Differences

This shows you the differences between two versions of the page.

--- distros:opensuse_tumbleweed_server [2019/05/28 08:46] – Sean Rhone
+++ distros:opensuse_tumbleweed_server [2023/09/12 15:10] – Sean Rhone
@@ Line 7: / Line 7: @@
 ====== Download ======
-===== DVD-x86_64-Current.iso =====
+  * http://download.opensuse.org/tumbleweed/iso/
-  * http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso
+===== DVD + Xfce Live =====
-  http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso
+  * Downloads the latest DVD and Xfce Live images
-===== Hashes =====
+  cd ~/'Downloads' && aria2c 'https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-XFCE-Live-x86_64-Current.iso' && aria2c 'http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso' && aria2c 'https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso.sha256' && sha256sum ~/'Downloads/openSUSE-Tumbleweed-DVD-x86_64-'*'-Media.iso' && cat ~/'Downloads/openSUSE-Tumbleweed-DVD-x86_64-'*'-Media.iso.sha256' && sync
-  * http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso.mirrorlist
+===== DVD =====
-====== Installation Notes ======
+  * ISO and SHA256 hash
-  * ''EFI/opensuse/grubx64.efi'' ((EFI file to boot and in the case of Acer laptops, add to SecureBoot trust; doesn't matter if SecureBoot is enabled or not))
+  http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso
-  * XFS, no separate ''/home'', separate ''swap'' partition enlarged to RAM for suspend
-====== HOSTS ======
+  https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso.sha256
-  * https://github.com/StevenBlack/hosts/
+===== Xfce =====
-  * Using ''Unified hosts + fakenews + gambling''
-  sudo wget -O '/etc/hosts' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sync
+  * For LiveUSB
-  cat '/etc/hosts' | grep 'Date:'
+  https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-XFCE-Live-x86_64-Current.iso
-  sudo -e '/etc/hosts'
+====== Installation Notes ======
-====== Repositories ======
+  * ''EFI/opensuse/grubx64.efi'' ((EFI file to boot and in the case of Acer laptops, add to SecureBoot trust; doesn't matter if SecureBoot is enabled or not))
-===== PackMan Essentials =====
-  * http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/
-  * Repository Priority: 98
+===== Partitioning =====
-  * Provides extended multimedia support
-  * :!: TODO: Doubt this is needed on a server...
-  sudo rpm --import 'http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/repodata/repomd.xml.key' && sudo zypper addrepo --check --gpgcheck-strict --refresh --priority '98' --name 'Packman Essentials repository (openSUSE_Tumbleweed)' 'http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials' 'packman-essentials'
+  - ext4
+  - No separate ''/home''
+  - Separate ''swap''
 ====== Software ======
@@ Line 58: / Line 52: @@
 ===== Update =====
-==== System ====
 ****
   sudo zypper clean --all && sudo zypper refresh --force --services && sudo zypper dist-upgrade --details --allow-downgrade --allow-name-change --allow-arch-change --allow-vendor-change && sync
-==== Firmware ====
-****
-  sudo fwupdmgr refresh && sudo fwupdmgr update --verbose
 ===== GNU nano =====
@@ Line 83: / Line 69: @@
 ****
-  sudo zypper install p7zip unar aria2 hdparm nano htop wget irqbalance
+  sudo zypper install android-tools aria2 binutils flashrom hdparm htop irqbalance nano openssl-1_1 p7zip-full sensors python3-smbios-utils unar wget
