This is an old revision of the document!

Information

Fedora Server ¹⁾
39

Download

https://getfedora.org/en/server/download

Installation Notes

Software Selection → Fedora Server Edition → [x] Headless Management

HOSTS

https://github.com/StevenBlack/hosts/
Unified hosts + fakenews + gambling + porn + social

Initial

Only run once

ls '/etc/hosts~' || wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/hosts' && sudo cp --backup '/tmp/hosts-tmp' '/etc/hosts' && sudo restorecon -F -I -R '/etc/hosts' && sync

Update

ls '/etc/hosts~' && wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/hosts' && sudo mv --force '/tmp/hosts-tmp' '/etc/hosts' && sudo restorecon -F -I -R '/etc/hosts' && sync

Restore Backup

ls '/etc/hosts~' && sudo restorecon -F -I -R '/etc/hosts~' && sudo mv --force '/etc/hosts~' '/etc/hosts' && sync

DNF

Disables Delta RPMs with deltarpm=false

echo 'deltarpm=false' | sudo tee --append '/etc/dnf/dnf.conf' > '/dev/null' && cat '/etc/dnf/dnf.conf' | grep 'deltarpm=false'

sudo -e '/etc/dnf/dnf.conf'

Software

Update

See dnf_autoremove_fix if dnf autoremove fails

sudo dnf autoremove -y && sudo dnf distro-sync -y && sync

Firmware

sudo fwupdmgr refresh --force && sudo fwupdmgr update --verbose

GNU nano

Installs nano
Sets VISUAL and EDITOR to nano via environment variable
Sets nowrap for current user

sudo dnf install 'nano' -y && export 'VISUAL=nano' && export 'EDITOR=nano' && echo -e 'export VISUAL=nano\nexport EDITOR=nano' | sudo tee '/etc/profile.d/editor-nano.sh' > '/dev/null' && cat '/etc/profile.d/editor-nano.sh' && mkdir -p ~/'.config/nano' && echo 'set nowrap' | tee ~/'.config/nano/nanorc' > '/dev/null' && cat ~/'.config/nano/nanorc'

General

TODO: policycoreutils-devel provided something for CLI SELinux auditing, but it seems easier to GUI-audit from Cockpit without that package?

sudo dnf install aria2 binutils hdparm htop kernel-tools lm_sensors openssl1.1 p7zip p7zip-plugins unar wget

policycoreutils-devel

Settings

Laptop Server

This tells systemd to ignore Lid close events and prevents system suspend ²⁾

sudo mkdir -p '/etc/systemd/logind.conf.d' && echo -e "[Login]\nHandleLidSwitch=ignore" | sudo tee '/etc/systemd/logind.conf.d/99-laptop-server.conf' > '/dev/null'

sudo -e '/etc/systemd/logind.conf.d/99-laptop-server.conf'

Network

Use systemd-resolved for DNS as it caches
Until systemd-resolver is enabled, setting localhost for DNS fails; don't set this in Anaconda
TODO: Figure out command-line method for setting this; use Cockpit in the meantime

DNS

127.0.0.1

::1

systemd-resolved

sudo mkdir -p '/etc/systemd/resolved.conf.d' && sudo -e '/etc/systemd/resolved.conf.d/99-dns-over-tls.conf'

[Resolve]
DNS=1.1.1.2#security.cloudflare-dns.com 1.0.0.2#security.cloudflare-dns.com 2606:4700:4700::1112#security.cloudflare-dns.com 2606:4700:4700::1002#security.cloudflare-dns.com
DNSOverTLS=yes

Kernel Options

Magic SysRq key

https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html

echo 'kernel.sysrq = 1' | sudo tee '/etc/sysctl.d/99-sysrq.conf' > '/dev/null' && cat '/etc/sysctl.d/99-sysrq.conf'

Swappiness

echo 'vm.swappiness = 0' | sudo tee '/etc/sysctl.d/99-swappiness.conf' > '/dev/null' && cat '/etc/sysctl.d/99-swappiness.conf'

GRUB

Config

More Kernel Parameters
Add commands within args

sudo grubby --update-kernel='ALL' --args=''

Hostname

Change x to computer name
Likely not needed if set through Anaconda

hostnamectl set-hostname 'x'

lm_sensors

sudo sensors-detect --auto

sudo -e '/etc/sysconfig/lm_sensors'

Secure Shell

See Client notes to generate/restore public key

Drive Maintenance

Trim

sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l

XFS Scrub

XFS - ArchWiki

sudo dnf install 'xfsprogs-xfs_scrub' -y && sync

sudo systemctl enable 'xfs_scrub_all.timer' --now && sudo systemctl start 'xfs_scrub_all' && sync && sudo systemctl status 'xfs_scrub_all' -l

UTC

System time - ArchWiki
Set RTC to UTC

sudo timedatectl set-local-rtc '0'

Verify

timedatectl | grep local

Automatic Updates

Service

sudo -e '/etc/systemd/system/fedora-up.service'

[Service]
Type=oneshot
ExecStartPre='/usr/bin/dnf' clean 'all'
ExecStart='/usr/bin/dnf' distro-sync -y
ExecStart='/usr/bin/dnf' autoremove -y
ExecStartPost='/usr/bin/sync'
ExecStartPost='/usr/bin/systemctl' reboot

Timer

06:10 Kraityn
06:20 Alira
06:30 Oak

sudo -e '/etc/systemd/system/fedora-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'fedora-up.timer' --now

[Unit]
Description=Software Package Maintenance and Updater
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=*-*-* 06:30:00
Persistent=true

[Install]
WantedBy=timers.target

Notable Folders and Commands

See misc_linux

Firewalld

See Firewalld notes

¹⁾

https://getfedora.org/en/server

²⁾

2023/07/14: Oak was changed from a Phenom II X4 desktop to a X230 laptop; no more NAS but it was rarely-used and I have external drives

RoE | Wiki

Table of Contents

Information

Download

Installation Notes

HOSTS

Initial

Update

Restore Backup

DNF

Software

Update

Firmware

GNU nano

General

Settings

Laptop Server

Network

DNS

systemd-resolved

Kernel Options

Magic SysRq key

Swappiness

GRUB

Config

Hostname

lm_sensors

Secure Shell

Drive Maintenance

Trim

XFS Scrub

UTC

Verify

Automatic Updates

Service

Timer

Notable Folders and Commands

Firewalld