Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Prep

• backup stuff if you think you need it.

  Instructions

  • Desktop
  • Downloads
  • Documents

• prepare USB device with a Windows installer.

  Instructions

  Here's my primary influence.

Repave

• boot to the USB.
• wipe old partitions.
• run Windows installer.

Post Paving

• Windows update

• Install Box Starter

• Install my Box Starter Package

  Instructions

  Thanks Rich Turner for your excellent example!

  Launch Powershell with elevated privileges:

  Set-ExecutionPolicy Unrestricted
  . { iwr -useb https://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force
  Install-BoxstarterPackage -DisableReboots -PackageName https://raw.githubusercontent.com/scottmuc/infrastructure/master/boxstarter.txt
  

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Create USB stick with latest Ubuntu OS

Rebuild steps

• Reboot laptop and press F12 to load the boot selection menu

• Install the OS

  Instructions

  • https://ubuntu.com/tutorials/install-ubuntu-server#1-overview
  • Create a user called bootstrap with a password bootstrap

Post OS install steps

• Document what to do next ;-)

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Create USB stick with latest macOS

  Instructions

  • Format a USB (> 16GB) stick and name it UNTITLED

  • Fetch the latest version of macos from the App Store

  • Run the following

    $ sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/UNTITLED --nointeraction
    Password:
    Erasing disk: 0%... 10%... 20%... 30%... 100%
    Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
    Making disk bootable...
    Install media now available at "/Volumes/Install macOS Big Sur"
    

• Create credentials for the rebuild

  Instructions

  Run create-repave-secrets with an argument that follows the naming convention of:

  machine.<month name>.air

• Backup anything worth keeping

  Instructions

  Generally, this means look at the following directories for things that I might want to carry over to the fresh
  install or possibly consider saving to a cloud service:

  • Desktop
  • Documents
  • Downloads

Rebuild steps

• Reboot to load installer

  Instructions

  Hold down the Option key to trigger the boot selection menu.

• Use Disk Utility to wipe existing partition and make a new one (new name, new encryption key)
• Install the OS

Post OS install steps

• Install git, clone this repo, and run coalese_this_machine

  Instructions

  git # this will trigger the XCode installer which brings git along with it
  mkdir ~/workspace
  git clone https://github.com/scottmuc/infrastructure.git ~/workspace/infrastructure
  ~/workspace/infrastructure/homedirs/osx/coalesce_this_machine
  

• Launch and configure 1 Password
• Initialise 1 Password CLI
• Map capslock to control

note to speed things up, some of the steps above can be done while coalese_this_machine is running.

Done When

• Make a tiny DNS change and run terraform

  Instructions

  # Initialize and log into the 1 Password CLI
  initialize-1password
  eval $(op signin)
  # Unlock the repo in order to access values in ./secrets dir
  cd ~/workspace/infrastructure
  ./scripts/locksmith unlock
  # Initialize Terraform and apply
  cd dns
  terraform init
  ./terraform_apply
  

• Make a signed commit mentioning this issue (exercises gpg_op)

  Instructions

  # Initialize and log into the 1 Password CLI
  initialize-1password
  eval $(op signin)
  gpg_op restore -e "[email protected]"
  

• Be able to push the commit (exercises ssh_op_agent)
• Log into GitHub in Brave (exercises 1 Password browser extension)
• Old keys and credentials are deleted (GitHub and 1Password)
• Make this template slightly better

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Create SD card with the latest Raspberry Pi OS

  Instructions

  Preferrably with a secondary SD Card to keep the current Pi running.

  installer download

• Shut down the PI (to prevent DHCP conflicts)

• Enable DHCP on the router and remove port mapping

Post OS install steps on the PI

• Enable SSHD via rasp-config

• Obtain machine IP via ip a

Post OS install steps on desktop

• Ensure a working ansible enviroment

  Instructions

  Not much to say except use virtualenv. I don't have a consistent way to set this up because
  my macbook might be my controller, or my windows WSL host will be.

• Copy ssh key using ssh-copy-id pi@<pi ip>

• Bootstrap with Ansible

  Instructions

  ansible-playbook -i 192.168.2.10, --become --ask-become-pass ./bootstrap-playbook.yml

• Complete full configuration

  Instructions

  ./ansible.sh <pi ip>

• Disable DHCP on the router

• Reboot PI

• Add port mapping on the router

• Make this template slightly better

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Steps

• Run repave script from windows host

  Instructions

  As an admin, run:

  Set-ExecutionPolicy -ExectionPolicy RemoteSigned

  Then run:

  ~/workspace/infrastructure/homedirs/windows/Repave-WSLInstance.ps

• Clone and run coalesce script

  Instructions

  mkdir ~/workspace && cd ~/workspace
  git clone https://github.com/scottmuc/infrastructure.git
  cd infrastructure/homedirs/wsl
  ./coalesce_this_machine
  

• Reboot WSL Instance

  Instructions

  In order for /etc/wsl.conf to take effect we need to restart the
  WSL instance.

  wsl --shutdown Ubuntu

• Initalize 1Password

  Instructions

  inialized-1password

• Load GPG Keys

  Instructions

  opauth
  keys
  gpg-op restore -e scottATscottmuc.com
  

Verification Steps

• Decrypt Repository

  Instructions

  ./scripts/locksmith unlock
  

• Attempt DNS Change

  Instructions

  cd dns
  terraform init
  # add TXT record to graffiti.scottmuc.com
  ./terraform_apply
  

• Configure PI (tests ansible)

• Make this template slightly better

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Create USB stick with latest macOS

  Instructions

  • Format a USB (> 16GB) stick and name it UNTITLED

  • Fetch the latest version of macos from the App Store

  • Run the following

    $ sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/UNTITLED --nointeraction
    Password:
    Erasing disk: 0%... 10%... 20%... 30%... 100%
    Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
    Making disk bootable...
    Install media now available at "/Volumes/Install macOS Big Sur"
    

• Create credentials for the rebuild

  Instructions

  Run create-repave-secrets with an argument that follows the naming convention of:

  machine.<month name>.air

• Backup anything worth keeping

  Instructions

  Generally, this means look at the following directories for things that I might want to carry over to the fresh
  install or possibly consider saving to a cloud service:

  • Desktop
  • Documents
  • Downloads

Rebuild steps

• Reboot to load installer

  Instructions

  Hold down the Option key to trigger the boot selection menu.

