RoE | Wiki

User Tools

Site Tools

Trace:
distros:arch_linux_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
distros:arch_linux_server [2016/10/09 19:08] – [hdparm Tweaks] Sean Rhonedistros:arch_linux_server [2016/10/23 03:31] Sean Rhone
Line 1: Line 1:
 +====== Information ======
  
 +  * Arch Linux ((https://www.archlinux.org))
 +  * Server
 +
 +===== Prerequisites =====
 +
 +  * [[distros:arch_linux_install | Arch Linux Install]]
 +
 +====== Software ======
 +
 +===== Update =====
 +
 +****
 +
 +  sudo pacman -Syyuu
 +
 +===== General =====
 +
 +****
 +
 +  sudo pacman -S aria2 hdparm hidepid htop p7zip ufw unrar wget unzip python3
 +
 +====== Settings ======
 +
 +===== Uncomplicated Firewall =====
 +
 +****
 +
 +  sudo ufw reset && sudo ufw default deny && sudo ufw limit '22'/'tcp' && sudo ufw logging off && sudo ufw enable && sudo systemctl enable 'ufw'
 +
 +===== Boot Loader =====
 +
 +==== GRUB ====
 +
 +****
 +
 +  sudo -e '/etc/default/grub' && sudo grub-mkconfig -o '/boot/grub/grub.cfg'
 +
 +==== Deadline I/O Scheduler ====
 +
 +  * Rotational disks
 +
 +  elevator=deadline
 +
 +==== Disable NMI watchdog ====
 +
 +****
 +
 +  nmi_watchdog=0
 +
 +==== Disable Webcam and Bluetooth ====
 +
 +****
 +
 +  modprobe.blacklist=uvcvideo,btusb,bluetooth
 +
 +===== Kernel Hardening =====
 +
 +  sudo -e '/etc/sysctl.d/harden.conf'
 +
 +  kernel.dmesg_restrict = 1
 +  kernel.kptr_restrict = 1
 +
 +===== Pacman Hooks =====
 +
 +==== systemd Initramfs Regenerate ====
 +
 +  * https://bbs.archlinux.org/viewtopic.php?id=215411
 +
 +  sudo mkdir -p '/etc/pacman.d/hooks' && sudo -e '/etc/pacman.d/hooks/system-initramfs-regen.hook'
 +
 +  [Trigger]
 +  Operation = Upgrade
 +  Type = Package
 +  Target = systemd
 +  
 +  [Action]
 +  Description = Generating initramfs...
 +  Depends = linux
 +  When = PostTransaction
 +  Exec = /usr/bin/mkinitcpio -P
 +
 +===== Secure Shell =====
 +
 +  * See [[Clients:Secure Shell]]
 +
 +====== Computer-specific ======
 +
 +===== Kraityn =====
 +
 +==== hdparm Tweaks ====
 +
 +  sudo -e '/etc/systemd/system/hd-tweak.service' && sudo systemctl daemon-reload && sudo systemctl enable 'hd-tweak' --now && sudo systemctl status 'hd-tweak' -l
 +
 +  [Unit]
 +  Description=hdparm Tweaks
 +  
 +  [Service]
 +  Type=oneshot
 +  ExecStart='/usr/bin/hdparm' -A '1' '/dev/sda'
 +  ExecStart='/usr/bin/hdparm' -B '255' '/dev/sda'
 +  ExecStart='/usr/bin/hdparm' -J '0' --please-destroy-my-drive '/dev/sda'
 +  ExecStart='/usr/bin/hdparm' -S '0' '/dev/sda'
 +  ExecStart='/usr/bin/hdparm' -W '1' '/dev/sda'
 +  
 +  [Install]
 +  WantedBy=multi-user.target
 +
 +====== Automatic Updates ======
 +
 +===== Service =====
 +
 +  sudo -e '/etc/systemd/system/arch-up.service'
 +
 +  [Service]
 +  Type=oneshot
 +  ExecStart='/usr/bin/pacman' -Syyuu --noconfirm -q
 +  ExecStart='/usr/bin/sync'
 +  ExecStart='/usr/bin/systemctl' reboot
