Merge branch 'master' of github.com:HON95/wiki

config/general/linux-examples.md

@@ -1,259 +0,0 @@
----
-title: Linux Examples
-breadcrumbs:
-- title: Configuration
-- title: General
----
-{% include header.md %}
-
-## Commands
-
-### General Monitoring
-
-- For more specific monitoring, see the other sections.
-- `htop`:
-    - ncurses-based process viewer like `top`, but prettier and more interactive.
-    - Install (APT): `apt install htop`
-    - Usage: `htop` (interactive)
-- `glances`:
-    - Homepage: [Glances](https://nicolargo.github.io/glances/)
-    - Install (PyPI for latest version): `pip3 install glances`
-    - ncurses-based viewer for e.g. basic system info, top-like process info, network traffic and disk traffic.
-    - Usage: `glances` (interactive)
-- `dstat`:
-    - A versatile replacement for vmstat, iostat and ifstat (according to itself).
-    - Prints scrolling output for showing a lot of types of general metrics, one line of columns for each time step.
-    - Usage: `dstat <options> [interval] [count]`
-        - Default interval is 1s, default count is unlimited.
-        - The values shown are the average since the last interval ended.
-        - For intervals over 1s, the last row will update itself each second until the delay has been reached and a new line is created. The values shown are averages since the last final value (when the last line was finalized), so e.g. a 10s interval gives a final line showing a 10s average.
-        - The first line is always a snapshot, i.e. all rate-based metrics are 0 or some absolute value.
-        - If any column options are provided, they will replace the default ones and are displayed in the order specified.
-    - Special options:
-        - `-C <>`: Comma-separated list of CPUs/cores to show for, including `total`.
-        - `-D <>`: Same but for disks.
-        - `-N <>`: Same but for NICs.
-        - `-f`: Show stats for all devices (not aggregated).
-    - Useful metrics:
-        - `-t`: Current time.
-        - `-p`: Process stats (by runnable, uninterruptible, new) (changes per second).
-        - `-y`: Total interrupt and context switching stats (by interrupts, context switches) (events per second).
-        - `-l`: Load average stats (1 min, 5 mins, 15 mins) (total system load multiplied by number of cores).
-        - `-c`: CPU stats (by system, user, idle, wait) (percentage of total).
-        - `--cpu-use`: Per-CPU usage (by CPU) (percentage).
-        - `-m`: Memory stats (by used, buffers, cache, free) (bytes).
-        - `-g`: Paging stats (by in, out) (count per second).
-        - `-s`: Swap stats (by used, free) (total).
-        - `-r`: Storage request stats (by read, write) (requests per second).
-        - `-d`: Storage throughput stats (by read, write) (bytes per second).
-        - `-n`: Network throughput stats (by recv, send) (bytes per second).
-        - `--socket`: Network socket stats (by total, tcp, udp, raw, ip-fragments)
-    - Useful plugins (metrics):
-        - `--net-packets`: Network request stats (by recv, send) (packets per second).
-    - Examples:
-        - General overview (CPU, RAM, ints/csws, disk, net): `dstat -tcmyrdn --net-packets 60`
-        - Network overview (CPU, ints/csws, net): `dstat -tcyn --net-packets 60`
-        - Process overview (CPU, RAM, ints/csws, paging, process, sockets): `dstat -tcmygp --socket 60`
-
-### File Systems and Logical Volume Managers
-
-- Partition disk: `gdisk <dev>` or `fdisk <dev>`
-- Create filesystem: `mkfs.<fs> <dev>`
-- Modify fstab:
-    - Test it with `mount -a` to make sure it doesn't have errors that may cause boot to fail.
-    - Run `systemctl daemon-reload` to avoid having systemd remount stuff that was removed from fstab or other weird shit.
-- Benchmark with IOzone:
-    - Install (Debian): `apt install iozone3`
-    - It uses the current dir.
-    - Test with various record sizes and file sizes: `iozone -a`
-    - Benchmark: `iozone -t1` (1 thread)
-    - Plot results: **TODO** It should be doable with gnuplot somehow.
-
-### Files
-
-- Search:
-    - By UID: `find / -user <UID>`
-    - Without a user: `find / -nouser`
-    - With setuid permission bit: `find / -perm /4000`
-    - Recursive search and replace: `find <dir> \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/123/456/g'`
-        - `-type d -name .git -prune` skips `.git` directories and can be excluded outside of git repos.
-- Usage:
-    - `du -sh <dirs>`
-    - K4DirStat (GUI) (package `k4dirstat`)
-- Shred files:
-    - `shred --remove --zero <file>`
-
-### Fun
-
-- Color text from STDIN: `lolcat`
-- `cowsay`
-- `fortune`
-
-### Hardware
-
-- Show hardware: `lshw`
-    - Run as root for more info.
-    - Specify `-X` to show GUI (requires `lshw-gtk`).
-- Show hardware topology: `lstopo` (requires hwloc)
-    - `lstopo` will try to present as a GUI. Use `lstopo-no-graphics` to force console output.
-- Show PCI devices: `lspci`
-- Show block devices: `lsblk`
-- Show USB devices: `lsusb`
-- Show CPUs: `lscpu`
-
-### Installations and Packages
-
-#### APT (Debian)
-
-- Find packages depending on the package: `apt rdepends --installed <package>`
-- Quickly add new repo: `add-apt-repository <repo-line`
-    - It will add the line to `/etc/apt/sources.list`, where you can manually remove it again.
-- Keys:
-    - List: `apt-key list`
-        - It will also show which file contains it.
-    - Remvoe key: `apt-key del <key-id>`
-        - The 8-digit hex key ID may either be found on `pub` line or as the last 8 hex digits on the continuation line.
-
-### Network
-
-- Monitor usage:
-    - `nload <if>`
-    - `iftop -i <if>`
-    - `speedometer -t <if> -r <if> [...]`
-    - `dstat -tcyn --net-packets 60`
-- Monitor per-process usage:
-    - `nethog`
-- Test throughput:
-    - Internet: `speedtest` (from [speedtest.net](https://www.speedtest.net/apps/cli))
-    - Internal: `iperf3`
-- Show interfaces and addresses (with `ip`):
-    - General: `ip [-c] [-46] [-s] {l[ink]|a[ddress]} [-br] [sh [if]]`
-    - Option `-c`: Color.
-    - Option `{-4|-6}`: IPv4 or IPv6 only.
-    - Option `-s`: Show stats (bytes, packets, errors, dropped, etc. for RX and TX).
-    - Option `-br`: One line per interface (MAC address and status for `link`, addresses for `address`).
-    - Argument `scope global`: Only global addresses (excludes localhost/`host`, link-local/`link`, etc.).
-- Show neighbors (with `ip`):
-    - General: `ip [-c] [-46] n[eighbor]`
-    - Option `-c`: Color.
-    - Option `{-4|-6}`: IPv4 or IPv6 only.
-- Show routes (with `ip`):
-    - General: `ip [-c] [-46] r[oute]`
-    - Option `-c`: Color.
-    - Option `{-4|-6}`: IPv4 or IPv6 only.
-- Show multicast addresses (with `ip`):
-    - General: `ip [-c] [-46] ma[ddress]`
-    - Option `-c`: Color.
-    - Option `{-4|-6}`: IPv4 or IPv6 only.
-- Show multicast routes (with `ip`):
-    - General: `ip [-c] [-46] mr[oute]`
-    - Option `-c`: Color.
-    - Option `{-4|-6}`: IPv4 or IPv6 only.
-- Show sockets (with `ss`):
-    - Example: `ss -tulpn`
-    - Note: `ss` replaces `netstat` and is mostly option compatible.
-    - Option `tu`: Include TCP and UDP sockets (no UNIX sockets).
-    - Option `l`: Include listening sockets (no client sockets).
-    - Option `p`: Show protocol (requires root).
-    - Option `n`: Don't translate port numbers to common service names.
-- Show misc. stats:
-    - Show kernel SNMP counters: `nstat`
-    - Show per-protocol stats: `netstat -s`
-- Bring interface up or down:
-    - Note: Your network manager probably has a more appropriate way to do this.
-    - Directly up or down interface: `ip link set dev <if> {up|down}`
-- Traffic shaping and link simulation:
-    - See `tc` to simulate e.g. random packet drop, random latencies, limited bandwidth etc.
-
-#### Tcpdump
-
-- Typical usage: `tcpdump -i <interface> -nn -v [filter]`
-- Options:
-    - `-w <>.pcap`: Write to capture file instead of formatted to STDOUT.
-    - `-i <if>`: Interface to listen on. Defaults to a random-ish interface.
-    - `-nn`: Don't resolve hostnames or ports.
-    - `-s<n>`: How much of the packets to capture. Use 0 for unlimited (full packet).
-    - `-v`/`-vv`: Details to show about packets. More V's for more details.
-    - `-l`: Line buffered more, for better stability when piping to e.g. grep.
-- Filters:
-    - Can consist of complex logical statements using parenthesis, `not`/`!`, `and`/`&&` and `or`/`||`. Make sure to quote the filter to avoid interference from the shell.
-    - Protocol: `ip`, `ip6`, `icmp`, `icmp6`, `tcp`, `udp`, ``
-    - Ports: `port <n>`
-    - IP address: `host <addr>`, `dst <addr>`, `src <addr>`
-    - IPv6 router solicitations and advertisements: `icmp6 and (ip6[40] = 133 or ip6[40] = 134)` (133 for RS and 134 for RA)
-    - IPv6 neighbor solicitations and advertisements: `icmp6 and (ip6[40] = 135 or ip6[40] = 136)` (135 for NS and 136 for NA)
-    - DHCPv4: `ip and udp and (port 67 and port 68)`
-    - DHCPv6: `ip6 and udp and (port 547 and port 546)`
-
-### Memory
-
-- NUMA stats:
-    - `numastat` (from package `numactl`)
-
-### Performance and Power Efficiency
-
-- Set the CPU frequency scaling governor mode:
-    - High performance: `echo performance | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor`
-    - Power save: `echo powersave | ...`
-- Show current core frequencies: `grep "cpu MHz" /proc/cpuinfo | cut -d' ' -f3`
-
-### Profiling
-
-- `time` (timing commands):
-    - Provided both as a shell built-in `time` and as `/usr/bin/time`, use the latter.
-    - Typical usage: `/usr/bin/time -p <command>`
-    - Options:
-        - `-p` for POSIX output (one line per time)
-        - `-v` for interesting system info about the process.
-    - It give the wall time, time spent in usermode and time spent in kernel mode.
-- `strace` (trace system calls and signals):
-    - In standard mode, it runs the full command and traces/prints all syscalls (including arguments and return value).
-    - Syntax: `strace [options] <command>`
-    - Useful options:
-        - `-c`: Show summary/overview only. (Hints at which syscalls are worth looking more into.)
-        - `-f`: Trace forked child processes too.
-        - `-e trace=<syscalls>`: Only trace the specified comma-separated list of syscalls.
-
-### Security
-
-- Show CPU vulnerabilities: `tail -n +1 /sys/devices/system/cpu/vulnerabilities/*`
-- Generate XKCD-style (multi-word) passwords (using package `xkcdpass`): `xkcdpass`
-
-### Storage
-
-- Test read speed: `hdparm -t <dev>` (safe)
-- Show IO load for devices: `iostat [-dxpm] [-t] [interval]`
-    - `-d`: Show only device usage.
-    - `-x` and `-p`: Include extended attributes and partitions.
-    - `-t` and interval: Show timestamp and repeat every x seconds.
-- Show IO usage for processes: `iotop -o [-a]`
-
-### System
-
-- Version info:
-    - Release info files:
-        - Debian (and Ubuntu): `/etc/debian_version`
-        - RHEL: `/etc/redhat-release`
-        - CentOS: `/etc/centos-release`
-    - General release info: `uname -a`
-    - Slightly more distro-specific release info: `lsb_release -a`
-- Monitor system load:
-    - `uptime`
-    - `iostat [-c] [-t] [interval]`
-- Monitor processes:
-    - `ps` (e.g. `ps aux` or `ps ax o uid,user:12,pid,comm`)
-- Monitor a mix of things: See the "general monitoring" section.
-- Monitor interrupts:
-    - `irqtop`
-    - `watch -n0.1 /proc/interrupts`
-- Stress test with stress-ng:
-    - Install (Debian): `apt install stress-ng`
-    - Stress CPU: `stress-ng -c $(nproc) -t 600`
-
-## Tasks
-
-### Burn Windows ISO
-
-1. Install the graphical application `woeusb` from `ppa:nilarimogard/webupd8`.
-
-{% include footer.md %}