-===== Keybase =====
+===== Intel =====
-  * https://keybase.io
+****
-  * :!: TODO: Figure out how to do automated bcakups to KBFS
-  keybase
+  ucode-intel intel-media-driver
 ====== Settings ======
-===== Network =====
+===== Laptop Server =====
-==== DNS ====
+  * This tells ''systemd'' to ignore Lid close events and prevents system suspend
-=== UncensoredDNS ===
+  sudo mkdir -p '/etc/systemd/logind.conf.d' && echo -e "[Login]\nHandleLidSwitch=ignore" | sudo tee '/etc/systemd/logind.conf.d/99-laptop-server.conf' > '/dev/null'
-  * https://blog.uncensoreddns.org/
+  sudo -e '/etc/systemd/logind.conf.d/99-laptop-server.conf'
-.233.43.71,91.239.100.100
+===== Dell Fan Profile =====
-a01:3a0:53:53::,2001:67c:28a4::
+  * https://www.dell.com/support/kbdoc/en-us/000177768/guide-to-dell-power-manager
-=== OpenNIC Anycast ===
+  sudo smbios-thermal-ctl --set-thermal-mode='performance'
-  * https://wiki.opennic.org/start#anycast_tier_2_dns_resolvers
+===== Network =====
-.121.177.177,169.239.202.202
-a05:dfc7:5::53,2a05:dfc7:5::5353
-===== GRUB =====
-==== Other Parameters ====
-  * See [[notes:kernel_parameters|Kernel Parameters]] for other options
-==== blk_mq ====
 ****
-  scsi_mod.use_blk_mq=y dm_mod.use_blk_mq=y
+  sudo yast2 'lan'
-==== Reboot ====
+==== Hostname/DNS ====
-  * ''efi'' is for UEFI systems
+  * https://quad9.net/
-  * ''pci'' is for Legacy systems and Coreboot with SeaBIOS payload
+  * See [[notes:dns_servers|DNS servers]] for other DNS servers
-  * There are other values possible should either of those not work
-  reboot=pci
+  * Static Hostname: ''Computer name''
+  * Modify DNS Configuration: ''Use Custom Policy''
+  * Name Server 1: ''9.9.9.9''
+  * Name Server 2: ''149.112.112.112''
+  * Name Server 3: ''1.1.1.2''
-  reboot=efi
+==== Routing ====
-==== PCIe ASPM ====
+  * Destination: ''default''
+  * Gateway: ''192.168.1.1''
+  * Device: ''-''
-****
+===== lm_sensors =====
-  pcie_aspm=force
+  sudo sensors-detect --auto
-==== Blacklist Watchdogs ====
+  sudo -e '/etc/sysconfig/lm_sensors'
-  * ''iTCO_wdt'' controls watchdog on some Intel platforms
+===== Secure Shell =====
-  * ''sp5100_tco'' controls watchdog on some AMD platforms
-  * ''nowatchdog'' disables both soft and hard generic watchdogs
-  * Apparently this reduces power usage slightly
-  modprobe.blacklist=iTCO_wdt,sp5100_tco nowatchdog
+  * See [[clients:secure_shell#generate_ssh_keys|Client - Generate SSH Keys]] notes to generate/restore public key
-===== Hostname =====
+===== Drive Maintenance =====
-  * Change ''x'' to computer name
+==== Swap ====
-  sudo hostnamectl set-hostname 'x'
+  * Add ''discard'' after ''defaults'' for the ''swap'' mountpoint ((defaults,discard))
+  * According to the ''swapon'' man page, setting this in ''fstab'' is acceptable
-===== Keybase =====
+  sudo -e '/etc/fstab'
-  * :!: Run after initial install
+  ,discard=once
-  * :!: TODO: Might not be needed with CLI Keybase
-  run_keybase
+==== Trim ====
-===== Kernel Options =====
+****
-  * Enables ''kernel.dmesg_restrict'', ''kernel.kptr_restrict'', and ''kernel.sysrq''
+  sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l
-  * Sets ''vm.swappiness'' to ''10''
-  echo -e "kernel.dmesg_restrict = 1\nkernel.kptr_restrict = 1\nkernel.sysrq = 1\nvm.swappiness = 10" | sudo tee '/etc/sysctl.d/99-custom.conf' > '/dev/null' && cat '/etc/sysctl.d/99-custom.conf'
