Differences

This shows you the differences between two versions of the page.

--- distros:fedora_server [2023/07/15 14:22] – Sean Rhone
+++ distros:fedora_server [2024/02/05 15:40] – Sean Rhone
@@ Line 2: / Line 2: @@
   * Fedora Server ((https://getfedora.org/en/server))
-  * :!: 30 (TODO: Go through this and update for F38)
+  * 39
+====== Installation Notes ======
+  * Do not create a separate ''swap'' partition ((it's handled automatically by zswap))
 ====== Download ======
   * https://getfedora.org/en/server/download
+====== PackageKit ======
+  * :!: PackageKit was caught using hundreds of MB of RAM while not actively using it ((PackageKit was using 600MB idle on a 8GB server ''php-fpm'' was around 40MB))
+  * Apparently it only provides the package name for commands not found
+  * :!: TODO: Figure out how to prevent it from being reinstalled
+  sudo dnf remove PackageKit*
+====== HOSTS ======
+  * https://github.com/StevenBlack/hosts/
+  * Unified hosts + fakenews + gambling + porn + social
+===== Initial =====
+  * Only run once
+  ls '/etc/hosts~' || wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/hosts' && sudo cp --backup '/tmp/hosts-tmp' '/etc/hosts' && sudo restorecon -F -I -R '/etc/hosts' && sync
+===== Update =====
+****
+  ls '/etc/hosts~' && wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/hosts' && sudo mv --force '/tmp/hosts-tmp' '/etc/hosts' && sudo restorecon -F -I -R '/etc/hosts' && sync
+===== Restore Backup =====
+****
+  ls '/etc/hosts~' && sudo restorecon -F -I -R '/etc/hosts~' && sudo mv --force '/etc/hosts~' '/etc/hosts' && sync
 ====== DNF ======
@@ Line 12: / Line 47: @@
   * Disables Delta RPMs with ''deltarpm=false''
-  cat '/etc/dnf/dnf.conf' | grep 'deltarpm=false' || echo 'deltarpm=false' | sudo tee --append '/etc/dnf/dnf.conf' > '/dev/null' && cat '/etc/dnf/dnf.conf'
+  echo 'deltarpm=false' | sudo tee --append '/etc/dnf/dnf.conf' > '/dev/null' && cat '/etc/dnf/dnf.conf' | grep 'deltarpm=false'
+  sudo -e '/etc/dnf/dnf.conf'
 ====== Software ======
 ===== Update =====
+  * :!: See [[distros:fedora_workstation_gnome#dnf_autoremove_fix]] if ''dnf autoremove'' fails
+  sudo dnf autoremove -y && sudo dnf distro-sync -y && sync
+===== Firmware =====
 ****
-  sudo dnf clean 'all' && sudo dnf distro-sync -y && sudo dnf autoremove -y && sync
+  sudo fwupdmgr refresh --force && sudo fwupdmgr update --verbose
 ===== GNU nano =====
@@ Line 32: / Line 75: @@
 ===== General =====
-  sudo dnf install htop
+  * TODO: Figure out ''policycoreutils-devel''
-  p7zip unar aria2
+  sudo dnf install aria2 binutils hdparm htop kernel-tools lm_sensors openssl1.1 p7zip p7zip-plugins unar wget
   policycoreutils-devel
-====== Laptop Server ======
+====== Settings ======
+===== Laptop Server =====
   * This tells ''systemd'' to ignore Lid close events and prevents system suspend ((2023/07/14: Oak was changed from a Phenom II X4 desktop to a X230 laptop; no more NAS but it was rarely-used and I have external drives))
@@ Line 46: / Line 91: @@
   sudo -e '/etc/systemd/logind.conf.d/99-laptop-server.conf'
-====== USB Backups ======
+===== Network =====
-===== Drive Mount =====
+==== Anaconda ====
-  * Expects single-partition flash drive with ext4
+  * [[notes:dns_servers#quad9|Quad9]], see [[notes:dns_servers]] for other servers
-  * TODO: If multiple drives beyond sda main and sdb USB are ever involved, use UUID instead
-  sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab'
+<code>9.9.9.9,149.112.112.112</code>
-  # USB Backup
+<code>2620:fe::fe,2620:fe::9</code>
-  /dev/sdb1 /mnt/USB ext4 defaults 0 2
-===== Service =====
+==== systemd-resolved ====
-  mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/usb-b.service'
+  * systemd-resolved caches DNS
+  * [[notes:dns_servers#quad9|Quad9]], see [[notes:dns_servers]] for other servers
