From 37306a13287247048a16c038be12dcbe0c0434cf Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Thu, 27 Apr 2023 22:11:34 +0200 Subject: [PATCH] chore: imported articles from the private kb --- .vscode/settings.json | 2 + knowledge base/armbian.md | 30 +++ ...create, mount and use an encrypted disk.md | 6 + knowledge base/cryptsetup.md | 94 +++++++ knowledge base/dd.md | 63 ++++- knowledge base/debian linux.md | 12 - knowledge base/debian.md | 32 +++ knowledge base/dual boot.md | 159 ++++++++++++ knowledge base/encrypted root filesystem.md | 65 +++++ knowledge base/helios4.md | 102 ++++++++ knowledge base/pdfunite.md | 33 +++ knowledge base/raspberry pi imager.md | 39 +++ knowledge base/saltstack.md | 240 ++++++++++++++++++ knowledge base/scan a document on linux.md | 63 +++++ 14 files changed, 926 insertions(+), 14 deletions(-) create mode 100644 knowledge base/armbian.md create mode 100644 knowledge base/cryptsetup.md delete mode 100644 knowledge base/debian linux.md create mode 100644 knowledge base/debian.md create mode 100644 knowledge base/dual boot.md create mode 100644 knowledge base/encrypted root filesystem.md create mode 100644 knowledge base/helios4.md create mode 100644 knowledge base/pdfunite.md create mode 100644 knowledge base/raspberry pi imager.md create mode 100644 knowledge base/saltstack.md create mode 100644 knowledge base/scan a document on linux.md diff --git a/.vscode/settings.json b/.vscode/settings.json index fa9e9f1..d018741 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -18,6 +18,7 @@ "chezmoi", "chsh", "compsize", + "cowsay", "cpulimit", "cryptsetup", "csma", @@ -94,6 +95,7 @@ "twrp", "usermod", "userspace", + "winget", "wlan", "zstd" ], diff --git a/knowledge base/armbian.md b/knowledge base/armbian.md new file mode 100644 index 0000000..067ad68 --- /dev/null +++ b/knowledge base/armbian.md @@ -0,0 +1,30 @@ +# Armbian + +Ultralight Linux distribution optimized for custom ARM, RISC-V or Intel hardware.
+Based on Debian. + +## Table of contents + +1. [TL:DR](#tldr) +1. [Further readings](#further-readings) +1. [Sources](#sources) + +## TL:DR + +## Further readings + +- [Website] +- [Debian] GNU/Linux + +## Sources + +All the references in the [further readings] section, plus the following: + + +[website]: https://www.armbian.com/ + + +[debian]: debian.md +[further readings]: #further-readings + + diff --git a/knowledge base/create, mount and use an encrypted disk.md b/knowledge base/create, mount and use an encrypted disk.md index 5ca4c9c..738beb9 100644 --- a/knowledge base/create, mount and use an encrypted disk.md +++ b/knowledge base/create, mount and use an encrypted disk.md @@ -42,6 +42,9 @@ sudo cryptsetup close '/dev/mapper/mapper_name' ## Further readings +- [`cryptsetup`][cryptsetup] +- [Encrypted root filesystem] + ## Sources All the references in the [further readings] section, plus the following: @@ -55,6 +58,9 @@ All the references in the [further readings] section, plus the following: [further readings]: #further-readings +[cryptsetup]: cryptsetup.md +[encrypted root filesystem]: encrypted%20root%20filesystem.md + [create an encrypted btrfs device]: scripts/create-an-encrypted-btrfs-device.sh [create an encrypted zfs device]: scripts/create-an-encrypted-btrfs-device.sh diff --git a/knowledge base/cryptsetup.md b/knowledge base/cryptsetup.md new file mode 100644 index 0000000..3225a0e --- /dev/null +++ b/knowledge base/cryptsetup.md @@ -0,0 +1,94 @@ +# Cryptsetup + +## TL;DR + +```sh +# crypt a device +sudo cryptsetup luksFormat /dev/sdb +sudo cryptsetup luksOpen /dev/sdb crypted-device +sudo mkfs.btrfs --label data /dev/mapper/crypted-device +sudo mount --types btrfs --options compress-force=zstd:3 /dev/mapper/crypted-device /media/data +sudo umount /media/data +sudo cryptsetup luksClose /dev/mapper/crypted-device +``` + +## Crypt a device + +1. create the luks partition + + ```sh + sudo cryptsetup luksFormat /dev/sdb + ``` + + as of cryptsetup version 2.3.4, this is equivalent to + + ```sh + cryptsetup --type luks2 --cipher aes-xts-plain64 --hash sha256 --iter-time 2000 --key-size 256 --pbkdf argon2i --sector-size 512 --use-urandom --verify-passphrase luksFormat device + ``` + +1. open the luks partition + + ```sh + sudo cryptsetup luksOpen /dev/sdb samsung_860_evo_1tb + ``` + +1. format the partition + + ```sh + sudo mkfs.btrfs --label samsung_860_evo_1tb /dev/mapper/samsung_860_evo_1tb + ``` + +1. mount the partition + + ```sh + sudo mount --types btrfs --options compress-force=zstd:0,nodev,nosuid,uhelper=udisks2 /dev/mapper/samsung_860_evo_1tb /mnt/samsung_860_evo_1tb + ``` + +1. do what you need +1. umount the partition + + ```sh + sudo umount /mnt/samsung_860_evo_1tb + ``` + +1. close the luks partition + + ```sh + sudo cryptsetup luksFormat /dev/sdb + ``` + +## Troubleshooting + +### The process is killed due to too much memory used + +Should you get the following result during any operation: + +```sh +$ sudo cryptsetup luksOpen /dev/sdb1 crypted-data +Enter passphrase for /dev/sdb1: *** +killed +``` + +it could be the process is using too much memory. +This is due to the LUKS2 format using by default the Argon2i key derivation function, that is so called _memory-hard function_ - it requires certain amount of physical memory (to make dictionary attacks more costly). + +The solution is simple; either: + +1. switch to LUKS1, or +2. use LUKS2, but switch to PBKDF2 (the one used in LUKS1); just add the `--pbkdf pbkdf2` option to luksFormat or to any command that creates keyslots, or +3. use LUKS2 but limit the memory assigned to Argon2i function; for example, to use up to 256kB just add the `--pbkdf-memory 256` option to the command as follows: + + ```sh + $ sudo cryptsetup luksOpen --pbkdf-memory 256 /dev/sdb1 lacie + Enter passphrase for /dev/sda1: *** + ``` + +## Further readings + +- [arch linux wiki] +- [btrfs man page] +- [High memory usage when opening a LUKS2 partition] + +[arch linux wiki]: https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption +[btrfs man page]: https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5) +[high memory usage when opening a luks2 partition]: https://gitlab.com/cryptsetup/cryptsetup/issues/372 diff --git a/knowledge base/dd.md b/knowledge base/dd.md index da448f8..b6bddf2 100644 --- a/knowledge base/dd.md +++ b/knowledge base/dd.md @@ -4,8 +4,24 @@ Convert and copy a file. ## TL;DR +N and BYTES values may be followed by the following multiplicative suffixes: + +| suffix | multiplication | +| ----------- | ------------------- | +| `c` | 1 | +| `w` | 2 | +| `b` | 512 | +| `kB` | 1000 | +| `K` | 1024 | +| `MB` | 1000 * 1000 | +| `M` or `xM` | 1024 * 1024 | +| `GB` | 1000 \* 1000 * 1000 | +| `G` | 1024 \* 1024 * 1024 | + +and so on for T, P, E, Z, Y. + ```sh -# Read 512 random Bytes for each iteration and save them . +# Read 512 random Bytes for each iteration and save them. dd if='/dev/urandom' of='output/file' count=2 bs=512 # Read 1000 Bytes for each iteration and save them while watching the progress. @@ -26,11 +42,54 @@ dd if=/dev/drive_device of=path/to/file.img status=progress # Restore a drive from an IMG file and show the progress: dd if=path/to/file.img of=/dev/drive_device status=progress + +# Create images from disks. +sudo dd if=/dev/mmcblk0 of=/tmp/mmcblk0.img conv=sync bs=4k +sudo dd if=/dev/sda conv=sync,noerror bs=64K | gzip -c > /mnt/sdb/disk.img.gz + +# Write an image to disk. +sudo dd if=/tmp/mmcblk0.img of=/dev/mmcblk0 conv=fsync oflag=direct bs=4M status=progress + +# Clone a disk on another disk. +sudo dd if=/dev/sda of=/dev/sdb conv=fsync bs=4M oflag=direct status=progress ``` +## Benchmark disks + +Use: + +- a single, bigger file for throughput (write speed) +- multiple, smaller files for latency + +```sh +dd \ + if=/dev/input.file of=/path/to/output.file \ + bs=block-size count=number-of-blocks \ + oflag=dsync status=progress +``` + +Examples: + +```sh +dd if=/dev/zero of=/tmp/test1.img bs=1G count=1 oflag=dsync +dd if=/dev/zero of=/tmp/test2.img bs=64M count=1 oflag=dsync +dd if=/dev/zero of=/tmp/test3.img bs=1M count=256 conv=fdatasync +dd if=/dev/zero of=/tmp/test4.img bs=8k count=10k +dd if=/dev/zero of=/tmp/test4.img bs=512 count=1000 oflag=dsync +``` + +## Further readings + ## Sources -- [cheat.sh] +All the references in the [further readings] section, plus the following: +- [cheat.sh] +- [Linux and Unix Test Disk I/O Performance With dd Command] + + + [cheat.sh]: