Split machine-specific notes

2 files changed, 525 insertions, 0 deletions

diff --git a/guides/sysadmin/machines/hirondell/install.org b/guides/sysadmin/machines/hirondell/install.org
new file mode 100644
index 0000000..20a749b
--- /dev/null
+++ b/guides/sysadmin/machines/hirondell/install.org
@@ -0,0 +1,231 @@
+* Step-by-step recap (Bullseye)
+** Setup keyboard
+Turn CapsLock key into Control (cf. keyboard(5)):
+- add =ctrl:nocaps= to =XKBOPTIONS= in =/etc/default/keyboard=
+- run =udevadm trigger --subsystem-match=input --action=change=
+- run =setupcon= in a TTY
+** Install stuff
+*** Distro-provided packages
+#+begin_src sh
+packages=(
+    # To clone & update dotfiles.
+    git
+    # Look & feel.
+    elementary-xfce-icon-theme greybird-gtk-theme
+    # Enable volume management with Thunar.
+    gvfs-backends gvfs-fuse
+    # System monitoring.
+    htop powertop wavemon
+    # Documentation:
+    # - info pages,
+    gcc-doc make-doc tar-doc info
+    # - manpages,
+    manpages-dev manpages-posix manpages-posix-dev
+    # - text & HTML pages.
+    git-doc python3-doc
+    # Writing helpers.
+    aspell-fr verbiste wordnet
+    # CLI helpers.
+    mlocate ripgrep vim
+    # Fonts.
+    fonts-noto-color-emoji
+    # Miscellaneous applications.
+    ffmpeg gimp pandoc terminator vlc
+)
+sudo apt install ${packages[@]}
+#+end_src
+*** Latest and greatest
+**** Firefox
+- download most recent release from from <https://www.mozilla.org>
+- unpack it =$SOMEWHERE=
+- make sure everyone can find it:
+
+#+begin_src sh
+$ sudo update-alternatives --install $(which x-www-browser) x-www-browser \
+                           ${SOMEWHERE}/firefox/firefox 1
+$ sudo update-alternatives --set x-www-browser ${SOMEWHERE}/firefox/firefox
+$ ln -s ${SOMEWHERE}/firefox/firefox ~/.local/bin/
+#+end_src
+
+- paste backuped profile into =~/.mozilla/firefox/${profile}=
+**** Symbola
+- grab the archive from <http://users.teilar.gr/~g1951d/>
+- drop the TTF files in =~/.local/share/fonts=
+- run =fc-cache -fv=
+**** youtube-dl
+#+begin_src sh
+$ sudo apt install python3-pip
+$ pip3 install --user youtube-dl
+#+end_src
+** Setup dotfiles
+*** Clone versioned dotfiles
+- create new SSH key for GitLab
+- follow instructions in dotfiles README
+*** Tweak non-versioned dotfiles
+- set EMAIL in =.profile=
+- add =~/.local/bin= to PATH
+- copy =.profile= to =.xsessionrc=
+- in =.bashrc=
+  - enable globstar and autocd
+  - uncomment grep and ls aliases
+  - source =~/.bash_prompt=
+** Setup Emacs
+- clone from Savannah
+- =apt build-dep emacs=
+- =apt install libgconf2-dev libwebkit2gtk-4.0-dev=
+  (optional build dependencies for ≥27)
+- comment out .emacs below =(load custom-file)=
+#+begin_src elisp
+(package-refresh-contents)
+(package-install-selected-packages)
+#+end_src
+** Setup XFCE
+*** Appearance
+**** Style
+Greybird-dark
+**** Icons
+elementary Xfce darker
+**** Fonts
+- Rendering
+  - [X] Enable anti-aliasing
+  - Hinting: Slight
+  - Sub-pixel order: RGB (trusting the [[http://www.lagom.nl/lcd-test/subpixel.php][Lagom LCD test pages]])
+*** File Manager
+**** View
+- Side Pane: Tree
+- View as Detailed List
+*** Panel
+**** Top panel
+***** Items
+****** Whisker Menu
+****** Window Buttons
+****** Separator
+****** Workspace Switcher
+****** Separator
+****** Status Tray Plugin
+****** PulseAudio Plugin
+****** Power Manager Plugin
+- Show label: None
+****** Notification Plugin
+****** Separator
+****** Clock
+**** Bottom panel
+Delete.
