• openSUSE ¹⁾
• Tumbleweed ²⁾
• Server

• http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso

http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso

• http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso.mirrorlist

• EFI/opensuse/grubx64.efi ³⁾
• XFS, no separate /home, separate swap partition enlarged to RAM for suspend

• https://github.com/StevenBlack/hosts/
• Using Unified hosts + fakenews + gambling

sudo wget -O '/etc/hosts' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sync

cat '/etc/hosts' | grep 'Date:'

sudo -e '/etc/hosts'

• http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/

• Repository Priority: 98
• Provides extended multimedia support
• TODO: Doubt this is needed on a server…

sudo rpm --import 'http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/repodata/repomd.xml.key' && sudo zypper addrepo --check --gpgcheck-strict --refresh --priority '98' --name 'Packman Essentials repository (openSUSE_Tumbleweed)' 'http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials' 'packman-essentials'

• http://download.opensuse.org/tumbleweed/repo/

sudo zypper modifyrepo --disable --medium-type 'hd'

sudo zypper clean --all && sudo zypper refresh --force --services && sudo zypper dist-upgrade --details --allow-downgrade --allow-name-change --allow-arch-change --allow-vendor-change && sync

sudo fwupdmgr refresh && sudo fwupdmgr update --verbose

• Installs nano
• Sets VISUAL and EDITOR to nano via environment variable
• Sets nowrap for current user

sudo zypper install 'nano' && export 'VISUAL=nano' && export 'EDITOR=nano' && echo -e 'export VISUAL=nano\nexport EDITOR=nano' | sudo tee '/etc/profile.d/editor-nano.sh' > '/dev/null' && cat '/etc/profile.d/editor-nano.sh' && mkdir -p ~/'.config/nano' && echo 'set nowrap' | tee ~/'.config/nano/nanorc' > '/dev/null' && cat ~/'.config/nano/nanorc'

sudo zypper install p7zip unar aria2 hdparm nano htop wget irqbalance

• https://keybase.io
• TODO: Figure out how to do automated bcakups to KBFS

keybase

• https://blog.uncensoreddns.org/

89.233.43.71,91.239.100.100

2a01:3a0:53:53::,2001:67c:28a4::

• https://wiki.opennic.org/start#anycast_tier_2_dns_resolvers

185.121.177.177,169.239.202.202

2a05:dfc7:5::53,2a05:dfc7:5::5353

• See Kernel Parameters for other options

scsi_mod.use_blk_mq=y dm_mod.use_blk_mq=y

• efi is for UEFI systems
• pci is for Legacy systems and Coreboot with SeaBIOS payload
• There are other values possible should either of those not work

reboot=pci

reboot=efi

pcie_aspm=force

• iTCO_wdt controls watchdog on some Intel platforms
• sp5100_tco controls watchdog on some AMD platforms
• nowatchdog disables both soft and hard generic watchdogs
• Apparently this reduces power usage slightly

modprobe.blacklist=iTCO_wdt,sp5100_tco nowatchdog

• Change x to computer name

sudo hostnamectl set-hostname 'x'

• Run after initial install
• TODO: Might not be needed with CLI Keybase

run_keybase

• Enables kernel.dmesg_restrict, kernel.kptr_restrict, and kernel.sysrq
• Sets vm.swappiness to 10

echo -e "kernel.dmesg_restrict = 1\nkernel.kptr_restrict = 1\nkernel.sysrq = 1\nvm.swappiness = 10" | sudo tee '/etc/sysctl.d/99-custom.conf' > '/dev/null' && cat '/etc/sysctl.d/99-custom.conf'

cat '/sys/fs/cgroup/memory/memory.swappiness'

• See Secure Shell

• Log data is stored in volatile storage
• Max log file sizes of 50MB

sudo mkdir -p '/etc/systemd/journald.conf.d' && echo -e "[Journal]\nStorage=volatile\nSystemMaxUse=50M\nRuntimeMaxUse=50M" | sudo tee '/etc/systemd/journald.conf.d/logging.conf' > '/dev/null' && cat '/etc/systemd/journald.conf.d/logging.conf'