https://cheat.sh/dd +[how to create a disk image in linux]: https://itstillworks.com/clone-hard-drive-ubuntu-6884403.html +[linux and unix test disk i/o performance with dd command]: https://www.cyberciti.biz/faq/howto-linux-unix-test-disk-performance-with-dd-command/ diff --git a/knowledge base/debian linux.md b/knowledge base/debian linux.md deleted file mode 100644 index feb8d2a..0000000 --- a/knowledge base/debian linux.md +++ /dev/null @@ -1,12 +0,0 @@ -# Debian GNU/Linux - -## Further readings - -- The [APT] package manager -- [Dpkg] -- [Advice for new users on not breaking their Debian system] - -[apt]: apt.md -[dpkg]: dpkg.md - -[advice for new users on not breaking their debian system]: https://wiki.debian.org/DontBreakDebian diff --git a/knowledge base/debian.md b/knowledge base/debian.md new file mode 100644 index 0000000..5b058ba --- /dev/null +++ b/knowledge base/debian.md @@ -0,0 +1,32 @@ +# Debian GNU/Linux + +## Table of contents + +1. [TL:DR](#tldr) +1. [Further readings](#further-readings) +1. [Sources](#sources) + +## TL:DR + +## Further readings + +- The [APT] package manager +- [`dpkg`][dpkg] +- [Armbian] + +## Sources + +All the references in the [further readings] section, plus the following: + +- [Advice for new users on not breaking their Debian system] + + +[advice for new users on not breaking their debian system]: https://wiki.debian.org/DontBreakDebian + + +[armbian]: armbian.md +[apt]: apt.md +[dpkg]: dpkg.md +[further readings]: #further-readings + + diff --git a/knowledge base/dual boot.md b/knowledge base/dual boot.md new file mode 100644 index 0000000..fdec117 --- /dev/null +++ b/knowledge base/dual boot.md @@ -0,0 +1,159 @@ +# Dual boot + +The process was conducted on a Dell XPS 13 2-in-1 7390 (2019) with specs: + +- CPU: i7-1065G7 +- Screen: 4K Touch +- RAM: 32 GB +- Drive: 1TB NVMe ssd +- Windows 10 Home license +- BIOS version: 1.14.0 + +Notes: + +- FIXME: Suprisingly, Ubuntu's update manager supports BIOS updates out of the box (make sure you're connected to power then run `sudo fwupdmgr refresh; sudo fwupdmgr update`) + +This installation did **not** require to disable TPM nor Secure Boot. + +Steps for all procedures: + +1. in Windows: + - shrink the system partition to make space for linux + - disable fast boot +1. in the bios, change disk mode from Intel's _RAID_ (Rapid .. .. Disk) to **AHCI** (.. .. .. ..) + +## Create the installation media + +1. Create Windows installation USB stick + - Download .ISO file from Microsoft's webpage + - Create bootable USB using [WoeUSB](https://github.com/slacka/WoeUSB) - do not use Startup Disk Creator utility or the Disks app, won't work for Windows installation media) +1. Create Linux installation USB stick + - Download .ISO file from the distribution's webpage + - Create bootable USB using "whatever" (gnome disks or Startup Disk Creator utility) +1. Go to BIOS (F12) and switch from SSD's **RAID** mode to **AHCI** mode + +## Fedora + +- UEFI boot +- windows 10 +- fedora 32 workstation + +Automatic partitioning works right away + +1. start the installation media +1. select the language and locale +1. select partitioning + - select automatic partitioning + - enable the "I want to recover some space" tickbox + - enable the "I want to encrypt my data" tickbox +1. select the empty space or delete useless partitions; be sure to preserve Windows' partitions +1. select the timezone if needed +1. start the installation + +## Ubuntu + +- based on [`luispabon`'s gist][luispabon's gist], which is based on [`mdziekon`'s gist][mdziekon's gist] +- installation date: FIXME +- UEFI boot +- windows 10 +- ubuntu 20.04 + +The process describes a completely fresh installation with complete repartitioning, however it should work fine when Windows is already installed (eg. brand new machine with Windows preinstalled) as long as Windows already boots with UEFI. + +### Partitioning + +1. Boot into an ubuntu live cd session +1. Open gparted +1. Delete all partitions on disk +1. Create GPT partition table: `device` > `new partition table` > choose `GPT` (this is required for EFI) +1. Create the following: + 1. 550MiB FAT32 (label EFI - label is for our own benefit, doesn't actually mark this partition as EFI) + 1. 