• Use Disk Utility to wipe existing partition and make a new one (new name, new encryption key)
• Install the OS

Post OS install steps

• Install git, clone this repo, and run coalese_this_machine

  Instructions

  git # this will trigger the XCode installer which brings git along with it
  mkdir ~/workspace
  git clone https://github.com/scottmuc/infrastructure.git ~/workspace/infrastructure
  ~/workspace/infrastructure/homedirs/osx/coalesce_this_machine
  

• Launch and configure 1 Password
• Initialise 1 Password CLI
• Map capslock to control
• Launch shiftit and follow all the accessiblity setting instructions (looking at alternatives)

note to speed things up, some of the steps above can be done while coalese_this_machine is running.

Done When

• Make a tiny DNS change and run terraform

  Instructions

  # Initialize and log into the 1 Password CLI
  initialize-1password
  eval $(op signin my)
  # Unlock the repo in order to access values in ./secrets dir
  cd ~/workspace/infrastructure
  ./scripts/locksmith unlock
  # Initialize Terraform and apply
  ./scripts/terraform init dns
  ./scripts/terraform_apply
  

• Make a signed commit mentioning this issue (exercises gpg_op)

  Instructions

  # Initialize and log into the 1 Password CLI
  initialize-1password
  eval $(op signin my)
  gpg_op restore -e "[email protected]"
  

• Be able to push the commit (exercises ssh_op_agent)
• Log into GitHub in Brave (exercises 1 Password browser extension)
• Old keys and credentials are deleted (GitHub and 1Password)
• Make this template slightly better

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Prep

• backup stuff if you think you need it.

  Instructions

  • Desktop
  • Downloads
  • Documents

• prepare USB device with a Windows installer.

  Instructions

  Here's the latest documentation I followed to make a USB installer.

Repave

• boot to the USB.

  Instructions

  • Hit F12 while machine is rebooting to load boot menu.
  • The drive that is less than 50GB is likely the bootable USB device.

• wipe old partitions.
• run Windows installer.

Post Paving

• Install Chocolatey

  Instructions

  • https://chocolatey.org/install

• Install BoxStarter

  Instructions

  • choco install Boxstarter

• Install my Box Starter Package

  Instructions

  Thanks Rich Turner for your excellent example!

  Launch Powershell with elevated privileges:

  Install-BoxstarterPackage -DisableReboots -PackageName https://raw.githubusercontent.com/scottmuc/infrastructure/master/homedirs/windows/boxstarter.ps1
  

• Windows update

• Configure Brave

  Instructions

  Do the following:

  • Ensure 1 Password extension works
  • Getpocket installed
  • Unhook extension is installed (and support the author)
  • Set searrch engine to DuckDuckGo

• Install and configure Google Drive

• Setup Radeon Software

  Instructions

  I'm not sure what to do here. Here are a couple helpful links:

  • https://www.amd.com/en/support/kb/faq/gpu-kb205
  • https://raptoreumcalculator.com/blog/radeonsoftware-exe-windows-complaining-about-missing-mfplat-dll-mf-dl-and-mfreadwrite-dll-files/
  • https://www.amd.com/en/support

• Run Novabench

  Instructions

  Score should be around:

  • CPU 1600
  • RAM 260
  • GPU 1000
  • Disk 340

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Create USB stick with latest macOS

  Instructions

  • Format a USB (> 16GB) stick and name it UNTITLED

  • Fetch the latest version of macos from the App Store

  • Run the following

    $ sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/UNTITLED --nointeraction
    Password:
    Erasing disk: 0%... 10%... 20%... 30%... 100%
    Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
    Making disk bootable...
    Install media now available at "/Volumes/Install macOS Big Sur"
    

• Create credentials for the rebuild

  Instructions

  Run create-repave-secrets with an argument that follows the naming convention of:

  machine.<month name>.air

• Backup anything worth keeping

  Instructions

  Generally, this means look at the following directories for things that I might want to carry over to the fresh
  install or possibly consider saving to a cloud service:

  • Desktop
  • Documents
  • Downloads

Rebuild steps

• Reboot to load installer

  Instructions

  Hold down the Option key to trigger the boot selection menu.

• Use Disk Utility to wipe existing partition and make a new one (new name, new encryption key)
• Install the OS

Post OS install steps

• Install git, clone this repo, and run coalese_this_machine

  Instructions

  git # this will trigger the XCode installer which brings git along with it
  mkdir ~/workspace
  git clone https://github.com/scottmuc/infrastructure.git ~/workspace/infrastructure
  ~/workspace/infrastructure/homedirs/osx/coalesce_this_machine
  

• Launch and configure 1 Password
• Initialise 1 Password CLI
• Map capslock to control
• Launch shiftit and follow all the accessiblity setting instructions

note to speed things up, some of the steps above can be done while coalese_this_machine is running.

Done When

• Make a tiny DNS change and run terraform

  Instructions

  # Initialize and log into the 1 Password CLI
  initialize-1password
  eval $(op signin my)
  # Unlock the repo in order to access values in ./secrets dir
  cd ~/workspace/infrastructure
  ./scripts/locksmith unlock
  # Initialize Terraform and apply
  ./scripts/terraform init dns
  ./scripts/terraform_apply
  

• Make a signed commit mentioning this issue (exercises gpg_op)

  Instructions

  # Initialize and log into the 1 Password CLI
  initialize-1password
  eval $(op signin my)
  gpg_op restore -e "[email protected]"
  

• Be able to push the commit (exercises ssh_op_agent)
• Log into GitHub in Brave (exercises 1 Password browser extension)
• Old keys and credentials are deleted (GitHub and 1Password)
• Make this template slightly better

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Prep

• backup stuff if you think you need it.

