RoE | Wiki

User Tools

Site Tools

Trace:
distros:ubuntu_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
distros:ubuntu_server [2019/02/08 20:58] Sean Rhonedistros:ubuntu_server [2024/02/07 09:22] (current) Sean Rhone
Line 1: Line 1:
 +====== Information ======
 +
 +  * Ubuntu ((https://ubuntu.com/))
 +  * Server ((http://www.ubuntu.com/server))
 +  * 23.10
 +
 +====== Installation Notes ======
 +
 +  * 23.10's installers don't work with only 512 MB of physical RAM ((2024: can't use Vultr's free tier VPS option; [[https://www.vultr.com/?ref=6906013|referral]])), but fine with 1 GB+
 +  * :!: 2024/02/07: The 23.10 installer seems to progress very slowly or hang with 1 GB physical RAM at the very end both when waiting for it to do security updates and with pressing cancel updates and reboot; hard-rebooting a VPS at this point seems fine
 +
 +====== Download ======
 +
 +===== Etcher Image Writer =====
 +
 +  * https://etcher.balena.io/#download-etcher
 +
 +===== Ubuntu =====
 +
 +  * http://www.ubuntu.com/download/server
 +  * http://cdimage.ubuntu.com/releases/
 +
 +====== HOSTS ======
 +
 +  * https://github.com/StevenBlack/hosts/
 +  * Unified hosts + fakenews + gambling
 +
 +===== Initial =====
 +
 +  * Only run once
 +
 +  ls '/etc/hosts~' || wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sudo cp --backup '/tmp/hosts-tmp' '/etc/hosts' && sync
 +
 +===== Update =====
 +
 +****
 +
 +  ls '/etc/hosts~' && wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sudo mv --force '/tmp/hosts-tmp' '/etc/hosts' && sync
 +
 +===== Restore Backup =====
 +
 +****
 +
 +  ls '/etc/hosts~' && sudo mv --force '/etc/hosts~' '/etc/hosts' && sync
 +
 +====== Repositories ======
 +
 +===== Disable cdrom Repo =====
 +
 +  * Add a ''#'' to the line mentioning ''cdrom''
 +  * Solves ''E: The repository file:/cdrom mantic Release no longer has a Release file.''
 +
 +  sudo -e '/etc/apt/sources.list'
 +
 +<code>#deb [check-date=no] file:///cdrom mantic main restricted</code>
 +
 +===== Additional Ubuntu =====
 +
 +  * https://help.ubuntu.com/community/Repositories/Ubuntu
 +  * Only ''universe'' is likely needed
 +  * 2023/05/04: There doesn't seem to be a need to enable any of these by-default
 +
 +  sudo add-apt-repository 'universe'
 +
 +  sudo add-apt-repository 'multiverse'
 +
 +  sudo add-apt-repository 'restricted'
 +
 +===== Keybase =====
 +
 +  * https://keybase.io/
 +  * https://prerelease.keybase.io/
 +  * :!: This is only the signing key, see [[#keybase1|Keybase]] for client installation
 +
 +  wget -O '/tmp/code_signing_key.asc' 'https://keybase.io/docs/server_security/code_signing_key.asc' && sudo mv '/tmp/code_signing_key.asc' '/etc/apt/trusted.gpg.d/keybase.asc' && sync
 +
 +====== Software ======
 +
 +===== Update =====
 +
 +==== System ====
 +
 +****
 +
 +  sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean && sync
 +
 +==== Firmware ====
 +
 +****
 +
 +  sudo fwupdmgr refresh --force && sudo fwupdmgr update --verbose && sync
 +
 +==== Snaps ====
 +
 +****
 +
 +  sudo snap refresh
 +
 +===== Keybase =====
 +
 +  * https://keybase.io
 +  * TODO: Figure out backup script
 +
 +  rm -Rf '/tmp/keybase_amd64.deb' && wget -O '/tmp/keybase_amd64.deb' 'https://prerelease.keybase.io/keybase_amd64.deb' && sudo apt install '/tmp/keybase_amd64.deb' && rm '/tmp/keybase_amd64.deb' && sync && run_keybase
 +
 +====== Settings ======
 +
 +===== GRUB =====
 +
 +==== Config ====
 +
 +  * :!: [[notes:kernel_parameters|More Kernel Parameters]]
 +  * Add options in ''GRUB_CMDLINE_LINUX_DEFAULT=''
 +
 +  sudo -e '/etc/default/grub' && sudo update-grub
 +
 +===== Drive Maintenance =====
 +
 +==== Trim ====
 +
 +****
 +
 +  sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l
 +
 +==== XFS Scrub ====
 +
 +  * [[https://wiki.archlinux.org/title/XFS#Online_Metadata_Checking_(scrub)|XFS - ArchWiki]]
