RoE | Wiki

User Tools

Site Tools

Trace: opensuse_tumbleweed_server
distros:opensuse_tumbleweed_server

This is an old revision of the document!

Table of Contents

Information

  • openSUSE 1)
  • Tumbleweed 2)
  • Server

Download

DVD + Xfce Live

  • Downloads the latest DVD and Xfce Live images
cd ~/'Downloads' && aria2c 'https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-XFCE-Live-x86_64-Current.iso' && aria2c 'http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso' && aria2c 'https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso.sha256' && sha256sum ~/'Downloads/openSUSE-Tumbleweed-DVD-x86_64-'*'-Media.iso' && cat ~/'Downloads/openSUSE-Tumbleweed-DVD-x86_64-'*'-Media.iso.sha256' && sync

DVD

  • ISO and SHA256 hash
http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso
https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso.sha256

Xfce

  • For LiveUSB
https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-XFCE-Live-x86_64-Current.iso

Installation Notes

  • EFI/opensuse/grubx64.efi 3)

Partitioning

  1. XFS
  2. No separate /home
  3. Separate swap

Repositories

ROCm

  • Repository Priority: 98
  • Provides ROCm, notably OpenCL libraries
sudo rpm --import 'https://repo.radeon.com/rocm/rocm.gpg.key' && sudo zypper addrepo --gpgcheck-strict --check --refresh --priority '98' 'https://repo.radeon.com/rocm/zyp/zypper/' 'ROCm'

Software

List

Disable USB Source

sudo zypper modifyrepo --disable --medium-type 'hd'

Update

  sudo zypper clean --all && sudo zypper refresh --force --services && sudo zypper dist-upgrade --details --allow-downgrade --allow-name-change --allow-arch-change --allow-vendor-change && sync

GNU nano

  • Installs nano
  • Sets VISUAL and EDITOR to nano via environment variable
  • Sets nowrap for current user
sudo zypper install 'nano' && export 'VISUAL=nano' && export 'EDITOR=nano' && echo -e 'export VISUAL=nano\nexport EDITOR=nano' | sudo tee '/etc/profile.d/editor-nano.sh' > '/dev/null' && cat '/etc/profile.d/editor-nano.sh' && mkdir -p ~/'.config/nano' && echo 'set nowrap' | tee ~/'.config/nano/nanorc' > '/dev/null' && cat ~/'.config/nano/nanorc'

General

sudo zypper install aria2 flashrom hdparm htop nano 7zip secret-tool sensors unar wget irqbalance xfsprogs-scrub

ROCm

  • :!: Run sudo ldconfig if OpenCL isn't found
rocm-opencl rocm-smi-lib

Keybase

  • https://keybase.io
  • :!: TODO: Figure out how to do automated bcakups to KBFS
  • :!: This page shows up on Google search; for desktop openSUSE and the GUI Keybase client, add the repo shown on keybase
keybase

Settings

Network

sudo yast2 'lan'

Hostname/DNS

  • Static Hostname: Computer name
  • Modify DNS Configuration: Use Custom Policy
  • Name Server 1: 1.1.1.1
  • Name Server 2: 1.0.0.1
  • Name Server 3: 8.8.8.8

Routing

  • Destination: default
  • Gateway: 192.168.1.1
  • Device: -

Hostname

  • Change x to computer name
sudo hostnamectl set-hostname 'x'

lm_sensors

sudo sensors-detect --auto

Secure Shell

Drive Maintenance

Swap

  • Add discard after defaults for the swap mountpoint 4)
  • According to the swapon man page, setting this in fstab is acceptable
sudo -e '/etc/fstab'
,discard

Trim

  • :!: Enable only if a SSD is being used for Linux
sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l

XFS Scrub

  • XFS - ArchWiki
  • :!: Enable in all cases since it's likely both / and /boot are XFS
sudo systemctl enable 'xfs_scrub_all.timer' --now && sudo systemctl start 'xfs_scrub_all' && sync && sudo systemctl status 'xfs_scrub_all' -l