+*** Window Manager
+**** Keyboard
+- Move window to previous workspace: Shift+Super+Left
+- Move window to next workspace: Shift+Super+Right
+- Tile window to the left: Super+Left
+- Tile window to the right: Super+Right
+- Show desktop: Super+D
+*** Window Manager Tweaks
+**** Accessibility
+- [X] Hide title of windows when maximized
+**** Compositor
+- [ ] Show shadows under…
+*** Terminal
+**** General
+- Scrolling
+  - [ ] Scroll on output
+  - Scrollbar is: Disabled
+  - [X] Unlimited scrollback
+**** Appearance
+- Font
+  - [X] Use system font
+- Opening New Windows
+  - [ ] Display menubar in new windows
+**** Advanced
+- Shortcuts
+  - [X] Disable all menu access keys (such as Alt+f) /for readline/
+  - [X] Disable menu shortcut key (F10 by default) /for htop &
+        wavemon/
+  - [X] Disable help window shortcut key (F1 by default) /for htop &
+        wavemon/
+- Misc
+  - [X] Automatically copy selection to clipboard
+*** Keyboard
+**** Application shortcuts
+- emacs: Super+E
+- exo-open --launch FileManager: Super+F
+- exo-open --launch TerminalEmulator: Super+T
+- exo-open --launch WebBrowser: Super+W
+- xfce4-popup-whiskermenu: Alt+F1
+- xfce4-screenshooter: Print
+- xfce4-screenshooter --fullscreen: Shift+Print
+- xfce4-screenshooter --region: Control+Print
+- xfce4-screenshooter --window: Super+Print
+- xfce4-session-logout: Super+X
+- xflock4: Super+L
+*** Mouse and Touchpad
+**** Devices
+- =… Touchpad=
+  - Touchpad
+    - [X] Tap touchpad to click
+*** Power Manager
+**** System
+- On battery / Plugged in
+  - When laptop lid is closed: Suspend
+*** Removable Drives and Media
+**** Storage
+- [X] Mount removable drives when hot-plugged
+- [X] Mount removable media when inserted
+
+** Setup more stuff
+*** lightdm
+Show my account on startup:
+#+begin_src conf
+# /usr/share/lightdm/lightdm.conf.d/99_custom.conf
+[Seat:*]
+greeter-hide-users=false
+#+end_src
+*** system groups
+#+begin_src sh
+groups=(
+    adm         # Access /var/log journals.
+    dialout     # Sync my phone.
+)
+for g in ${groups[@]}
+do
+    sudo adduser ${USER} ${g}
+done
+#+end_src
+* Live reactions (Buster)
+** groundwork
+Using instructions from <https://wiki.debian.org/Firmware>.
+*** Get netinst image from <https://www.debian.org/CD/netinst/>
+*** Get firmware archive from <https://cdimage.debian.org/cdimage/unofficial/non-free/firmware/stable/current/>
+So that the installer can use the wireless network card.  Extract all
+.deb files to a top-level =firmware= folder on a USB key.
+*** Shrink the MS partition
+Had to "optimize the disk", otherwise some free space remained
+unavailable.
+** installer
+Everything went smoothly:
+- if the USB key holding the firmware isn't plugged in, the installer
+  requests it, otherwise it finds the firmware automatically;
+- Secure Boot supported transparently;
+- dual-booting too.
+** package repositories
+Non-free repositories automatically added during the installation,
+because of the WiFi firmware I presume.
