distros:opensuse_tumbleweed_server
This is an old revision of the document!
Table of Contents
Information
Download
DVD-x86_64-Current.iso
http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso
Hashes
Installation Notes
EFI/opensuse/grubx64.efi
3)- XFS, no separate
/home
, separateswap
partition enlarged to RAM for suspend
HOSTS
- Using
Unified hosts + fakenews + gambling
sudo wget -O '/etc/hosts' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sync
cat '/etc/hosts' | grep 'Date:'
sudo -e '/etc/hosts'
Repositories
PackMan Essentials
- Repository Priority: 98
- Provides extended multimedia support
- TODO: Doubt this is needed on a server…
sudo rpm --import 'http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/repodata/repomd.xml.key' && sudo zypper addrepo --check --gpgcheck-strict --refresh --priority '98' --name 'Packman Essentials repository (openSUSE_Tumbleweed)' 'http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials' 'packman-essentials'
Software
List
Disable USB Source
sudo zypper modifyrepo --disable --medium-type 'hd'
Update
System
sudo zypper clean --all && sudo zypper refresh --force --services && sudo zypper dist-upgrade --details --allow-downgrade --allow-name-change --allow-arch-change --allow-vendor-change && sync
Firmware
sudo fwupdmgr refresh && sudo fwupdmgr update --verbose
GNU nano
- Installs
nano
- Sets
VISUAL
andEDITOR
tonano
via environment variable - Sets
nowrap
for current user
sudo zypper install 'nano' && export 'VISUAL=nano' && export 'EDITOR=nano' && echo -e 'export VISUAL=nano\nexport EDITOR=nano' | sudo tee '/etc/profile.d/editor-nano.sh' > '/dev/null' && cat '/etc/profile.d/editor-nano.sh' && mkdir -p ~/'.config/nano' && echo 'set nowrap' | tee ~/'.config/nano/nanorc' > '/dev/null' && cat ~/'.config/nano/nanorc'
General
sudo zypper install p7zip unar aria2 hdparm nano htop wget irqbalance
Keybase
- TODO: Figure out how to do automated bcakups to KBFS
keybase
Settings
Network
DNS
UncensoredDNS
OpenNIC Anycast
185.121.177.177,169.239.202.202
2a05:dfc7:5::53,2a05:dfc7:5::5353
GRUB
Other Parameters
- See Kernel Parameters for other options
blk_mq
scsi_mod.use_blk_mq=y dm_mod.use_blk_mq=y
Reboot
efi
is for UEFI systemspci
is for Legacy systems and Coreboot with SeaBIOS payload- There are other values possible should either of those not work
reboot=pci
reboot=efi
PCIe ASPM
pcie_aspm=force
Blacklist Watchdogs
iTCO_wdt
controls watchdog on some Intel platformssp5100_tco
controls watchdog on some AMD platformsnowatchdog
disables both soft and hard generic watchdogs- Apparently this reduces power usage slightly
modprobe.blacklist=iTCO_wdt,sp5100_tco nowatchdog
Hostname
- Change
x
to computer name
sudo hostnamectl set-hostname 'x'
Keybase
- Run after initial install
- TODO: Might not be needed with CLI Keybase
run_keybase
Kernel Options
- Enables
kernel.dmesg_restrict
,kernel.kptr_restrict
, andkernel.sysrq
- Sets
vm.swappiness
to10
echo -e "kernel.dmesg_restrict = 1\nkernel.kptr_restrict = 1\nkernel.sysrq = 1\nvm.swappiness = 10" | sudo tee '/etc/sysctl.d/99-custom.conf' > '/dev/null' && cat '/etc/sysctl.d/99-custom.conf'
cat '/sys/fs/cgroup/memory/memory.swappiness'
Secure Shell
- See Secure Shell
systemd
- Log data is stored in volatile storage
- Max log file sizes of
50MB
sudo mkdir -p '/etc/systemd/journald.conf.d' && echo -e "[Journal]\nStorage=volatile\nSystemMaxUse=50M\nRuntimeMaxUse=50M" | sudo tee '/etc/systemd/journald.conf.d/logging.conf' > '/dev/null' && cat '/etc/systemd/journald.conf.d/logging.conf'
TRIM
Swap
- According to the
swapon
man page, setting this infstab
is acceptable
sudo -e '/etc/fstab'
,discard
Service
sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l
Automatic Updates
Service
sudo -e '/etc/systemd/system/suse-up.service'
[Service] Type=oneshot ExecStartPre='/usr/bin/zypper' clean --all ExecStart='/usr/bin/zypper' --non-interactive refresh --force --services ExecStart='/usr/bin/zypper' --non-interactive dup --auto-agree-with-licenses ExecStartPost='/usr/bin/sync' ExecStartPost='/usr/bin/systemctl' reboot
Timer
- 06:10 Kraityn
- 06:20 Alira
sudo -e '/etc/systemd/system/suse-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'suse-up.timer' --now
[Unit] Description=Software Package Maintenance and Updater After=network-online.target Wants=network-online.target [Timer] OnCalendar=*-*-* 06:10:00 Persistent=true [Install] WantedBy=timers.target
External Backup
fstab
- Expects a drive of some kind with a XFS partition at
/dev/sdb1
sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab'
# USB /dev/sdb1 /mnt/USB xfs rw,relatime,attr2,inode64,noquota 0 2
sudo mount '/dev/sdb1'
Service
sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'
[Service] Type=oneshot ExecStartPre='/usr/bin/sync' ExecStart='/usr/bin/rsync' -r '/home/CHANGEME/backups' '/mnt/USB' --verbose --ignore-existing ExecStartPost='/usr/bin/sync'
Timer
sudo -e '/etc/systemd/system/backup-external.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'backup-external.timer' --now
[Unit] Description=Backup Backups to External Device [Timer] OnCalendar=*-*-* 07:00:00 Persistent=true [Install] WantedBy=timers.target
Notable Folders and Commands
Zypper Repos
Folder
ls '/etc/zypp/repos.d'
List
zypper lr -p
GPG Keys
Check Keys
rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
Remove Keys
sudo rpm -e x
fstrim
sudo fstrim -v --all
Show CPU Frequency
grep 'MHz' '/proc/cpuinfo'
watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo'
Partition Information
df -hT
Encryption Information
sudo cryptsetup -v status '/dev/dm-0'
Hyper-threading Information
grep -e "processor" -e "core id" -e "^$" /proc/cpuinfo
Optimal GCC compiler flags
gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;'
Privacy
Clear Terminal History
history -cw
Create 7z Password Archive
- Change
x
inx.7z
to the desired archive name - Change
CHANGEME
in-pCHANGEME
to the desired password
7za a 'x.7z' -p'CHANGEME'
/var/www/wiki/data/attic/distros/opensuse_tumbleweed_server.1559047330.txt.gz · Last modified: 2019/05/28 08:42 by Sean Rhone