Differences

This shows you the differences between two versions of the page.

--- distros:opensuse_tumbleweed_server [2019/05/28 08:48] – Sean Rhone
+++ distros:opensuse_tumbleweed_server [2024/08/13 16:59] (current) – removed Sean Rhone
@@ Line 1: / Line 1: @@
-====== Information ======
-  * openSUSE ((https://www.opensuse.org))
-  * Tumbleweed ((https://en.opensuse.org/Portal:Tumbleweed))
-  * Server
-====== Download ======
-===== DVD-x86_64-Current.iso =====
-  * http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso
-  http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso
-===== Hashes =====
-  * http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso.mirrorlist
-====== Installation Notes ======
-  * ''EFI/opensuse/grubx64.efi'' ((EFI file to boot and in the case of Acer laptops, add to SecureBoot trust; doesn't matter if SecureBoot is enabled or not))
-  * XFS, no separate ''/home'', separate ''swap'' partition enlarged to RAM for suspend
-====== HOSTS ======
-  * https://github.com/StevenBlack/hosts/
-  * Using ''Unified hosts + fakenews + gambling''
-  sudo wget -O '/etc/hosts' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sync
-  cat '/etc/hosts' | grep 'Date:'
-  sudo -e '/etc/hosts'
-====== Repositories ======
-===== PackMan Essentials =====
-  * http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/
-  * Repository Priority: 98
-  * Provides extended multimedia support
-  * :!: TODO: Doubt this is needed on a server...
-  sudo rpm --import 'http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/repodata/repomd.xml.key' && sudo zypper addrepo --check --gpgcheck-strict --refresh --priority '98' --name 'Packman Essentials repository (openSUSE_Tumbleweed)' 'http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials' 'packman-essentials'
-====== Software ======
-===== List =====
-  * http://download.opensuse.org/tumbleweed/repo/
-===== Disable USB Source =====
-****
-  sudo zypper modifyrepo --disable --medium-type 'hd'
-===== Update =====
-==== System ====
-****
-  sudo zypper clean --all && sudo zypper refresh --force --services && sudo zypper dist-upgrade --details --allow-downgrade --allow-name-change --allow-arch-change --allow-vendor-change && sync
-==== Firmware ====
-****
-  sudo fwupdmgr refresh && sudo fwupdmgr update --verbose
-===== GNU nano =====
-  * Installs ''nano''
-  * Sets ''VISUAL'' and ''EDITOR'' to ''nano'' via environment variable
-  * Sets ''nowrap'' for current user
-  sudo zypper install 'nano' && export 'VISUAL=nano' && export 'EDITOR=nano' && echo -e 'export VISUAL=nano\nexport EDITOR=nano' | sudo tee '/etc/profile.d/editor-nano.sh' > '/dev/null' && cat '/etc/profile.d/editor-nano.sh' && mkdir -p ~/'.config/nano' && echo 'set nowrap' | tee ~/'.config/nano/nanorc' > '/dev/null' && cat ~/'.config/nano/nanorc'
-===== General =====
-****
-  sudo zypper install p7zip unar aria2 hdparm nano htop wget irqbalance
-===== Keybase =====
-  * https://keybase.io
-  * :!: TODO: Figure out how to do automated bcakups to KBFS
-  keybase
-====== Settings ======
-===== Network =====
-==== DNS ====
-=== UncensoredDNS ===
-  * https://blog.uncensoreddns.org/
-.233.43.71,91.239.100.100
-a01:3a0:53:53::,2001:67c:28a4::
-=== OpenNIC Anycast ===
-  * https://wiki.opennic.org/start#anycast_tier_2_dns_resolvers
-.121.177.177,169.239.202.202
-a05:dfc7:5::53,2a05:dfc7:5::5353
-===== GRUB =====
-==== Other Parameters ====
-  * See [[notes:kernel_parameters|Kernel Parameters]] for other options
-==== blk_mq ====
-****
-  scsi_mod.use_blk_mq=y dm_mod.use_blk_mq=y
-==== Reboot ====
-  * ''efi'' is for UEFI systems