config/general/linux-general.md

@@ -1,5 +1,5 @@
 ---
-title: Linux General Notes
+title: Linux General
 breadcrumbs:
 - title: Configuration
 - title: General
@@ -10,24 +10,338 @@ breadcrumbs:
 
 ### Security
 
-- [Linux Hardening Checklist](https://github.com/trimstray/linux-hardening-checklist)
-- [The Practical Linux Hardening Guide](https://github.com/trimstray/the-practical-linux-hardening-guide)
+- [Linux Hardening Checklist (trimstray)](https://github.com/trimstray/linux-hardening-checklist)
+- [The Practical Linux Hardening Guide (trimstray)](https://github.com/trimstray/the-practical-linux-hardening-guide)
 
-## Distros
+## Information
 
-### Debian/Ubuntu
+### Distros
+
+#### Debian
 
 - Nobody user and group: `nobody:nogroup`
-- List of default groups: (SystemGroups (Debian Wiki))[https://wiki.debian.org/SystemGroups#Other_System_Groups]
+- List of default groups: [SystemGroups (Debian Wiki)](https://wiki.debian.org/SystemGroups#Other_System_Groups)
 - Release info file: `/etc/debian_version`
 
-### RHEL/CentOS
+#### RHEL
 
 - Nobody user and group: `nobody:nobody`
 - Release info file: `/etc/redhat-release` or `/etc/centos-release`
 
-## Miscellaneous
+### Miscellanea
 
 - `urandom` VS `random`: `random` blocks when running out of entropy while `urandom` does not. For all practical purposes, `urandom` will almost never be *less random* than `random` and `random` may block at inappropriate times, so always use `urandom`.
 