550MiB EXT4 (for Linux boot) + 1. Create your windows partitions as NTFS + 1. Leave enough unallocated space for Ubuntu. Don't create a partition here yet - Windows needs to automatically create an additional 16MiB partition during installation. Dunno what it is for tbh. +1. Apply changes +1. Right click on the FAT32 partition you created for EFI partition above > `manage flags`. Set `esp` (`boot` might auto-check itself too). This will mark the partition to use as EFI by both Windows and Ubuntu installations. You might need to apply changes again. + +### Install Windows + +1. Boot from the windows usb pendrive +1. Install Windows on whatever partition you created earlier +1. Windows is done at this point - you could go in and setup windows (encryption, drivers, etc) but I'd recommend to set up ubuntu first - the process, if done wrong, can potentially bork your set up and you'll need to start again. + +### Install Ubuntu + +1. Boot into ubuntu live cd session +1. Open gparted, create a single ext4 partition with unallocated space. This will be for lvm/luks. The filesystem does not matter, we simply need to create a partition here so that it's allocated a device node and shows in `/dev`). +1. Create LUKS container on this partition (assuming the partition device is `/dev/nvme0n1p5`): + - `sudo cryptsetup luksFormat /dev/nvme0n1p5` <-- `luksFormat` is case sensitive + - `sudo cryptsetup luksOpen /dev/nvme0n1p5 cryptdrive` <-- `luksOpen` is case sensitive + - `sudo dd if=/dev/zero of=/dev/mapper/cryptdrive bs=16M` <-- optional, this is to ensure nothing can be recovered from before this install you're doing. Took 2h on my 652 GiB partition. +1. Create LVM physical volume, a volume group & logical volumes: + - Volumes are sized as follows (example, you should create as many partitions as you need): + - OS drive: `60GB` + - Swap: `16GB` + - Home: `rest` + - Commands (add extra lvcreate steps if you have more partitions): + - `sudo pvcreate /dev/mapper/cryptdrive` + - `sudo vgcreate vglinux /dev/mapper/cryptdrive` + - `sudo lvcreate -n root -L 60g vglinux` + - `sudo lvcreate -n swap -L 16g vglinux` + - `sudo lvcreate -n home -l 100%FREE vglinux` +1. Start the installation process using GUI: + - Connect to WiFi network + - When asked what to do with the disk, pick the option that allows you to manually repartition stuff (IIRC it was labelled `Something else` on 19.04 installer): + - Pick `/dev/mapper/vglinux-root` as `ext4` FS & mount it to `/` + - Pick `/dev/mapper/vglinux-home` as `ext4` FS & mount it to `/home` + - Pick `/dev/mapper/vglinux-swap` as `swap` + - Do the same as above if you have extra partitions + - Pick `/dev/nvme0n1p2` (created on step 2.5.1) as `ext4` FS & mount it to `/boot` + - Without doing this, installation will fail when configuring GRUB + - Pick "boot drive" (the select list at the bottom, this is where GRUB goes) and assign it to `/dev/nvme0n1p2` or `/dev/nvem0n1` + - Proceed with the installation +1. After GUI installation completes, stay within the Live USB environment +1. Check the UUID of the LUKS drive: + - `sudo blkid /dev/nvme0n1p5` + - Example output: `/dev/nvme0n1p5: UUID="abcdefgh-1234-5678-9012-abcdefghijklm" TYPE="crypto_LUKS"` +1. Mount root & boot drives and chroot into the main mount: + - `sudo mount /dev/mapper/vglinux-root /mnt` + - `sudo mount /dev/nvme0n1p2 /mnt/boot` + - `sudo mount --bind /dev /mnt/dev` + - `sudo chroot /mnt` + - `mount -t proc proc /proc` + - `mount -t sysfs sys /sys` + - `mount -t devpts devpts /dev/pts` +1. In chroot env, configure `crypttab` allowing to boot Ubuntu with Encryption unlocker + - `sudo nano /etc/crypttab`: + + ```text + # + # options used: + # luks - specifies that this is a LUKS encrypted device + # tries=0 - allows to re-enter password unlimited number of times + # discard - allows SSD TRIM command, WARNING: potential security risk (more: "man crypttab") + # loud - display all warnings + cryptdrive UUID=abcdefgh-1234-5678-9012-abcdefghijklm none luks,tries=0,discard,loud + ``` + + - `update-initramfs -k all -c` +1. Reboot into Ubuntu + +### Ubuntu Tweaks for XPS 9560 + +1. XPS 9560 doesn't really need any workarounds or acpi boot options anymore with Ubuntu 19.04. Have