distros:opensuse_tumbleweed_server
This is an old revision of the document!
Table of Contents
Information
Download
DVD-x86_64-Current.iso
http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso
Hashes
Installation Notes
EFI/opensuse/grubx64.efi
3)- XFS, no separate
/home
, separateswap
partition enlarged to RAM for suspend
HOSTS
- Using
Unified hosts + fakenews + gambling
sudo wget -O '/etc/hosts' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sync
cat '/etc/hosts' | grep 'Date:'
sudo -e '/etc/hosts'
Repositories
PackMan Essentials
- Repository Priority: 98
- Provides extended multimedia support
- TODO: Doubt this is needed on a server…
sudo rpm --import 'http://packman.inode.at/suse/openSUSE_Tumbleweed/Essentials/repodata/repomd.xml.key' && sudo zypper addrepo --check --gpgcheck-strict --refresh --priority '98' --name 'Packman Essentials repository (openSUSE_Tumbleweed)' 'http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials' 'packman-essentials'
Software
List
Disable USB Source
sudo zypper modifyrepo --disable --medium-type 'hd'
Update
System
sudo zypper clean --all && sudo zypper refresh --force --services && sudo zypper dist-upgrade --details --allow-downgrade --allow-name-change --allow-arch-change --allow-vendor-change && sync
Firmware
sudo fwupdmgr refresh && sudo fwupdmgr update --verbose
GNU nano
- Installs
nano
- Sets
VISUAL
andEDITOR
tonano
via environment variable - Sets
nowrap
for current user
sudo zypper install 'nano' && export 'VISUAL=nano' && export 'EDITOR=nano' && echo -e 'export VISUAL=nano\nexport EDITOR=nano' | sudo tee '/etc/profile.d/editor-nano.sh' > '/dev/null' && cat '/etc/profile.d/editor-nano.sh' && mkdir -p ~/'.config/nano' && echo 'set nowrap' | tee ~/'.config/nano/nanorc' > '/dev/null' && cat ~/'.config/nano/nanorc'
General
sudo zypper install p7zip unar aria2 hdparm nano htop wget irqbalance
Keybase
- TODO: Figure out how to do automated bcakups to KBFS
- This page shows up on Google search; for desktop openSUSE and the GUI Keybase client, add the repo shown on keybase
keybase
Settings
Network
DNS
UncensoredDNS
OpenNIC Anycast
185.121.177.177,169.239.202.202
2a05:dfc7:5::53,2a05:dfc7:5::5353
GRUB
Other Parameters
- See Kernel Parameters for other options
blk_mq
scsi_mod.use_blk_mq=y dm_mod.use_blk_mq=y
Reboot
efi
is for UEFI systemspci
is for Legacy systems and Coreboot with SeaBIOS payload- There are other values possible should either of those not work
reboot=pci
reboot=efi
PCIe ASPM
pcie_aspm=force
Blacklist Watchdogs
iTCO_wdt
controls watchdog on some Intel platformssp5100_tco
controls watchdog on some AMD platformsnowatchdog
disables both soft and hard generic watchdogs- Apparently this reduces power usage slightly
modprobe.blacklist=iTCO_wdt,sp5100_tco nowatchdog
Hostname
- Change
x
to computer name
sudo hostnamectl set-hostname 'x'
Keybase
- Run after initial install
- TODO: Might not be needed with CLI Keybase
run_keybase
Kernel Options
- Enables
kernel.dmesg_restrict
,kernel.kptr_restrict
, andkernel.sysrq
- Sets
vm.swappiness
to10
echo -e "kernel.dmesg_restrict = 1\nkernel.kptr_restrict = 1\nkernel.sysrq = 1\nvm.swappiness = 10" | sudo tee '/etc/sysctl.d/99-custom.conf' > '/dev/null' && cat '/etc/sysctl.d/99-custom.conf'
cat '/sys/fs/cgroup/memory/memory.swappiness'
Secure Shell
- See Secure Shell
systemd
- Log data is stored in volatile storage
- Max log file sizes of
50MB
sudo mkdir -p '/etc/systemd/journald.conf.d' && echo -e "[Journal]\nStorage=volatile\nSystemMaxUse=50M\nRuntimeMaxUse=50M" | sudo tee '/etc/systemd/journald.conf.d/logging.conf' > '/dev/null' && cat '/etc/systemd/journald.conf.d/logging.conf'
TRIM
Swap
- According to the
swapon
man page, setting this infstab
is acceptable
sudo -e '/etc/fstab'
,discard
Service
sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l
Automatic Updates
Service
sudo -e '/etc/systemd/system/suse-up.service'
[Service] Type=oneshot ExecStartPre='/usr/bin/zypper' clean --all ExecStart='/usr/bin/zypper' --non-interactive refresh --force --services ExecStart='/usr/bin/zypper' --non-interactive dup --auto-agree-with-licenses --allow-downgrade --allow-name-change --allow-arch-change --allow-vendor-change ExecStartPost='/usr/bin/sync' ExecStartPost='/usr/bin/systemctl' reboot