+## Commands
+
+### Executables:
+
+- Show type and info: `file <executable>`
+- Show library dependencies (for glibc): `ldd <executable>`
+    - It lists shared library file names and memory location to map it to, or "statically linked" if no dynamic dependencies.
+    - Alternatively, run the executable with envvar `LD_TRACE_LOADED_OBJECTS=1` set instruct glibc to print dependencies and exit. This is basically how `ldd` works internally, but with more options.
+    - Warning: This might execute the program if not using glibc.
+- Show printable character strings in the executable: `strings -a <executable>`
+- Run application and show dynamic library calls: `ltrace <executable> [args]`
+- Run application and show system calls: `strace <executable> [args]`
+- Strip the symbol table and debug info from an executable: `strip <executable>`
+    - Without certain options, it will still keep some useful info in the file.
+- Rebuild the symbol table for a statically linked executable: See `gensymtab`.
+
+### File Systems and Logical Volume Managers
+
+- Partition disk: `gdisk <dev>` or `fdisk <dev>`
+- Create filesystem: `mkfs.<fs> <dev>`
+- Modify fstab:
+    - Test it with `mount -a` to make sure it doesn't have errors that may cause boot to fail.
+    - Run `systemctl daemon-reload` to avoid having systemd remount stuff that was removed from fstab or other weird shit.
+- Benchmark with IOzone:
+    - Install (Debian): `apt install iozone3`
+    - It uses the current dir.
+    - Test with various record sizes and file sizes: `iozone -a`
+    - Benchmark: `iozone -t1` (1 thread)
+    - Plot results: **TODO** It should be doable with gnuplot somehow.
+
+### Files
+
+- Search:
+    - By UID: `find / -user <UID>`
+    - Without a user: `find / -nouser`
+    - With setuid permission bit: `find / -perm /4000`
+    - Recursive search and replace: `find <dir> \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i 's/123/456/g'`
+        - `-type d -name .git -prune` skips `.git` directories and can be excluded outside of git repos.
+- Space usage:
+    - `du -sh <dirs>`
+    - K4DirStat (GUI) (package `k4dirstat`)
+- Shred files:
+    - `shred --remove --zero <file>`
+
+### Fun
+
+- Color text from STDIN: `lolcat`
+- `cowsay`
+- `fortune`
+
+### Monitoring (General)
+
+- For more specific monitoring, see the other sections.
+- `htop`:
+    - ncurses-based process viewer like `top`, but prettier and more interactive.
+    - Install (APT): `apt install htop`
+    - Usage: `htop` (interactive)
+- `glances`:
+    - Homepage: [nicolargo.github.io/glances/](https://nicolargo.github.io/glances/)
+    - Install (PyPI for latest version): `pip3 install glances`
+    - ncurses-based viewer for e.g. basic system info, top-like process info, network traffic and disk traffic.
+    - Usage: `glances` (interactive)
+- `dstat`:
+    - A versatile replacement for vmstat, iostat and ifstat (according to itself).
+    - Prints scrolling output for showing a lot of types of general metrics, one line of columns for each time step.
+    - Usage: `dstat <options> [interval] [count]`
+        - Default interval is 1s, default count is unlimited.
+        - The values shown are the average since the last interval ended.
+        - For intervals over 1s, the last row will update itself each second until the delay has been reached and a new line is created. The values shown are averages since the last final value (when the last line was finalized), so e.g. a 10s interval gives a final line showing a 10s average.
+        - The first line is always a snapshot, i.e. all rate-based metrics are 0 or some absolute value.
+        - If any column options are provided, they will replace the default ones and are displayed in the order specified.
+    - Special options:
+        - `-C <>`: Comma-separated list of CPUs/cores to show for, including `total`.
+        - `-D <>`: Same but for disks.
+        - `-N <>`: Same but for NICs.
+        - `-f`: Show stats for all devices (not aggregated).
+    - Useful metrics:
+        - `-t`: Current time.
+        - `-p`: Process stats (by runnable, uninterruptible, new) (changes per second).
+        - `-y`: Total interrupt and context switching stats (by interrupts, context switches) (events per second).
+        - `-l`: Load average stats (1 min, 5 mins, 15 mins) (total system load multiplied by number of cores).
+        - `-c`: CPU stats (by system, user, idle, wait) (percentage of total).
+        - `--cpu-use`: Per-CPU usage (by CPU) (percentage).
+        - `-m`: Memory stats (by used, buffers, cache, free) (bytes).
+        - `-g`: Paging stats (by in, out) (count per second).
+        - `-s`: Swap stats (by used, free) (total).
+        - `-r`: Storage request stats (by read, write) (requests per second).
+        - `-d`: Storage throughput stats (by read, write) (bytes per second).
+        - `-n`: Network throughput stats (by recv, send) (bytes per second).
+        - `--socket`: Network socket stats (by total, tcp, udp, raw, ip-fragments)
+    - Useful plugins (metrics):
+        - `--net-packets`: Network request stats (by recv, send) (packets per second).
+    - Examples:
+        - General overview (CPU, RAM, ints/csws, disk, net): `dstat -tcmyrdn --net-packets 60`
+        - Network overview (CPU, ints/csws, net): `dstat -tcyn --net-packets 60`
+        - Process overview (CPU, RAM, ints/csws, paging, process, sockets): `dstat -tcmygp --socket 60`
+
+### Hardware
+
+- Show hardware: `lshw`
+    - Run as root for more info.
+    - Specify `-X` to show GUI (requires `lshw-gtk`).
+- Show hardware topology: `lstopo` (requires hwloc)
+    - `lstopo` will try to present as a GUI. Use `lstopo-no-graphics` to force console output.
+- Show PCI devices: `lspci`
+- Show block devices: `lsblk`
+- Show USB devices: `lsusb`
+- Show CPUs: `lscpu`
+
+### Software Installation
+
+#### APT (Debian)
+
+- Find packages depending on the package: `apt rdepends --installed <package>`
+- Quickly add new repo: `add-apt-repository <repo-line`
+    - It will add the line to `/etc/apt/sources.list`, where you can manually remove it again.
+- Keys:
+    - List: `apt-key list`
+        - It will also show which file contains it.
+    - Remvoe key: `apt-key del <key-id>`
+        - The 8-digit hex key ID may either be found on `pub` line or as the last 8 hex digits on the continuation line.
+
+#### Pacman (Arch)
+
+- Full system upgrade: `pacman -Syu`
+- Search package: `pacman -Ss <package-name>`
+- Show package info: `pacman -Si <package>`
+- Install package: `pacman -S <packages>`
+    - Never use `-Sy` to avoid partial upgrades.
+- Remove package: `pacman -R <packages>`
+    - Remove orphans too: `-s`
+    - Purge configurations: `-n`
+
+### Network
+
+- Monitor usage:
+    - `nload <if>`
+    - `iftop -i <if>`
+    - `speedometer -t <if> -r <if> [...]`
+    - `dstat -tcyn --net-packets 60`
+- Monitor per-process usage:
+    - `nethog`
+- Test throughput:
+    - Internet: `speedtest` (from [speedtest.net](https://www.speedtest.net/apps/cli))
+    - Internal: `iperf3`
+- Show sockets (with `ss`):
+    - Example: `ss -tulpn`
+    - Note: `ss` replaces `netstat` and is mostly option compatible.
+    - Option `tu`: Include TCP and UDP sockets (no UNIX sockets).
+    - Option `l`: Include listening sockets (no client sockets).
+    - Option `p`: Show protocol (requires root).
+    - Option `n`: Don't translate port numbers to common service names.
+- Show misc. stats:
+    - Show kernel SNMP counters: `nstat`
+    - Show per-protocol stats: `netstat -s`
+- Bring interface up or down:
+    - Note: Your network manager probably has a more appropriate way to do this.
+    - Directly up or down interface: `ip link set dev <if> {up|down}`
+- Traffic shaping and link simulation:
+    - See `tc` to simulate e.g. random packet drop, random latencies, limited bandwidth etc.
+
+#### ip
+
+- General notes:
+    - Subcommands may be shortened (e.g. as `ip a` instead of `ip address`)
+    - For subcommands like `address` and `link`, it will default to show all elements if no further option is specified.
+- General options:
+    - Specified before the subcommand (e.g. `ip -c a`).
+    - `-c`: Show colored output.
+    - `-4` or `-6`: Show IPv4 or IPv6 addresses only.
+    - `-s`: Show stats (bytes, packets, errors, dropped, etc. for RX and TX).
+    - `-br`: Show brief with one line per interface (MAC address and status for `link`, addresses for `address`).
+    - `-o`: Show one line per interface (but all info unlike `-br`).
+    - `-j [-p]`: Print as JSON. Add `-p` for pretty printing.
+- Show L2/MAC addresses:
+    - Command: `ip link [show [<interface>]]`
+- Show L3/IP addresses:
+    - Command: `ip address [show [<interface> [scope <scope>]]]`
+    - Argument `scope global`: Only show global addresses (excludes localhost/`host`, link-local/`link`, etc.).
+- Show neighbors:
+    - Command: `ip neighbor`
+- Show routes:
+    - Command: `ip route`
+- Show multicast addresses:
+    - Command: `ip maddress`
+- Show multicast routes:
+    - Command: `ip mroute`
+
+#### tcpdump
+
+- Typical usage: `tcpdump -i <interface> -nn -v [filter]`
+- Options:
+    - `-w <>.pcap`: Write to capture file instead of formatted to STDOUT.
+    - `-i <if>`: Interface to listen on. Defaults to a random-ish interface.
+    - `-nn`: Don't resolve hostnames or ports.
+    - `-s<n>`: How much of the packets to capture. Use 0 for unlimited (full packet).
+    - `-v`/`-vv`: Details to show about packets. More V's for more details.
+    - `-l`: Line buffered more, for better stability when piping to e.g. grep.
+- Filters:
+    - Can consist of complex logical statements using parenthesis, `not`/`!`, `and`/`&&` and `or`/`||`. Make sure to quote the filter to avoid interference from the shell.
+    - Protocol: `ip`, `ip6`, `icmp`, `icmp6`, `tcp`, `udp`, ``
+    - Ports: `port <n>`
+    - IP address: `host <addr>`, `dst <addr>`, `src <addr>`
+    - IPv6 router solicitations and advertisements: `icmp6 and (ip6[40] = 133 or ip6[40] = 134)` (133 for RS and 134 for RA)
+    - IPv6 neighbor solicitations and advertisements: `icmp6 and (ip6[40] = 135 or ip6[40] = 136)` (135 for NS and 136 for NA)
+    - DHCPv4: `ip and udp and (port 67 and port 68)`
+    - DHCPv6: `ip6 and udp and (port 547 and port 546)`
+
+### Memory
+
+- NUMA stats:
+    - `numastat` (from package `numactl`)
+
+### Performance and Power Efficiency
+
+- Set the CPU frequency scaling governor mode:
+    - High performance: `echo performance | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor`
+    - Power save: `echo powersave | ...`
+- Show current core frequencies: `grep "cpu MHz" /proc/cpuinfo | cut -d' ' -f3`
+
+### Profiling
+
+- `time` (timing commands):
+    - Provided both as a shell built-in `time` and as `/usr/bin/time`, use the latter.
+    - Typical usage: `/usr/bin/time -p <command>`
+    - Options:
+        - `-p` for POSIX output (one line per time)
+        - `-v` for interesting system info about the process.
+    - It give the wall time, time spent in usermode and time spent in kernel mode.
+- `strace` (trace system calls and signals):
+    - In standard mode, it runs the full command and traces/prints all syscalls (including arguments and return value).
+    - Syntax: `strace [options] <command>`
+    - Useful options:
+        - `-c`: Show summary/overview only. (Hints at which syscalls are worth looking more into.)
+        - `-f`: Trace forked child processes too.
+        - `-e trace=<syscalls>`: Only trace the specified comma-separated list of syscalls.
+
+### Security
+
+- Show CPU vulnerabilities: `tail -n +1 /sys/devices/system/cpu/vulnerabilities/*`
+- Generate XKCD-style (multi-word) passwords (using package `xkcdpass`): `xkcdpass`
+- Generate SHA cryptographical hashes: `sha{256,512} <files>`
+- Check PGP signature of file (using GPG):
+    1. Get the data file, a detached/separate signature file (`.sig`) for the data file, and the publisher's key (manually downloaded or through a key server). The Data file and sig may be from untrusted sources (like a download mirror).
+    1. (Alternative 1) Import a downloaded keyfile:
+        1. Note: Download the publisher's key file (`.asc`) and its fingerprint from a trusted source.
+        1. Show the details and fingerprint of the key: `gpg --show-keys <keyfile>`
+        1. (Recommended) Compare the fingerprint from the keyfile from the one on the publisher's website or whatever (some trusted source).
+        1. Make sure the `uid` of the key is recognizable wrt. the intended use.
+        1. Import the key: `gpg --import <keyfile>`
+    1. (Alternative 2) Import the keyfile from a key server:
+        1. Note: Import the publisher's key from a key server, given a server URL and fingerprint. The fingerprint must be from a trusted source.
+        1. Inspect the key before importing: **TODO**
+        1. Make sure the `uid` of the key is recognizable wrt. the intended use.
+        1. Download the key: `gpg [--keyserver <url>] --recv-keys <key-id>`
+    1. Finally, verify the data file using the detached signature and imported key: `gpg --verify <sigfile> <datafile>`
+
+### Storage
+
+- Test read speed: `hdparm -t <dev>` (safe)
+- Show IO load for devices: `iostat [-dxpm] [-t] [interval]`
+    - `-d`: Show only device usage.
+    - `-x` and `-p`: Include extended attributes and partitions.
+    - `-t` and interval: Show timestamp and repeat every x seconds.
+- Show IO usage for processes: `iotop -o [-a]`
+
+### System
+
+- Version info:
+    - Release info files:
+        - Debian (and Ubuntu): `/etc/debian_version`
+        - RHEL: `/etc/redhat-release`
+        - CentOS: `/etc/centos-release`
+    - General release info: `uname -a`
+    - Slightly more distro-specific release info: `lsb_release -a`
+- Monitor system load:
+    - `uptime`
+    - `iostat [-c] [-t] [interval]`
+- Monitor processes:
+    - `ps` (e.g. `ps aux` or `ps ax o uid,user:12,pid,comm`)
+- Monitor a mix of things: See the "general monitoring" section.
+- Monitor interrupts:
+    - `irqtop`
+    - `watch -n0.1 /proc/interrupts`
+- Run command with high or low CPU priority:
+    - Command: `nice -n<n> <cmd>` (`-20 <= n <= 19`)
+    - The nice value goes from -20 (highest priority) to 19 (lowest priority), with 0 as the default priority.
+    - The nice value is inherited by child processes (meaning forking processes maintains the nice value it started with).
+    - Use `renice` to change the value.
+    - Use `ionice` to set the I/O scheduler and scheduler-specific priority.
+- Stress test with stress-ng:
+    - Install (Debian): `apt install stress-ng`
+    - Stress CPU: `stress-ng -c $(nproc) -t $((10*60))` (use all CPU threads for 10 minutes)
+- Chroot into other Linux installation:
+    1. Note: Used to e.g. fix a broken install or reset a user password from a USB live ISO.
+    1. Mount the root partition: `mount /dev/sda2 /mnt` (example)
+    1. Mount e.g. the EFI partition: `mount /dev/sda1 /mnt/boot/efi` (example)
+    1. Mount system stuff:
+        1. `mount -t proc proc /mnt/proc`
+        1. `mount -t sysfs sys /mnt/sys`
+        1. `mount -t bind /dev /mnt/dev`
+    1. Enter jail: `chroot /mnt [/bin/bash]`
+        - Specifying the shell to use, e.g. `/bin/bash`, may be necessary.
+    1. Do stuff.
+    1. Exit jail: `exit`
+
+## Tasks
+
+### Burn Windows ISO (Ubuntu)
+
+1. Install the graphical application `woeusb` from `ppa:nilarimogard/webupd8`.
+
 {% include footer.md %}

config/linux-server/applications.md

@@ -168,7 +168,7 @@ An NTP client and server. By design more accurate than e.g. ntpd and systemd-tim
 ### Cloudflare
 
 - Cloudflare does not allow limiting the scope for API keys to specific subdomains, so the key will have access to the whole domain (based on how it's registered).
-- Use e.g. [cloudflare-ddns-updater.sh](https://github.com/HON95/scripts/tree/master/server/linux/cloudflare).
+- Use e.g. [cloudflare-ddns-updater.sh](https://github.com/HON95/scripts/tree/master/cloudflare).
 