a look if there's something that doesn't work. No need to download any firmware anymore for the killer wifi (always worked fine for me) +1. Undervolt? I have a systemd service to run `undervolt.py --core -125 --cache -125 --gpu -100`, helps a little with power consumption and temps, especially under heavy load (around 8-10 deg C). + +### Reinstall Ubuntu + +If you need to reinstall ubuntu, you should be able to jump to #4 directly. If you aren't changing your partition layout, you can go straight to #4.4 (install ubuntu), but don't forget to run `sudo cryptsetup luksOpen /dev/nvme0n1p5 cryptdrive` to mount the encrypted partition. If in doubt, just start from #4 and recreate your crypt drive. + +### Additional notes + +- Ubuntu (GRUB) is the default boot option, both Ubuntu and Windows should be there +- Additionally, you can bring up the UEFI boot screen pressing F12 as soon as you turn on the laptop + +## Further readings + +[luispabon's gist]: https://gist.github.com/luispabon/db2c9e5f6cc73bb37812a19a40e137bc +[mdziekon's gist]: https://gist.github.com/mdziekon/221bdb597cf32b46c50ffab96dbec08a +[ubuntu wiki community]: https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019 diff --git a/knowledge base/encrypted root filesystem.md b/knowledge base/encrypted root filesystem.md new file mode 100644 index 0000000..1f8e635 --- /dev/null +++ b/knowledge base/encrypted root filesystem.md @@ -0,0 +1,65 @@ +# Encrypted root filesystem + +## Avoiding to type the passphrase twice + +Add a key file to your initrd so that you only type the decryption passphrase in the bootloader. + +This should only be done in an encrypted root partition that includes `/boot`, since having the initrd on an unencrypted `/boot` partition would defeat encrypting your root partition. + +1. generate a new key + + ```sh + sudo dd if=/dev/urandom of=/.root.key bs=1024 count=1 + ``` + +1. make the key file only readable by `root`: + + ```sh + sudo chmod 600 /.root.key + sudo chown root:root /.root.key + ``` + +1. register the key file as a valid way to decrypt your root partition: + + ```sh + sudo cryptsetup luksAddKey /dev/sda1 /.root.key + ``` + +1. edit `/etc/crypttab` adding the key file to the third column of the row that pertains to the root partition by UUID: + + ```text + cr_sda1 UUID=... /.root.key + ``` + +1. add the key file to the initrd + + ```sh + # suse + echo -e 'install_items+=" /.root.key "' | sudo tee --append /etc/dracut.conf.d/99-root-key.conf > /dev/null + ``` + +1. make `/boot` accessible to `root` only to prevent non-`root` users to read the initrd and extract the key file: + + ```sh + sudo chmod 700 /boot + ``` + + to ensure that new permissions are not overwritten at a later timepoint, add the following line to `/etc/permissions.local`: + + ```text + /boot/ root:root 700 + ``` + +If you have other encrypted partitions (e.g. `/home`, `swap`, etc), you can create additional keys to mount them without entering a passphrase. +This works exactly as described above in steps 1-4, except that you don't need to add the key for those partitions to the initrd. + +## Further readings + +- [Avoiding to type the passphrase twice] on the [openSUSE wiki] +- [Encrypting an entire system] on the [Archlinux wiki] + +[Avoiding to type the passphrase twice]: https://en.opensuse.org/SDB:Encrypted_root_file_system#Avoiding_to_type_the_passphrase_twice +[Encrypting an entire system]: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system + +[archlinux wiki]: https://wiki.archlinux.org +[openSUSE wiki]: https://en.opensuse.org/ diff --git a/knowledge base/helios4.md b/knowledge base/helios4.md new file mode 100644 index 0000000..50a71ca --- /dev/null +++ b/knowledge base/helios4.md @@ -0,0 +1,102 @@ +# Helios4 + +## Table of contents + +1. [TL:DR](#tldr) +1. [OS installation](#os-installation) +1. [First boot](#first-boot) +1. [Connect to the Helios4 using a serial console](#connect-to-the-helios4-using-a-serial-console) + 1. [First login](#first-login) +1. [Configuration](#configuration) +1. [Further readings](#further-readings) +1. [Sources](#sources) + +## TL:DR + +## OS installation + +See the official [installation guide] for details. + +Requirements: + +1. MicroSD card, possibly UHS-I or greater with 8GB free.