  Instructions

  • Desktop
  • Downloads
  • Documents

• prepare USB device with a Windows installer.

  Instructions

  Here's the latest documentation I followed to make a USB installer.

Repave

• boot to the USB.

  Instructions

  • Hit F12 while machine is rebooting to load boot menu.
  • The drive that is less than 50GB is likely the bootable USB device.

• wipe old partitions.
• run Windows installer.

Post Paving

• Set machine hostname

  Instructions

  This can come in handy for all services that have recorded the machines
  hostname for security verification. The timestamp in the name and other
  metadata can make future auditing a bit easier.

  The convention is YYYYMMDD-something meta.

  Test if this can be done in powershell.

• Install Chocolatey

  Instructions

  • https://chocolatey.org/install

• Install BoxStarter

  Instructions

  • choco install Boxstarter

• Install Boostrap BoxStarter Package

  Instructions

  Thanks Rich Turner for your excellent example!

  Launch Powershell with elevated privileges:

  Install-BoxstarterPackage -DisableReboots -PackageName https://raw.githubusercontent.com/scottmuc/infrastructure/main/homedirs/windows/boxstarter.bootstrap.ps1
  

• Windows update

• Install Main BoxStarter Package

  Instructions

  Thanks Rich Turner for your excellent example!

  Launch Powershell with elevated privileges:

  Install-BoxstarterPackage -DisableReboots -PackageName $(Join-Path -Path $Env:USERPROFILE -ChildPath "workspace/infrastructure/main/homedirs/windows/boxstarter.ps1")
  

• Configure Brave

  Instructions

  Do the following:

  • Ensure 1 Password extension works
  • Getpocket installed
  • Unhook extension is installed (and support the author)
  • Set searrch engine to DuckDuckGo

• Install and configure Google Drive

• Turn off all Windows notification sounds

• Setup Radeon Software

  Instructions

  I'm not sure what to do here. Here are a couple helpful links:

  • https://www.amd.com/en/support/kb/faq/gpu-kb205
  • https://raptoreumcalculator.com/blog/radeonsoftware-exe-windows-complaining-about-missing-mfplat-dll-mf-dl-and-mfreadwrite-dll-files/
  • https://www.amd.com/en/support

• Install and configure Samsung Magician

  Instructions

  Download the installer and run it. Enable the performance profile.

• Run Novabench

  Instructions

  Score should be around:

  • CPU 1600
  • RAM 260
  • GPU 1000
  • Disk 340

• Make this template slightly better

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Create USB stick with latest macOS

  Instructions

  • Format a USB (> 16GB) stick and name it UNTITLED

  • Fetch the latest version of macos from the App Store

  • Run the following

    $ sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/UNTITLED --nointeraction
    Password:
    Erasing disk: 0%... 10%... 20%... 30%... 100%
    Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
    Making disk bootable...
    Install media now available at "/Volumes/Install macOS Big Sur"
    

• Create credentials for the rebuild

  Instructions

  Run create-repave-secrets with an argument that follows the naming convention of:

  machine.<month name>.air

• Backup anything worth keeping

  Instructions

  Generally, this means look at the following directories for things that I might want to carry over to the fresh
  install or possibly consider saving to a cloud service:

  • Desktop
  • Documents
  • Downloads

Rebuild steps

• Reboot to load installer
• Use Disk Utility to wipe existing partition and make a new one (new name, new encryption key)
• Install the OS

Post OS install steps

• Install git, clone this repo, and run coalese_this_machine

  Instructions

  git # this will trigger the XCode installer which brings git along with it
  mkdir ~/workspace
  git clone https://github.com/scottmuc/infrastructure.git ~/workspace/infrastructure
  ~/workspace/infrastructure/homedirs/osx/coalesce_this_machine
  

• Launch and configure 1 Password
• Initialise 1 Password CLI
• Map capslock to control
• Launch shiftit and follow all the accessiblity setting instructions

note to speed things up, some of the steps above can be done while coalese_this_machine is running.

Done When

• Make a tiny DNS change and run terraform

  Instructions

  # Initialize and log into the 1 Password CLI
  initialize-1password
  eval $(op signin my)
  # Unlock the repo in order to access values in ./secrets dir
  cd ~/workspace/infrastructure
  ./scripts/locksmith unlock
  # Initialize Terraform and apply
  ./scripts/terraform init dns
  ./scripts/terraform_apply
  

• Make a signed commit mentioning this issue (exercises gpg_op)

  Instructions

  # Initialize and log into the 1 Password CLI
  initialize-1password
  eval $(op signin my)
  gpg_op restore -e "[email protected]"
  

• Be able to push the commit (exercises ssh_op_agent)
• Log into GitHub in Brave (exercises 1 Password browser extension)
• Old keys and credentials are deleted (GitHub and 1Password)
• Make this template slightly better

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Create SD card with the latest Raspberry Pi OS

  Instructions

  Preferrably with a secondary SD Card to keep the current Pi running.

  installer download

• Ensure a working ansible enviroment

  Instructions

  Not much to say except use virtualenv. I don't have a consistent way to set this up because
  my macbook might be my controller, or my windows WSL host will be.

