RoE | Wiki

User Tools

Site Tools

Trace:
distros:opensuse_tumbleweed_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
distros:opensuse_tumbleweed_server [2018/12/02 12:39] – [Service] Sean Rhonedistros:opensuse_tumbleweed_server [2019/05/28 08:42] Sean Rhone
Line 1: Line 1:
 +====== Information ======
  
 +  * openSUSE ((https://www.opensuse.org))
 +  * Tumbleweed ((https://en.opensuse.org/Portal:Tumbleweed))
 +  * Server
 +
 +====== Download ======
 +
 +===== DVD-x86_64-Current.iso =====
 +
 +  * http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso
 +
 +  http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso
 +
 +===== Hashes =====
 +
 +  * http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso.mirrorlist
 +
 +====== Installation Notes ======
 +
 +  * ''EFI/opensuse/grubx64.efi'' ((EFI file to boot and in the case of Acer laptops, add to SecureBoot trust; doesn't matter if SecureBoot is enabled or not))
 +  * XFS, no separate ''/home'', separate ''swap'' partition enlarged to RAM for suspend
 +
 +====== HOSTS ======
 +
 +  * https://github.com/StevenBlack/hosts/
 +  * Using ''Unified hosts + fakenews + gambling''
 +
 +  sudo wget -O '/etc/hosts' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sync
 +
 +  cat '/etc/hosts' | grep 'Date:'
 +
 +  sudo -e '/etc/hosts'
 +
 +====== Repositories ======
 +
 +===== PackMan Essentials =====
 +
 +  * http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/
 +
 +  * Repository Priority: 98
 +  * Provides extended multimedia support
 +  * :!: TODO: Doubt this is needed on a server...
 +
 +  sudo rpm --import 'http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/repodata/repomd.xml.key' && sudo zypper addrepo --check --gpgcheck-strict --refresh --priority '98' --name 'Packman Essentials repository (openSUSE_Tumbleweed)' 'http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials' 'packman-essentials'
 +
 +====== Software ======
 +
 +===== List =====
 +
 +  * http://download.opensuse.org/tumbleweed/repo/
 +
 +===== Disable USB Source =====
 +
 +****
 +
 +  sudo zypper modifyrepo --disable --medium-type 'hd'
 +
 +===== Update =====
 +
 +==== System ====
 +
 +****
 +
 +  sudo zypper clean --all && sudo zypper refresh --force --services && sudo zypper dist-upgrade --details --allow-downgrade --allow-name-change --allow-arch-change --allow-vendor-change && sync
 +
 +==== Firmware ====
 +
 +****
 +
 +  sudo fwupdmgr refresh && sudo fwupdmgr update --verbose
 +
 +===== GNU nano =====
 +
 +  * Installs ''nano''
 +  * Sets ''VISUAL'' and ''EDITOR'' to ''nano'' via environment variable
 +  * Sets ''nowrap'' for current user
 +
 +  sudo zypper install 'nano' && export 'VISUAL=nano' && export 'EDITOR=nano' && echo -e 'export VISUAL=nano\nexport EDITOR=nano' | sudo tee '/etc/profile.d/editor-nano.sh' > '/dev/null' && cat '/etc/profile.d/editor-nano.sh' && mkdir -p ~/'.config/nano' && echo 'set nowrap' | tee ~/'.config/nano/nanorc' > '/dev/null' && cat ~/'.config/nano/nanorc'
 +
 +===== General =====
 +
 +****
 +
 +  sudo zypper install p7zip unar aria2 hdparm nano htop wget irqbalance
 +
 +===== Keybase =====
 +
 +  * https://keybase.io
 +  * :!: TODO: Figure out how to do automated bcakups to KBFS
 +
 +  keybase
 +
 +====== Settings ======
 +
 +===== Network =====
 +
 +==== DNS ====
 +
 +=== UncensoredDNS ===
 +
 +  * https://blog.uncensoreddns.org/
 +
 +  89.233.43.71,91.239.100.100
 +
 +  2a01:3a0:53:53::,2001:67c:28a4::
 +
 +=== OpenNIC Anycast ===
 +
 +  * https://wiki.opennic.org/start#anycast_tier_2_dns_resolvers
 +
 +  185.121.177.177,169.239.202.202
 +
 +  2a05:dfc7:5::53,2a05:dfc7:5::5353
 +
 +===== GRUB =====
 +
 +==== Other Parameters ====
 +
 +  * See [[notes:kernel_parameters|Kernel Parameters]] for other options
 +
 +==== blk_mq ====
 +
 +****
 +
 +  scsi_mod.use_blk_mq=y dm_mod.use_blk_mq=y
 +
 +==== Reboot ====
 +
 +  * ''efi'' is for UEFI systems
 +  * ''pci'' is for Legacy systems and Coreboot with SeaBIOS payload
 +  * There are other values possible should either of those not work
 +
 +  reboot=pci
 +
 +  reboot=efi
 +
 +==== PCIe ASPM ====
 +
 +****
 +
 +  pcie_aspm=force
 +
 +==== Blacklist Watchdogs ====
 +
 +  * ''iTCO_wdt'' controls watchdog on some Intel platforms
 +  * ''sp5100_tco'' controls watchdog on some AMD platforms
 +  * ''nowatchdog'' disables both soft and hard generic watchdogs
 +  * Apparently this reduces power usage slightly
 +
 +  modprobe.blacklist=iTCO_wdt,sp5100_tco nowatchdog
 +
 +===== Hostname =====
 +
 +  * Change ''x'' to computer name
 +