+** kernel issues
+*** i915/glk_dmc_ver1_04.bin
+kern.log:
+#+begin_quote
+i915 0000:00:02.0: firmware: failed to load i915/glk_dmc_ver1_04.bin (-2)
+#+end_quote
+apt install firmware-misc-nonfree seems to quiet that down.
+*** i2c_hid_get_input: incomplete report
+kern.log:
+#+begin_quote
+i2c_hid i2c-MSFT0001:00: i2c_hid_get_input: incomplete report (14/65535)
+#+end_quote
+About one message for every half-second spent touching the touchpad.
+
+"Solved" with:
+#+begin_src sh
+$ apt install -t buster-backports \
+      linux-image-amd64           \
+      firmware-iwlwifi            \
+      firmware-misc-nonfree
+#+end_src
diff --git a/guides/sysadmin/machines/hirondell/maintenance.org b/guides/sysadmin/machines/hirondell/maintenance.org
new file mode 100644
index 0000000..1e44459
--- /dev/null
+++ b/guides/sysadmin/machines/hirondell/maintenance.org
@@ -0,0 +1,294 @@
+* Config
+** samba server
+- I want most of my music on my laptop.
+- I want to access it from my desktop.
+- I want anyone on my home network to access it too.
+- I am too lazy to remove the Windows partition from my laptop, so
+  that partition sits mostly empty, eating 50% of the disk space.
+
+Therefore, the only sensible move is to run Samba on the laptop,
+serving a folder on my Linux partition with a symlink to the Windows
+partition.
+
+Chosen =/etc/smb.conf= excerpts:
+
+#+begin_src conf
+[global]
+allow insecure wide links = yes
+
+[sambo]
+comment = Files yours truly is sharing with you.
+path = /home/[…user…]/Public/smb
+browseable = yes
+read only = yes
+guest ok = yes
+wide links = yes
+#+end_src
+
+Then:
+
+#+begin_src sh
+# Mount Windows disk.
+udisksctl mount --block-device /dev/disk/by-label/OS
+# Symlink it from shared directory.
+ln -s /media/[…user…]/OS/Music ~/Public/smb/
+#+end_src
+
+On the desktop side:
+#+begin_src sh
+sudo mount.cifs //hirondell.local/sambo […somewhere…] \
+     -o guest,uid=$(id -u),gid=$(id -g)
+#+end_src
+* Upgrades
+** Bookworm
+*** research
+**** [[https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#non-free-split][Release notes § Issues to be aware of]]
+***** minutiae
+- ~sed s/non-free/non-free-firmware/~
+- =youtube-dl= ⇒ =yt-dlp=
+- clear =GRUB_DISABLE_OS_PROBER=
+***** System logs ([[https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#changes-to-system-logging][ref]])
+1. ~apt-mark auto rsyslog ; apt autoremove~
+2. double-check that journalctl config saves to persistent storage
+3. finally learn ~journalctl~
+***** Reduced accessibility from GTK 3⇒4 transition ([[https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#gnome-has-reduced-accessibility-support-for-screen-readers][ref]])
+Not a huge deal for me (though [[https://github.com/transmission/transmission/discussions/5065][other aspects]] of the transition are
+irksome), but [[https://tech.lgbt/@xogium/110507457689374019][dang]].
