my minimal zshrc and bashrc with completion

Install grml-zsh-config from repository, if you don’t want it minimal.

More minimal version is posted in the following link.
https://tech.wildduck.xyz/post/minimal-zshrc/

## Aliases
alias ls='ls --color=auto'
alias vi='vim'
alias ssh='TERM=xterm-256color ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'

# Paths
export PATH=$PATH:~/bin

# Prompt
PROMPT=[%n@%m\ %c\]%(!.#.$)\

# History
HISTFILE=.zsh_history
HISTSIZE=1000
SAVEHIST=1000
setopt EXTENDED_HISTORY
setopt HIST_FIND_NO_DUPS
setopt INC_APPEND_HISTORY

# Keybind
# For the control code, open your terminal and press ctrl+v and press whatever key you want to assign.
# Keybind
bindkey '^[OC' forward-word
bindkey '^[Oc' forward-word
bindkey '^[[1;5C' forward-word
bindkey '^[OD' backward-word
bindkey '^[Od' backward-word
bindkey '^[[1;5D' backward-word
bindkey '^[[1~' beginning-of-line
bindkey '^[[7~' beginning-of-line
bindkey '^[OH' beginning-of-line
bindkey '\033[H' beginning-of-line
bindkey '^[[1;6D' beginning-of-line
bindkey '^[[8~' end-of-line
bindkey '^[[4~' end-of-line
bindkey '^[OF' end-of-line
bindkey '\033[F' end-of-line
bindkey '^[[1;6C' end-of-line
bindkey '^[[3~' delete-char

# Completion
autoload -Uz compinit
compinit
# Spelling correction
setopt correct
# Auto cd
setopt autocd

bashrc


# History
HISTTIMEFORMAT="%d/%m/%Y %T "

# Bash-completion options
shopt -s autocd
shopt -s cdspell
shopt -s extglob
shopt -s histappend
shopt -s lithist
shopt -s dotglob
shopt -s nocaseglob
shopt -s nocasematch

IPSEC over L2TP access from Arch Linux (With Strongswan and xl2tpd)

The setup will differ by the destination VPN server’s configuration.
It is much easier if you know the endpoint configuration. If you don’t,
you will have to capture packets on a client that is able to establish an
ipsec connection.
In my opinion, Windows implementation of IPSEC/L2TP client
is pretty thorough and also common, so it should be a good client to test.

In my case, I captured packets on Windows and got the server side’s setting of IKE
parameters of ISAKMP packets.

Here is my configuration.

1.
I had to add “send_vendor_id = yes” to “/etc/strongswan.conf” in order to
initiate Quicki mode( phase 2 ) communication.
Most of the IPSEC/L2TP implementation requires vendor ID to be sent…

charon {
load_modular = yes
send_vendor_id = yes
plugins {
include strongswan.d/charon/*.conf
}
}

2.
Next thing to set up is ipsec.conf.
I had to change ike and esp parameters according to
the packets from server which I got on Windows.
Make your “right” is IP address of VPN server(Global IP)
In my case IKE key exchange failed due to it.
ikelifetime may have to be changed, too.

There may be a way to set strongswan to accept
any encryption and hash methods. But I did not bother.

conn name will be used later, so name it cool.


config setup
charondebug=”ike 4, knl 4, cfg 2″

conn l2tp-psk
authby = secret
auto = add
keyexchange = ikev1
type = transport
left = %any
leftprotoport=17/1701
right = "VPN SERVER's IP ADDRESS. NOT A DOMAIN NAME!"
rightprotoport=17/1701
ike = aes256-sha1-modp2048
ikelifetime = 8h
esp = aes256-sha1-modp2048

3.
Next thing to set up is ipsec.secrets.
%any should be changed according to your needs.

%any %any : PSK "Presharekey-passphrase"

4.
Configure xl2tpd

/etc/xl2tpd/xl2tpd.conf
[lac l2tp-psk]
lns = "Same as "right" in ipsec.conf"
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes

/etc/ppp/options.l2tpd

ipcp-accept-local
ipcp-accept-remote
refuse-eap
require-mschap-v2
noccp
noauth
idle 1800
mtu 1410
mru 1410
defaultroute
usepeerdns
debug
lock
connect-delay 5000
name "Username"
password "user's password"

5.
Connect to the VPN Server

ipsec start
ipsec up l2tp-psk
systemctl start xl2tpd
echo "c l2tp-psk" > /var/run/xl2tpd/l2tp-control

Add routing and you are done!

