====== Information ======

  * Ubuntu ((https://ubuntu.com/))
  * Server ((http://www.ubuntu.com/server))
  * 23.10

====== Installation Notes ======

  * 23.10's installers don't work with only 512 MB of physical RAM ((2024: can't use Vultr's free tier VPS option; [[https://www.vultr.com/?ref=6906013|referral]])), but fine with 1 GB+
  * :!: 2024/02/07: The 23.10 installer seems to progress very slowly or hang with 1 GB physical RAM at the very end both when waiting for it to do security updates and with pressing cancel updates and reboot; hard-rebooting a VPS at this point seems fine

====== Download ======

===== Etcher Image Writer =====

  * https://etcher.balena.io/#download-etcher

===== Ubuntu =====

  * http://www.ubuntu.com/download/server
  * http://cdimage.ubuntu.com/releases/

====== HOSTS ======

  * https://github.com/StevenBlack/hosts/
  * Unified hosts + fakenews + gambling

===== Initial =====

  * Only run once

  ls '/etc/hosts~' || wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sudo cp --backup '/tmp/hosts-tmp' '/etc/hosts' && sync

===== Update =====

****

  ls '/etc/hosts~' && wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sudo mv --force '/tmp/hosts-tmp' '/etc/hosts' && sync

===== Restore Backup =====

****

  ls '/etc/hosts~' && sudo mv --force '/etc/hosts~' '/etc/hosts' && sync

====== Repositories ======

===== Disable cdrom Repo =====

  * Add a ''#'' to the line mentioning ''cdrom''
  * Solves ''E: The repository file:/cdrom mantic Release no longer has a Release file.''

  sudo -e '/etc/apt/sources.list'

<code>#deb [check-date=no] file:///cdrom mantic main restricted</code>

===== Additional Ubuntu =====

  * https://help.ubuntu.com/community/Repositories/Ubuntu
  * Only ''universe'' is likely needed
  * 2023/05/04: There doesn't seem to be a need to enable any of these by-default

  sudo add-apt-repository 'universe'

  sudo add-apt-repository 'multiverse'

  sudo add-apt-repository 'restricted'

===== Keybase =====

  * https://keybase.io/
  * https://prerelease.keybase.io/
  * :!: This is only the signing key, see [[#keybase1|Keybase]] for client installation

  wget -O '/tmp/code_signing_key.asc' 'https://keybase.io/docs/server_security/code_signing_key.asc' && sudo mv '/tmp/code_signing_key.asc' '/etc/apt/trusted.gpg.d/keybase.asc' && sync

====== Software ======

===== Update =====

==== System ====

****

  sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean && sync

==== Firmware ====

****

  sudo fwupdmgr refresh --force && sudo fwupdmgr update --verbose && sync

==== Snaps ====

****

  sudo snap refresh

===== Keybase =====

  * https://keybase.io
  * TODO: Figure out backup script

  rm -Rf '/tmp/keybase_amd64.deb' && wget -O '/tmp/keybase_amd64.deb' 'https://prerelease.keybase.io/keybase_amd64.deb' && sudo apt install '/tmp/keybase_amd64.deb' && rm '/tmp/keybase_amd64.deb' && sync && run_keybase

====== Settings ======

===== GRUB =====

==== Config ====

  * :!: [[notes:kernel_parameters|More Kernel Parameters]]
  * Add options in ''GRUB_CMDLINE_LINUX_DEFAULT=''

  sudo -e '/etc/default/grub' && sudo update-grub

===== Drive Maintenance =====

==== Trim ====

****

  sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l

==== XFS Scrub ====

  * [[https://wiki.archlinux.org/title/XFS#Online_Metadata_Checking_(scrub)|XFS - ArchWiki]]
  * :!: This is only necessary if XFS is being used on any persistent drives such as a NAS, and requires ''xfsprogs'' to be installed

  sudo apt install 'xfsprogs'

  sudo systemctl enable 'xfs_scrub_all.timer' --now && sudo systemctl start 'xfs_scrub_all' && sync && sudo systemctl status 'xfs_scrub_all' -l

===== UTC =====

  * [[https://wiki.archlinux.org/index.php/System_time#Time_standard|System time - ArchWiki]]
  * Set RTC to UTC
  * :!: Needed if Windows is installed first
  * :!: Windows should also be set to UTC

  sudo timedatectl set-local-rtc '0'

==== Verify ====

****

  timedatectl | grep local

===== OpenSSH =====

  * See [[clients:secure_shell|Client]] notes to generate/restore public key
  * See [[servers:secure_shell|Server]] notes to force public key auth and to further secure the OpenSSH server

===== Sensors =====

==== Install ====

****

  sudo apt install lm-sensors

==== Detect ====

****

  sudo sensors-detect --auto

==== Watch ====

****

  sudo watch --interval '0.5' sensors

===== Uncomplicated Firewall =====

  * Allows SSH
  * :!: Does not limit SSH ((this caused issues; better to just secure SSH))
  * See [[notes:ufw|ufw]] for more notes

  sudo ufw reset && sudo ufw default deny && sudo ufw logging off && sudo ufw allow 'ssh' && sudo ufw enable && sudo systemctl enable 'ufw'

====== Automatic Updates ======

===== Config =====

  * Should keep old config files in-case updated package changes their config (needs tested)
  * :!: 2023/05/04: Not sure if this is needed still?

  sudo -e '/etc/apt/apt.conf.d/99auto-update-custom'

<code>
Dpkg::Options {
   "--force-confdef";
   "--force-confold";
}</code>

===== Service =====

  sudo -e '/etc/systemd/system/ubuntu-up.service'

<code>
[Service]
Type=oneshot
ExecStartPre='/usr/bin/apt' clean
ExecStart='/usr/bin/apt' update
ExecStart='/usr/bin/apt' full-upgrade -y
ExecStart='/usr/bin/apt' autoremove -y
ExecStart='/usr/bin/snap' refresh
ExecStartPost='/usr/bin/sync'
ExecStartPost='/usr/bin/systemctl' reboot</code>

===== Timer =====

  * ''00:00'' Alira

  sudo -e '/etc/systemd/system/ubuntu-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'ubuntu-up.timer' --now

<code>
[Unit]
Description=Software Package Maintenance and Updater
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=*-*-* 00:00:00
Persistent=true

[Install]
WantedBy=timers.target</code>

====== External Backup ======

  * :!: 2023/05/04: This hasn't been used for years and likely needs re-factored

===== fstab =====

  * Expects a drive of some kind with a XFS partition at ''/dev/sdb1''

  sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab'

<code>
# USB
/dev/sdb1 /mnt/USB xfs rw,relatime,attr2,inode64,noquota 0 2</code>

  sudo mount '/dev/sdb1'

===== Service =====

  sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'

<code>
[Service]
Type=oneshot
ExecStartPre='/usr/bin/sync'
ExecStart='/usr/bin/rsync' -r '/home/CHANGEME/backups' '/mnt/USB' --verbose --ignore-existing
ExecStartPost='/usr/bin/sync'</code>

===== Timer =====

  sudo -e '/etc/systemd/system/backup-external.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'backup-external.timer' --now

<code>
[Unit]
Description=Backup Backups to External Device

[Timer]
OnCalendar=*-*-* 07:00:00
Persistent=true

[Install]
WantedBy=timers.target</code>

====== Notable Folders and Commands ======

  * See [[notes:misc_linux]]