+==== XFS Scrub ====
-  cat '/sys/fs/cgroup/memory/memory.swappiness'
+  * [[https://wiki.archlinux.org/title/XFS#Online_Metadata_Checking_(scrub)|XFS - ArchWiki]]
-===== Secure Shell =====
+  sudo systemctl enable 'xfs_scrub_all.timer' --now && sudo systemctl start 'xfs_scrub_all' && sync && sudo systemctl status 'xfs_scrub_all' -l
-  * See [[Clients:Secure Shell]]
+===== UTC =====
-===== systemd =====
+  * [[https://wiki.archlinux.org/index.php/System_time#Time_standard|ArchWiki]]
+  * Set RTC to UTC
-  * Log data is stored in volatile storage
-  * Max log file sizes of ''50MB''
-  sudo mkdir -p '/etc/systemd/journald.conf.d' && echo -e "[Journal]\nStorage=volatile\nSystemMaxUse=50M\nRuntimeMaxUse=50M" | sudo tee '/etc/systemd/journald.conf.d/logging.conf' > '/dev/null' && cat '/etc/systemd/journald.conf.d/logging.conf'
-===== TRIM =====
-==== Swap ====
-  * Add ''discard'' after ''defaults'' for the ''swap'' mountpoint ((defaults,discard))
-  * According to the ''swapon'' man page, setting this in ''fstab'' is acceptable
-  sudo -e '/etc/fstab'
-  ,discard
+  sudo timedatectl set-local-rtc '0'
-==== Service ====
+==== Verify ====
 ****
-  sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l
+  timedatectl | grep local
 ====== Automatic Updates ======
@@ Line 212: / Line 173: @@
 ExecStartPre='/usr/bin/zypper' clean --all
 ExecStart='/usr/bin/zypper' --non-interactive refresh --force --services
-ExecStart='/usr/bin/zypper' --non-interactive dup --auto-agree-with-licenses
+ExecStart='/usr/bin/zypper' --non-interactive dist-upgrade --auto-agree-with-licenses --allow-downgrade --allow-name-change --allow-arch-change --allow-vendor-change
 ExecStartPost='/usr/bin/sync'
 ExecStartPost='/usr/bin/systemctl' reboot</code>
@@ Line 218: / Line 179: @@
 ===== Timer =====
-  * 06:10 Kraityn
+  * 06:00 Oak
-  * 06:20 Alira
+  * 06:10 Alira
   sudo -e '/etc/systemd/system/suse-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'suse-up.timer' --now
@@ Line 230: / Line 191: @@
 [Timer]
-OnCalendar=*-*-* 06:10:00
+OnCalendar=*-*-* 06:00:00
-Persistent=true
-[Install]
-WantedBy=timers.target</code>
-====== External Backup ======
-===== fstab =====
-  * Expects a drive of some kind with a XFS partition at ''/dev/sdb1''
-  sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab'
-<code>
-# USB
-/dev/sdb1 /mnt/USB xfs rw,relatime,attr2,inode64,noquota 0 2</code>
-  sudo mount '/dev/sdb1'
-===== Service =====
-  sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'
-<code>
-[Service]
-Type=oneshot
-ExecStartPre='/usr/bin/sync'
-ExecStart='/usr/bin/rsync' -r '/home/CHANGEME/backups' '/mnt/USB' --verbose --ignore-existing
-ExecStartPost='/usr/bin/sync'</code>
-===== Timer =====
-  sudo -e '/etc/systemd/system/backup-external.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'backup-external.timer' --now
-<code>
-[Unit]
-Description=Backup Backups to External Device
-[Timer]
-OnCalendar=*-*-* 07:00:00
 Persistent=true
@@ Line 278: / Line 199: @@
 ====== Notable Folders and Commands ======
-===== Zypper =====
+  * See [[notes:misc_linux]]
-==== Find Orphans ====
-****
-  zypper packages --orphaned
-==== Remove Package and Deps ====
-****
-  sudo zypper remove --clean-deps 'x'
-==== Show Installed Patterns ====
-****
-  sudo zypper patterns --installed-only
-==== Folder ====
-****
-  ls '/etc/zypp/repos.d'