Post OS install steps

• Ensure machine IP is 192.168.2.10

• Copy ssh key using ssh-copy-id

• Bootstrap with Ansible

  Instructions

  ansible-playbook -i 192.168.2.10, --become --ask-become-pass ./bootstrap-playbook.yml

• Complete full configuration

  Instructions

  ansible-playbook -i 192.168.2.10, --become ./main-playbook.yml

• Make this template slightly better

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Steps

• Delete previous WSL instance if applicable

• Ensure WSL2 is being used

• Install latest Ubuntu

• Clone and run coalesce script

• Attempt DNS Change

• Initalize 1Password

• Configure PI (tests ansible)

• Make this template slightly better

Things to do with the existing build

• Create USB stick with latest macOS
• Create credentials for the rebuild
• Backup anything worth keeping

Rebuild steps

• Reboot to load installer
• Use Disk Utility to wipe existing partition and make a new one (new name, new encryption key)
• Install the OS

Post OS install steps

• Install git and clone this repo
• Run coalesce_this_machine
• Launch and configure 1 Password
• Initialise 1 Password CLI

Done When

• Make a tiny DNS change and run terraform
• Make a signed commit mentioning this issue (exercises gpg_op)
• Be able to push the commit (exercises ssh_op_agent)
• Log into GitHub in Brave (exercises 1 Password browser extension)

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Create USB stick with latest macOS

  Instructions

  • Format a USB (> 16GB) stick and name it UNTITLED

  • Fetch the latest version of macos from the App Store

  • Run the following

    $ sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/UNTITLED --nointeraction
    Password:
    Erasing disk: 0%... 10%... 20%... 30%... 100%
    Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
    Making disk bootable...
    Install media now available at "/Volumes/Install macOS Big Sur"
    

• Create credentials for the rebuild

  Instructions

  Run create-repave-secrets with an argument that follows the naming convention of:

  machine.<month name>.air

• Backup anything worth keeping

  Instructions

  Generally, this means look at the following directories for things that I might want to carry over to the fresh
  install or possibly consider saving to a cloud service:

  • Desktop
  • Documents
  • Downloads

Rebuild steps

• Reboot to load installer
• Use Disk Utility to wipe existing partition and make a new one (new name, new encryption key)
• Install the OS

Post OS install steps

• Install git, clone this repo, and run coalese_this_machine

  Instructions

  git # this will trigger the XCode installer which brings git along with it
  mkdir ~/workspace
  git clone https://github.com/scottmuc/infrastructure.git ~/workspace/infrastructure
  ~/workspace/infrastructure/homedirs/osx/coalesce_this_machine
  

• Launch and configure 1 Password
• Initialise 1 Password CLI
• Map capslock to control
• Launch shiftit and follow all the accessiblity setting instructions

note to speed things up, some of the steps above can be done while coalese_this_machine is running.

Done When

• Make a tiny DNS change and run terraform
• Make a signed commit mentioning this issue (exercises gpg_op)
• Be able to push the commit (exercises ssh_op_agent)
• Log into GitHub in Brave (exercises 1 Password browser extension)
• Old keys and credentials are deleted (GitHub and 1Password)

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Disable DHCP on the PI

  Instructions

  Ensure that when we renew our DCHP lease, it comes from our router.

  sudo systemctl stop dnsmasq

• Enable DHCP on the router and remove port mapping and release/renew IP address

  Instructions

  Windows: ipconfig /release and then ipconfig /renew

• Shutdown PI

  Instructions

  Make sure the USB drive has spun down before doing any work.

  sudo shutdown -h now

• Create SD card with the latest Raspberry Pi OS

  Instructions

  Using the SD card in the now powered down PI.

  The new installer has options to enable SSH and create a user.

  installer download

  note check if the underlying Debian distribution is changing as this might result
  in some issues in the playbook execution.

  The Bullseye 64-bit lite image seems to work for now.

Post OS install steps on desktop

• Ensure a working ansible enviroment

  Instructions

  Not much to say except use virtualenv. I don't have a consistent way to set this up because
  my macbook might be my controller, or my windows WSL host will be.

• Turn on the PI and note the IP obtained from the Router

• Transfer local public ssh key to PI

  Instructions

  In order to avoid the use of sshpass, copy the current sessions public ssh key to
  to ./ssh/authorized_keys of the pi user on the PI. This user is only necessary to
  run the bootstrap playbook (which creates an admin ansible user) and will be subsequently
  cleaned up.

  ssh-copy-id pi@<pi ip>

• Bootstrap with Ansible

  Instructions

  ./ansible.sh bootstrap -i <pi ip>

• Add the PI port forwarding

  Instructions

  Needed for the certbot ACME challenge in the next step.

• Complete full configuration

  Instructions

  ./ansible.sh apply -i <pi ip>

• Reboot PI

• Re-add port mapping to the static IP

• Disable DHCP on the router

• Deploy goodenoughmoney.com

• Create pi Samba user

  Instructions

  Run the following on the PI
  sudo smbpasswd -a smbrw

• Make this template slightly better

How Do I Know I Am Done?

• https://www.goodenoughmoney.com/ displays stuff

• https://home.scottmuc.com/music/ loads navidrome and the music is playable

• https://home.scottmuc.com/prometheus/ loads and has data

• https://home.scottmuc.com/grafana/ loads and has data

• Z:\ on my Windows PC works

• ipconfig /release and then ipconfig /renew works

• nslookup analytics.google.com is refused

• Print out newly repaved machine details

  Instructions

  cat /etc/os-release && uname -a

Objective

My local DNS server is only listening on IPv4. At the moment, my Windows PC prefers IPv6 so it ends up using my routers DNS server instead.

Notes

This looks straightforward enough with powershell: https://giritharan.com/disable-ipv6/

A comment in that article links to Microsoft's recommendation to not disable IPv6 but to lower its priority: https://support.microsoft.com/en-us/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users

I really don't know too much about IPv6 except that one of the things it is trying to solve the scarcity of IPv4 addresses. It appears that it's bringing a lot more features and changes that I believe one needs to understand before implementing it in their home: https://www.youtube.com/watch?v=z7Al3P8ShM8. Some admin perspectives are discussed here: https://2.5admins.com/2-5-admins-05/

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Steps

• Delete previous WSL instance if applicable

• Ensure WSL2 is being used

• Install latest Ubuntu

• Clone and run coalesce script

• Initalize 1Password

• Attempt DNS Change

• Configure PI (tests ansible)

• Make this template slightly better

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Prep

• backup stuff if you think you need it.