+***** "Externally-managed" Python installation ([[https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#python3-pep-668][ref]])
+1. inventory & clear out stuff installed with ~pip install --user~
+2. upgrade
+3. install =pipx=
+4. reinstall
+***** VLC support for VA-API disabled ([[https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#vlc-ffmpeg-5][ref]])
+- [[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021601][Debian bug#1021601]] =vlc: VAAPI hardware acceleration no more available=
+- [[https://code.videolan.org/videolan/vlc/-/issues/26772][VLC#26772]] =VAAPI is disabled with ffmpeg5 on vlc-3x=
+  - "we won't support full FFmpeg5 in 3.0" ([[https://code.videolan.org/videolan/vlc/-/issues/26772#note_316827][ref]])
+- [[https://code.videolan.org/videolan/vlc/-/merge_requests/1245][VLC!1245]] =[VLC3] Support FFmpeg 5.0 (except for VAAPI)=
+  - "it seems that the VAAPI part is far from trivial and requires
+    invasive changes (contrary to the other fixes)" ([[https://code.videolan.org/videolan/vlc/-/merge_requests/1245#note_302474][ref]])
+- user reports: [[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021664][2022-10]], [[https://old.reddit.com/r/debian/comments/z5ectb/vlc_delaying_frames_on_a_fresh_debian_12_install/][2022-11]], [[https://old.reddit.com/r/debian/comments/119x7tr/debian_12_bookworm_no_hw_acceleration_in_vlc_h264/][2023-02]], [[https://old.reddit.com/r/debian/comments/14u38mm/video_choppy_in_vlc_but_not_totem/][2023-07]]
+
+No idea how much that will affect little =hirondell=.  If push comes
+to shove, I guess I can either
+- build VLC 4,
+- learn mpv.
+***** systemd naming for Xen network interfaces ([[https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#xen-network][ref]])
+=eth0= changes to =enX0=.  No idea if my VPS is impacted or not; it
+does have an interface named =eth0=, and that name also shows up in
+=/etc/network/interfaces=.
+***** Known severe bugs ([[https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#rc-bugs][ref]])
+- [[https://bugs.debian.org/1036041][bug#1036041]]: =upgrade-reports: Dell XPS 9550 fails to boot after
+  bullseye to bookworm upgrade - grub/bios interaction bug?=
+*** VPS
+**** =/etc/cloud/cloud.cfg=
+My local version has these two lines:
+#+begin_src
+mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2']
+manage_etc_hosts: true
+#+end_src
+No idea if this is OVH-specific.  No idea if I want them.  Let's trust
+"the package maintainer" 😐
+**** =/etc/ssh/sshd_config=
+OK, note to self: *never* choose "do a 3-way merge".  Thought that
+would be something along the lines of Emacs's Ediff; instead…
+#+begin_quote
+Merging changes into the new version
+#+end_quote
+/Mind giving a couple more details on that "merge" mate?/
+
+OK,
+
+- =/usr/share/openssh/sshd_config= has the new stock config,
+- =/etc/ssh/sshd_config.ucf-old= has the /previous/ *local* config
+- ~diff -u {/usr/shared/openssh,/etc/ssh}/sshd_config~ suggests that
+  the ✨magic merge✨ did TRT; the only differences are
+  - stuff I remember changing in (=PermitRootLogin=,
+    =PasswordAtuhentication=)
+  - a spurious whitespace-only hunk on =Subsystem sftp= (the
+    =/usr/share= version uses tabs; the =/etc= version ended up with a
+    single space)
+**** Removing obsolete stuff
+Erm, why does ~apt purge '~c'~ says
+#+begin_quote
+The following packages were automatically installed and are no longer required:
+[…] nginx-core nginx-full […]
+#+end_quote
+
+😨
+
+#+begin_src
+$ dpkg -S $(sudo which nginx)
+nginx: /usr/sbin/nginx
+$ apt depends nginx
+[…]
+  Replaces: nginx-core (<< 1.22.1-6~)
+  Replaces: nginx-extras (<< 1.22.1-6~)
+  Replaces: nginx-light (<< 1.22.1-6~)
+#+end_src
+
+Ah.
+***** Rsyslog
+Refuses to disappear.  The doc says ~apt-mark auto~ followed by ~apt
+autoremove~ should remove it, but that does not seem to be happening
+(~autoremove~ does not find anything to remove).  The =rsyslog=
+service is still up & running, and watches =syslog.socket= to
+re-activate itself 😕
+
+Decided to explicitly ~apt remove~ it on the advice of [[https://blog.frehi.be/2023/06/04/upgrading-from-debian-11-bullseye-to-debian-12-bookworm/][this gentleman]].