Snapshot with BTRFS (On remote volume)

Run the bash script below.
Change the srcdir, dstdir, mt (mount point), old (for deleting 365 days older backups) variable to your preference.

#!/bin/bash

## Variable declaration
# date string for the subvolume name of a remote backup
datetime=`date +%d-%h-%Y_%H-%M`
# Local snapshot subvolume
srcdir="/snapshot"
# Remote snapshot subvolume
dstdir="/mnt/2tbhdd/Snapshot"

# Check if whether the destination Volume is mounted. If not, exit the script
if [ `df | grep -c 2tbhdd` -eq 0 ]; then
printf "backup destination is not mounted\n"
exit 1
fi

# Check if there is an original snapshot locally for creating an inceremental backup. If not, start the initial backup
if [ ! -d "$srcdir" ]; then
printf "Issuing an initial backup\n"
btrfs subvolume snapshot -r / ${srcdir}
printf "Copy snapshot to remote destinatioin"
btrfs send ${srcdir} | btrfs receive ${dstdir}
sync
fi

# Start incremental backup from the local snapshot subvolume
printf "Creating a local snapshot\n"
btrfs subvolume snapshot -r / ${srcdir}_${datetime}
sync
printf "Copying incremental snapshot to remote destination\n"
btrfs send -p ${srcdir} ${srcdir}_$datetime | btrfs receive ${dstdir}

# Replace the original subvolume with the snapshot newly created snapshot
printf "Replace the original subvolume with the snapshot newly created snapshot\n"
btrfs subvolume delete ${srcdir}
printf "Renaming the subvolume"
mv ${srcdir}_$datetime ${srcdir}

# Delete snapshots older than a year on remote volume.
old=`find ${dstdir} -maxdepth 1 -mtime +365`
if [ -z "$old" ]; then
printf "no older backups\n"
else
printf "Deleting snapshot more than one year old."
find ${dstdir} -maxdepth 1 -mtime +365 -exec btrfs subvolume delete {} \;
fi

IPIP tunnel with Linux (IP in IP)

ip tunnel add tun0 mode ipip local “GLOBAL IP “remote “GLOBAL IP”
ip link set tun0 up
ip addr add “LOCAL IP” dev tun0

Raspberry Pi 2 (Arch)

Notes

parted /dev/mmcblk0
unit mib
mklabel msdos
mkpart
p
fat32
2
130

mkpart
p
ext4
130
-1

mkfs.vfat /dev/mmcblk0p1
mkfs.ext4 /dev/mmcblk0p2

mount /dev/mmcblk0p2 /mnt
mkdir /mnt/boot
mount /dev/mmcblk0p1 /mnt/boot
cd /mnt
bsdtar -xpf ../ArchLinuxARM-rpi-2-latest.tar.gz

—BOOT RASPBERRY PI2—
ssh(root/root is the default for arch)

pacman -Syu
pacman -S vim-minimal
vim /etc/locale.gen

localectl set-locale LANG=en_GB.UTF-8
timedatectl set-timezone Asia/Tokyo
timedatectl set-local-rtc 0
timedatectl set-ntp true

vim /etc/systemd/timesyncd.conf
systemctl start systemd-timesyncd
systemctl enable systemd-timesyncd
systemctl start systemd-resolved
systemctl enable systemd-resolved
ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

vim /etc/systemd/network/eth0.network

pacman -Rsn nano reiserfsprogs s-nail openresolv net-tools netctl

–GUI–
pacman -S xf86-video-fbdev xorg-server xorg-xinit xfce4-panel xfce4-session xfwm4 rxvt-unicode

Arch Linux Pure systemd installation with UEFI enabled

1. parted -a optimal /dev/sda
mklabel gpt
unit mib
mkpart esp fat32 2 262
mkpart primary btrfs 262 -1
quit
mkfs.fat -F32 /dev/sda1
mkfs.btrfs /dev/sda2
mount /dev/sda2 /mnt
mkdir -p /mnt/boot
mount /dev/sda1 /mnt/boot
vim /etc/pacman.d/mirrorlist
pacstrap -i /mnt base base-devel
genfstab -U -p /mnt >> /mnt/etc/fstab
vi /mnt/etc/fstab a
dd below to btrfs partition (for ssd)
noatime,discard,ssd,autodefrag,compress=lzo,space_cache
arch-chroot /mnt /bin/bash
passwd
pacman -S dosfstools efibootmgr gummiboot
gummiboot –path=/boot install
vi /boot/loader/entries/arch.conf
title Arch Linux linux /vmlinuz-linux
initrd /initramfs-linux.img
options root=/dev/sda2 rw
vi /boot/loader/loader.conf
default arch timeout 1
umount /mnt/boot umount /mnt
reboot