 +  sudo hostnamectl set-hostname 'x'
 +
 +===== Keybase =====
 +
 +  * :!: Run after initial install
 +  * :!: TODO: Might not be needed with CLI Keybase
 +
 +  run_keybase
 +
 +===== Kernel Options =====
 +
 +  * Enables ''kernel.dmesg_restrict'', ''kernel.kptr_restrict'', and ''kernel.sysrq''
 +  * Sets ''vm.swappiness'' to ''10''
 +
 +  echo -e "kernel.dmesg_restrict = 1\nkernel.kptr_restrict = 1\nkernel.sysrq = 1\nvm.swappiness = 10" | sudo tee '/etc/sysctl.d/99-custom.conf' > '/dev/null' && cat '/etc/sysctl.d/99-custom.conf'
 +
 +  cat '/sys/fs/cgroup/memory/memory.swappiness'
 +
 +===== Secure Shell =====
 +
 +  * See [[Clients:Secure Shell]]
 +
 +===== systemd =====
 +
 +  * Log data is stored in volatile storage
 +  * Max log file sizes of ''50MB''
 +
 +  sudo mkdir -p '/etc/systemd/journald.conf.d' && echo -e "[Journal]\nStorage=volatile\nSystemMaxUse=50M\nRuntimeMaxUse=50M" | sudo tee '/etc/systemd/journald.conf.d/logging.conf' > '/dev/null' && cat '/etc/systemd/journald.conf.d/logging.conf'
 +
 +===== TRIM =====
 +
 +==== Swap ====
 +
 +  * Add ''discard'' after ''defaults'' for the ''swap'' mountpoint ((defaults,discard))
 +  * According to the ''swapon'' man page, setting this in ''fstab'' is acceptable
 +
 +  sudo -e '/etc/fstab'
 +
 +  ,discard
 +
 +==== Service ====
 +
 +****
 +
 +  sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l
 +
 +====== Automatic Updates ======
 +
 +===== Service =====
 +
 +  sudo -e '/etc/systemd/system/suse-up.service'
 +
 +<code>
 +[Service]
 +Type=oneshot
 +ExecStartPre='/usr/bin/zypper' clean --all
 +ExecStart='/usr/bin/zypper' --non-interactive refresh --force --services
 +ExecStart='/usr/bin/zypper' --non-interactive dup --auto-agree-with-licenses
 +ExecStartPost='/usr/bin/sync'
 +ExecStartPost='/usr/bin/systemctl' reboot</code>
 +
 +===== Timer =====
 +
 +  * 06:10 Kraityn
 +  * 06:20 Alira
 +
 +  sudo -e '/etc/systemd/system/suse-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'suse-up.timer' --now
 +
 +<code>
 +[Unit]
 +Description=Software Package Maintenance and Updater
 +After=network-online.target
 +Wants=network-online.target
 +
 +[Timer]
 +OnCalendar=*-*-* 06:10:00
 +Persistent=true
 +
 +[Install]
 +WantedBy=timers.target</code>
 +
 +====== External Backup ======
 +
 +===== fstab =====
 +
 +  * Expects a drive of some kind with a XFS partition at ''/dev/sdb1''
 +
 +  sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab'
 +
 +<code>
 +# USB
 +/dev/sdb1 /mnt/USB xfs rw,relatime,attr2,inode64,noquota 0 2</code>
 +
 +  sudo mount '/dev/sdb1'
 +
 +===== Service =====
 +
 +  sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'
 +
 +<code>
 +[Service]
 +Type=oneshot
 +ExecStartPre='/usr/bin/sync'
 +ExecStart='/usr/bin/rsync' -r '/home/CHANGEME/backups' '/mnt/USB' --verbose --ignore-existing
 +ExecStartPost='/usr/bin/sync'</code>
 +
 +===== Timer =====
 +
 +  sudo -e '/etc/systemd/system/backup-external.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'backup-external.timer' --now
 +
 +<code>
 +[Unit]
 +Description=Backup Backups to External Device
 +
 +[Timer]
 +OnCalendar=*-*-* 07:00:00
 +Persistent=true
 +
 +[Install]
 +WantedBy=timers.target</code>
 +
 +====== Notable Folders and Commands ======
 +
 +===== Zypper Repos =====
 +
 +==== Folder ====
 +
 +****
 +
 +  ls '/etc/zypp/repos.d'
 +
 +==== List ====
 +
 +****
 +
 +  zypper lr -p
 +
 +===== GPG Keys =====
 +
 +==== Check Keys ====
 +
 +****
 +
 +  rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
 +
 +==== Remove Keys ====
 +
 +****
 +
 +  sudo rpm -e x
 +
 +===== fstrim =====
 +
 +****
 +
 +  sudo fstrim -v --all
 +
 +===== Show CPU Frequency =====
 +
 +  grep 'MHz' '/proc/cpuinfo'
 +
 +  watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo'
 +
 +===== Partition Information =====
 +
 +****
 +
 +  df -hT
 +
 +===== Encryption Information =====
 +
 +****
 +
 +  sudo cryptsetup -v status '/dev/dm-0'
 +
 +===== Hyper-threading Information =====
 +
 +****
 +
 +  grep -e "processor" -e "core id" -e "^$" /proc/cpuinfo
 +
 +===== Optimal GCC compiler flags =====
 +
 +****
 +
 +  gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;'
 +
 +====== Privacy ======
 +
 +===== Clear Terminal History =====
 +
 +****
 +
 +  history -cw
 +
 +===== Create 7z Password Archive =====
 +
 +  * Change ''x'' in ''x.7z'' to the desired archive name
 +  * Change ''CHANGEME'' in ''-pCHANGEME'' to the desired password
 +
 +  7za a 'x.7z' -p'CHANGEME'
/var/www/wiki/data/pages/distros/opensuse_tumbleweed_server.txt · Last modified: 2024/01/02 09:45 by Sean Rhone