 ## Fail2ban
 
@@ -196,7 +196,7 @@ This setup requires pubkey plus MFA (if configured) plus password.
     AuthenticationMethods publickey,keyboard-interactive
     ```
 - Restart `sshd` and check that you can login with pubkey and MFA now.
-- (Optional) Add my [google-auth-config-prompter.sh](https://github.com/HON95/scripts/blob/master/server/linux/general/google-auth-config-prompter.sh) profile script to `/etc/profile.d/` to ask user to configure Google Auth on login.
+- (Optional) Add my [google-auth-config-prompter.sh](https://github.com/HON95/scripts/blob/master/login/google-auth-config-prompter.sh) profile script to `/etc/profile.d/` to ask user to configure Google Auth on login.
 - To allow a group to use only pubkey (no password or OTP):
     - In `/etc/ssh/sshd_config`, add `Match Group no-mfa` containing `AuthenticationMethods publickey` (indented) at the bottom.
     - Add the system group `no-mfa` and add special users to it.

config/linux-server/debian.md

@@ -194,7 +194,7 @@ This is used by default and is the simplest to use for simple setups.
 
 This is the systemd way of doing it and is recommended for more advanced setups as ifupdown is riddled with legacy/compatibility crap.
 
-1. Add a simple network config: Create `/etc/systemd/network/lan.network` based on [main.network](https://github.com/HON95/configs/blob/master/networkd/main.network).
+1. Add a simple network config: Create `/etc/systemd/network/lan.network` based on [main.network](https://github.com/HON95/configs/blob/master/systemd-network/main.network).
 1. Disable/remove the ifupdown config: `mv /etc/network/interfaces /etc/network/interfaces.old`
 1. Enable the service: `systemctl enable --now systemd-networkd`
 1. Purge `ifupdown` and `ifupdown2`.
@@ -213,7 +213,7 @@ Prevent enabled (and potentially untrusted) interfaces from accepting router adv
 
 1. Install `apt install iptables iptables-persistent netfilter-persistent`
     - Don't save the current rules when it asks.
-1. Manually add IPTables rules or make [a simple iptables script](https://github.com/HON95/scripts/blob/master/linux/iptables/iptables.sh) or something.
+1. Manually add IPTables rules or make [a simple iptables script](https://github.com/HON95/scripts/blob/master/iptables/iptables.sh) or something.
 1. Open a new SSH session and make sure you can still log in without closing the current one.
 1. Note: If you flush the firewall and reconfigure it, remember to restart services modifying it (like libvirt, Docker, Fail2Ban).
 
@@ -304,7 +304,7 @@ Everything here is optional.
     - Run: `lynis audit system`
 - MOTD:
     - Clear `/etc/motd`, `/etc/issue` and `/etc/issue.net`.
-    - Download [dmotd.sh](https://github.com/HON95/scripts/blob/master/linux/login/dmotd.sh) to `/etc/profile.d/`.
+    - Download [dmotd.sh](https://github.com/HON95/scripts/blob/master/login/dmotd.sh) to `/etc/profile.d/`.
     - Install the dependencies: `neofetch lolcat`
     - Add an ASCII art (or Unicode art) logo to `/etc/logo`, using e.g. [TAAG](http://patorjk.com/software/taag/).
     - (Optional) Add a MOTD to `/etc/motd`.

config/media/video-processing.md

@@ -6,10 +6,12 @@ breadcrumbs:
 ---
 {% include header.md %}
 
-_See the other pages in this category._
-
 ## General
 
+- Copy files from memory card (lol):
+    - Mount the card: `sudo mount /dev/mmcblk0p1 /mnt/lol0`
+    - Copy over the files: `rsync -a --progress /mnt/lol0/DCIM/100GOPRO/*.MP4 ~/Desktop/GoPro-2021-jul-ned`
+    - Unmount the card: `sudo umount /mnt/lol0`
 - Show media info about some media file: `mediainfo <file>` (requires `mediainfo`)
 
 {% include footer.md %}

config/media/video-ripping.md

@@ -6,8 +6,6 @@ breadcrumbs:
 ---
 {% include header.md %}
 
-_See the other pages in this category._
-
 ## Rip DVDs (Linux)
 
 CDs and DVDs use 2048 byte sectors and may have both unintentional and intentional data errors.

config/media/video-streaming.md

@@ -6,8 +6,6 @@ breadcrumbs:
 ---
 {% include header.md %}
 
-_See the other pages in this category._
-
 ## General
 
 - Resources:

config/media/vlc.md

@@ -82,8 +82,9 @@ breadcrumbs:
 ## View Stream
 
 - View stream: `vlc <proto>://<host>[:port][/path]`
-- Specify `--network-caching=100` (milliseconds) to reduce network buffering causing delay (default to 1 second).
-- Use `cvlc` (Linux) or specify `-I dummy --dummy-quiet` to not use the full GUI.
+    - RTSP (example): `vlc rtsp://<host>:554 --rtsp-user=$rtsp_username --rtsp-pwd=$rtsp_password`
+- Specify `--network-caching=100` (milliseconds) to reduce network buffering causing delay (defaults to 1000ms).
+- Use `cvlc` (Linux) or specify `-I dummy --dummy-quiet` (Windows) to not use the full GUI.
 - Specify `--fullscreen` to start in full screen.
 
 ## Examples

config/media/youtube-dl.md

@@ -13,14 +13,18 @@ A tool for downloading videos from a variety of site (not just YouTube).
 - [Homepage](http://ytdl-org.github.io/youtube-dl/)
 - [Repo](https://github.com/ytdl-org/youtube-dl)
 
-## Usage
+## Installation
 
-- Run in Docker:
+- Docker:
     - Using ([wernight's image](https://github.com/wernight/docker-youtube-dl)).
     - Command prefix: `docker run --rm -v//$PWD:/downloads wernight/youtube-dl <...>`
-- Run binary:
+- Binary:
+    - The one in typical package repos is typically quite outdated (even for Arch/the AUR).
     - Find the download instructions in the repo.
-    - Install "ffmpeg" to allow downloading best quality audio and video: `apt install ffmpeg`
+    - Install `ffmpeg` to allow downloading best quality audio and video.
+
+## Usage
+
 - Download single video: `youtube-dl -c <URL>`
     - `-c`/`--continue` to re-run the command if it previously failed during download.
 - Download full channel or playlist: `youtube-dl -qiwc --no-warnings [-o <format>] <URL>`
@@ -40,7 +44,8 @@ A tool for downloading videos from a variety of site (not just YouTube).
 
 ## Examples
 
-- YouTube video/xyz in Docker: `docker run --rm -v//$PWD:/downloads wernight/youtube-dl -iwc -f bestvideo+bestaudio --cookie ~/cookies.txt -o "%(uploader)s (%(upload_date)s) - %(title)s [%(id)s].%(ext)s"`
+- Docker: `docker run --rm -v//$PWD:/downloads wernight/youtube-dl <...>`
+- YouTube video: `youtube-dl -iwc -f bestvideo+bestaudio --cookie ~/cookies.txt -o "%(uploader)s (%(upload_date)s) - %(title)s [%(id)s].%(ext)s"`
 - YouTube video/channel/playlist w/ cookie: `youtube-dl -iwc -f bestvideo+bestaudio --cookie ~/cookies.txt -o "%(uploader)s (%(upload_date)s) - %(title)s [%(id)s].%(ext)s" <url>`
 
 ## Troubleshooting

config/pc/applications.md

@@ -6,6 +6,8 @@ breadcrumbs:
 ---
 {% include header.md %}
 
+*Note: Unless specified, Debian/Ubuntu is assumed.*
+
 ## Fancontrol (Linux)
 
 **Warning:** Don't use this. The fan controller IDs may change on every reboot which breaks the config.
@@ -45,6 +47,16 @@ breadcrumbs:
 - Disable external media keys by setting `media.hardwaremediakeys.enabled` to false in `about:config`.
 - (Linux) Install missing language support: `apt install $(check-language-support)`
 
+## CUPS
+
+### Setup for SMB
+
+**For Manjaro. Assumes CUPS is already installed.**
+
+1. Install required programs: `pacman -Sy smbclient cifs-utils`
+1. Enable SMB authentication: In `/etc/cups/printers.conf`, set `AuthInfoRequired username,password`.
+1. Add the printer using the `smb://` schema. It should prompt for authentication when printing stuff.
+
 ## Git
 
 ### Config
@@ -56,6 +68,46 @@ breadcrumbs:
 
 - To save, use the "save current configuration" button and save it to `/etc/X11/xorg.conf`.
 