vi /etc/locale.gen
locale-gen
localectl set-locale LANG=en_GB.UTF-8
timedatectl list-timezones
timedatectl set-timezone Asia/Tokyo
timedatectl set-local-rtc 0
timedatectl set-ntp true

vi /etc/systemd/timesyncd.conf
[Time] NTP=ntp.nict.jp

systemctl start systemd-timesyncd
systemctl enable systemd-resolved
ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
hostnamectl set-hostname myhostname
localectl set-keymap jp106

2. GUI
pacman -S xf86-video-intel xorg-server xorg-xinit thunar xfce4-panel xfce4-session xfce4-settings xfdesktop xfwm4 rxvt-unicode

3.networking
cat /etc/systemd/network/wlp3s0.network
[Match]
Name=wlp3s0

[Network]
DHCP=v4

[DHCP]
RouteMetric=20

cat /etc/systemd/network/enp0s25.network
[Match]
Name=enp0s25

[Network]
[Match]
Name=meth0

[Network]
DHCP=v4

[DHCP]
RouteMetric=10

cat /etc/systemd/network/meth0.netdev
[NetDev]
Name=meth0
Kind=macvlan
MACAddress=f0:de:f1:66:a8:14

[MACVLAN]
Mode=bridge

cat /etc/wpa_supplicant/wpa_supplicant-wlp3s0.conf
#Home
network={
ssid=”ssid-name”
key_mgmt=WPA-PSK
psk=”password”
}

systemctl enable wpa_supplicant@wlp3s0
systemctl start wpa_supplicant@wlp3s0
systemctl start systemd-networkd
systemctl enable systemd-networkd

cat .xbindkeysrc

“pamixer –toggle-mute”
XF86AudioMute
“pamixer –decrease 5 –allow-boost”
XF86AudioLowerVolume
“pamixer –increase 5 –allow-boost”
XF86AudioRaiseVolume
“xfce4-screenshooter -f -s /home/users/pictures/screenshot/”
Print
“xfce4-screenshooter -w -s /home/users/pictures/screenshot/”
Alt + Alt_L + Print

cat .Xresources
URxvt*saveLines: 12000
URxvt*.depth: 32
URxvt*foreground: White
URxvt*background: [90]Black
URxvt*font: xft:fixed:pixelsize=14:antialias=true:hinting=true
URxvt*boldFont: xft:fixed:bold:pixelsize=14:antialias=true:hinting=true
URxvt*scrollBar: true
URxvt*scrollBar_right: true
URxvt*scrollstyle: rxvt
URxvt*color4: #2554C7
URxvt*color12: #2554C7
URxvt*perl-ext-common: default,clipboard

yaourt urxvt-clipboard

Arch Linux Installation Command Notes.


parted -a optimal /dev/sda

mklabel msdos
unit mib
mkpart primary ext4 2 -1
set 1 boot on
quit

mkfs.btrfs /dev/sda1
mount /dev/sda1 /mnt

vi /etc/pacman.d/mirrorlist
pacstrap -i /mnt
genfstab -p -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt

passwd
useradd “username” -m -s /bin/bash
passwd “username”

pacman -S grub
grub-mkconfig -o /boot/grub/grub.cfg
grub-install /dev/sda

exit
umount /mnt
reboot

vi /etc/locale.gen
locale-gen
localectl set-locale LANG=en_GB.UTF-8
timedatectl list-timezones
timedatectl set-timezone Asia/Tokyo
timedatectl set-local-rtc 0
hostnamectl set-hostname myhostname

vi /etc/systemd/network/enp0s3.network
[Match]
Name=enp0s3

[Network]
DHCP=v4

systemctl restart systemd-networkd
systemctl enable systemd-networkd

pacman -Rsn netctl nano reiserfsprogs dhcpcd xfsprogs s-nail

reboot
pacman -S xorg-server xorg-server-utils xorg-xinit mesa virtualbox-guest-utils xterm
pacman -S xmonad-contrib

Owncloud setup notes

How to set up owncloud with nginx, php-fpm, postgresql on Arch Linux.
This setup is without SSL and access control.