-  * ''pci'' is for Legacy systems and Coreboot with SeaBIOS payload
-  * There are other values possible should either of those not work
-  reboot=pci
-  reboot=efi
-==== PCIe ASPM ====
-****
-  pcie_aspm=force
-==== Blacklist Watchdogs ====
-  * ''iTCO_wdt'' controls watchdog on some Intel platforms
-  * ''sp5100_tco'' controls watchdog on some AMD platforms
-  * ''nowatchdog'' disables both soft and hard generic watchdogs
-  * Apparently this reduces power usage slightly
-  modprobe.blacklist=iTCO_wdt,sp5100_tco nowatchdog
-===== Hostname =====
-  * Change ''x'' to computer name
-  sudo hostnamectl set-hostname 'x'
-===== Keybase =====
-  * :!: Run after initial install
-  * :!: TODO: Might not be needed with CLI Keybase
-  run_keybase
-===== Kernel Options =====
-  * Enables ''kernel.dmesg_restrict'', ''kernel.kptr_restrict'', and ''kernel.sysrq''
-  * Sets ''vm.swappiness'' to ''10''
-  echo -e "kernel.dmesg_restrict = 1\nkernel.kptr_restrict = 1\nkernel.sysrq = 1\nvm.swappiness = 10" | sudo tee '/etc/sysctl.d/99-custom.conf' > '/dev/null' && cat '/etc/sysctl.d/99-custom.conf'
-  cat '/sys/fs/cgroup/memory/memory.swappiness'
-===== Secure Shell =====
-  * See [[Clients:Secure Shell]]
-===== systemd =====
-  * Log data is stored in volatile storage
-  * Max log file sizes of ''50MB''
-  sudo mkdir -p '/etc/systemd/journald.conf.d' && echo -e "[Journal]\nStorage=volatile\nSystemMaxUse=50M\nRuntimeMaxUse=50M" | sudo tee '/etc/systemd/journald.conf.d/logging.conf' > '/dev/null' && cat '/etc/systemd/journald.conf.d/logging.conf'
-===== TRIM =====
-==== Swap ====
-  * Add ''discard'' after ''defaults'' for the ''swap'' mountpoint ((defaults,discard))
-  * According to the ''swapon'' man page, setting this in ''fstab'' is acceptable
-  sudo -e '/etc/fstab'
-  ,discard
-==== Service ====
-****
-  sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l
-====== Automatic Updates ======
-===== Service =====
-  sudo -e '/etc/systemd/system/suse-up.service'
-<code>
-[Service]
-Type=oneshot
-ExecStartPre='/usr/bin/zypper' clean --all
-ExecStart='/usr/bin/zypper' --non-interactive refresh --force --services
-ExecStart='/usr/bin/zypper' --non-interactive dup --auto-agree-with-licenses
-ExecStartPost='/usr/bin/sync'
-ExecStartPost='/usr/bin/systemctl' reboot</code>
-===== Timer =====
-  * 06:10 Kraityn
-  * 06:20 Alira
-  sudo -e '/etc/systemd/system/suse-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'suse-up.timer' --now
-<code>
-[Unit]
-Description=Software Package Maintenance and Updater
-After=network-online.target
-Wants=network-online.target
-[Timer]
-OnCalendar=*-*-* 06:10:00
-Persistent=true
-[Install]
-WantedBy=timers.target</code>
-====== External Backup ======
-===== fstab =====
-  * Expects a drive of some kind with a XFS partition at ''/dev/sdb1''
-  sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab'
-<code>
-# USB
-/dev/sdb1 /mnt/USB xfs rw,relatime,attr2,inode64,noquota 0 2</code>
-  sudo mount '/dev/sdb1'
-===== Service =====
-  sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'
-<code>
-[Service]
-Type=oneshot
-ExecStartPre='/usr/bin/sync'
-ExecStart='/usr/bin/rsync' -r '/home/CHANGEME/backups' '/mnt/USB' --verbose --ignore-existing
-ExecStartPost='/usr/bin/sync'</code>
-===== Timer =====
-  sudo -e '/etc/systemd/system/backup-external.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'backup-external.timer' --now
-<code>
-[Unit]
-Description=Backup Backups to External Device
-[Timer]
-OnCalendar=*-*-* 07:00:00
-Persistent=true
-[Install]
-WantedBy=timers.target</code>
-====== Notable Folders and Commands ======
-===== Zypper =====
-==== Find Orphans ====
