• openSUSE ¹⁾
• Tumbleweed ²⁾
• Server

• http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso

http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso

• http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso.mirrorlist

• EFI/opensuse/grubx64.efi ³⁾
• XFS, no separate /home, separate swap partition enlarged to RAM for suspend

• https://github.com/StevenBlack/hosts/
• Using Unified hosts + fakenews + gambling

sudo wget -O '/etc/hosts' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sync

cat '/etc/hosts' | grep 'Date:'

sudo -e '/etc/hosts'

• http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/

• Repository Priority: 98
• Provides extended multimedia support
• TODO: Doubt this is needed on a server…

sudo rpm --import 'http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/repodata/repomd.xml.key' && sudo zypper addrepo --check --gpgcheck-strict --refresh --priority '98' --name 'Packman Essentials repository (openSUSE_Tumbleweed)' 'http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials' 'packman-essentials'

• http://download.opensuse.org/tumbleweed/repo/

sudo zypper modifyrepo --disable --medium-type 'hd'

sudo zypper clean --all && sudo zypper refresh --force --services && sudo zypper dist-upgrade --details --allow-downgrade --allow-name-change --allow-arch-change --allow-vendor-change && sync

sudo fwupdmgr refresh && sudo fwupdmgr update --verbose

• Installs nano
• Sets VISUAL and EDITOR to nano via environment variable
• Sets nowrap for current user

sudo zypper install 'nano' && export 'VISUAL=nano' && export 'EDITOR=nano' && echo -e 'export VISUAL=nano\nexport EDITOR=nano' | sudo tee '/etc/profile.d/editor-nano.sh' > '/dev/null' && cat '/etc/profile.d/editor-nano.sh' && mkdir -p ~/'.config/nano' && echo 'set nowrap' | tee ~/'.config/nano/nanorc' > '/dev/null' && cat ~/'.config/nano/nanorc'

sudo zypper install p7zip unar aria2 hdparm nano htop wget irqbalance

• https://keybase.io
• TODO: Figure out how to do automated bcakups to KBFS

keybase

• https://blog.uncensoreddns.org/

89.233.43.71,91.239.100.100

2a01:3a0:53:53::,2001:67c:28a4::

• https://wiki.opennic.org/start#anycast_tier_2_dns_resolvers

185.121.177.177,169.239.202.202

2a05:dfc7:5::53,2a05:dfc7:5::5353

• See Kernel Parameters for other options

scsi_mod.use_blk_mq=y dm_mod.use_blk_mq=y

• efi is for UEFI systems
• pci is for Legacy systems and Coreboot with SeaBIOS payload
• There are other values possible should either of those not work

reboot=pci

reboot=efi

pcie_aspm=force

• iTCO_wdt controls watchdog on some Intel platforms
• sp5100_tco controls watchdog on some AMD platforms
• nowatchdog disables both soft and hard generic watchdogs
• Apparently this reduces power usage slightly

modprobe.blacklist=iTCO_wdt,sp5100_tco nowatchdog

• Change x to computer name

sudo hostnamectl set-hostname 'x'

• Run after initial install
• TODO: Might not be needed with CLI Keybase

run_keybase

• Enables kernel.dmesg_restrict, kernel.kptr_restrict, and kernel.sysrq
• Sets vm.swappiness to 10

echo -e "kernel.dmesg_restrict = 1\nkernel.kptr_restrict = 1\nkernel.sysrq = 1\nvm.swappiness = 10" | sudo tee '/etc/sysctl.d/99-custom.conf' > '/dev/null' && cat '/etc/sysctl.d/99-custom.conf'

cat '/sys/fs/cgroup/memory/memory.swappiness'

• See Secure Shell

• Log data is stored in volatile storage
• Max log file sizes of 50MB

sudo mkdir -p '/etc/systemd/journald.conf.d' && echo -e "[Journal]\nStorage=volatile\nSystemMaxUse=50M\nRuntimeMaxUse=50M" | sudo tee '/etc/systemd/journald.conf.d/logging.conf' > '/dev/null' && cat '/etc/systemd/journald.conf.d/logging.conf'

• Add discard after defaults for the swap mountpoint ⁴⁾
• According to the swapon man page, setting this in fstab is acceptable

sudo -e '/etc/fstab'

,discard

sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l

sudo -e '/etc/systemd/system/suse-up.service'

[Service]
Type=oneshot
ExecStartPre='/usr/bin/zypper' clean --all
ExecStart='/usr/bin/zypper' --non-interactive refresh --force --services
ExecStart='/usr/bin/zypper' --non-interactive dup --auto-agree-with-licenses
ExecStartPost='/usr/bin/sync'
ExecStartPost='/usr/bin/systemctl' reboot

• 06:10 Kraityn
• 06:20 Alira

sudo -e '/etc/systemd/system/suse-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'suse-up.timer' --now

[Unit]
Description=Software Package Maintenance and Updater
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=*-*-* 06:10:00
Persistent=true

[Install]
WantedBy=timers.target

• Expects a drive of some kind with a XFS partition at /dev/sdb1

sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab'

# USB
/dev/sdb1 /mnt/USB xfs rw,relatime,attr2,inode64,noquota 0 2

sudo mount '/dev/sdb1'

sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'

[Service]
Type=oneshot
ExecStartPre='/usr/bin/sync'
ExecStart='/usr/bin/rsync' -r '/home/CHANGEME/backups' '/mnt/USB' --verbose --ignore-existing
ExecStartPost='/usr/bin/sync'

sudo -e '/etc/systemd/system/backup-external.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'backup-external.timer' --now

[Unit]
Description=Backup Backups to External Device

[Timer]
OnCalendar=*-*-* 07:00:00
Persistent=true

[Install]
WantedBy=timers.target

ls '/etc/zypp/repos.d'

zypper lr -p

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

sudo rpm -e x

sudo fstrim -v --all

grep 'MHz' '/proc/cpuinfo'

watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo'

df -hT

sudo cryptsetup -v status '/dev/dm-0'

grep -e "processor" -e "core id" -e "^$" /proc/cpuinfo

gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;'

history -cw

• Change x in x.7z to the desired archive name
• Change CHANGEME in -pCHANGEME to the desired password

7za a 'x.7z' -p'CHANGEME'