RoE | Wiki

User Tools

Site Tools

Trace:
distros:arch_linux_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Last revisionBoth sides next revision
distros:arch_linux_server [2016/10/14 18:35] Sean Rhonedistros:arch_linux_server [2016/10/23 03:31] Sean Rhone
Line 1: Line 1:
 +====== Information ======
  
 +  * Arch Linux ((https://www.archlinux.org))
 +  * Server
 +
 +===== Prerequisites =====
 +
 +  * [[distros:arch_linux_install | Arch Linux Install]]
 +
 +====== Software ======
 +
 +===== Update =====
 +
 +****
 +
 +  sudo pacman -Syyuu
 +
 +===== General =====
 +
 +****
 +
 +  sudo pacman -S aria2 hdparm hidepid htop p7zip ufw unrar wget unzip python3
 +
 +====== Settings ======
 +
 +===== Uncomplicated Firewall =====
 +
 +****
 +
 +  sudo ufw reset && sudo ufw default deny && sudo ufw limit '22'/'tcp' && sudo ufw logging off && sudo ufw enable && sudo systemctl enable 'ufw'
 +
 +===== Boot Loader =====
 +
 +==== GRUB ====
 +
 +****
 +
 +  sudo -e '/etc/default/grub' && sudo grub-mkconfig -o '/boot/grub/grub.cfg'
 +
 +==== Deadline I/O Scheduler ====
 +
 +  * Rotational disks
 +
 +  elevator=deadline
 +
 +==== Disable NMI watchdog ====
 +
 +****
 +
 +  nmi_watchdog=0
 +
 +==== Disable Webcam and Bluetooth ====
 +
 +****
 +
 +  modprobe.blacklist=uvcvideo,btusb,bluetooth
 +
 +===== Kernel Hardening =====
 +
 +  sudo -e '/etc/sysctl.d/harden.conf'
 +
 +  kernel.dmesg_restrict = 1
 +  kernel.kptr_restrict = 1
 +
 +===== Pacman Hooks =====
 +
 +==== systemd Initramfs Regenerate ====
 +
 +  * https://bbs.archlinux.org/viewtopic.php?id=215411
 +
 +  sudo mkdir -p '/etc/pacman.d/hooks' && sudo -e '/etc/pacman.d/hooks/system-initramfs-regen.hook'
 +
 +  [Trigger]
 +  Operation = Upgrade
 +  Type = Package
 +  Target = systemd
 +  
 +  [Action]
 +  Description = Generating initramfs...
 +  Depends = linux
 +  When = PostTransaction
 +  Exec = /usr/bin/mkinitcpio -P
 +
 +===== Secure Shell =====
 +
 +  * See [[Clients:Secure Shell]]
 +
 +====== Computer-specific ======
 +
 +===== Kraityn =====
 +
 +==== hdparm Tweaks ====
 +
 +  sudo -e '/etc/systemd/system/hd-tweak.service' && sudo systemctl daemon-reload && sudo systemctl enable 'hd-tweak' --now && sudo systemctl status 'hd-tweak' -l
 +
 +  [Unit]
 +  Description=hdparm Tweaks
 +  
 +  [Service]
 +  Type=oneshot
 +  ExecStart='/usr/bin/hdparm' -A '1' '/dev/sda'
 +  ExecStart='/usr/bin/hdparm' -B '255' '/dev/sda'
 +  ExecStart='/usr/bin/hdparm' -J '0' --please-destroy-my-drive '/dev/sda'
 +  ExecStart='/usr/bin/hdparm' -S '0' '/dev/sda'
 +  ExecStart='/usr/bin/hdparm' -W '1' '/dev/sda'
 +  
 +  [Install]
 +  WantedBy=multi-user.target
 +
 +====== Automatic Updates ======
 +
 +===== Service =====
 +
 +  sudo -e '/etc/systemd/system/arch-up.service'
 +
 +  [Service]
 +  Type=oneshot
 +  ExecStart='/usr/bin/pacman' -Syyuu --noconfirm -q
 +  ExecStart='/usr/bin/sync'
