User Tools

Site Tools


distros:opensuse_tumbleweed_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
distros:opensuse_tumbleweed_server [2019/05/28 08:48] Sean Rhonedistros:opensuse_tumbleweed_server [2024/08/13 16:59] (current) – removed Sean Rhone
Line 1: Line 1:
-====== Information ====== 
  
-  * openSUSE ((https://www.opensuse.org)) 
-  * Tumbleweed ((https://en.opensuse.org/Portal:Tumbleweed)) 
-  * Server 
- 
-====== Download ====== 
- 
-===== DVD-x86_64-Current.iso ===== 
- 
-  * http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso 
- 
-  http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso 
- 
-===== Hashes ===== 
- 
-  * http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso.mirrorlist 
- 
-====== Installation Notes ====== 
- 
-  * ''EFI/opensuse/grubx64.efi'' ((EFI file to boot and in the case of Acer laptops, add to SecureBoot trust; doesn't matter if SecureBoot is enabled or not)) 
-  * XFS, no separate ''/home'', separate ''swap'' partition enlarged to RAM for suspend 
- 
-====== HOSTS ====== 
- 
-  * https://github.com/StevenBlack/hosts/ 
-  * Using ''Unified hosts + fakenews + gambling'' 
- 
-  sudo wget -O '/etc/hosts' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sync 
- 
-  cat '/etc/hosts' | grep 'Date:' 
- 
-  sudo -e '/etc/hosts' 
- 
-====== Repositories ====== 
- 
-===== PackMan Essentials ===== 
- 
-  * http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/ 
- 
-  * Repository Priority: 98 
-  * Provides extended multimedia support 
-  * :!: TODO: Doubt this is needed on a server... 
- 
-  sudo rpm --import 'http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/repodata/repomd.xml.key' && sudo zypper addrepo --check --gpgcheck-strict --refresh --priority '98' --name 'Packman Essentials repository (openSUSE_Tumbleweed)' 'http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials' 'packman-essentials' 
- 
-====== Software ====== 
- 
-===== List ===== 
- 
-  * http://download.opensuse.org/tumbleweed/repo/ 
- 
-===== Disable USB Source ===== 
- 
-**** 
- 
-  sudo zypper modifyrepo --disable --medium-type 'hd' 
- 
-===== Update ===== 
- 
-==== System ==== 
- 
-**** 
- 
-  sudo zypper clean --all && sudo zypper refresh --force --services && sudo zypper dist-upgrade --details --allow-downgrade --allow-name-change --allow-arch-change --allow-vendor-change && sync 
- 
-==== Firmware ==== 
- 
-**** 
- 
-  sudo fwupdmgr refresh && sudo fwupdmgr update --verbose 
- 
-===== GNU nano ===== 
- 
-  * Installs ''nano'' 
-  * Sets ''VISUAL'' and ''EDITOR'' to ''nano'' via environment variable 
-  * Sets ''nowrap'' for current user 
- 
-  sudo zypper install 'nano' && export 'VISUAL=nano' && export 'EDITOR=nano' && echo -e 'export VISUAL=nano\nexport EDITOR=nano' | sudo tee '/etc/profile.d/editor-nano.sh' > '/dev/null' && cat '/etc/profile.d/editor-nano.sh' && mkdir -p ~/'.config/nano' && echo 'set nowrap' | tee ~/'.config/nano/nanorc' > '/dev/null' && cat ~/'.config/nano/nanorc' 
- 
-===== General ===== 
- 
-**** 
- 
-  sudo zypper install p7zip unar aria2 hdparm nano htop wget irqbalance 
- 
-===== Keybase ===== 
- 
-  * https://keybase.io 
-  * :!: TODO: Figure out how to do automated bcakups to KBFS 
- 
-  keybase 
- 
-====== Settings ====== 
- 
-===== Network ===== 
- 
-==== DNS ==== 
- 
-=== UncensoredDNS === 
- 
-  * https://blog.uncensoreddns.org/ 
- 
-  89.233.43.71,91.239.100.100 
- 
-  2a01:3a0:53:53::,2001:67c:28a4:: 
- 
-=== OpenNIC Anycast === 
- 
-  * https://wiki.opennic.org/start#anycast_tier_2_dns_resolvers 
- 
-  185.121.177.177,169.239.202.202 
- 
-  2a05:dfc7:5::53,2a05:dfc7:5::5353 
- 
-===== GRUB ===== 
- 
-==== Other Parameters ==== 
- 
-  * See [[notes:kernel_parameters|Kernel Parameters]] for other options 
- 
-==== blk_mq ==== 
- 
-**** 
- 
-  scsi_mod.use_blk_mq=y dm_mod.use_blk_mq=y 
- 
-==== Reboot ==== 
- 
-  * ''efi'' is for UEFI systems 
-  * ''pci'' is for Legacy systems and Coreboot with SeaBIOS payload 