  Instructions

  • Desktop
  • Downloads
  • Documents

• prepare USB device with a Windows installer.

  Instructions

  Here's the latest documentation I followed to make a USB installer.

Repave

• boot to the USB.

  Instructions

  • Hit F12 while machine is rebooting to load boot menu.
  • The drive that is less than 50GB is likely the bootable USB device.

• wipe old partitions.
• run Windows installer.

Post Paving

• Set machine hostname

  Instructions

  This can come in handy for all services that have recorded the machines
  hostname for security verification. The timestamp in the name and other
  metadata can make future auditing a bit easier.

  The convention is YYYYMMDD-something meta.

  Test if this can be done in powershell.

• Install Chocolatey

  Instructions

  • https://chocolatey.org/install

• Install BoxStarter

  Instructions

  • choco install Boxstarter

• Install my Box Starter Package

  Instructions

  Thanks Rich Turner for your excellent example!

  Launch Powershell with elevated privileges:

  Install-BoxstarterPackage -DisableReboots -PackageName https://raw.githubusercontent.com/scottmuc/infrastructure/master/homedirs/windows/boxstarter.ps1
  

• Windows update

• Configure Brave

  Instructions

  Do the following:

  • Ensure 1 Password extension works
  • Getpocket installed
  • Unhook extension is installed (and support the author)
  • Set searrch engine to DuckDuckGo

• Install and configure Google Drive

• Turn off all Windows notification sounds

• Setup Radeon Software

  Instructions

  I'm not sure what to do here. Here are a couple helpful links:

  • https://www.amd.com/en/support/kb/faq/gpu-kb205
  • https://raptoreumcalculator.com/blog/radeonsoftware-exe-windows-complaining-about-missing-mfplat-dll-mf-dl-and-mfreadwrite-dll-files/
  • https://www.amd.com/en/support

• Install and configure Samsung Magician

  Instructions

  Download the installer and run it. Enable the performance profile.

• Run Novabench

  Instructions

  Score should be around:

  • CPU 1600
  • RAM 260
  • GPU 1000
  • Disk 340

• Make this template slightly better

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Steps

• Delete previous WSL instance if applicable

• Ensure WSL2 is being used

• Install latest Ubuntu

• Clone and run coalesce script

• Initalize 1Password

• Attempt DNS Change

• Configure PI (tests ansible)

• Make this template slightly better

A chat with some friends started with a post about monospace font selection: https://www.tbray.org/ongoing/When/202x/2023/02/09/Monospace

Given all the workstation automation I have, I can't say I'm satisfied with my devx (development experience). It's ok, but it's got some issues that I'd like to improve.

Objectives:

• Setup system that allows for easy swapping of fonts and themes (to better evaluate)
• Choose and configure a consistent font to be used
• Swap between dark and light consistently and without too much duct-tape
• Ensure readable font size for my aging eyes

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Create USB stick with latest Ubuntu OS

Rebuild steps

• Reboot laptop and press F12 to load the boot selection menu

• Install the OS

  Instructions

  • https://ubuntu.com/tutorials/install-ubuntu-server#1-overview
  • Create a user called bootstrap with a password bootstrap

Post OS install steps

• Document what to do next ;-)

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Disable DHCP on the PI

  Instructions

  Ensure that when we renew our DCHP lease, it comes from our router.

  sudo systemctl stop kea-dhcp4-server

• Enable DHCP on the router and remove port mapping and release/renew IP address

  Instructions

  Windows: ipconfig /release and then ipconfig /renew

• Shutdown PI

  Instructions

  Make sure the USB drive has spun down before doing any work.

  sudo shutdown -h now

• Create SD card with the latest Raspberry Pi OS

  Instructions

  Using the SD card in the now powered down PI.

  The new installer has [options][installer-options] to enable SSH and create a user.

  installer download

Post OS install steps on desktop

• Ensure a working ansible enviroment

  Instructions

  Not much to say except use virtualenv. I don't have a consistent way to set this up because
  my macbook might be my controller, or my windows WSL host will be.

• Turn on the PI and note the IP obtained from the Router

• Transfer local public ssh key to PI

  Instructions

  In order to avoid the use of sshpass, copy the current sessions public ssh key to
  to ./ssh/authorized_keys of the pi user on the PI. This user is only necessary to
  run the bootstrap playbook (which creates an admin ansible user) and will be subsequently
  cleaned up.

  ssh-copy-id pi@<pi ip>

• Bootstrap with Ansible

  Instructions

  ./ansible.sh bootstrap -i <pi ip>

• Add the PI port forwardi

  Instructions

  Needed for the certbot ACME challenge in the next step.

• Complete full configuration

  Instructions

  ./ansible.sh apply -i <pi ip>

• Reboot PI

• Re-add port mapping to the static IP

• Disable DHCP on the router

• Deploy goodenoughmoney.com

• Create pi Samba user

  Instructions

  Run the following on the PI
  sudo smbpasswd -a smbrw

• Deploy navidrome

  Instructions

  run navidrome.sh as root on the PI

• Make this template slightly better

How Do I Know I Am Done?