+ Suggested models: + + - SanDisk Extreme microSDHC UHS-I (32GB) + - SanDisk Extreme PRO microSDHC UHS-I (32GB) + - Strontium Nitro MicroSD (16GB) + - Samsung microSDHC UHS-I EVO Plus (32GB) + + Refer to the [SD Card page][tested microsd cards] for a compatibility list of SD Card models. + +1. USB to microUSB cable. +1. Ethernet cable category 5 or higher. + +Procedure: + +1. Download the ISO from the [download page]. +1. Copy the ISO to the SD card and make it bootable: + + - using [balenaetcher]; + - using the CLI: + + ```sh + zcat 'Armbian_20.05.2_Helios4_buster_current_5.4.43.img.gz' \ + | pv \ + | sudo dd of='/dev/mmcblk0' bs='1M' conv='fsync' + ``` + +## First boot + +Connect the device in order: + +1. inserted the microSD card; +1. connect your computer to the serial port with the Micro-USB to USB cable; +1. connect the device to the network with the Ethernet cable; +1. properly plug in the DC power connector before plugging the AC adapter into the wall. + +Now, connect the power adapter. + +## Connect to the Helios4 using a serial console + +```sh +brew install 'picocom' +sudo apt install 'picocom' +sudo yum install 'picocom' + +sudo picocom -b '115200' '/dev/ttyUSB0' + +# Alternatively. +screen '/dev/tty.usbserial-XXXXXXXX' '115200' -L +``` + +### First login + +Username: `root` +Password: `1234` + +## Configuration + +```sh +sudo armbian-config +``` + +## Further readings + +- [Armbian] + +## Sources + +All the references in the [further readings] section, plus the following: + + +[download page]: https://wiki.kobol.io/download/#helios4 +[installation guide]: https://wiki.kobol.io/helios4/install/ +[tested microsd cards]: https://wiki.kobol.io/helios4/sdcard/#tested-microsd-card + + +[armbian]: armbian.md +[further readings]: #further-readings + + +[balenaetcher]: http://etcher.io/ diff --git a/knowledge base/pdfunite.md b/knowledge base/pdfunite.md new file mode 100644 index 0000000..5992b21 --- /dev/null +++ b/knowledge base/pdfunite.md @@ -0,0 +1,33 @@ +# PDFUnite + +Merges several PDF files in order of input to one PDF result file.
+None of the files in input can be encrypted. + +## Table of contents + +1. [TL:DR](#tldr) +1. [Further readings](#further-readings) +1. [Sources](#sources) + +## TL:DR + +```sh +sudo apt install 'poppler-utils' +pdfunite 'page-1.pdf' … 'page-N.pdf' 'output.pdf' +``` + +## Further readings + +- [Website] + +## Sources + +All the references in the [further readings] section, plus the following: + + +[website]: https://poppler.freedesktop.org/ + + +[further readings]: #further-readings + + diff --git a/knowledge base/raspberry pi imager.md b/knowledge base/raspberry pi imager.md new file mode 100644 index 0000000..be63c8e --- /dev/null +++ b/knowledge base/raspberry pi imager.md @@ -0,0 +1,39 @@ +# Raspberry Pi Imager + +## Table of contents + +1. [TL:DR](#tldr) +1. [Advanced options](#advanced-options) +1. [Further readings](#further-readings) +1. [Sources](#sources) + +## TL:DR + +```ps1 +winget install RaspberryPiFoundation.RaspberryPiImager +``` + +## Advanced options + +Press `ctrl` + `shift` + `x` on the main screen to bring up the advanced options dialog. + +These options can be set for the current session only or for all sessions. + +## Further readings + +- [Raspberry Pi OS] + +## Sources + +All the references in the [further readings] section, plus the following: + +- [Raspberry Pi Imager Now Comes With Advanced Options] + + + + +[further readings]: #further-readings +[raspberry pi os]: raspberry%20pi%20os.md + + +[raspberry pi imager now comes with advanced options]: https://www.tomshardware.com/news/raspberry-pi-imager-now-comes-with-advanced-options diff --git a/knowledge base/saltstack.md b/knowledge base/saltstack.md new file mode 100644 index 0000000..b2fb437 --- /dev/null +++ b/knowledge base/saltstack.md @@ -0,0 +1,240 @@ +# Saltstack + +## Table of contents + +1. [TL:DR](#tldr) +1. [Key management](#key-management) +1. [Execute commands on minions](#execute-commands-on-minions) +1. [Targeting](#targeting) +1. [States](#states) + 1. [Create states](#create-states) + 1. [Apply states](#apply-states) +1. [The Top file](#the-top-file) + 1. [Create the Top