-  [Service]
+  sudo mkdir -p '/etc/systemd/resolved.conf.d' && sudo -e '/etc/systemd/resolved.conf.d/99-dns-over-tls.conf'
-  Type=oneshot
-  ExecStart='/usr/bin/rsync' -r '/home/espionage724/backups' '/mnt/USB' -v --ignore-existing
-===== Timer =====
+<code>
+[Resolve]
+DNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
+DNSOverTLS=yes</code>
-  * See server-specific configurations to make use of this
+=== NetworkManager ===
-  sudo -e '/etc/systemd/system/usb-b.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'usb-b.timer' --now
+  * Change ''ens3'' as-needed
-  [Unit]
+  nmcli connection show
-  Description=USB Backup
-  [Timer]
-  OnCalendar=*-*-* 04:00:00
-  Persistent=true
-  [Install]
-  WantedBy=timers.target
-===== SELinux =====
+  sudo nmcli connection modify 'ens3' 'ipv4.dns' '127.0.0.1,9.9.9.9,149.112.112.112'
-==== Switch to Permissive ====
+  sudo nmcli connection modify 'ens3' 'ipv6.dns' '::1,2620:fe::fe,2620:fe::9'
-****
+===== Hostname =====
-  sudo setenforce '0'
+  * Change ''x'' to computer name
+  * Likely not needed if set through Anaconda
-==== Clear Audit Log ====
+  hostnamectl set-hostname 'x'
-  su
+===== lm_sensors =====
-  > '/var/log/audit/audit.log'
+  sudo sensors-detect --auto
-==== Start Services ====
+  sudo -e '/etc/sysconfig/lm_sensors'
-****
+===== Secure Shell =====
-  sudo systemctl start 'usb-b'
+  * See [[clients:secure_shell|Client]] notes to generate/restore public key
-==== Create Policy ====
+===== Drive Maintenance =====
-****
+==== Trim ====
-  sudo audit2allow -a -M 'usb-b'
-==== Install Policy ====
 ****
-  sudo semodule -i 'usb-b.pp'
+  sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l
-==== Switch to Enforcing ====
+===== UTC =====
-****
+  * [[https://wiki.archlinux.org/index.php/System_time#Time_standard|System time - ArchWiki]]
+  * Set RTC to UTC
-  sudo setenforce '1'
+  sudo timedatectl set-local-rtc '0'
-==== Clean Up ====
+==== Verify ====
 ****
-  sudo rm usb-b.pp usb-b.te && sync
+  timedatectl | grep local
 ====== Automatic Updates ======
 ===== Service =====
-  * TODO: If this ever fails because of the modular repo not being available, look into auto-restart
   sudo -e '/etc/systemd/system/fedora-up.service'
@@ Line 145: / Line 178: @@
 ===== Timer =====
-  * 06:10 Kraityn
+  * ''00:00'' Oak
-  * 06:20 Alira
-  * 06:30 Oak
   sudo -e '/etc/systemd/system/fedora-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'fedora-up.timer' --now
@@ Line 158: / Line 189: @@
 [Timer]
-OnCalendar=*-*-* 06:10:00
+OnCalendar=*-*-* 00:00:00
 Persistent=true
@@ Line 166: / Line 197: @@
 ====== Notable Folders and Commands ======
-===== YUM/DNF Repos =====
+  * See [[notes:misc_linux]]
-****
-  /etc/yum.repos.d
-===== fstrim =====
-****
-  sudo fstrim -v --all
-===== SELinux Re-label =====
-****
-  sudo touch '/.autorelabel'
-===== Show CPU Frequency =====
-  grep 'MHz' '/proc/cpuinfo'
-  watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo'
-===== Partition Information =====
-****
-  df -hT
-===== Optimal GCC compiler flags =====
-****
-  gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;'
-===== FirewallD =====
-==== List Active Rules ====
-****
-  sudo firewall-cmd --list-all
-==== List Available Services ====
-****
-  sudo firewall-cmd --get-service
-==== Reload ====
-****
-  sudo firewall-cmd --reload
-==== Add/Remove Service ====
-  * Add ''--permanent'' as-needed to allow the rule to persist
-  sudo firewall-cmd --add-service=x
-  sudo firewall-cmd --remove-service=x
-==== Add/Remove Port ====
-  * Add ''--permanent'' as-needed to allow the rule to persist
+===== Firewalld =====
-  * Change ''tcp'' to ''udp'' as-needed
-  sudo firewall-cmd --add-port=x/tcp
+  * See [[notes:misc_linux#firewalld|Firewalld notes]]
-  sudo firewall-cmd --remove-port=x/tcp