-****
-  zypper packages --orphaned
-==== Remove Package and Deps ====
-****
-  sudo zypper remove --clean-deps 'x'
-==== Show Installed Patterns ====
-****
-  sudo zypper patterns --installed-only
-==== Folder ====
-****
-  ls '/etc/zypp/repos.d'
-==== List ====
-****
-  zypper repos --priority
-===== GPG Keys =====
-==== Check Keys ====
-****
-  rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
-==== Remove Keys ====
-****
-  sudo rpm -e x
-===== fstrim =====
-****
-  sudo fstrim -v --all
-===== Show CPU Frequency =====
-  grep 'MHz' '/proc/cpuinfo'
-  watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo'
-===== OpenSSL Supported Ciphers =====
-****
-  openssl ciphers -v | awk '{print $2}' | sort | uniq
-===== Partition Information =====
-  * Both commands do the same things
-  df -hT
-  df --human-readable --print-type
-===== Encryption Information =====
-****
-  sudo cryptsetup -v status '/dev/dm-0'
-===== ATA Secure Erase =====
-  * :!: All ''hdparm'' commands below assume actions to be performed on ''/dev/sda''
-==== Preparation ====
-  sudo zypper install 'hdparm' && sync
-  sudo hdparm -I '/dev/sda'
-  systemctl suspend
-==== ATA Secure Erase ====
-<code>sudo blkdiscard --verbose '/dev/sda'</code>
-<code>sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sda' && sync</code>
-<code>sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase 'x' '/dev/sda' && sync</code>
-===== NVMe Erase =====
-  * NVMe Erase from the start page lands here and I usually use a Ubuntu LiveUSB to do this, hence the ''apt'' command
-  sudo apt install 'nvme-cli' -y && sync
-  sudo zypper install 'nvme-cli' -y && sync
-  sudo nvme format '/dev/nvme0' --reset --ses='1' --pil='0' --pi='0' --ms='0' && sync
-===== Clean EFI Variables =====
-  * :!: Could potentially cause a firmware brick or other issues with improper EFI implementations, use at own risk ((personally tested fine on several Acer and Dell computers))
-  * Safer way is to use ''efibootmgr'' to remove boot entries individually
-  sudo rm -f '/sys/firmware/efi/efivars/'* || sync && sudo efibootmgr -v
-===== RAID =====
-==== Controller Details ====
-****
-  sudo mdadm --detail-platform
-==== Create Software RAID ====
-  * :?: Came from old notes; I **assume** this worked at some point, but in any case, the syntax looks nice :p
-  sudo mdadm --create '/dev/md0' --name='RAID' --level='0' --raid-devices='3' '/dev/sda' '/dev/sdb' '/dev/sdc' --verbose
-===== Hyper-threading Information =====
-****
-  grep -e "processor" -e "core id" -e "^$" /proc/cpuinfo
-===== Optimal GCC compiler flags =====
-****
-  gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;'
-===== FirewallD =====
-==== List Active Rules ====
-****
-  sudo firewall-cmd --list-all
-==== List Available Services ====
-****
-  sudo firewall-cmd --get-service
-==== Reload ====
-****
-  sudo firewall-cmd --reload
-==== Add/Remove Service ====
-  * Add ''--permanent'' as-needed to allow the rule to persist
-  sudo firewall-cmd --add-service=x
-  sudo firewall-cmd --remove-service=x
-==== Add/Remove Port ====
-  * Add ''--permanent'' as-needed to allow the rule to persist
-  * Change ''tcp'' to ''udp'' as-needed
-  sudo firewall-cmd --add-port=x/tcp
-  sudo firewall-cmd --remove-port=x/tcp
-===== Privacy =====
-==== Clear Terminal History ====
-****
-  history -cw
-==== Create 7z Password Archive ====
-  * Change ''7ZIPNAME'' in ''7ZIPNAME.7z'' to the desired archive name
-  * Change ''PASS'' in ''-pPASS'' to the desired password
-  * Change ''x'' to the file or folder to add to the archive
-za a '7ZIPNAME.7z' -p'PASS' 'x'
-za a 'x.7z' -p'x' 'x'