file](#create-the-top-file) +1. [Formulas repo](#formulas-repo) +1. [Batch size](#batch-size) +1. [Terminology](#terminology) +1. [Further readings](#further-readings) +1. [Sources](#sources) + +## TL:DR + +```sh +# View all minion connections with their status. +salt-key --list all + +# Accept minions' keys. +salt-key --accept='key' +salt-key --accept-all + +# Test minions for reachability. +salt '*' test.ping +salt -L 'minion-1,minion-2' test.ping +salt --batch-size 10 '*' test.ping + +# Run a shell command. +salt '*' cmd.run 'ls -l /etc' +salt -G 'os:Ubuntu' cmd.run 'echo bye' + +# Show disk usage. +salt '*' disk.usage +salt 'minion-1' disk.usage + +# Install packages. +salt '*' pkg.install 'cowsay' +salt -E 'minion[0-9]' pkg.install 'parallel' + +# List network interfaces. +salt '*' network.interfaces +salt -C 'G@os:Ubuntu and minion* or S@192.168.50.*' network.interfaces +``` + +## Key management + +Will use `salt-key`. +This needs to be done on the **master** host. + +- View all minion connections and whether the connection is accepted, rejected, or pending: + + ```sh + salt-key --list all + ``` + +- Before a minion can connect, you must accept its key: + + ```sh + salt-key --accept='key' + salt-key --accept-all + ``` + +## Execute commands on minions + +**After** you have accepted each key, you can send a command from your master host. + +All managed systems simultaneously and immediately execute the command, then return the output to the master. + +```sh +# Test minions for reachability. +salt '*' test.ping + +# Run a shell command. +salt '*' cmd.run 'ls -l /etc' + +# Show disk usage. +salt '*' disk.usage + +# Install a package. +salt '*' pkg.install cowsay + +# List network interfaces. +salt '*' network.interfaces +``` + +## Targeting + +_Targeting_ is how you select minions when running commands, applying configurations, and when doing almost anything else in SaltStack that involves a minion. + +```sh +# Target specific minions. +salt 'minion1' disk.usage +salt -L 'minion1,minion2' test.ping + +# Target a set of minions using globbing. +salt 'minion*' disk.usage + +# Target a set of minions using the grains system. +salt -G 'os:Ubuntu' test.ping + +# Target a set of minion using regular expressions. +salt -E 'minion[0-9]' test.ping + +# Mix them all up. +salt -C 'G@os:Ubuntu and minion* or S@192.168.50.*' test.ping +``` + +## States + +SaltStack configuration management lets you create re-usable configuration templates, called _states_, that describe everything required to put a system component or application into a known configuration.
+States are described using YAML, making them simpler to create and read. + +Commands in state files are executed from top to bottom. The requisite system lets you explicitly determine the order. + +### Create states + +Just create a YAML file like this: + +```yaml +install_network_packages: + pkg.installed: + - pkgs: + - rsync + - lftp + - curl +``` + +and give it the `.sls` extension. + +### Apply states + +Use the `state.apply` command to apply a state from the command line on the master host. + +```sh +salt 'minion2' state.apply 'nettools' +``` + +It will return an output that will list the changes made by the state. + +The functions are idempotent, so applying the state twice will return an output that says everything is already OK and no changes have been made. + +## The Top file + +Top files apply multiple state files to minions. What states are applied to each system are determined by the targets that are specified in the Top file. + +### Create the Top file + +Each system can receive multiple configurations.
+Start with the most general configurations, and work your way down to the specifics. + +Targets are used within the Top file to define which states are applied to which minion.
