User Tools

Site Tools


distros:fedora_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
distros:fedora_server [2019/06/28 12:24] Sean Rhonedistros:fedora_server [2024/02/05 15:40] (current) Sean Rhone
Line 2: Line 2:
  
   * Fedora Server ((https://getfedora.org/en/server))   * Fedora Server ((https://getfedora.org/en/server))
-  * 30+  * 39 
 + 
 +====== Installation Notes ====== 
 + 
 +  * Do not create a separate ''swap'' partition ((it's handled automatically by zswap))
  
 ====== Download ====== ====== Download ======
  
   * https://getfedora.org/en/server/download   * https://getfedora.org/en/server/download
 +
 +====== PackageKit ======
 +
 +  * :!: PackageKit was caught using hundreds of MB of RAM while not actively using it ((PackageKit was using 600MB idle on a 8GB server ''php-fpm'' was around 40MB))
 +  * Apparently it only provides the package name for commands not found
 +  * :!: TODO: Figure out how to prevent it from being reinstalled
 +
 +  sudo dnf remove PackageKit*
 +
 +====== HOSTS ======
 +
 +  * https://github.com/StevenBlack/hosts/
 +  * Unified hosts + fakenews + gambling + porn + social
 +
 +===== Initial =====
 +
 +  * Only run once
 +
 +  ls '/etc/hosts~' || wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/hosts' && sudo cp --backup '/tmp/hosts-tmp' '/etc/hosts' && sudo restorecon -F -I -R '/etc/hosts' && sync
 +
 +===== Update =====
 +
 +****
 +
 +  ls '/etc/hosts~' && wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/hosts' && sudo mv --force '/tmp/hosts-tmp' '/etc/hosts' && sudo restorecon -F -I -R '/etc/hosts' && sync
 +
 +===== Restore Backup =====
 +
 +****
 +
 +  ls '/etc/hosts~' && sudo restorecon -F -I -R '/etc/hosts~' && sudo mv --force '/etc/hosts~' '/etc/hosts' && sync
  
 ====== DNF ====== ====== DNF ======
Line 12: Line 47:
   * Disables Delta RPMs with ''deltarpm=false''   * Disables Delta RPMs with ''deltarpm=false''
  
-  cat '/etc/dnf/dnf.conf' | grep 'deltarpm=false' || echo 'deltarpm=false' | sudo tee --append '/etc/dnf/dnf.conf' > '/dev/null' && cat '/etc/dnf/dnf.conf'+  echo 'deltarpm=false' | sudo tee --append '/etc/dnf/dnf.conf' > '/dev/null' && cat '/etc/dnf/dnf.conf' | grep 'deltarpm=false' 
 + 
 +  sudo -e '/etc/dnf/dnf.conf'
  
 ====== Software ====== ====== Software ======
  
 ===== Update ===== ===== Update =====
 +
 +  * :!: See [[distros:fedora_workstation_gnome#dnf_autoremove_fix]] if ''dnf autoremove'' fails
 +
 +  sudo dnf autoremove -y && sudo dnf distro-sync -y && sync
 +
 +===== Firmware =====
  
 **** ****
  
-  sudo dnf clean 'all' && sudo dnf distro-sync -&& sudo dnf autoremove -y && sync+  sudo fwupdmgr refresh --force && sudo fwupdmgr update --verbose
  
 ===== GNU nano ===== ===== GNU nano =====
Line 32: Line 75:
 ===== General ===== ===== General =====
  
-  sudo dnf install htop+  * TODO: Figure out ''policycoreutils-devel''
  
-  p7zip unar aria2+  sudo dnf install aria2 binutils hdparm htop kernel-tools lm_sensors openssl1.1 p7zip p7zip-plugins unar wget
  
   policycoreutils-devel   policycoreutils-devel
  
-====== USB Backups ======+====== Settings ======
  
-===== Drive Mount =====+===== Laptop Server =====
  
-  * Expects single-partition flash drive with ext4 +  * This tells ''systemd'' to ignore Lid close events and prevents system suspend ((2023/07/14Oak was changed from a Phenom II X4 desktop to a X230 laptop; no more NAS but it was rarely-used and I have external drives))
-  * TODOIf multiple drives beyond sda main and sdb USB are ever involved, use UUID instead+
  
-  sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab'+  sudo mkdir -p '/etc/systemd/logind.conf.d' && echo -e "[Login]\nHandleLidSwitch=ignore" | sudo tee '/etc/systemd/logind.conf.d/99-laptop-server.conf' > '/dev/null'
  
-  # USB Backup +  sudo -e '/etc/systemd/logind.conf.d/99-laptop-server.conf'
-  /dev/sdb1 /mnt/USB ext4 defaults 0 2+
  
-===== Service =====+===== Network =====
  
-  mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/usb-b.service'+==== Anaconda ====
  
-  [Service] +  [[notes:dns_servers#quad9|Quad9]], see [[notes:dns_servers]for other servers
-  Type=oneshot +
-  ExecStart='/usr/bin/rsync' -r '/home/espionage724/backups' '/mnt/USB' -v --ignore-existing+
  
-===== Timer =====+<code>9.9.9.9,149.112.112.112</code>
  
-  * See server-specific configurations to make use of this+<code>2620:fe::fe,2620:fe::9</code>
  
-  sudo -e '/etc/systemd/system/usb-b.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'usb-b.timer' --now+==== systemd-resolved ====
  