+*** Laptop
+**** non-free & non-free-firmware
+#+begin_quote
+Assuming the =non-free= component was only added to the APT
+sources-list to install firmware,
+#+end_quote
+#+begin_example
+$ apt list '?narrow(?installed, ?section(non-free))'
+Listing... Done
+doc-rfc-experimental/oldstable,oldstable,now 20201128-1 all [installed,automatic]
+doc-rfc-fyi-bcp/oldstable,oldstable,now 20201128-1 all [installed,automatic]
+doc-rfc-informational/oldstable,oldstable,now 20201128-1 all [installed,automatic]
+doc-rfc-misc/oldstable,oldstable,now 20201128-1 all [installed,automatic]
+doc-rfc-old-std/oldstable,oldstable,now 20201128-1 all [installed,automatic]
+doc-rfc-others/oldstable,oldstable,now 20201128-1 all [installed,automatic]
+doc-rfc-std-proposed/oldstable,oldstable,now 20201128-1 all [installed,automatic]
+doc-rfc-std/oldstable,oldstable,now 20201128-1 all [installed,automatic]
+doc-rfc/oldstable,oldstable,now 20201128-1 all [installed]
+firmware-iwlwifi/oldstable,oldstable,now 20210315-3 all [installed]
+firmware-misc-nonfree/oldstable,oldstable,now 20210315-3 all [installed]
+gcc-10-doc/oldstable,oldstable,now 10.2.0-1 all [installed,automatic]
+gdb-doc/oldstable,oldstable,now 10.1-1 all [installed]
+make-doc/oldstable,oldstable,now 4.3-2 all [installed]
+manpages-posix-dev/oldstable,oldstable,now 2017a-2 all [installed]
+manpages-posix/oldstable,oldstable,now 2017a-2 all [installed]
+tar-doc/oldstable,oldstable,now 1.34-1 all [installed]
+#+end_example
+Will be keeping =non-free= in addition to =non-free-firmware= then 🫣
+**** Fallout
+***** GRUB
+#+begin_src sh
+sudo sed -i \
+     s/'^#GRUB_DISABLE_OS_PROBER=false'/'GRUB_DISABLE_OS_PROBER=false'/ \
+    /etc/default/grub
+sudo update-grub
+#+end_src
+
+***** PEP 668
+#+begin_src sh
+# Before upgrade: keep calm…
+pip uninstall $(pip freeze --user | cut -d= -f1)
+# After upgrade: … carry on.
+sudo apt install pipx
+pipx install yt-dlp
+#+end_src
+
+***** VLC
++Seems fine?  No choppiness observed on a 2k@24FPS video from yt-dlp+
+
+Is choppy as all hell on /some/ videos, not sure which kind nor why;
+could not be bothered discerning the patterns.  Learned me an mpv for
+great good.
+**** Goodies
+- The [[#random-lag][random lag I had been observing since 5.8]] seems gone 🥳
+- =libtree-sitter-dev= is new enough for Emacs; can get rid of my
+  =/usr/local= version.
+* Hiccups
+** impromptu IBus
+Installing [[https://zoom.us/][Zoom]]'s Debian package somehow enabled IBus[fn:: AFAICT
+because ibus recommends im-config, and the latter autostarts the
+former by default], which unconditionally set my keyboard to English
+for some reason[fn:: Before properly running ~apt install
+./zoom_amd64.deb~, I had mistakenly run ~dpkg -i zoom_amd64.deb~,
+which failed because of missing dependencies.  Perhaps apt omitted
+some post-installation configuration hooks because the first dpkg run
+had left an error marker somewhere?].  Remediation steps taken:
+
+1. Tweak IBus preferences, unset shortcuts (Emacs has a better
+   interface for searching/inserting Unicode characters), check "use
+   system defaults" for the keyboard layout.
+
+2. Go on a hunt for whoever spawns ibus-daemon(1); AFAICT it's
+   im-launch(1), which can be told not to use IBus through im-config
+   (which eventually just writes ~run_im none~ in =~/.xinputrc=).
+
+3. Eventually, maybe I should just uninstall im-config.