+## i3
+
+### Installation
+
+See my [Arch setup with i3](../arch-i3/).
+
+### Configuration
+
+#### Keyboard Bindings
+
+- Specified using the `bindsym` statements for key symbols (`a` etc.) or `bindcode` statements for physical button numbers.
+- Use `exec <executable> [args]` to run an application. Use `exec --no-startup-id` to avoid startup notifications ("loading" cursor etc.), for programs that don't support that (the "loading" cursor doesn't go away).
+
+### Usage
+
+Assuming default keybinds.
+
+#### Files
+
+- User config: `~/.config/i3/config`
+
+#### Basics
+
+- Exit: `Mod+Shift+E`
+- Reload: `Mod+Shift+R`
+- Open terminal: `Mod+Enter`
+- Open application (using dmenu/rofi): `Mod+D`
+- Exit application: `Mod+Shift+Q`
+
+#### Navigation and Layout
+
+- Move between windows: `Mod+ArrowKey`
+- Change mode:
+    - Tiling mode (standard): `Mod+E`
+    - Stacking mode: `Mod+S`
+    - Tabbed mode: `Mod+W`
+- Workspaces:
+    - Change workspace: `Mod+<1-9>`
+    - Move window to another workspace: `Mod+Shift+<1-9>`
+
 ## Piper (Linux)
 
 GUI for configuring gaming mice.
@@ -165,7 +217,8 @@ Note: Since Steam requires 32-bit (i386) variants of certain NVIDIA packages, an
 
 ### Config
 - Location:
-    - Global: `/etc/vim/vimrc`
+    - Global (Debian): `/etc/vim/vimrc`
+    - Global (Arch): `/etc/vimrc`
     - User: `~/.vimrc`
 - [Example](https://github.com/HON95/configs/blob/master/vim/vimrc).
 
@@ -189,13 +242,14 @@ Note: Since Steam requires 32-bit (i386) variants of certain NVIDIA packages, an
 ### Config
 
 - Location:
-    - Linux: `~/.config/Code/User/settings.json`
+    - Linux (Ubuntu): `~/.config/Code/User/settings.json`
+    - Linux (Arch): `~/.config/Code - OSS/User/settings.json`
     - Windows: `%APPDATA%\Code\User\settings.json`
-- [Example](https://github.com/HON95/configs/blob/master/pc/vscode/settings.json).
+- [Example](https://github.com/HON95/configs/blob/master/vscode/settings.json).
 
-## ZSH (personal) (Linux)
+## ZSH (Linux)
 
-This is my personal ZSH setup using Oh-My-ZSH with the Powerlevel9k theme and Hack font.
+This is my ZSH setup preference, using Oh-My-ZSH with the Powerlevel10k theme and some recommended font.
 
 1. Install ZSH:
     1. `apt install zsh`
@@ -203,7 +257,9 @@ This is my personal ZSH setup using Oh-My-ZSH with the Powerlevel9k theme and Ha
     1. See [ohmyz.sh](https://ohmyz.sh/).
     1. When it asks, set it as your default shell. This won't take effect until the next login.
 1. Setup Powerlevel10k theme:
-    1. Download and install the suggested fonts (manually is simplest): [Fonts (powerlevel10k)](https://github.com/romkatv/powerlevel10k#fonts)
+    1. Download and install the suggested fonts: [Fonts (powerlevel10k)](https://github.com/romkatv/powerlevel10k#fonts)
+        - For KDE Plasma, download and open with the font installer.
+        - For manual installation, move the `.ttf` files to `/usr/share/fonts/TTF/`.
     1. Open a new terminal window and set change the profile to use the new font.
     1. Clone the theme: `git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ~/.oh-my-zsh/themes/powerlevel10k`
     1. In `~/.zshrc`, set `ZSH_THEME="powerlevel10k/powerlevel10k"`.
@@ -211,9 +267,11 @@ This is my personal ZSH setup using Oh-My-ZSH with the Powerlevel9k theme and Ha
     1. Configure the theme (if it didn't automatically start): `p10k configure`
 1. Make zprofile include profile (to avoid breaking certain things):
     1. In `~/.zprofile`, add: `emulate sh -c "source /etc/profile"`
+1. Setup plugins:
+    1. In `.zshrc`, set e.g. `plugins=(git docker docker-compose golang rust)`.
 1. Setup syntax highlighting plugin:
     1. Clone it: `git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ~/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting`
-    1. Add it to `plugins` in `.zshrc` (e.g. `plugins=(git zsh-syntax-highlighting)`).
+    1. Add `zsh-syntax-highlighting` it to `plugins` in `.zshrc`.
 1. Configure `~/.zshrc`:
     1. Example [zshrc](https://github.com/HON95/configs/blob/master/zsh/zshrc).
 