-  [Unit] +  * systemd-resolved caches DNS 
-  Description=USB Backup +  [[notes:dns_servers#quad9|Quad9]], see [[notes:dns_servers]] for other servers
-   +
-  [Timer] +
-  OnCalendar=*-*-* 04:00:00 +
-  Persistent=true +
-   +
-  [Install] +
-  WantedBy=timers.target+
  
-===== SELinux =====+  sudo mkdir -p '/etc/systemd/resolved.conf.d' && sudo -e '/etc/systemd/resolved.conf.d/99-dns-over-tls.conf'
  
-==== Switch to Permissive ====+<code> 
 +[Resolve] 
 +DNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net 
 +DNSOverTLS=yes</code>
  
-****+=== NetworkManager ===
  
-  sudo setenforce '0'+  * Change ''ens3'' as-needed
  
-==== Clear Audit Log ====+  nmcli connection show
  
-  su+  sudo nmcli connection modify 'ens3' 'ipv4.dns' '127.0.0.1,9.9.9.9,149.112.112.112'
  
-  '/var/log/audit/audit.log'+  sudo nmcli connection modify 'ens3' 'ipv6.dns' '::1,2620:fe::fe,2620:fe::9'
  
-==== Start Services ====+===== Hostname =====
  
-****+  Change ''x'' to computer name 
 +  Likely not needed if set through Anaconda
  
-  sudo systemctl start 'usb-b'+  hostnamectl set-hostname 'x'
  
-==== Create Policy ====+===== lm_sensors =====
  
-****+  sudo sensors-detect --auto
  
-  sudo audit2allow -a -M 'usb-b'+  sudo -'/etc/sysconfig/lm_sensors'
  
-==== Install Policy ====+===== Secure Shell =====
  
-****+  See [[clients:secure_shell|Client]] notes to generate/restore public key
  
-  sudo semodule -i 'usb-b.pp'+===== Drive Maintenance =====
  
-==== Switch to Enforcing ====+==== Trim ====
  
 **** ****
  
-  sudo setenforce '1'+  sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l 
 + 
 +===== UTC ===== 
 + 
 +  * [[https://wiki.archlinux.org/index.php/System_time#Time_standard|System time - ArchWiki]] 
 +  * Set RTC to UTC 
 + 
 +  sudo timedatectl set-local-rtc '0'
  
-==== Clean Up ====+==== Verify ====
  
 **** ****
  
-  sudo rm usb-b.pp usb-b.te && sync+  timedatectl | grep local
  
 ====== Automatic Updates ====== ====== Automatic Updates ======
  
 ===== Service ===== ===== Service =====
- 
-  * TODO: If this ever fails because of the modular repo not being available, look into auto-restart 
  
   sudo -e '/etc/systemd/system/fedora-up.service'   sudo -e '/etc/systemd/system/fedora-up.service'
Line 137: Line 178:
 ===== Timer ===== ===== Timer =====
  
-  * 06:10 Kraityn +  * ''00:00'' Oak
-  * 06:20 Alira +
-  * 06:30 Oak+
  
   sudo -e '/etc/systemd/system/fedora-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'fedora-up.timer' --now   sudo -e '/etc/systemd/system/fedora-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'fedora-up.timer' --now
Line 150: Line 189:
  
 [Timer] [Timer]
-OnCalendar=*-*-* 06:10:00+OnCalendar=*-*-* 00:00:00
 Persistent=true Persistent=true
  
Line 158: Line 197:
 ====== Notable Folders and Commands ====== ====== Notable Folders and Commands ======
  
-===== YUM/DNF Repos ===== +  See [[notes:misc_linux]]
- +
-**** +
- +
-  /etc/yum.repos.d +
- +
-===== fstrim ===== +
- +
-**** +
- +
-  sudo fstrim -v --all +
- +
-===== SELinux Re-label ===== +
- +
-**** +
- +
-  sudo touch '/.autorelabel' +
- +
-===== Show CPU Frequency ===== +
- +
-  grep 'MHz' '/proc/cpuinfo' +
- +
-  watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo' +
- +
-===== Partition Information ===== +
- +
-**** +
- +
-  df -hT +
- +
-===== Optimal GCC compiler flags ===== +
- +
-**** +
- +
-  gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;' +
- +
-===== FirewallD ===== +
- +
-==== List Active Rules ==== +
- +
-**** +
- +
-  sudo firewall-cmd --list-all +
- +
-==== List Available Services ==== +
- +
-**** +
- +
-  sudo firewall-cmd --get-service +
- +
-==== Reload ==== +
- +
-**** +
- +
-  sudo firewall-cmd --reload +
- +
-==== Add/Remove Service ==== +
- +
-  * Add ''--permanent'' as-needed to allow the rule to persist +
- +
-  sudo firewall-cmd --add-service=x +
- +
-  sudo firewall-cmd --remove-service=x +
- +
-==== Add/Remove Port ====+
  
-  * Add ''--permanent'' as-needed to allow the rule to persist +===== Firewalld =====
-  * Change ''tcp'' to ''udp'' as-needed+
  
-  sudo firewall-cmd --add-port=x/tcp+  * See [[notes:misc_linux#firewalld|Firewalld notes]]
  
-  sudo firewall-cmd --remove-port=x/tcp 
/var/www/wiki/data/attic/distros/fedora_server.1561739048.txt.gz · Last modified: 2019/06/28 12:24 by Sean Rhone