-  * There are other values possible should either of those not work 
- 
-  reboot=pci 
- 
-  reboot=efi 
- 
-==== PCIe ASPM ==== 
- 
-**** 
- 
-  pcie_aspm=force 
- 
-==== Blacklist Watchdogs ==== 
- 
-  * ''iTCO_wdt'' controls watchdog on some Intel platforms 
-  * ''sp5100_tco'' controls watchdog on some AMD platforms 
-  * ''nowatchdog'' disables both soft and hard generic watchdogs 
-  * Apparently this reduces power usage slightly 
- 
-  modprobe.blacklist=iTCO_wdt,sp5100_tco nowatchdog 
- 
-===== Hostname ===== 
- 
-  * Change ''x'' to computer name 
- 
-  sudo hostnamectl set-hostname 'x' 
- 
-===== Keybase ===== 
- 
-  * :!: Run after initial install 
-  * :!: TODO: Might not be needed with CLI Keybase 
- 
-  run_keybase 
- 
-===== Kernel Options ===== 
- 
-  * Enables ''kernel.dmesg_restrict'', ''kernel.kptr_restrict'', and ''kernel.sysrq'' 
-  * Sets ''vm.swappiness'' to ''10'' 
- 
-  echo -e "kernel.dmesg_restrict = 1\nkernel.kptr_restrict = 1\nkernel.sysrq = 1\nvm.swappiness = 10" | sudo tee '/etc/sysctl.d/99-custom.conf' > '/dev/null' && cat '/etc/sysctl.d/99-custom.conf' 
- 
-  cat '/sys/fs/cgroup/memory/memory.swappiness' 
- 
-===== Secure Shell ===== 
- 
-  * See [[Clients:Secure Shell]] 
- 
-===== systemd ===== 
- 
-  * Log data is stored in volatile storage 
-  * Max log file sizes of ''50MB'' 
- 
-  sudo mkdir -p '/etc/systemd/journald.conf.d' && echo -e "[Journal]\nStorage=volatile\nSystemMaxUse=50M\nRuntimeMaxUse=50M" | sudo tee '/etc/systemd/journald.conf.d/logging.conf' > '/dev/null' && cat '/etc/systemd/journald.conf.d/logging.conf' 
- 
-===== TRIM ===== 
- 
-==== Swap ==== 
- 
-  * Add ''discard'' after ''defaults'' for the ''swap'' mountpoint ((defaults,discard)) 
-  * According to the ''swapon'' man page, setting this in ''fstab'' is acceptable 
- 
-  sudo -e '/etc/fstab' 
- 
-  ,discard 
- 
-==== Service ==== 
- 
-**** 
- 
-  sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l 
- 
-====== Automatic Updates ====== 
- 
-===== Service ===== 
- 
-  sudo -e '/etc/systemd/system/suse-up.service' 
- 
-<code> 
-[Service] 
-Type=oneshot 
-ExecStartPre='/usr/bin/zypper' clean --all 
-ExecStart='/usr/bin/zypper' --non-interactive refresh --force --services 
-ExecStart='/usr/bin/zypper' --non-interactive dup --auto-agree-with-licenses 
-ExecStartPost='/usr/bin/sync' 
-ExecStartPost='/usr/bin/systemctl' reboot</code> 
- 
-===== Timer ===== 
- 
-  * 06:10 Kraityn 
-  * 06:20 Alira 
- 
-  sudo -e '/etc/systemd/system/suse-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'suse-up.timer' --now 
- 
-<code> 
-[Unit] 
-Description=Software Package Maintenance and Updater 
-After=network-online.target 
-Wants=network-online.target 
- 
-[Timer] 
-OnCalendar=*-*-* 06:10:00 
-Persistent=true 
- 
-[Install] 
-WantedBy=timers.target</code> 
- 
-====== External Backup ====== 
- 
-===== fstab ===== 
- 
-  * Expects a drive of some kind with a XFS partition at ''/dev/sdb1'' 
- 
-  sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab' 
- 
-<code> 
-# USB 
-/dev/sdb1 /mnt/USB xfs rw,relatime,attr2,inode64,noquota 0 2</code> 
- 
-  sudo mount '/dev/sdb1' 
- 
-===== Service ===== 
- 
-  sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service' 
- 
-<code> 
-[Service] 
-Type=oneshot 
-ExecStartPre='/usr/bin/sync' 
-ExecStart='/usr/bin/rsync' -r '/home/CHANGEME/backups' '/mnt/USB' --verbose --ignore-existing 
-ExecStartPost='/usr/bin/sync'</code> 
- 
-===== Timer ===== 
- 
-  sudo -e '/etc/systemd/system/backup-external.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'backup-external.timer' --now 
- 
-<code> 
-[Unit] 
-Description=Backup Backups to External Device 
- 
-[Timer] 
-OnCalendar=*-*-* 07:00:00 
-Persistent=true 
- 
-[Install] 
-WantedBy=timers.target</code> 
- 
-====== Notable Folders and Commands ====== 
- 
-===== Zypper ===== 
- 
-==== Find Orphans ==== 
- 
-**** 
- 
-  zypper packages --orphaned 
- 
-==== Remove Package and Deps ==== 
- 
-**** 
- 
-  sudo zypper remove --clean-deps 'x' 