Timer
- 06:10 Kraityn
- 06:20 Alira
- 01:10 Oak
sudo -e '/etc/systemd/system/suse-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'suse-up.timer' --now
[Unit] Description=Software Package Maintenance and Updater After=network-online.target Wants=network-online.target [Timer] OnCalendar=*-*-* 01:10:00 Persistent=true [Install] WantedBy=timers.target
External Backup
fstab
- Expects a drive of some kind with a XFS partition at
/dev/sdb1
sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab'
# USB /dev/sdb1 /mnt/USB xfs rw,relatime,attr2,inode64,noquota 0 2
sudo mount '/dev/sdb1'
Service
sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'
[Service] Type=oneshot ExecStartPre='/usr/bin/sync' ExecStart='/usr/bin/rsync' -r '/home/CHANGEME/backups' '/mnt/USB' --verbose --ignore-existing ExecStartPost='/usr/bin/sync'
Timer
sudo -e '/etc/systemd/system/backup-external.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'backup-external.timer' --now
[Unit] Description=Backup Backups to External Device [Timer] OnCalendar=*-*-* 07:00:00 Persistent=true [Install] WantedBy=timers.target
Notable Folders and Commands
Zypper
Find Orphans
zypper packages --orphaned
Remove Package and Deps
sudo zypper remove --clean-deps 'x'
Show Installed Patterns
sudo zypper patterns --installed-only
Folder
ls '/etc/zypp/repos.d'
List
zypper repos --priority
GPG Keys
Check Keys
rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
Remove Keys
sudo rpm -e x
fstrim
sudo fstrim -v --all
Show CPU Frequency
grep 'MHz' '/proc/cpuinfo'
watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo'
OpenSSL Supported Ciphers
openssl ciphers -v | awk '{print $2}' | sort | uniq
Partition Information
- Both commands do the same things
df -hT
df --human-readable --print-type
Encryption Information
sudo cryptsetup -v status '/dev/dm-0'
ATA Secure Erase
- All
hdparm
commands below assume actions to be performed on/dev/sda
Preparation
sudo zypper install 'hdparm' && sync
sudo hdparm -I '/dev/sda'
systemctl suspend
ATA Secure Erase
sudo blkdiscard --verbose '/dev/sda'
sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sda' && sync
sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase 'x' '/dev/sda' && sync
NVMe Erase
- NVMe Erase from the start page lands here and I usually use a Ubuntu LiveUSB to do this, hence the
apt
command
sudo apt install 'nvme-cli' -y && sync
sudo zypper install 'nvme-cli' -y && sync
sudo nvme format '/dev/nvme0' --reset --ses='1' --pil='0' --pi='0' --ms='0' && sync
Clean EFI Variables
- Could potentially cause a firmware brick or other issues with improper EFI implementations, use at own risk 5)
- Safer way is to use
efibootmgr
to remove boot entries individually
sudo rm -f '/sys/firmware/efi/efivars/'* || sync && sudo efibootmgr -v
RAID
Controller Details
sudo mdadm --detail-platform
Create Software RAID
- Came from old notes; I assume this worked at some point, but in any case, the syntax looks nice :p
sudo mdadm --create '/dev/md0' --name='RAID' --level='0' --raid-devices='3' '/dev/sda' '/dev/sdb' '/dev/sdc' --verbose
Hyper-threading Information
grep -e "processor" -e "core id" -e "^$" /proc/cpuinfo
Optimal GCC compiler flags
gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;'
firewalld
List Active Rules
sudo firewall-cmd --list-all
List Available Services
sudo firewall-cmd --get-service
Reload
sudo firewall-cmd --reload
Add/Remove Service
- Add
--permanent
as-needed to allow the rule to persist
sudo firewall-cmd --add-service=x
sudo firewall-cmd --remove-service=x
Add/Remove Port
- Add
--permanent
as-needed to allow the rule to persist - Change
tcp
toudp
as-needed
sudo firewall-cmd --add-port=x/tcp
sudo firewall-cmd --remove-port=x/tcp
Privacy
Clear Terminal History
history -cw
Create 7z Password Archive
- Change
7ZIPNAME
in7ZIPNAME.7z
to the desired archive name - Change
PASS
in-pPASS
to the desired password - Change
x
to the file or folder to add to the archive
7za a '7ZIPNAME.7z' -p'PASS' 'x'
7za a 'x.7z' -p'x' 'x'
/var/www/wiki/data/attic/distros/opensuse_tumbleweed_server.1600340993.txt.gz · Last modified: 2020/09/17 07:09 by Sean Rhone