+When the Top file is evaluated, minions execute all states that are defined for **any** target they match. + +For example, if you apply a Top file like this one: + +```yaml +base: + '*': + - vim + - scripts + - users + '*web*': + - apache + - python + - django + '*db*': + - mysql +``` + +a system with a minion ID of `atl-web4-prod` would apply the `vim`, `scripts`, `users`, `apache`, `python`, and `django` states. + +Now create the following `top.sls` file: + +```yaml +base: + '*': + - common + 'minion1': + - nettools +``` + +and, on your master, run the following command to apply the Top file: + +```sh +salt '*' state.apply +``` + +`minion1` and `minion2` will both apply the `common` state, and `minion1` will also apply the `nettools` state. + +## Formulas repo + +The Salt Community provides a vast repository of Formulas at . + +## Batch size + +Limit how many systems are updated at once using the `--batch-size` option: + +```sh +salt --batch-size 10 '*' state.apply +``` + +## Terminology + +| Term | Definition | +| ---- | ---------- | +| Formula | A collection of Salt state and Salt pillar files that configure an application or system component. Most formulas are made up of several Salt states spread across multiple Salt state files. | +| State | A reusable declaration that configures a specific part of a system. Each Salt state is defined using a state declaration. | +| State Declaration | A top level section of a state file that lists the state function calls and arguments that make up a state. Each state declaration starts with a unique ID. | +| State Functions | Commands that you call to perform a configuration task on a system. | +| State File | A file with an SLS extension that contains one or more state declarations. | +| Pillar File | A file with an SLS extension that defines custom variables and data for a system. | + +## Further readings + +- [Installation] +- [States] +- [Targeting] +- [Top files][top] + +## Sources + +All the references in the [further readings] section, plus the following: + + +[installation]: https://docs.saltstack.com/en/getstarted/fundamentals/install.html +[states]: https://docs.saltstack.com/en/getstarted/fundamentals/states.html +[targeting]: https://docs.saltstack.com/en/getstarted/fundamentals/targeting.html +[top]: https://docs.saltstack.com/en/getstarted/fundamentals/top.html + + +[further readings]: #further-readings + + diff --git a/knowledge base/scan a document on linux.md b/knowledge base/scan a document on linux.md new file mode 100644 index 0000000..5dd39bd --- /dev/null +++ b/knowledge base/scan a document on linux.md @@ -0,0 +1,63 @@ +# Scan a document on Linux + +## Table of contents + +1. [TL;DR](#tldr) +1. [Procedure](#procedure) +1. [Further readings](#further-readings) +1. [Sources](#sources) + +## TL;DR + +```sh +# Manjaro. +sudo pamac install 'sane-airscan' 'skanlite' +``` + +## Procedure + +Install: + +- the `sane-airscan` package, if the scanner is known to work in driverless mode; +- the `sane` package to use old driver-based scanning. + +If the scanner is using a USB connection, make sure to also install the `ipp-usb` package and start/enable the `ipp-usb` service to allow using IPP protocol over USB connection. + +Many modern scanners will immediately work over the network as long as you have `sane-airscan` installed. + +SANE has lots of front ends, a non-exhaustive list of which can be found on the [sane project website][sane frontends]: + +- [Simple Scan]: a simplified GUI intended to be easier to use and better integrated into the GNOME desktop than `XSane` is; +- [Skanlite]: a simple image scanning application; it does nothing more than scan and save images, and is based on the KSane backend; +- [XSane]: a full-featured GTK-based frontend; looks a bit old but provides extended functionalities. + +Some OCR software are able to scan images using SANE, like gImageReader, [gscan2pdf], Linux-Intelligent-Ocr-Solution, [OCRFeeder] and [Paperwork]. + +## Further readings + +- [SANE] +- [gscan2pdf] +- [ocrfeeder] +- [paperwork] +- [simple scan] +- [skanlite] + +## Sources + +All the references in the [further readings] section, plus the following: + +- [SANE frontends] + + +[sane frontends]: http://www.sane-project.org/sane-frontends.html +[sane]: https://wiki.archlinux.org/title/SANE + + +[further readings]: #further-readings + + +[gscan2pdf]: https://en.wikipedia.org/wiki/Scanner_Access_Now_Easy#gscan2pdf +[ocrfeeder]: https://en.wikipedia.org/wiki/OCRFeeder +[paperwork]: https://openpaper.work/ +[simple scan]: https://gitlab.gnome.org/GNOME/simple-scan +[skanlite]: https://www.kde.org/applications/graphics/skanlite