- 
-==== Show Installed Patterns ==== 
- 
-**** 
- 
-  sudo zypper patterns --installed-only 
- 
-==== Folder ==== 
- 
-**** 
- 
-  ls '/etc/zypp/repos.d' 
- 
-==== List ==== 
- 
-**** 
- 
-  zypper repos --priority 
- 
-===== GPG Keys ===== 
- 
-==== Check Keys ==== 
- 
-**** 
- 
-  rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' 
- 
-==== Remove Keys ==== 
- 
-**** 
- 
-  sudo rpm -e x 
- 
-===== fstrim ===== 
- 
-**** 
- 
-  sudo fstrim -v --all 
- 
-===== Show CPU Frequency ===== 
- 
-  grep 'MHz' '/proc/cpuinfo' 
- 
-  watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo' 
- 
-===== OpenSSL Supported Ciphers ===== 
- 
-**** 
- 
-  openssl ciphers -v | awk '{print $2}' | sort | uniq 
- 
-===== Partition Information ===== 
- 
-  * Both commands do the same things 
- 
-  df -hT 
- 
-  df --human-readable --print-type 
- 
-===== Encryption Information ===== 
- 
-**** 
- 
-  sudo cryptsetup -v status '/dev/dm-0' 
- 
-===== ATA Secure Erase ===== 
- 
-  * :!: All ''hdparm'' commands below assume actions to be performed on ''/dev/sda'' 
- 
-==== Preparation ==== 
- 
-  sudo zypper install 'hdparm' && sync 
- 
-  sudo hdparm -I '/dev/sda' 
- 
-  systemctl suspend 
- 
-==== ATA Secure Erase ==== 
- 
-<code>sudo blkdiscard --verbose '/dev/sda'</code> 
- 
-<code>sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sda' && sync</code> 
- 
-<code>sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase 'x' '/dev/sda' && sync</code> 
- 
-===== NVMe Erase ===== 
- 
-  * NVMe Erase from the start page lands here and I usually use a Ubuntu LiveUSB to do this, hence the ''apt'' command 
- 
-  sudo apt install 'nvme-cli' -y && sync 
- 
-  sudo zypper install 'nvme-cli' -y && sync 
- 
-  sudo nvme format '/dev/nvme0' --reset --ses='1' --pil='0' --pi='0' --ms='0' && sync 
- 
-===== Clean EFI Variables ===== 
- 
-  * :!: Could potentially cause a firmware brick or other issues with improper EFI implementations, use at own risk ((personally tested fine on several Acer and Dell computers)) 
-  * Safer way is to use ''efibootmgr'' to remove boot entries individually 
- 
-  sudo rm -f '/sys/firmware/efi/efivars/'* || sync && sudo efibootmgr -v 
- 
-===== RAID ===== 
- 
-==== Controller Details ==== 
- 
-**** 
- 
-  sudo mdadm --detail-platform 
- 
-==== Create Software RAID ==== 
- 
-  * :?: Came from old notes; I **assume** this worked at some point, but in any case, the syntax looks nice :p 
- 
-  sudo mdadm --create '/dev/md0' --name='RAID' --level='0' --raid-devices='3' '/dev/sda' '/dev/sdb' '/dev/sdc' --verbose 
- 
-===== Hyper-threading Information ===== 
- 
-**** 
- 
-  grep -e "processor" -e "core id" -e "^$" /proc/cpuinfo 
- 
-===== Optimal GCC compiler flags ===== 
- 
-**** 
- 
-  gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;' 
- 
-===== FirewallD ===== 
- 
-==== List Active Rules ==== 
- 
-**** 
- 
-  sudo firewall-cmd --list-all 
- 
-==== List Available Services ==== 
- 
-**** 
- 
-  sudo firewall-cmd --get-service 
- 
-==== Reload ==== 
- 
-**** 
- 
-  sudo firewall-cmd --reload 
- 
-==== Add/Remove Service ==== 
- 
-  * Add ''--permanent'' as-needed to allow the rule to persist 
- 
-  sudo firewall-cmd --add-service=x 
- 
-  sudo firewall-cmd --remove-service=x 
- 
-==== Add/Remove Port ==== 
- 
-  * Add ''--permanent'' as-needed to allow the rule to persist 
-  * Change ''tcp'' to ''udp'' as-needed 
- 
-  sudo firewall-cmd --add-port=x/tcp 
- 
-  sudo firewall-cmd --remove-port=x/tcp 
- 
-===== Privacy ===== 
- 
-==== Clear Terminal History ==== 
- 
-**** 
- 
-  history -cw 
- 
-==== Create 7z Password Archive ==== 
- 
-  * Change ''7ZIPNAME'' in ''7ZIPNAME.7z'' to the desired archive name 
-  * Change ''PASS'' in ''-pPASS'' to the desired password 
-  * Change ''x'' to the file or folder to add to the archive 
- 
-  7za a '7ZIPNAME.7z' -p'PASS' 'x' 
- 
-  7za a 'x.7z' -p'x' 'x' 
C:/www/wiki/data/attic/distros/opensuse_tumbleweed_server.1559047730.txt.gz · Last modified: by Sean Rhone