• Add discard after defaults for the swap mountpoint ⁴⁾
• According to the swapon man page, setting this in fstab is acceptable

sudo -e '/etc/fstab'

,discard

sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l

sudo -e '/etc/systemd/system/suse-up.service'

[Service]
Type=oneshot
ExecStartPre='/usr/bin/zypper' clean --all
ExecStart='/usr/bin/zypper' --non-interactive refresh --force --services
ExecStart='/usr/bin/zypper' --non-interactive dup --auto-agree-with-licenses
ExecStartPost='/usr/bin/sync'
ExecStartPost='/usr/bin/systemctl' reboot

• 06:10 Kraityn
• 06:20 Alira

sudo -e '/etc/systemd/system/suse-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'suse-up.timer' --now

[Unit]
Description=Software Package Maintenance and Updater
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=*-*-* 06:10:00
Persistent=true

[Install]
WantedBy=timers.target

• Expects a drive of some kind with a XFS partition at /dev/sdb1

sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab'

# USB
/dev/sdb1 /mnt/USB xfs rw,relatime,attr2,inode64,noquota 0 2

sudo mount '/dev/sdb1'

sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'

[Service]
Type=oneshot
ExecStartPre='/usr/bin/sync'
ExecStart='/usr/bin/rsync' -r '/home/CHANGEME/backups' '/mnt/USB' --verbose --ignore-existing
ExecStartPost='/usr/bin/sync'

sudo -e '/etc/systemd/system/backup-external.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'backup-external.timer' --now

[Unit]
Description=Backup Backups to External Device

[Timer]
OnCalendar=*-*-* 07:00:00
Persistent=true

[Install]
WantedBy=timers.target

zypper packages --orphaned

sudo zypper remove --clean-deps 'x'

sudo zypper patterns --installed-only

ls '/etc/zypp/repos.d'

zypper repos --priority

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

sudo rpm -e x

sudo fstrim -v --all

grep 'MHz' '/proc/cpuinfo'

watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo'

openssl ciphers -v | awk '{print $2}' | sort | uniq

• Both commands do the same things

df -hT

df --human-readable --print-type

sudo cryptsetup -v status '/dev/dm-0'

• All hdparm commands below assume actions to be performed on /dev/sda

sudo zypper install 'hdparm' && sync

sudo hdparm -I '/dev/sda'

systemctl suspend

sudo blkdiscard --verbose '/dev/sda'

sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sda' && sync

sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase 'x' '/dev/sda' && sync

• NVMe Erase from the start page lands here and I usually use a Ubuntu LiveUSB to do this, hence the apt command

sudo apt install 'nvme-cli' -y && sync

sudo zypper install 'nvme-cli' -y && sync

sudo nvme format '/dev/nvme0' --reset --ses='1' --pil='0' --pi='0' --ms='0' && sync

• Could potentially cause a firmware brick or other issues with improper EFI implementations, use at own risk ⁵⁾
• Safer way is to use efibootmgr to remove boot entries individually

sudo rm -f '/sys/firmware/efi/efivars/'* || sync && sudo efibootmgr -v

sudo mdadm --detail-platform

• Came from old notes; I assume this worked at some point, but in any case, the syntax looks nice :p

sudo mdadm --create '/dev/md0' --name='RAID' --level='0' --raid-devices='3' '/dev/sda' '/dev/sdb' '/dev/sdc' --verbose

grep -e "processor" -e "core id" -e "^$" /proc/cpuinfo

gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;'

sudo firewall-cmd --list-all

sudo firewall-cmd --get-service

sudo firewall-cmd --reload

• Add --permanent as-needed to allow the rule to persist

sudo firewall-cmd --add-service=x

sudo firewall-cmd --remove-service=x

• Add --permanent as-needed to allow the rule to persist
• Change tcp to udp as-needed

sudo firewall-cmd --add-port=x/tcp

sudo firewall-cmd --remove-port=x/tcp

history -cw

• Change 7ZIPNAME in 7ZIPNAME.7z to the desired archive name
• Change PASS in -pPASS to the desired password
• Change x to the file or folder to add to the archive

7za a '7ZIPNAME.7z' -p'PASS' 'x'

7za a 'x.7z' -p'x' 'x'