1. Installing necessary packages.


pacman -S owncloud nginx php-fpm php-pgsql postgresql

2. Setting up postgresql.


sudo su -
su - postgres -c "initdb --locale en_GB.UTF-8 -D '/var/lib/postgres/data'"
systemctl start postgresql
systemctl enable postgresql
psql -hlocalhost -Upostgres
CREATE USER username WITH PASSWORD 'password';
CREATE DATABASE owncloud TEMPLATE template0 ENCODING 'UNICODE';
ALTER DATABASE owncloud OWNER TO username;
GRANT ALL PRIVILEGES ON DATABASE owncloud TO username;
\q

3. Setting up php

Create a file /etc/php/conf.d/owncloud.ini with texts below


extension=gd.so
extension=iconv.so
extension=xmlrpc.so
extension=zip.so
extension=pdo_pgsql.so
extension=pgsql.so

[PostgresSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0

Edit /etc/php/php.ini


open_basedir = /srv/http/:/usr/share/webapps/:/etc/webapps/owncloud/config/

post_max_size = 10G
upload_max_filesize = 10G

Start php-fpm


systemctl start php-fpm
systemctl enable php-fpm

3. Setting up nginx.

server {
listen 80;
server_name localhost;

# Path to the root of your installation
root /srv/http/;

client_max_body_size 10G; # set max upload size
fastcgi_buffers 64 4K;

rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}

location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

try_files $uri $uri/ index.php;
}

location ~ ^(.+?\.php)(/.*)?$ {
try_files $1 = 404;

include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$1;
fastcgi_param PATH_INFO $2;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
}

# Optional: set long EXPIRES header on static assets
location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
# Optional: Don't log access to assets
access_log off;
}

}

service


systemctl enable nginx
systemctl start nginx

4. Setting up owncloud contents


ln -s /usr/share/webapps/owncloud /srv/http/
chown http:http -R /usr/share/webapps/owncloud/
chown http:http /srv/http/owncloud -R

5. Access 127.0.0.1/owncloud from your browser and finish the setup.

6. Remove the line with trusted domain in /etc/webapps/owncloud/config/config.php, and add below


'loglevel' => '4',
'updatechecker' => false,
'check_for_working_htaccess' => false,
'appstoreenabled' => false,
'check_for_working_webdav' => false,

PCI passthrough in KVM

1.  make sure to add “iommu=on” in the grub otion.

e.g. /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT=”iommu=on”

2.  unbind pci from the host

find the pci id by “lscpi”  and “lspci -n” command, and do something like below.

e.g.

echo "1033 0194" > /sys/bus/pci/drivers/pci-stub/new_id
echo "0000:0d:00.0" > /sys/bus/pci/drivers/xhci_hcd/unbind
echo "0000:0d:00.0" > /sys/bus/pci/drivers/pci-stub/bind
echo "1033 0194" > /sys/bus/pci/drivers/pci-stub/remove_id

3. Attach the pci to the VM before booting, and boot the VM.

Enabling Networking between KVM host and guests.

In this post, I describe how to realise L2 reachability between KVM host and guest on Arch Linux.
There are several interface mode on KVM guests. Here, I will use MacVTap (bridge mode).

0. Method 1, using ip command.


# Creating an macvlan interface binds to enp0s25.
sudo ip link add link enp0s25 macvlan0 type macvlan mode bridge

# Set an IP address.
# Make sure to use different IP address from physical interface's.
# or, just delete an IP address from physical interface.
sudo ip addr add 192.168.0.10/24 dev macvlan0

# Erasing all routing tables.
sudo ip route flush dev enp0s25
sudo ip route flush dev macvlan0

# Adding routes
sudo ip route add 192.168.0.0/24 dev macvlan0 src 192.168.0.10 metric 0
sudo ip route add default via 192.168.0.1 dev macvlan0

2. Using netctl to make it permanent.


vim /etc/netctl/macvlan0

Description='macvlan0 for kvm'
Interface=macvlan0
Connection=macvlan
# The variable name is plural, but needs precisely one interface
BindsToInterfaces=enp0s25
# MACVLAN Mode
Mode="bridge"
# Optional static MAC Address for MACVLAN interface
MACAddress="26:39:c8:6f:c6:37"
IP=dhcp

netctl disable enp0s25
netctl enable macvlan0

That’s all