• https://www.goodenoughmoney.com/ displays stuff

• https://home.scottmuc.com/music/ loads navidrome and the music is playable

• Z:\ on my Windows PC works

• ipconfig /release and then ipconfig /renew works

• nslookup analytics.google.com is refused

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Steps

• Run repave script from windows host

  Instructions

  As an admin, run:

  Set-ExecutionPolicy -ExectionPolicy RemoteSigned

  Then run:

~/workspace/infrastructure/homedirs/windows/Repave-WSLInstance.ps

• Clone and run coalesce script

  Instructions

  mkdir ~/workspace && cd ~/workspace
  git clone https://github.com/scottmuc/infrastructure.git
  cd infrastructure/homedirs/wsl
  ./coalesce_this_machine
  

• Initalize 1Password

  Instructions

  As an admin, run:

  Set-ExecutionPolicy -ExectionPolicy RemoteSigned

  Then run:

~/workspace/infrastructure/homedirs/windows/Repave-WSLInstance.ps

Verification Steps

• Attempt DNS Change

• Configure PI (tests ansible)

• Make this template slightly better

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Disable DHCP on the PI

  Instructions

  Ensure that when we renew our DCHP lease, it comes from our router.

  sudo systemctl stop kea-dhcp4-server

• Enable DHCP on the router and remove port mapping and release/renew IP address

  Instructions

  Windows: ipconfig /release and then ipconfig /renew

• Shutdown PI

  Instructions

  Make sure the USB drive has spun down before doing any work.

  sudo shutdown -h now

• Create SD card with the latest Raspberry Pi OS

  Instructions

  Using the SD card in the now powered down PI.

  installer download

• Touch ssh on the boot volume of the SD Card

  Instructions

  See this handy post for details. This requires disconnecting the SD card and
  plugging it back in so it gets mounted in Windows.

Post OS install steps on desktop

• Ensure a working ansible enviroment

  Instructions

  Not much to say except use virtualenv. I don't have a consistent way to set this up because
  my macbook might be my controller, or my windows WSL host will be.

• Turn on the IP and note the IP obtained from the Router

• Transfer local public ssh key to PI

  Instructions

  In order to avoid the use of sshpass, copy the current sessions public ssh key to
  to ./ssh/authorized_keys of the pi user on the PI. This user is only necessary to
  run the bootstrap playbook (which creates an admin ansible user) and will be subsequently
  cleaned up.

  ssh-copy-id pi@<pi ip>

• Bootstrap with Ansible

  Instructions

  ./ansible.sh bootstrap -i <pi ip>

• Add the PI port forwardi

  Instructions

  Needed for the certbot ACME challenge in the next step.

• Complete full configuration

  Instructions

  ./ansible.sh apply -i <pi ip>

• Reboot PI

• Re-add port mapping to the static IP

• Disable DHCP on the router

• Deploy goodenoughmoney.com

• Create pi Samba user

  Instructions

  Run the following on the PI
  sudo smbpasswd -a pi

• Deploy navidrome

  Instructions

  run navidrome.sh as root on the PI

• Make this template slightly better

How Do I Know I Am Done?

• https://www.goodenoughmoney.com/ displays stuff

• https://home.scottmuc.com/music/ loads navidrome and the music is playable

• Z:\ on my Windows PC works

• ipconfig /release and then ipconfig /renew works

• nslookup analytics.google.com is refused

Definition of Done

This pipeline should run and work:

jobs:
  - name: job-hello-world
    public: true
    plan:
      - task: hello-world
        config:
          platform: linux
          image_resource:
            type: docker-image
            source: {repository: busybox}
          run:
            path: echo
            args: [hello world]

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Enable DHCP on the router and remove port mapping and release/renew IP address

• Create SD card with the latest Raspberry Pi OS

  Instructions

  Preferrably with a secondary SD Card to keep the current Pi running.

  installer download

• Touch ssh on the boot volume of the SD Card

Post OS install steps on desktop

• Ensure a working ansible enviroment

  Instructions

  Not much to say except use virtualenv. I don't have a consistent way to set this up because
  my macbook might be my controller, or my windows WSL host will be.

• Note the IP the PI obtained from the Router

• Bootstrap with Ansible

  Instructions

  ./ansible.sh bootstrap -i <pi ip>

• Add the PI port forwarding

• Complete full configuration

  Instructions

  ./ansible.sh apply -i <pi ip>

• Reboot PI

• Re-add port mapping to the static IP

• Disable DHCP on the router

• Deploy goodenoughmoney.com

• Create pi Samba user

  Instructions

  Run the following on the PI
  sudo smbpasswd -a pi

• Deploy navidrome

  Instructions

  run navidrome.sh as root on the PI

• Make this template slightly better

How Do I Know I Am Done?

• https://www.goodenoughmoney.com/ displays stuff

• https://home.scottmuc.com/music/ loads navidrome and the music is playable

• Z:\ on my Windows PC works

• ipconfig /release and then ipconfig /renew works

• nslookup analytics.google.com is refused

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Create SD card with the latest Raspberry Pi OS

  Instructions

  Preferrably with a secondary SD Card to keep the current Pi running.

  installer download

• Enable DHCP on the router and remove port mapping

Post OS install steps on the PI

• Note the IP assigned to the PI during the OS install

• Enable SSHD via rasp-config

Post OS install steps on desktop

• Ensure a working ansible enviroment

  Instructions

  Not much to say except use virtualenv. I don't have a consistent way to set this up because
  my macbook might be my controller, or my windows WSL host will be.

• Copy ssh key using ssh-copy-id pi@<pi ip>

• Bootstrap with Ansible

  Instructions

  ./ansible.sh bootstrap -i <pi ip>

• Complete full configuration

  Instructions

  ./ansible.sh apply -i <pi ip>

• Reboot PI

• Add port mapping on the router

• Disable DHCP on the router

• Make this template slightly better

In #41. there were issues installing kea-dhcp-server on the new Raspian image. dnsmasq has the features I need and it's installable.

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Prep

• backup stuff if you think you need it.

  Instructions

  • Desktop
  • Downloads
  • Documents

• prepare USB device with a Windows installer.

  Instructions

  Here's my primary influence.

Repave

• boot to the USB.

  Instructions

  • Hit F12 while machine is rebooting to load boot menu.
  • The drive that is less than 50GB is likely the bootable USB device.

• wipe old partitions.
• run Windows installer.

Post Paving

• Install Chocolatey

  Instructions

  • https://chocolatey.org/install

• Install BoxStarter

  Instructions

  • choco install Boxstarter

• Install my Box Starter Package

  Instructions

  Thanks Rich Turner for your excellent example!