 +
 +===== Timer =====
 +
 +  * See [[Information:Update Times]] for OnCalendar values ((6:10 Kraityn))
 +
 +  sudo -e '/etc/systemd/system/arch-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'arch-up.timer' --now && sudo systemctl start 'arch-up' && sudo systemctl status 'arch-up' -l
 +
 +  [Unit]
 +  Description=Software Package Maintenance and Updater
 +  After=NetworkManager-wait-online.service
 +  
 +  [Timer]
 +  OnCalendar=*-*-* 06:10:00
 +  Persistent=true
 +  
 +  [Install]
 +  WantedBy=timers.target
 +
 +====== Pacman Mirrorlist ======
 +
 +  * https://www.archlinux.org/mirrorlist
 +
 +===== Service =====
 +
 +  * Grabs US mirrors (IPv4, HTTPS)
 +
 +  sudo -e '/etc/systemd/system/mirrors-up.service'
 +
 +  [Service]
 +  Type=oneshot
 +  ExecStart='/usr/bin/wget' 'https://www.archlinux.org/mirrorlist/?country=US&protocol=https&ip_version=4' -O '/tmp/mirrorlist'
 +  ExecStart='/usr/bin/sed' -i 's/#Server/Server/g' '/tmp/mirrorlist'
 +  ExecStart='/usr/bin/mv' '/tmp/mirrorlist' '/etc/pacman.d/mirrorlist'
 +  ExecStart='/usr/bin/sync'
 +
 +===== Timer =====
 +
 +  sudo -e '/etc/systemd/system/mirrors-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'mirrors-up.timer' --now && sudo systemctl start 'mirrors-up' && sudo systemctl status 'mirrors-up' -l
 +
 +  [Unit]
 +  Description=Pacman Mirrorlist Generator
 +  After=NetworkManager-wait-online.service
 +  
 +  [Timer]
 +  OnCalendar=weekly
 +  Persistent=true
 +  
 +  [Install]
 +  WantedBy=timers.target
 +
 +====== Steven Black's Unified Hosts File ======
 +
 +  * https://github.com/StevenBlack/hosts
 +
 +===== Service =====
 +
 +  sudo -e '/etc/systemd/system/hosts-up.service'
 +
 +  [Service]
 +  Type=oneshot
 +  ExecStart='/usr/bin/wget' 'https://github.com/StevenBlack/hosts/archive/master.zip' -O '/tmp/master.zip'
 +  ExecStart='/usr/bin/unzip' '/tmp/master.zip' -d '/tmp'
 +  ExecStart='/usr/bin/python3' '/tmp/hosts-master/updateHostsFile.py' --auto --replace
 +  ExecStart='/usr/bin/rm' -Rf '/tmp/master.zip' '/tmp/hosts-master'
 +  ExecStart='/usr/bin/sync'
 +
 +===== Timer =====
 +
 +  sudo -e '/etc/systemd/system/hosts-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'hosts-up.timer' --now && sudo systemctl start 'hosts-up' && sudo systemctl status 'hosts-up' -l
 +
 +  [Unit]
 +  Description=Hosts File Protection Updater
 +  After=NetworkManager-wait-online.service
 +  
 +  [Timer]
 +  OnCalendar=weekly
 +  Persistent=true
 +  
 +  [Install]
 +  WantedBy=timers.target
 +
 +====== Notable Folders and Commands ======
 +
 +===== Show CPU Frequency =====
 +
 +  grep 'MHz' '/proc/cpuinfo'
 +
 +  watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo'
 +
 +===== Partition Information =====
 +
 +****
 +
 +  df -hT
 +
 +===== Optimal GCC compiler flags =====
 +
 +****
 +
 +  gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;'