UTC

sudo timedatectl set-local-rtc '0'

Verify

timedatectl | grep local

Automatic Updates

Service

sudo -e '/etc/systemd/system/suse-up.service'
[Service]
Type=oneshot
ExecStartPre='/usr/bin/zypper' clean --all
ExecStart='/usr/bin/zypper' --non-interactive refresh --force --services
ExecStart='/usr/bin/zypper' --non-interactive dist-upgrade --auto-agree-with-licenses --allow-downgrade --allow-name-change --allow-arch-change --allow-vendor-change
ExecStartPost='/usr/bin/sync'
ExecStartPost='/usr/bin/systemctl' reboot

Timer

  • 06:00 Oak
  • 06:10 Alira
sudo -e '/etc/systemd/system/suse-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'suse-up.timer' --now
[Unit]
Description=Software Package Maintenance and Updater
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=*-*-* 06:00:00
Persistent=true

[Install]
WantedBy=timers.target

External Backup

fstab

  • Expects a drive of some kind with a XFS partition at /dev/sdb1
sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab'
# USB
/dev/sdb1 /mnt/USB xfs rw,relatime,attr2,inode64,noquota 0 2
sudo mount '/dev/sdb1'

Service

sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'
[Service]
Type=oneshot
ExecStartPre='/usr/bin/sync'
ExecStart='/usr/bin/rsync' -r '/home/CHANGEME/backups' '/mnt/USB' --verbose --ignore-existing
ExecStartPost='/usr/bin/sync'

Timer

sudo -e '/etc/systemd/system/backup-external.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'backup-external.timer' --now
[Unit]
Description=Backup Backups to External Device

[Timer]
OnCalendar=*-*-* 07:00:00
Persistent=true

[Install]
WantedBy=timers.target

Notable Folders and Commands

Zypper

Find Orphans

zypper packages --orphaned

Remove Package and Deps

sudo zypper remove --clean-deps 'x'

Show Installed Patterns

sudo zypper patterns --installed-only

Folder

ls '/etc/zypp/repos.d'

List

zypper repos --priority

GPG Keys

Check Keys

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

Remove Keys

sudo rpm -e x

fstrim

sudo fstrim --verbose --all

Show Sensors

sudo zypper install -y 'sensors' && sudo sensors-detect --auto && sudo watch -n0.1 sensors

Show CPU Frequency

grep 'MHz' '/proc/cpuinfo'
watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo'

OpenSSL Supported Ciphers

openssl ciphers -v | awk '{print $2}' | sort | uniq

Partition Information

  • Both commands present the same information
df -hT
df --human-readable --print-type

Encryption Information

sudo cryptsetup -v status '/dev/dm-0'

HT/SMT Information

grep -e "processor" -e "core id" -e "^$" /proc/cpuinfo

Optimal GCC compiler flags

gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;'

firewalld

List Active Rules

sudo firewall-cmd --list-all

List Available Services

sudo firewall-cmd --get-services

Show Service Info

  • Change x to name of a service from above
  • This shows what ports and protocols a service covers
sudo firewall-cmd --info-service=x

Reload

sudo firewall-cmd --reload

Add/Remove Service

  • Add --permanent as-needed to allow the rule to persist
sudo firewall-cmd --add-service=x
sudo firewall-cmd --remove-service=x

Add/Remove Port

  • Add --permanent as-needed to allow the rule to persist
  • Change tcp to udp as-needed
sudo firewall-cmd --add-port=x/tcp
sudo firewall-cmd --remove-port=x/tcp
1)
https://www.opensuse.org
2)
https://en.opensuse.org/Portal:Tumbleweed
3)
EFI file to boot and in the case of Acer laptops, add to SecureBoot trust; doesn't matter if SecureBoot is enabled or not
4)
defaults,discard
/var/www/wiki/data/attic/distros/opensuse_tumbleweed_server.1652503057.txt.gz · Last modified: 2022/05/14 00:37 by Sean Rhone