 +  ExecStart='/usr/bin/systemctl' reboot
 +
 +===== Timer =====
 +
 +  * See [[Information:Update Times]] for OnCalendar values ((6:10 Kraityn))
 +
 +  sudo -e '/etc/systemd/system/arch-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'arch-up.timer' --now && sudo systemctl start 'arch-up' && sudo systemctl status 'arch-up' -l
 +
 +  [Unit]
 +  Description=Software Package Maintenance and Updater
 +  After=NetworkManager-wait-online.service
 +  
 +  [Timer]
 +  OnCalendar=*-*-* 06:10:00
 +  Persistent=true
 +  
 +  [Install]
 +  WantedBy=timers.target
 +
 +====== Pacman Mirrorlist ======
 +
 +  * https://www.archlinux.org/mirrorlist
 +
 +===== Service =====
 +
 +  * Grabs US mirrors (IPv4, HTTPS)
 +
 +  sudo -e '/etc/systemd/system/mirrors-up.service'
 +
 +  [Service]
 +  Type=oneshot
 +  ExecStart='/usr/bin/wget' 'https://www.archlinux.org/mirrorlist/?country=US&protocol=https&ip_version=4' -O '/tmp/mirrorlist'
 +  ExecStart='/usr/bin/sed' -i 's/#Server/Server/g' '/tmp/mirrorlist'
 +  ExecStart='/usr/bin/mv' '/tmp/mirrorlist' '/etc/pacman.d/mirrorlist'
 +  ExecStart='/usr/bin/sync'
 +
 +===== Timer =====
 +
 +  sudo -e '/etc/systemd/system/mirrors-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'mirrors-up.timer' --now && sudo systemctl start 'mirrors-up' && sudo systemctl status 'mirrors-up' -l
 +
 +  [Unit]
 +  Description=Pacman Mirrorlist Generator
 +  After=NetworkManager-wait-online.service
 +  
 +  [Timer]
 +  OnCalendar=weekly
 +  Persistent=true
 +  
 +  [Install]
 +  WantedBy=timers.target
 +
 +====== Steven Black's Unified Hosts File ======
 +
 +  * https://github.com/StevenBlack/hosts
 +
 +===== Service =====
 +
 +  sudo -e '/etc/systemd/system/hosts-up.service'
 +
 +  [Service]
 +  Type=oneshot
 +  ExecStart='/usr/bin/wget' 'https://github.com/StevenBlack/hosts/archive/master.zip' -O '/tmp/master.zip'
 +  ExecStart='/usr/bin/unzip' '/tmp/master.zip' -d '/tmp'
 +  ExecStart='/usr/bin/python3' '/tmp/hosts-master/updateHostsFile.py' --auto --replace
 +  ExecStart='/usr/bin/rm' -Rf '/tmp/master.zip' '/tmp/hosts-master'
 +  ExecStart='/usr/bin/sync'
 +
 +===== Timer =====
 +
 +  sudo -e '/etc/systemd/system/hosts-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'hosts-up.timer' --now && sudo systemctl start 'hosts-up' && sudo systemctl status 'hosts-up' -l
 +
 +  [Unit]
 +  Description=Hosts File Protection Updater
 +  After=NetworkManager-wait-online.service
 +  
 +  [Timer]
 +  OnCalendar=weekly
 +  Persistent=true
 +  
 +  [Install]
 +  WantedBy=timers.target
 +
 +====== Notable Folders and Commands ======
 +
 +===== Show CPU Frequency =====
 +
 +  grep 'MHz' '/proc/cpuinfo'
 +
 +  watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo'
 +
 +===== Partition Information =====
 +
 +****
 +
 +  df -hT
 +
 +===== Optimal GCC compiler flags =====
 +
 +****
 +
 +  gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;'