  Launch Powershell with elevated privileges:

  Install-BoxstarterPackage -DisableReboots -PackageName https://github.com/scottmuc/infrastructure/blob/master/homedirs/windows/boxstarter.ps1
  

• Windows update

The data stored after the attempted sync looks like the following:

~/workspace/infrastructure/homedirs/osx/bin ? cat ~/.config/deep-pockets/data.json
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: SII91F3ePlSLaTlOoaEuER7cr3hpJpbQx-AHsXuNING_YAROCzUepw==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>%  

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Create USB stick with latest macOS

  Instructions

  • Format a USB (> 16GB) stick and name it UNTITLED

  • Fetch the latest version of macos from the App Store

  • Run the following

    $ sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/UNTITLED --nointeraction
    Password:
    Erasing disk: 0%... 10%... 20%... 30%... 100%
    Copying to disk: 0%... 10%... 20%... 30%... 40%... 50%... 60%... 70%... 80%... 90%... 100%
    Making disk bootable...
    Install media now available at "/Volumes/Install macOS Big Sur"
    

• Create credentials for the rebuild

  Instructions

  Run create-repave-secrets with an argument that follows the naming convention of:

  machine.<month name>.air

• Backup anything worth keeping

  Instructions

  Generally, this means look at the following directories for things that I might want to carry over to the fresh
  install or possibly consider saving to a cloud service:

  • Desktop
  • Documents
  • Downloads

Rebuild steps

• Reboot to load installer
• Use Disk Utility to wipe existing partition and make a new one (new name, new encryption key)
• Install the OS

Post OS install steps

• Install git, clone this repo, and run coalese_this_machine

  Instructions

  git # this will trigger the XCode installer which brings git along with it
  mkdir ~/workspace
  git clone https://github.com/scottmuc/infrastructure.git ~/workspace/infrastructure
  ~/workspace/infrastructure/homedirs/osx/coalesce_this_machine
  

• Launch and configure 1 Password
• Initialise 1 Password CLI
• Map capslock to control
• Launch shiftit and follow all the accessiblity setting instructions

note to speed things up, some of the steps above can be done while coalese_this_machine is running.

Done When

• Make a tiny DNS change and run terraform
• Make a signed commit mentioning this issue (exercises gpg_op)
• Be able to push the commit (exercises ssh_op_agent)
• Log into GitHub in Brave (exercises 1 Password browser extension)
• Old keys and credentials are deleted (GitHub and 1Password)

Things to do with the existing build

• Create USB stick with latest macOS (instructions)
• Create credentials for the rebuild (instructions)
• Backup anything worth keeping (instructions)

Rebuild steps

• Reboot to load installer
• Use Disk Utility to wipe existing partition and make a new one (new name, new encryption key)
• Install the OS

Post OS install steps

• Install git and clone this repo
• Run coalesce_this_machine
• Launch and configure 1 Password
• Initialise 1 Password CLI

Done When

• Make a tiny DNS change and run terraform
• Make a signed commit mentioning this issue (exercises gpg_op)
• Be able to push the commit (exercises ssh_op_agent)
• Log into GitHub in Brave (exercises 1 Password browser extension)

Things to do with the existing build

• Create USB stick with latest macOS
• Create credentials for the rebuild
• Backup anything worth keeping

Rebuild steps

• Reboot to load installer
• Use Disk Utility to wipe existing partition and make a new one (new name, new encryption key)
• Install the OS

Post OS install steps

• Install git and clone this repo
• Run coalesce_this_machine
• Launch and configure 1 Password
• Initialise 1 Password CLI

Done When

• Make a tiny DNS change and run terraform
• Make a signed commit mentioning this issue (exercises gpg_op)
• Be able to push the commit (exercises ssh_op_agent)
• Log into GitHub in Brave (exercises 1 Password browser extension)

Prep

• backup stuff if you think you need it.

  Instructions

  Instructions go here

  1. A numbered
  2. list
     • With some
     • Sub bullets

• prepare USB device with a Windows installer.

Repave

• boot to the USB.
• wipe old partitions.
• run Windows installer.

Post Paving

• Windows update
• Install Box Starter
• Install my Box Starter Package

I'm starting to grow some machine specific configuration management setup that is creating a spread of Not Invented Here (NIH) installers. Rather than having a language version manager for every language, asdf can be the one to rule them all. My bias is usually for language specific things, but I feel this might be a good level of abstraction.

Things I want to see if asdf can manage for me are:

• nodejs
• golang
• terraform
• python
• ruby

I much prefer project level scope tool declaration over machine level.

asdf project page: https://asdf-vm.com/

Things to do with the existing build

• Create USB stick with latest macOS
• Create credentials for the rebuild
• Backup anything worth keeping

Rebuild steps

• Reboot to load installer
• Use Disk Utility to wipe existing partition and make a new one (new name, new encryption key)
• Install the OS

Post OS install steps

• Install git and clone this repo
• Run coalesce_this_machine
• Launch and configure 1 Password
• Initialise 1 Password CLI

Done When

• Make a tiny DNS change and run terraform
• Make a signed commit mentioning this issue (exercises gpg_op)
• Be able to push the commit (exercises ssh_op_agent)
• Log into GitHub in Brave (exercises 1 Password browser extension)

Objective

I want to repurpose my macbook Airr which means I won't have a stable unix-terminal to perform my routine administration of my home network.

This must be easily replicated upon re-pave.

Done When

I can update my DNS records via my existing unix tool-chain.

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Things to do with the existing build

• Disable DHCP on the PI

  Instructions

  Ensure that when we renew our DCHP lease, it comes from our router.

  sudo systemctl stop kea-dhcp4-server

• Enable DHCP on the router and remove port mapping and release/renew IP address

  Instructions

  Windows: ipconfig /release and then ipconfig /renew

• Shutdown PI

  Instructions

  Make sure the USB drive has spun down before doing any work.

  sudo shutdown -h now

• Create SD card with the latest Raspberry Pi OS

  Instructions

  Using the SD card in the now powered down PI.

  The new installer has options to enable SSH and create a user.

  installer download

  note check if the underlying Debian distribution is changing as this might result
  in some issues in the playbook execution.