-==== List ====
-****
-  zypper repos --priority
-===== GPG Keys =====
-==== Check Keys ====
-****
-  rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
-==== Remove Keys ====
-****
-  sudo rpm -e x
-===== fstrim =====
-****
-  sudo fstrim -v --all
-===== Show CPU Frequency =====
-  grep 'MHz' '/proc/cpuinfo'
-  watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo'
-===== OpenSSL Supported Ciphers =====
-****
-  openssl ciphers -v | awk '{print $2}' | sort | uniq
-===== Partition Information =====
-  * Both commands do the same things
-  df -hT
-  df --human-readable --print-type
-===== Encryption Information =====
-****
-  sudo cryptsetup -v status '/dev/dm-0'
-===== ATA Secure Erase =====
-  * :!: All ''hdparm'' commands below assume actions to be performed on ''/dev/sda''
-==== Preparation ====
-  sudo zypper install 'hdparm' && sync
-  sudo hdparm -I '/dev/sda'
-  systemctl suspend
-==== ATA Secure Erase ====
-<code>sudo blkdiscard --verbose '/dev/sda'</code>
-<code>sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sda' && sync</code>
-<code>sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase 'x' '/dev/sda' && sync</code>
-===== NVMe Erase =====
-  * NVMe Erase from the start page lands here and I usually use a Ubuntu LiveUSB to do this, hence the ''apt'' command
-  sudo apt install 'nvme-cli' -y && sync
-  sudo zypper install 'nvme-cli' -y && sync
-  sudo nvme format '/dev/nvme0' --reset --ses='1' --pil='0' --pi='0' --ms='0' && sync
-===== Clean EFI Variables =====
-  * :!: Could potentially cause a firmware brick or other issues with improper EFI implementations, use at own risk ((personally tested fine on several Acer and Dell computers))
-  * Safer way is to use ''efibootmgr'' to remove boot entries individually
-  sudo rm -f '/sys/firmware/efi/efivars/'* || sync && sudo efibootmgr -v
-===== RAID =====
-==== Controller Details ====
-****
-  sudo mdadm --detail-platform
-==== Create Software RAID ====
-  * :?: Came from old notes; I **assume** this worked at some point, but in any case, the syntax looks nice :p
-  sudo mdadm --create '/dev/md0' --name='RAID' --level='0' --raid-devices='3' '/dev/sda' '/dev/sdb' '/dev/sdc' --verbose
-===== Hyper-threading Information =====
-****
-  grep -e "processor" -e "core id" -e "^$" /proc/cpuinfo
-===== Optimal GCC compiler flags =====
-****
-  gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;'
-===== FirewallD =====
-==== List Active Rules ====
-****
-  sudo firewall-cmd --list-all
-==== List Available Services ====
-****
-  sudo firewall-cmd --get-service
-==== Reload ====
-****
-  sudo firewall-cmd --reload
-==== Add/Remove Service ====
-  * Add ''--permanent'' as-needed to allow the rule to persist
-  sudo firewall-cmd --add-service=x
-  sudo firewall-cmd --remove-service=x
-==== Add/Remove Port ====
-  * Add ''--permanent'' as-needed to allow the rule to persist
-  * Change ''tcp'' to ''udp'' as-needed
-  sudo firewall-cmd --add-port=x/tcp
-  sudo firewall-cmd --remove-port=x/tcp
-====== Privacy ======
-===== Clear Terminal History =====
-****
-  history -cw
-===== Create 7z Password Archive =====
-  * Change ''7ZIPNAME'' in ''7ZIPNAME.7z'' to the desired archive name
-  * Change ''PASS'' in ''-pPASS'' to the desired password
-  * Change ''x'' to the file or folder to add to the archive
-za a '7ZIPNAME.7z' -p'PASS' 'x'
-za a 'x.7z' -p'x' 'x'