+** random lag
+*** DONE diagnosing
+Since… a few days? weeks? one month? everything randomly becomes
+"choppy":
+
+- typing (Emacs, Terminator, Firefox): I can type in a bunch of words,
+  sit back, wait a few seconds, then watch the words finally write
+  themselves letter by letter.
+- launching programs: ~while time $aprogram ; do sleep 0.5 ; done~,
+  where ~aprogram~ just starts then exits, shows wildly varying times.
+- scrolling a PDF with the touchpad (Evince): the pages stay stuck for
+  a few seconds, then the reader jumps to the new location; the mouse
+  pointer does change during this delay, as text and whitespace
+  (invisibly) scroll by.
+
+I can't remember changing anything recently, nor seeing any scary
+update passing by.  journalctl, htop and dmesg do not show any obvious
+suspects.  Some things I considered:
+
+- Disabling some services e.g. tor or speech-dispatcher ⇒ no effect.
+- Uninstalling xserver-xorg-video-intel ⇒ no effect.
+- Upgrading systemd from backports ⇒ no effect.
+- htop sometimes shows pulseaudio acting up despite no application
+  playing or recording sound?
+- Maybe I should try reinstalling Debian's stable kernel?
+  - Luckily 5.7 was not uninstalled when upgrading to 5.8; booting on
+    5.7 solves all of the "choppiness" issues listed above.
+
+Now to pinpoint what's wrong with 5.8…
+*** TODO fixing
+Found a way to "quantify" the problem; asked around on the
+debian-kernel mailing list, to no avail.
+
+- [[https://lists.debian.org/debian-kernel/2020/11/msg00084.html][2020-11]] - original report that 5.8 from backports triggers the
+  issue: "wait for 5.9 to be available from backports or even 5.10"
+  (LTS for the next Debian stable version)
+- [[https://lists.debian.org/debian-kernel/2020/12/msg00040.html][2020-12]] - quick report that 5.9 from backports does not improve
+  things: 🦗
+- [[https://lists.debian.org/debian-kernel/2021/02/msg00231.html][2021-02]] - quick report that 5.10 from backports does not improve
+  things *✨with scripts & numbers✨*: 🦗
+
+#+begin_quote
+    for ((i=0; i<100; i++)); do
+        time -p terminator -x 'bash -c exit'
+    done &> time-$(uname -r)
+
+    grep $mode time-$(uname -r) | sort -k2
+
+Where $mode is either real, user or sys.  Here are the extrema:
+
+                        real            user            sys
+                        min     max     min     max     min     max
+5.7                     0.44    0.48    0.29    0.35    0.02    0.08
+5.10                    0.47    3.30    0.31    2.87    0.02    0.30
+5.10-after-suspend      0.46    0.50    0.30    0.36    0.03    0.08
+
+Averages & standard deviations:
+
+                        real            user            sys
+5.7                     0.454±0.006     0.322±0.013     0.046±0.013
+5.10                    0.961±0.607     0.559±0.518     0.074±0.052
+5.10-after-suspend      0.469±0.005     0.332±0.012     0.050±0.011
+
+These results feel consistent with the stutter I observe: 5.7 and
+5.10-after-suspend have roughly the same performance, while
+freshly-booted 5.10 is overall very jittery: terminator startup is twice
+as slow on average, with 100× more variance.
+
+
+Some more stats, eyeballed from /proc/cpuinfo and
+/sys/devices/system/cpu/cpufreq/policy*/scaling_governor:
+
+                        idle frequency  CPU governor
+5.7                     <  800 MHz      powersave
+5.10                    > 1900 MHz      ondemand
+5.10 (after suspend)    <  900 MHz      ondemand
+#+end_quote
+
+- [[https://lists.debian.org/debian-kernel/2021/08/msg00278.html][2021-08]] - quick report that 5.10 from a fresh bullseye install does
+  not improve things: 🦗
+- 2023-08 - bookworm upgrade to 6.1: problem solved 🤷