Post OS install steps on desktop

• Ensure a working ansible enviroment

  Instructions

  Not much to say except use virtualenv. I don't have a consistent way to set this up because
  my macbook might be my controller, or my windows WSL host will be.

• Turn on the PI and note the IP obtained from the Router

• Transfer local public ssh key to PI

  Instructions

  In order to avoid the use of sshpass, copy the current sessions public ssh key to
  to ./ssh/authorized_keys of the pi user on the PI. This user is only necessary to
  run the bootstrap playbook (which creates an admin ansible user) and will be subsequently
  cleaned up.

  ssh-copy-id pi@<pi ip>

• Bootstrap with Ansible

  Instructions

  ./ansible.sh bootstrap -i <pi ip>

• Add the PI port forwarding

  Instructions

  Needed for the certbot ACME challenge in the next step.

• Complete full configuration

  Instructions

  ./ansible.sh apply -i <pi ip>

• Reboot PI

• Re-add port mapping to the static IP

• Disable DHCP on the router

• Deploy goodenoughmoney.com

• Create pi Samba user

  Instructions

  Run the following on the PI
  sudo smbpasswd -a smbrw

• Make this template slightly better

How Do I Know I Am Done?

• https://www.goodenoughmoney.com/ displays stuff

• https://home.scottmuc.com/music/ loads navidrome and the music is playable

• https://home.scottmuc.com/prometheus/ loads and has data

• https://home.scottmuc.com/grafana/ loads and has data

• Z:\ on my Windows PC works

• ipconfig /release and then ipconfig /renew works

• nslookup analytics.google.com is refused

• Print out newly repaved machine details

  Instructions

  cat /etc/os-release && uname -a

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Prep

• backup stuff if you think you need it.

  Instructions

  • Desktop
  • Downloads
  • Documents

• prepare USB device with a Windows installer.

  Instructions

  Here's the latest documentation I followed to make a USB installer.

Repave

• boot to the USB.

  Instructions

  • Hit F12 while machine is rebooting to load boot menu.
  • The drive that is less than 50GB is likely the bootable USB device.

• wipe old partitions.
• run Windows installer.

Post Paving

• Set machine hostname

  Instructions

  This can come in handy for all services that have recorded the machines
  hostname for security verification. The timestamp in the name and other
  metadata can make future auditing a bit easier.

  The convention is YYYYMMDD-something meta.

  Test if this can be done in powershell.

• Install Chocolatey

  Instructions

  • https://chocolatey.org/install

• Install BoxStarter

  Instructions

  • choco install Boxstarter

• Install my Box Starter Package

  Instructions

  Thanks Rich Turner for your excellent example!

  Launch Powershell with elevated privileges:

  Install-BoxstarterPackage -DisableReboots -PackageName https://raw.githubusercontent.com/scottmuc/infrastructure/master/homedirs/windows/boxstarter.ps1
  

• Windows update

• Configure Brave

  Instructions

  Do the following:

  • Ensure 1 Password extension works
  • Getpocket installed
  • Unhook extension is installed (and support the author)
  • Set searrch engine to DuckDuckGo

• Install and configure Google Drive

• Turn off all Windows notification sounds

• Setup Radeon Software

  Instructions

  I'm not sure what to do here. Here are a couple helpful links:

  • https://www.amd.com/en/support/kb/faq/gpu-kb205
  • https://raptoreumcalculator.com/blog/radeonsoftware-exe-windows-complaining-about-missing-mfplat-dll-mf-dl-and-mfreadwrite-dll-files/
  • https://www.amd.com/en/support

• Install and configure Samsung Magician

  Instructions

  Download the installer and run it. Enable the performance profile.

• Run Novabench

  Instructions

  Score should be around:

  • CPU 1600
  • RAM 260
  • GPU 1000
  • Disk 340

• Run WSL

  Instructions

  • Install Ubuntu
  • Clone this repository
  • Run coalesce this machine script

• Make this template slightly better

At the moment, navidrome is launched as follows:

cd /opt/navidrome
sudo -u navidrome nohup ./run.sh &> /mnt/usb/navidrome/logs/navidrome.log &

It's time to integrate this with systemd now. There's some good instructions on how to do this.

Issue documented here: go-gandi/terraform-provider-gandi#39

Yay for Repaving!

As much as possible is documented inline in this issue template. In case of problems you may find help by viewing
all the previous repave issues. Have fun!

Steps

• Run repave script from windows host

  Instructions

  As an admin, run:

  Set-ExecutionPolicy -ExectionPolicy RemoteSigned

  Then run:

  ~/workspace/infrastructure/homedirs/windows/Repave-WSLInstance.ps

• Clone and run coalesce script

  Instructions

  mkdir ~/workspace && cd ~/workspace
  git clone https://github.com/scottmuc/infrastructure.git
  cd infrastructure/homedirs/wsl
  ./coalesce_this_machine
  

• Reboot WSL Instance

  Instructions

  In order for /etc/wsl.conf to take effect we need to restart the
  WSL instance.

  wsl --shutdown Ubuntu

• Initalize 1Password

  Instructions

  inialized-1password

• Load GPG Keys

  Instructions

  opauth
  keys
  gpg-op restore -e scottATscottmuc.com
  

Verification Steps

• Decrypt Repository

  Instructions

  ./scripts/locksmith unlock
  

• Attempt DNS Change

  Instructions

  cd dns
  terraform init
  # add TXT record to graffiti.scottmuc.com
  ./terraform_apply
  

• Configure PI (tests ansible)

• Clone all the repos (mr checkout)

• Ensure tldr works

• Ensure deploy.sh of goodenoughmoney.com works

• Make this template slightly better

I haven't done much journalling when doing Windows repaves. That's going to change now!

Objective

To ensure good browser experiences for everyone (some browsers I believe will add www. by default)

Plan

Setup CNAME for domain to point to www. which will be the A record.