 +  * :!: This is only necessary if XFS is being used on any persistent drives such as a NAS, and requires ''xfsprogs'' to be installed
 +
 +  sudo apt install 'xfsprogs'
 +
 +  sudo systemctl enable 'xfs_scrub_all.timer' --now && sudo systemctl start 'xfs_scrub_all' && sync && sudo systemctl status 'xfs_scrub_all' -l
 +
 +===== UTC =====
 +
 +  * [[https://wiki.archlinux.org/index.php/System_time#Time_standard|System time - ArchWiki]]
 +  * Set RTC to UTC
 +  * :!: Needed if Windows is installed first
 +  * :!: Windows should also be set to UTC
 +
 +  sudo timedatectl set-local-rtc '0'
 +
 +==== Verify ====
 +
 +****
 +
 +  timedatectl | grep local
 +
 +===== OpenSSH =====
 +
 +  * See [[clients:secure_shell|Client]] notes to generate/restore public key
 +  * See [[servers:secure_shell|Server]] notes to force public key auth and to further secure the OpenSSH server
 +
 +===== Sensors =====
 +
 +==== Install ====
 +
 +****
 +
 +  sudo apt install lm-sensors
 +
 +==== Detect ====
 +
 +****
 +
 +  sudo sensors-detect --auto
 +
 +==== Watch ====
 +
 +****
 +
 +  sudo watch --interval '0.5' sensors
 +
 +===== Uncomplicated Firewall =====
 +
 +  * Allows SSH
 +  * :!: Does not limit SSH ((this caused issues; better to just secure SSH))
 +  * See [[notes:ufw|ufw]] for more notes
 +
 +  sudo ufw reset && sudo ufw default deny && sudo ufw logging off && sudo ufw allow 'ssh' && sudo ufw enable && sudo systemctl enable 'ufw'
 +
 +====== Automatic Updates ======
 +
 +===== Config =====
 +
 +  * Should keep old config files in-case updated package changes their config (needs tested)
 +  * :!: 2023/05/04: Not sure if this is needed still?
 +
 +  sudo -e '/etc/apt/apt.conf.d/99auto-update-custom'
 +
 +<code>
 +Dpkg::Options {
 +   "--force-confdef";
 +   "--force-confold";
 +}</code>
 +
 +===== Service =====
 +
 +  sudo -e '/etc/systemd/system/ubuntu-up.service'
 +
 +<code>
 +[Service]
 +Type=oneshot
 +ExecStartPre='/usr/bin/apt' clean
 +ExecStart='/usr/bin/apt' update
 +ExecStart='/usr/bin/apt' full-upgrade -y
 +ExecStart='/usr/bin/apt' autoremove -y
 +ExecStart='/usr/bin/snap' refresh
 +ExecStartPost='/usr/bin/sync'
 +ExecStartPost='/usr/bin/systemctl' reboot</code>
 +
 +===== Timer =====
 +
 +  * ''00:00'' Alira
 +
 +  sudo -e '/etc/systemd/system/ubuntu-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'ubuntu-up.timer' --now
 +
 +<code>
 +[Unit]
 +Description=Software Package Maintenance and Updater
 +After=network-online.target
 +Wants=network-online.target
 +
 +[Timer]
 +OnCalendar=*-*-* 00:00:00
 +Persistent=true
 +
 +[Install]
 +WantedBy=timers.target</code>
 +
 +====== External Backup ======
 +
 +  * :!: 2023/05/04: This hasn't been used for years and likely needs re-factored
 +
 +===== fstab =====
 +
 +  * Expects a drive of some kind with a XFS partition at ''/dev/sdb1''
 +
 +  sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab'
 +
 +<code>
 +# USB
 +/dev/sdb1 /mnt/USB xfs rw,relatime,attr2,inode64,noquota 0 2</code>
 +
 +  sudo mount '/dev/sdb1'
 +
 +===== Service =====
 +
 +  sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'
 +
 +<code>
 +[Service]
 +Type=oneshot
 +ExecStartPre='/usr/bin/sync'
 +ExecStart='/usr/bin/rsync' -r '/home/CHANGEME/backups' '/mnt/USB' --verbose --ignore-existing
 +ExecStartPost='/usr/bin/sync'</code>
 +
 +===== Timer =====
 +
 +  sudo -e '/etc/systemd/system/backup-external.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'backup-external.timer' --now
 +
 +<code>
 +[Unit]
 +Description=Backup Backups to External Device
 +
 +[Timer]
 +OnCalendar=*-*-* 07:00:00
 +Persistent=true
 +
 +[Install]
 +WantedBy=timers.target</code>
 +
 +====== Notable Folders and Commands ======
 +
 +  * See [[notes:misc_linux]]
  
/var/www/wiki/data/pages/distros/ubuntu_server.txt · Last modified: 2024/02/07 09:22 by Sean Rhone