7 @@ access_log off;
## PHP
```
```shell
session.cookie_secure = true
session.use_only_cookies = 1
session.cookie_httponly = true
@ -69,7 +67,7 @@ session.cookie_httponly = true
Set maximum journal retention in `/etc/systemd/journald.conf`:
```
```shell
MaxRetentionSec=604800
MaxFileSec=86400
```

2
_Templates/Note Template.md
View file

@ -3,6 +3,6 @@ creation date: <% tp.date.now("YYYY-MM-DD") %>
tags: [note]
---
# <% tp.file.title %>