config/pc/arch-i3.md

@@ -0,0 +1,434 @@
+---
+title: Arch (i3)
+breadcrumbs:
+- title: Configuration
+- title: PC
+---
+{% include header.md %}
+
+For Arch with LUKS encrypted root (and boot), using the i3 (gaps) window manager.
+
+### Related Pages
+{:.no_toc}
+
+- [Applications: i3](../applications/#i3)
+
+## Resources
+
+### Arch
+
+- [Installation guide (Arch Wiki)](https://wiki.archlinux.org/title/Installation_guide)
+- [General recommendations (Arch Wiki)](https://wiki.archlinux.org/title/General_recommendations)
+- [Frequently asked questions (Arch Wiki)](https://wiki.archlinux.org/title/Frequently_asked_questions)
+- [List of applications (Arch Wiki)](https://wiki.archlinux.org/title/List_of_applications)
+- [dm-crypt/Encrypting an entire system (Arch Wiki)](https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system)
+
+### i3
+
+- [i3 User's Guide](https://i3wm.org/docs/userguide.html)
+
+## TODO
+
+- The "i3 User's Guide"
+- Plymouth
+- LightDM "Multiple-monitor setup"
+- picom compositor
+- https://wiki.archlinux.org/title/Power_management
+- https://wiki.archlinux.org/title/Display_Power_Management_Signaling
+- Screen snippet tool
+- xautolock?
+
+## Installation
+
+### Live Image Install
+
+1. (Pre install) Download and burn an Arch ISO:
+    - [Arch downloads](https://archlinux.org/download/).
+    - Always verify the ISO's hash or PGP signature found on the Arch download page (not from the download mirrors).
+1. (Pre install) Disable secure boot in the BIOS settings.
+1. Boot into the Arch live image:
+    1. Make sure you're in UEFI BIOS mode. Disable CSM in the BIOS settings if you don't need legacy BIOS for anything, to avoid future complications.
+    1. Avoid broken display drivers: In the GRUB bootloader menu, press `E` on the main entry, add `nomodeset` at the end, and press enter to boot.
+1. Set the keymap:
+    1. List available keymaps: `ls /usr/share/kbd/keymaps/**/*.map.gz | less`
+    1. Find the appropriate keymap, e.g. the Norwegian `no` for `/usr/share/kbd/keymaps/i386/qwerty/no.map.gz`
+    1. Load: `loadkeys <keymap>` (e.g. `loadkeys no`)
+1. Verify the (UEFI) boot mode:
+    1. Check `efivar --list` or `ls /sys/firmware/efi/efivars`. If either exists, it's in UEFI mode.
+1. Setup networking:
+    1. Note: For cabled Ethernet with DHCP, it should already be working. For WLAN or exotic setups, check the wiki.
+    1. Test it somehow (e.g. with `ping` or `curl`).
+1. Setup time:
+    1. Enable NTP: `timedatectl set-ntp true`
+    1. Check the "synchronized" line from `timedatectl`.
+1. Partition the main disk (for LUKS encryption):
+    1. Find the main disk: `lsblk`
+    1. (Optional) Overwrite the full disk to get rid of all traces of the previous install: `dd if=/dev/zero of=/dev/<disk> bs=1M conv=fsync status=progress`
+    1. See the main disk partition table below for an overview of the partition to create.
+    1. Setup and partition the disk: `fdisk /dev/<disk>`
+        1. Create a new GPT partition table: `g`
+        1. Start the new partition wizard (for each partition): `n`
+            - Partition number: See table.
+            - First sector: Default.
+            - Last sector (effectively partition size): See table. e.g. `+512M` for a 512MiB volume or nothing to fill it all.
+        1. Set the partition type (for each partition): `t`
+            - Partition number and type: See table.
+        1. Show partitions: `p`
+        1. Write to disk and exit: `w`
+1. Format the ESP:
+    1. `mkfs.fat -F32 /dev/<partition-1>`
+1. Create encrypted root volume:
+    1. Note: GRUB has limited support for LUKS2, so use LUKS1.
+    1. Check which cryptohash and encryption algorithms are fastest on the system: `cryptsetup benchmark`
+    1. Create: `cryptsetup luksFormat --type=luks1 --use-random -h sha256 -i 5000 -c aes-xts-plain64 -s 256 /dev/<partition-2>` (example parameters)
+    1. Enter the password to unlock the system during boot.
+    1. Note: See the step way down for avoiding entering the password twice during boot.
+1. Unlock the encrypted root volume:
+    1. `cryptsetup luksOpen /dev/<partition> crypt_root` (for example name `crypt_root`)
+1. Format the root volume:
+    1. `mkfs.ext4 /dev/mapper/crypt_root`
+1. Mount the volumes:
+    - Mount root: `mount /dev/mapper/crypt_root /mnt`
+    - Mount ESP: `mkdir -p /mnt/boot/efi && mount /dev/<partition> /mnt/boot/efi`
+1. Install packages to the new root:
+    - Base command and packages: `pacstrap /mnt base linux linux-firmware vim sudo bash-completion man-db man-pages xdg-utils xdg-user-dirs`
+    - **TODO** Maybe: `wpa_supplicant networkmanager`
+1. Generate the fstab file:
+    1. `genfstab -U /mnt >> /mnt/etc/fstab`
+    1. Check it for errors or duplicates.
+1. Chroot into the new root:
+    1. `arch-chroot /mnt`
+1. Setup localization:
+    1. Set time zone: `ln -sf /usr/share/zoneinfo/<region>/<city> /etc/localtime`
+    1. Update the hardware clock (using UTC): `hwclock --systohc`
+    1. Uncomment locales to generate: `vim /etc/locale.gen`
+        - Always include `en_US.UTF-8 UTF-8`.
+    1. Generate selected locales: `locale-gen`
+    1. Set the locale: In `/etc/locale.conf`, set `LANG=<locale>` (e.g. `LANG=en_US.UTF-8`).
+    1. Set the keyboard layout: In `/etc/vconsole.conf`, set `KEYMAP=<keymap>` (e.g. `KEYMAP=no`).
+1. Set hostname:
+    1. `echo <hostname> > /etc/hostname`
+1. Set the root password:
+    1. `passwd`
+1. Create the initial ramdisk:
+    1. Add extra hooks: In `/etc/mkinitcpio.conf`, find the `HOOKS=()` line. Add `encrypt` after `block` and `keymap` after `keyboard` (ordering matters).
+    1. Create the initial ramdisk: `mkinitcpio -P`
+1. Setup GRUB:
+    1. Install bootloader: `pacman -S grub efibootmgr`
+    1. Install CPU microcode updates: `pacman -S X-ucode` (for `X={amd, intel}`)
+    1. Enable encrypted disk support: In `/etc/default/grub`, set `GRUB_ENABLE_CRYPTODISK=y`.
+    1. Find the UUID of the encrypted root partition: `blkid`
+    1. Add kernel parameters for the encrypted root (e.g. `/dev/sda2`): In `/etc/default/grub`, in the `GRUB_CMDLINE_LINUX` variable, add `cryptdevice=UUID=<device-UUID>:crypt_root root=/dev/mapper/crypt_root`.
+    1. Install GRUB to ESP: `grub-install --target=x86_64-efi --efi-directory=/boot/efi`
+    1. Generate GRUB config: `grub-mkconfig -o /boot/grub/grub.cfg`
+1. Exit the chroot and reboot:
+    1. `exit`
+    1. `reboot`
+1. Wait for the GRUB screen.
+
+### Post Install Setup
+
+1. Boot into the newly installed system:
+    1. Avoid broken display drivers: In the GRUB bootloader menu, press `E` on the main entry and add `nomodeset` at the end of the `linux` line. Press `Ctrl+X` to continue. After proper display drivers are installed, this is no longer required.
+1. (Optional) Disable the beeper:
+    1. Unload the module: `rmmod pcspkr`
+    1. Blacklist the module: `echo blacklist pcspkr > /etc/modprobe.d/nobeep.conf`
+1. Setup default editor:
+    - Create a new profile file: `/etc/profile.d/editor.sh`
+    - Set the editor: `export EDITOR=vim`
+    - Set the visual editor: `export VISUAL=vim`
+1. Setup wired networking:
+    1. Enable and start: `systemctl enable --now systemd-networkd`
+    1. Add a config for the main interface (or all interfaces): See the section with an example below.
+    1. Restart: `systemctl restart systemd-networkd`
+    1. Wait for connectivity (see `ip a`).
+1. Setup DNS server(s):
+    1. `echo nameserver 1.1.1.1 >> /etc/resolv.conf` (Cloudflare)
+    1. `echo nameserver 2606:4700:4700::1111 >> /etc/resolv.conf` (Cloudflare)
+1. Setup Pacman:
+    1. Enable color: In `/etc/pacman.conf`, uncomment `Color`.
+1. Update the system and install useful stuff:
+    1. Upgrade: `pacman -Syu`
+    1. Install useful tools: `pacman -S --needed most zsh vim man-db man-pages htop bash-completion p7zip git jq rsync openssh tmux screen reflector`
+1. Install display driver:
+    - For NVIDIA Maxwell and newer GPUs: `pacman -S nvidia nvidia-utils nvidia-settings`.
+    - (Optional) For NVIDIA CUDA (in addition to driver): `pacman -S cuda`
+    - For AMD GPUs, older NVIDIA GPUs and other GPUs, check the wiki.
+1. Avoid having to enter the encryption password twice during boot:
+    1. Note: To avoid entering the password once for GRUB and then for the initramfs, we can create a keyfile and embed it into the initramfs. If the keyfile fails, it will fall back to asking for a password again.
+    1. Secure the boot dir: `chmod 700 /boot`
+    1. Generate keyfile:
+        1. `mkdir -p /root/.keys && chmod 700 /root/.keys`
+        1. `dd if=/dev/random of=/root/.keys/crypt_root bs=2048 count=1 iflag=fullblock`
+        1. `chmod 600 /root/.keys/crypt_root`
+    1. Add key to LUKS: `cryptsetup luksAddKey /dev/<partition> /root/.keys/crypt_root`
+    1. Add key to initramfs: In `/etc/mkinitcpio.conf`, set `FILES=(/root/.keys/crypt_root)`.
+    1. Recreate initramfs: `mkinitcpio -P`
+    1. Add extra kernel parameters for the keyfile: In `/etc/default/grub`, in the `GRUB_CMDLINE_LINUX` variable, add `cryptkey=rootfs:/root/.keys/crypt_root`.
+    1. Update GRUB config: `grub-mkconfig -o /boot/grub/grub.cfg`
+    1. Reboot to make sure it works. If not, it should fall back to the extra password prompt.
+1. Setup sudo:
+    1. Note: Both the `wheel` and `sudo` groups are commonly used for giving sudo access, but I personally prefer `sudo` since `wheel` _may_ also be used by polkit rules, su (`pam_wheel`), etc.
+    1. Install: `pacman -S sudo`
+    1. Add the sudo group: `groupadd -r sudo`
+    1. Enter the config: `EDITOR=vim visudo`
+    1. Add line to allow sudo group without password: `%sudo ALL=(ALL) NOPASSWD: ALL`
+    1. (Later) Give users sudo access through the group: `usermod -aG sudo <user>`
+1. Add a personal user:
+    1. Create the user and add it to relevant groups: `useradd -m -G sudo,adm,sys,uucp,proc,systemd-journal <user>`
+    1. Set its password: `passwd <user>`
+    1. **TODO** Required to run `xdg-user-dirs-update` manually, at least before a DE/WM is installed?
+    1. Relog as the new user, both to make sure that it's working and because some next steps require a non-root user.
+1. Install yay to access the AUR:
+    1. Note: This needs to be done as non-root.
+    1. Install requirements: `pacman -S --needed base-devel git`
+    1. Clone and enter: `git clone https://aur.archlinux.org/yay.git && cd yay`
+    1. Install: `makepkg -si`
+    1. Remove the tmp. repo: `cd .. && rm -rf yay`
+    1. Idk (once): `yay -Y --gendb`
+1. Enable early numlock (initramfs phase):
+    1. Install package: `yay -S mkinitcpio-numlock`
+    1. Add `numlock` to the `HOOKS` list in `/etc/mkinitcpio.conf` before `encrypt` (assuming the system is encrypted) (e.g. before `modconf`).
+    1. Regenerate the initramfs: `mkinitcpio -P`
+1. Tweak the PAM login faillock:
+    1. Note: It applies to password logins only, not SSH keys.
+    1. Note: To unlock a user, run `faillock --reset --user <user>`.
+    1. Increase the failed login count threshold: In `/etc/security/faillock.conf`, set `deny = 5`.
+1. Setup the local DNS resolver (systemd):
+    1. Note: The systemd-resolve config is `/etc/systemd/resolved.conf`.
+    1. Configure the upstream DNS servers: In the confug, set `DNS=1.1.1.1 2606:4700:4700::1111`.
+    1. (Optional) Set the domain/search string: In the config, set `Domains=<domain>`.
+    1. Enable or disable DNSSEC validation (do if the upstream servers don't): In the config, set `DNSSEC=<yes|no>`.
+    1. Enable and start it: `systemctl enable --now systemd-resolved`
+    1. Setup `resolv.conf`: `ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf`
+    1. Check: `curl google.com`
+1. Setup the NTP client (systemd):
+    1. Note: The default server pool is fine.
+    1. Enable: `timedatectl set-ntp true`
+    1. Check: `timedatectl` (see the "synchronized" field)
+1. Setup firewall (IPTables):
+    1. Install IPTables: `sudo pacman -S iptables`
+    1. Enable the IPTables services: `sudo systemctl enable --now iptables.service ip6tables.service`
+    1. Download my IPTables script (or do it yourself): `curl https://raw.githubusercontent.com/HON95/scripts/master/iptables/iptables.sh -o /etc/iptables/config.sh`
+    1. Make it executable: `chmod +x /etc/iptables/config.sh`
+    1. Modify it.
+    1. Run it: `/etc/iptables/config.sh`
+
+### Setup Xorg, LightDM/Ly and i3
+
+Note: Install either the LightDM (GUI) or Ly (TUI) display manager, not both.
+
+1. Setup the Xorg display server (minimal):
+    1. Install: `pacman -S xorg-server xorg-xinit xorg-xrandr`
+    1. Fix the keyboard layout for X11: `sudo localectl set-x11-keymap <keymap>` (e.1. `no`)
+1. (LightDM) Setup the LightDM display manager (aka login screen):
+    1. Note: User-local configuration/profile-stuff should be placed in `~/.xprofile`.
+    1. Install: `pacman -S lightdm`
+    1. Enable: `systemctl enable lightdm`
+1. (LightDM) Setup the LightDM GTK+ greeter (aka login screen) (one of many):
+    1. Note: The GTK+ greeter may be configured in `/etc/lightdm/lightdm-gtk-greeter.conf` or using the `lightdm-gtk-greeter-settings` GUI.
+    1. Install: `pacman -S lightdm-gtk-greeter`
+    1. Set it as the default: In `/etc/lightdm/lightdm.conf`, under the `[Seat:*]` section, set `greeter-session=lightdm-gtk-greeter`.
+    1. (Optional) Set the background: In `/etc/lightdm/lightdm-gtk-greeter.conf`, under the `[greeter]` section, set `background=<image-path>`. The `/usr/share/pixmaps` dir is recommended for storing backgrounds.
+1. (LightDM) **TODO** Setup the Webkit2 greeter with the Litarvan theme.
+1. (LightDM) Enable numlock on by default in X11:
+    1. Install: `pacman -S numlockx`
+    1. Configure: In `/etc/lightdm/lightdm.conf`, under the `[Seat:*]` section, set `greeter-setup-script=/usr/bin/numlockx on`.
+1. (Ly) Setup the Ly display manager (aka login screen):
+    1. Note: The config file is `/etc/ly/config.ini`.
+    1. Install: `yay -S ly`
+    1. Enable: `systemctl enable ly`
+    1. Add fire background: In the config, set `animate = true` and `hide_borders = true`.
+1. (Ly) Enable numlock on by default in X11:
+    1. Install: `pacman -S numlockx`
+    1. Configure: Create `/etc/X11/xinit/xinitrc.d/90-numlock.sh`, containing `#!/bin/sh` and `numlockx &`. Make it executable.
+1. Install the i3 window manager:
+    1. Note: The "gaps" part will be set up later, i3-gaps will work just like plain i3 for now.
+    1. Install: `pacman -S i3-gaps`
+1. Setup the Polybar system bar:
+    1. Note: i3bar, the default i3 system bar, shows workspaces and tray icons. It can include extra info like IP addresses and resource usage using i3status or i3blocks. Polybar is a replacement for i3bar.
+    1. Disable i3bar: Comment the whole `bar` section of the i3 config.
+    1. Install polybar: `yay -S polybar`
+    1. Create the config: `mkdir ~/.config/polybar && cp /usr/share/doc/polybar/config ~/.config/polybar/config`
+    1. Customize config:
+        - Rename the "example" bar to e.g. "main" (or create one from scratch).
+        - For the bar, set `bottom = true` to move it to the bottom.
+        - For the bar, comment `radius` to disable rounded corners.
+        - For the bar, comment `border-size` to disable the padding/border around the bar.
+        - For the date module, customize how time should appear. "Alt" variants are swapped to when the module is clicked ().
+        - For the network/"eth" module, use `%local_ip6%` for the IPv6 address (one of them).
+    1. Create a startup script: See the section below to use the new "main" bar.
+    1. Add to i3: In the i3 config, add `exec_always --no-startup-id $HOME/.config/polybar/launch.sh`.
+1. Setup the some terminal emulator:
+    1. (Alternative) Setup xfce4-terminal (GUI config, copy-paste, just works):
+        1. Install: `pacman -S xfce4-terminal`
+        1. Update font (example): Install `ttf-hack`, restart the terminal, and change to "Hack" size 10.
+    1. (Alternative) Install urxvt (ugly and useless by default but very customizable and extendable):
+        1. Install: `pacman -S rxvt-unicode`
+        1. Fix the ugliness and uselessness.
+    1. Setup i3: In the i3 config, replace the `bindsym $mod+Return` line with `bindsym $mod+Return exec <terminal>`
+1. Setup the Rofi application launcher:
+    1. Install: `pacman -S rofi`
+    1. Install rofimoji for emoji menu: `pacman -S rofimoji xdotool`
+    1. Find a theme interactively (without selecting any): `rofi-theme-selector` (e.g. `glue_pro_blue`)
+    1. Configure Rofi: Create `~/.config/rofi/config.rasi`, see the example below.
+    1. Configure Rofimoji: Create `~/.config/rofimoji.rc` and set `action = copy` (copy to clipboard by default).
+    1. Disable old i3 dmenu shortcut: In the i3 config, comment the `bindsym $mod+d` line.
+    1. Setup i3 drun shortcut: In the i3 config, set `bindsym $mod+d exec rofi -show drun`.
+    1. Setup i3 window shortcut: In the i3 config, set `bindsym $mod+shift+d exec rofi -show window`.
+    1. Setup i3 emoji shortcut: In the i3 config, set `bindsym $mod+mod1+d exec rofi -modi "emoji:rofimoji" -show emoji`.
+1. Setup fonts:
+    1. `pacman -S noto-fonts notn-fonts-emoji`
+1. (**TODO** LightDM) Test LightDM and i3:
+    1. Restart LightDM and get pulled into it: `systemctl restart lightdm`
+    1. Select the i3 WM and log in.
+    1. Follow the basic i3 setup wizard:
+        1. Generate a new config.
+        1. `Win` as default modifier.
+    1. Test i3: `Mod+Return` to open terminal, `Mod+D` to open app launcher, etc.
+1. Setup background image:
+    1. Download a desktop image.
+    1. Install the FEH image viewer: `pacman -S feh`
+    1. Update i3: In the i3 config, set `exec_always --no-startup-id feh --bg-scale $HOME/Pictures/mc.jpg` (example image).
+1. (Optional) Disable mouse hover window focus (you can still click windows to focus):
+    1. In the i3 config, set `focus_follows_mouse no`.
+1. Setup i3 gaps:
+    1. Disable window title bar (required): In the i3 config, add `for_window [class=".*"] border pixel 4` to only show the border and no title bar, or `0` to remove the border too.
+    1. Add gaps around windows: In the i3 config, add `gaps inner 8`.
+1. Install clipboard manager:
+    1. `pacman -S xsel`
+1. Setup media keys:
+    1. Note: Install e.g. Spotify (`aur/spotify`) to test with.
+    1. Install the playerctl utility for easy control: `pacman -S playerctl`
+    1. Add the following to the i3 config: See the i3 media keys config snippet below.
+1. Tweak audio volume keys:
+    1. Install `pamixer` (like ALSA's `amixer` but for PulseAudio): `pacman -S pamixer`
+    1. Open the i3 config and find the `bindsym XF86AudioRaiseVolume` and similar lines.
+    1. See the config i3 volume keys snippet below.
+1. Setup screen locking:
+    1. **TODO** Multi-monitor support? Haven't tested yet.
+    1. Install the `i3lock-fancy` screen locker: `yay -S i3lock-fancy-git`
+    1. Install the `xss-lock` automatic locker trigger: `pacman -S xss-lock`
+    1. Update i3 to use `i3lock-fancy`: In the i3 config, find the example `xss-lock` line and replace it with `exec --no-startup-id xss-lock --transfer-sleep-lock -- i3lock-fancy --nofork`. i3 needs to be completely restarted for this to start.
+    1. Set a locking keybind in i3: In the i3 config, add `bindsym $mod+l exec --no-startup-id i3lock-fancy --nofork`. This may conflict with some `focus` keybinds you probably don't need, so just remove those.
+
+### Setup Audio
+
+1. Note: We're using the PipeWire sound server, a compatible replacement for both PulseAudio and JACK.
+1. Install ALSA stuff:
+    1. Note: ALSA itself is already provided as built-in kernel modules and ALSA drivers will just work.
+    1. Install ALSA utils and firmware: `pacman -S alsa-utils alsa-firmware`
+1. Install PipeWire (including WirePlumber and adapters):
+    1. Install: `pacman -S pipewire pipewire-alsa pipewire-pulse pipewire-jack pipewire-v4l2 wireplumber pavucontrol`
+    1. Start the PulseAudio adapter (to avoid relogging): `systemctl start --user pipewire-pulse`
+1. Configure inputs and outputs:
+    1. Run `pavucontrol` to configure volumes, inputs, outputs and stuff.
+1. Test it:
+    1. Try playing something from the browser or whatever. It should work.
+1. **TODO** Bluetooth support. Check the PipeWire page.
+1. Install useful audio applications:
+    1. Install the Helvum patchbay to patch nodes and endpoints (inputs and outputs for all audio devices): `pacman -S helvum`
+    1. See the [PipeWire page (Arch Wiki)](https://wiki.archlinux.org/title/PipeWire).
+
+### Setup Applications
+
+1. Setup terminal emulator:
+    1. Already done.
+1. Setup ZSH:
+    1. See [Applications: ZSH](../applications/#zsh-linux) (includes font, theme and plugins).
+1. Setup the VLC video and audio player:w
+    1. `pacman -S vlc`
+1. Setup the Mirage image viewer:
+    1. `yay -S mirage`
+1. Setup the Thunar graphical file manager:
+    1. `pacman -S thunar`
+1. Setup the Ranger terminal file explorer:
+    1. `pacman -S ranger`
+1. Setup the VS Code text editor/IDE:
+    1. `pacman -S code`
+
+### Extra steps (Optional)
+
+- Setup secure boot using your own keys.
+
+### Notes and Snippets
+
+#### Main Disk Partitions
+
+| Partition Number | Size | Type | Description | Mountpoint |
+| - | - | - | - | - |
+| 1 | 512MiB | ESP, 1 (fdisk), EF00 (gdisk) | EFI system partition (ESP) | `/boot/efi/` |
+| 2 | Remaining | Doesn't matter | LUKS | `/` |
+
+**Swap**:
+
+Avoid creating an unencrypted swap partition. Just use a swap file in the (encrypted) root filesystem instead.
+
+#### systemd-networkd Network Config
+
+File: `/etc/systemd/network/eno1.network` (example)
+
+This example sets up interface `eno1` (the main interface, see `ip a`) to use DHCPv4 and SLAAC/DHCPv6.
+
+```
+[Match]
+Name=eno1
+
+[Network]
+DHCP=yes
+```
+
+#### Polybar Launch Script
+
+File: `~/.config/polybar/launch.sh`
+
+```bash
+#!/bin/bash
+
+killall -q polybar
+
+polybar main &>>/tmp/polybar.log
+
+echo "Polybar launched"
+```
+
+#### Rofi Config
+
+file: `~/.config/rofi/config.rasi`
+
+```
+configuration {
+    font: "hack 12";
+}
+@theme "glue_pro_blue"
+```
+
+#### i3 Media Keys
+
+File: `~/.config/i3/config`
+
+Requires `community/playerctl`.
+
+```
+# Media keys
+bindsym XF86AudioPlay exec --no-startup-id playerctl play-pause
+bindsym XF86AudioStop exec --no-startup-id playerctl stop
+bindsym XF86AudioPrev exec --no-startup-id playerctl previous
+bindsym XF86AudioNext exec --no-startup-id playerctl next
+```
+
+#### i3 Volume Keys
+
+File: `~/.config/i3/config`
+
+Requires `community/pamixer`.
+
+```
+# Volume keys
+bindsym XF86AudioRaiseVolume exec --no-startup-id pamixer -i 5
+bindsym XF86AudioLowerVolume exec --no-startup-id pamixer -d 5
+bindsym XF86AudioMute exec --no-startup-id pamixer -t
+bindsym XF86AudioMicMute exec --no-startup-id pamixer --default-source -t
+```
+
+{% include footer.md %}

config/pc/kubuntu.md

@@ -13,9 +13,6 @@ breadcrumbs:
 
 ## Installation
 
-1. (Bugfix) Disconnect all network interfaces.
-    - This will prevent an APT bug crashing the installer at the very end.
-    - This seems to be fixed in the latest version.
 1. Use the guided partitioner.
     - The manual installer is broken and can't create encrypted volumes.
 
@@ -43,13 +40,8 @@ breadcrumbs:
 1. Setup firewall:
     - Remove other firewalls: `sudo apt purge ufw firewalld`
     - Install IPTables stuff: `sudo apt install iptables iptables-persistent netfilter-persistent`
-    - (Alternative 1) Create an IPTables script (e.g. [iptables.sh](https://github.com/HON95/scripts/blob/master/linux/iptables/iptables.sh)).
-    - (Alternative 2) Run my preset (basics only, no SSH etc.): `curl https://raw.githubusercontent.com/HON95/scripts/master/linux/iptables/iptables.sh | sudo bash`
-1. Firefox:
-    - Disable middle mouse paste by setting `middlemouse.paste` to false in `about:config`.
-    - Enable middle mouse "drag scrolling" by setting `general.autoScroll` to true in `about:config`.
-    - Disable external media keys by setting `media.hardwaremediakeys.enabled` to false in `about:config`.
-    - Install missing language support: `apt install $(check-language-support)`
+    - (Alternative 1) Create an IPTables script (e.g. [iptables.sh](https://github.com/HON95/scripts/blob/master/iptables/iptables.sh)).
+    - (Alternative 2) Run my preset (basics only, no SSH etc.): `curl https://raw.githubusercontent.com/HON95/scripts/master/iptables/iptables.sh | sudo bash`
 
 ### Extra
 

config/pc/manjaro-kde.md

@@ -0,0 +1,56 @@
+---
+title: Manjaro (KDE)
+breadcrumbs:
+- title: Configuration
+- title: PC
+---
+{% include header.md %}
+
+### Using
+{:.no_toc}
+
+- Manjaro 21.1 (KDE edition)
+
+## Installation
+
+Nothing special.
+
+## Setup
+
+1. Packages:
+    - Install upgrades: `sudo pacman -Syu`
+    - Install extra stuff: `sudo pacman -S curl vim nmap`
+1. Setup default editor:
+    - Create a new profile file: `/etc/profile.d/editor.sh`
+    - Set the editor: `export EDITOR=vim`
+    - Set the visual editor: `export VISUAL=vim`
+1. Setup sudo:
+    - Login as root to avoid locking yourself out: `sudo -i`
+    - Enter the sudo editor by running `visudo` and add passwordless sudo for the `wheel` group by setting `%wheel ALL=(ALL) NOPASSWD: ALL`.
+    - Remove the old wheel sudo config: `rm /etc/sudoers.d/10-installer`
+1. Make sure the correct graphics drivers are in use (e.g. the proprietary Nvidia driver).
+1. Fix the displays (positions, resolutions, refresh rates).
+1. Enable numlock on boot (search for it).
+1. Appearance:
+   - Change to the dark theme.
+   - Make all fonts 1 size smaller.
+1. Shortcuts:
+   - Disable web search keywords.
+1. Setup panels for all screens. Only show tasks for the current screen.
+1. Setup clipboard (avoid storing copied passwords and such):
+    - Open the clipboard settings from the taskbar.
+    - Select "ignore selection" to avoid copying when selecting text.
+    - Set the history size to 1 (effectively disabling the history).
+1. Setup firewall:
+    - Install IPTables: `sudo pacman -S iptables`
+    - Enable the IPTables services: `sudo systemctl enable iptables.service ip6tables.service`
+    - Download my IPTables script: `wget https://raw.githubusercontent.com/HON95/scripts/master/iptables/iptables.sh -O /etc/iptables/config.sh`
+    - Make it executable: `chmod +x /etc/iptables/config.sh`
+    - Modify it.
+    - Run it: `/etc/iptables/config.sh`
+
+### Extra
+
+1. Install applications: See [PC Applications](/config/pc/applications/).
+
+{% include footer.md %}

index.md

@@ -11,8 +11,7 @@ Random collection of config notes and miscellaneous stuff. _Technically not a wi
 ### General
 
 - [General](/config/general/general/)
-- [Linux General Notes](/config/general/linux-general/)
-- [Linux Examples](/config/general/linux-examples/)
+- [Linux General](/config/general/linux-general/)
 - [Computer Testing](/config/general/computer-testing/)
 
 ### Authentication, Authorization and Accounting (AAA)
@@ -103,7 +102,9 @@ Random collection of config notes and miscellaneous stuff. _Technically not a wi
 
 ### PC
 
+- [Arch (i3)](/config/pc/arch-i3/)
 - [Kubuntu](/config/pc/kubuntu/)
+- [Manjaro (KDE)](/config/pc/manjaro-kde/)
 - [Windows](/config/pc/windows/)
 - [PC Applications](/config/pc/applications/)
 
@@ -170,7 +171,7 @@ Random collection of config notes and miscellaneous stuff. _Technically not a wi
 
 ## Miscellanea
 
-- [Betzy (Supercomputer)](/miscellanea/betzy/)
-- [Vilje (Supercomputer)](/miscellanea/vilje/)
+- [Betzy (Supercomputer)](/misc/betzy/)
+- [Vilje (Supercomputer)](/misc/vilje/)
 
 {% include footer.md %}

miscellanea/betzy.md → misc/betzy.md

@@ -2,10 +2,12 @@
 title: Betzy (Supercomputer)
 breadcrumbs:
 - title: Miscellanea
+header_image: ../files/betzy.jpg
 ---
 {% include header.md %}
 
 Norway's most powerful supercomputer as of its inauguration in late 2020.
+Placed #55 on the 2020 June TOP500.
 Managed by UNINETT Sigma2 and partially NTNU Trondheim.
 
 ## Resources
@@ -25,10 +27,10 @@ Managed by UNINETT Sigma2 and partially NTNU Trondheim.
 A mix of general XH2000 specifications and specific Betzy specifications.
 
 - Betzy overall specifications \[1\]\[2\]\[5\]\[9\]\[10\]:
-    - System: Atos BullSequana XH2000 with X2410 (AMD) and X2415 (A100) blades.
+    - System: Atos BullSequana XH2000 with X2410 (AMD EPYC) and X2415 (NVIDIA A100) blades.
     - OS: RHEL
-    - Compute nodes: 1’344x X2410 (AMD) + 4x X2415 (A100)
-    - CPUs total (excluding A100 nodes): 2’688 sockets, 86’016 cores, 172’032 threads
+    - Compute nodes: 1344 X2410 (AMD EPYC) (448 blades) + 4 X2415 (NVIDIA A100)
+    - CPUs total (excluding A100 nodes): 2688 CPUs, 172032 cores
     - Memory: 336TiB total (excluding A100 nodes)
     - Storage: 7.8PB (2.5PB before 2021 upgrade), DNN powered, Lustre, 51GB/s bandwidth, 500k+ metadata OPS (before 2021 upgrade)
     - Interconnect topology: DragonFly+ topology
@@ -36,31 +38,30 @@ A mix of general XH2000 specifications and specific Betzy specifications.
     - Footprint: 14.78m2 (before 2021 upgrade)
     - Power: 952kW, 95% of heat captured to water (before 2021 upgrade)
     - Cooling: Liquid cooled
-- CPU specifications (CPU nodes) \[1\]\[4\]:
+- CPU node specifications (CPU nodes) \[1\]\[2\]\[4\]:
     - AMD EPYC Rome 7742
-    - 64 cores, 128 threads
-    - Clock: 2.25GHz base, 3.4GHz max boost
-    - PCIe: 4.0, x128
-    - Memory: DDR4, 8 channels, 3200MHz, 204.8GB/s per-socket BW
-- CPU specifications (GPU nodes) \[0\]\[14\]:
-    - AMD EPYC Rome 7452
-    - 32 cores, 64 threads
-    - Clock: 2.35GHz base, 3.35GHz max boost
-    - Memory: DDR4, 8 channels, 3200MHz, 204.8GB/s per-socket BW
-- Compute node specifications (CPU nodes) \[1\]\[2\]:
-    - CPUs per node: 2 sockets, 128 kjerner, 256 threads
+        - 64 cores, 128 threads (per CPU)
+        - Clock: 2.25GHz base, 3.4GHz max boost
+        - Memory: DDR4, 8 channels, 3200MHz, 204.8GB/s per-socket BW
+        - PCIe: 4.0, x128
     - Memory: 256GiB, split into 8 NUMA nodes
     - Storage: 3x SATA or NVMe M.2 drives
     - NIC: InfiniBand HDR 100
+- CPU node specifications (GPU nodes) \[0\]\[14\]:
+    - CPUs: 2x AMD EPYC Rome 7452
+        - 32 cores, 64 threads (per CPU)
+        - Clock: 2.35GHz base, 3.35GHz max boost
+        - Memory: DDR4, 8 channels, 3200MHz, 204.8GB/s per-socket BW
+        - PCIe: 4.0, x128
 - Blade specifications \[9\]:
     - Betzy uses mainly X2410 blades (AMD), but also 4x X2415 blades (A100) (after the 2021 upgrade) \[10\].
     - Size: 1U
     - Cooling: Fanless, active liquid cooling.
     - All blades types (both used and not used):
-        - X2410: 3x AMD EPYC Rome/Milan nodes (side-by-side) (6 CPUs total).
-        - X2415: 2x AMD EPYC Rome/Milan CPUs and 4x Nvidia A100 SXM4 GPUs (single node).
-        - X1120: 3x Intel Xeon nodes (side-by-side) (6 CPUs total).
-        - X1125: 2x Intel CPUs and 4x Nvidia V100 SXM2 GPUs (single node).
+        - X2410: 3x nodes (side-by-side) with 2x AMD EPYC Rome/Milan CPUs (6 CPUs total).
+        - X2415: 1x node with 2x AMD EPYC Rome/Milan CPUs and 4x Nvidia A100 SXM4 GPUs.
+        - X1120: 3x nodes (side-by-side) with 2x Intel Xeon CPUs (6 CPUs total).
+        - X1125: 1x node with 2x Intel CPUs and 4x Nvidia V100 SXM2 GPUs.
 - Cabinet specifications (general, not Betzy specific) \[8\]\[9\]:
     - Number of blades: 4-20 in front, 4-12 in back
     - Management switches: