RoE | Wiki

User Tools

Site Tools

Trace:
distros:ubuntu_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
distros:ubuntu_server [2020/06/11 16:09] Sean Rhonedistros:ubuntu_server [2023/05/04 10:02] – Ubuntu Server 23.04 Sean Rhone
Line 2: Line 2:
  
   * Ubuntu Server ((http://www.ubuntu.com/server))   * Ubuntu Server ((http://www.ubuntu.com/server))
-  * 18.04.3 LTS+  * 23.04
  
 ====== Known Issues ====== ====== Known Issues ======
Line 15: Line 15:
 ====== Installation Notes ====== ====== Installation Notes ======
  
-  * :!: Either use the Alternate or Network installer images to avoid cloud-init stuff +  * N/A
-  * During installation, allow network autoconfig to occur, and then go back once prompted for a hostname; this will allow setting a static IPv4 address and custom DNS settings+
  
 ====== Repositories ====== ====== Repositories ======
Line 23: Line 22:
  
   * https://help.ubuntu.com/community/Repositories/Ubuntu   * https://help.ubuntu.com/community/Repositories/Ubuntu
-  * Only ''universe'' is likely necessary +  * Only ''universe'' is likely needed 
-  * TODO: May not even need universe on servers+  * As of 2023/05/04, none of this is necessary
  
   sudo add-apt-repository 'universe'   sudo add-apt-repository 'universe'
Line 31: Line 30:
  
   sudo add-apt-repository 'restricted'   sudo add-apt-repository 'restricted'
 +
 +===== Keybase =====
 +
 +  * https://keybase.io/
 +  * https://prerelease.keybase.io/
 +  * :!: This is only the signing key, see [[#keybase1|Keybase]] for client installation
 +
 +  wget -O '/tmp/code_signing_key.asc' 'https://keybase.io/docs/server_security/code_signing_key.asc' && sudo mv '/tmp/code_signing_key.asc' '/etc/apt/trusted.gpg.d/keybase.asc' && sync
  
 ====== Software ====== ====== Software ======
Line 42: Line 49:
   sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean && sync   sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean && sync
  
-==== Snaps ====+==== Firmware ====
  
 **** ****
  
-  sudo snap refresh+  sudo fwupdmgr refresh --force && sudo fwupdmgr update --verbose && sync
  
-===== General =====+==== Snaps ====
  
 **** ****
  
-  sudo apt install lm-sensors+  sudo snap refresh
  
 ===== Keybase ===== ===== Keybase =====
Line 59: Line 66:
   * TODO: Figure out backup script   * TODO: Figure out backup script
  
-  wget -O '/tmp/keybase_amd64.deb' 'https://prerelease.keybase.io/keybase_amd64.deb' && sudo dpkg --install '/tmp/keybase_amd64.deb' && sudo apt install -f && rm '/tmp/keybase_amd64.deb' && sync && run_keybase+  rm -Rf '/tmp/keybase_amd64.deb' && wget -O '/tmp/keybase_amd64.deb' 'https://prerelease.keybase.io/keybase_amd64.deb' && sudo apt install '/tmp/keybase_amd64.deb' && rm '/tmp/keybase_amd64.deb' && sync && run_keybase
  
 ====== Settings ====== ====== Settings ======
  
-===== Secure Shell =====+===== Kernel Options =====
  
-  * See [[Clients:Secure Shell]]+==== Swappiness ==== 
 + 
 +**** 
 + 
 +  echo 'vm.swappiness = 0' | sudo tee '/etc/sysctl.d/99-swappiness.conf' > '/dev/null' && cat '/etc/sysctl.d/99-swappiness.conf' 
 + 
 +=== Verify === 
 + 
 +  sysctl 'vm.swappiness' 
 + 
 +  cat '/proc/sys/vm/swappiness' 
 + 
 +===== GRUB ===== 
 + 
 +==== Config ==== 
 + 
 +  * :!: [[notes:kernel_parameters|More Kernel Parameters]] 
 +  * Add options in ''GRUB_CMDLINE_LINUX_DEFAULT='' 
 + 
 +  sudo -e '/etc/default/grub' && sudo update-grub 
 + 
 +==== Linux OSI ==== 
 + 
 +**** 
 + 
 +  acpi_osi=Linux 
 + 
 +==== PCI ==== 
 + 
 +**** 
 + 
 +  pci=pcie_bus_perf,realloc,pcie_scan_all,big_root_window 
 + 
 +==== CPU BIOS Limit Ignore ==== 
 + 
 +**** 
 + 
 +  processor.ignore_ppc=1 
 + 
 +==== intel_pstate ==== 
 + 
 +**** 
 + 
 +  intel_pstate=enable 
 + 
 +===== Drive Maintenance ===== 
 + 
 +==== Trim ==== 
 + 
 +**** 
 + 
 +  sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l 
 + 
 +==== XFS Scrub ==== 
 + 
 +  * [[https://wiki.archlinux.org/title/XFS#Online_Metadata_Checking_(scrub)|XFS - ArchWiki]] 
 +  * :!: This is only necessary if XFS is being used on any persistent drives such as a NAS, and requires ''xfsprogs'' to be installed 
 + 
 +  sudo apt install 'xfsprogs' 
 + 
 +  sudo systemctl enable 'xfs_scrub_all.timer' --now && sudo systemctl start 'xfs_scrub_all' && sync && sudo systemctl status 'xfs_scrub_all' -l 
 + 
 +===== UTC ===== 
 + 
 +  * [[https://wiki.archlinux.org/index.php/System_time#Time_standard|System time - ArchWiki]] 
 +  * Set RTC to UTC 
 +  * :!: Needed if Windows is installed first 
 +  * :!: Windows should also be set to UTC 
 + 
 +  sudo timedatectl set-local-rtc '0' 
 + 
 +==== Verify ==== 
 + 
 +**** 
 + 
 +  timedatectl | grep local 
 + 
 +===== OpenSSH ===== 
 + 
 +  * See [[clients:secure_shell|Client]] notes to generate/restore public key 
 +  * See [[servers:secure_shell|Server]] notes to force public key auth and to further secure the OpenSSH server
  
 ===== Sensors ===== ===== Sensors =====
 +
 +==== Install ====
 +
 +****
 +
 +  sudo apt install lm-sensors
  
 ==== Detect ==== ==== Detect ====
Line 79: Line 172:
 **** ****
  
-  sudo watch -n0.sensors+  sudo watch --interval '0.5' sensors
  
 ===== Uncomplicated Firewall ===== ===== Uncomplicated Firewall =====
  
   * Allows SSH   * Allows SSH
-  * Limits SSH connections+  * :!: Does not limit SSH ((this caused issues; better to just secure SSH)) 
 +  * See [[notes:ufw|ufw]] for more notes
  
-  sudo ufw reset && sudo ufw default deny && sudo ufw logging off && sudo ufw allow 'ssh' && sudo ufw limit 'ssh' && sudo ufw enable && sudo systemctl enable 'ufw'+  sudo ufw reset && sudo ufw default deny && sudo ufw logging off && sudo ufw allow 'ssh' && sudo ufw enable && sudo systemctl enable 'ufw'
  
 ====== Automatic Updates ====== ====== Automatic Updates ======
Line 93: Line 187:
  
   * Should keep old config files in-case updated package changes their config (needs tested)   * Should keep old config files in-case updated package changes their config (needs tested)
 +  * :!: 2023/05/04: Not sure if this is needed still?
  
   sudo -e '/etc/apt/apt.conf.d/99auto-update-custom'   sudo -e '/etc/apt/apt.conf.d/99auto-update-custom'
Line 103: Line 198:
  
 ===== Service ===== ===== Service =====
 +
 +  * :!: 2023/05/04: ''snap refresh'' needs tested
  
   sudo -e '/etc/systemd/system/ubuntu-up.service'   sudo -e '/etc/systemd/system/ubuntu-up.service'
Line 113: Line 210:
 ExecStart='/usr/bin/apt' full-upgrade -y ExecStart='/usr/bin/apt' full-upgrade -y
 ExecStart='/usr/bin/apt' autoremove -y ExecStart='/usr/bin/apt' autoremove -y
-ExecStartPost='/bin/sync' +ExecStart='/usr/bin/snap' refresh 
-ExecStartPost='/bin/systemctl' reboot</code>+ExecStartPost='/usr/bin/sync' 
 +ExecStartPost='/usr/bin/systemctl' reboot</code>
  
 ===== Timer ===== ===== Timer =====
  
-  * 06:10 Kraityn +  * 03:00 Oak
-  * 06:20 Alira +
-  * 06:30 Oak +
-  * 06:40 Hatebeat+
  
   sudo -e '/etc/systemd/system/ubuntu-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'ubuntu-up.timer' --now   sudo -e '/etc/systemd/system/ubuntu-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'ubuntu-up.timer' --now
Line 132: Line 227:
  
 [Timer] [Timer]
-OnCalendar=*-*-* 06:10:00+OnCalendar=*-*-* 03:00:00
 Persistent=true Persistent=true
  
Line 139: Line 234:
  
 ====== External Backup ====== ====== External Backup ======
 +
 +  * :!: 2023/05/04: This hasn't been used for years and likely needs re-factored
  
 ===== fstab ===== ===== fstab =====
Line 153: Line 250:
  
 ===== Service ===== ===== Service =====
- 
-  * TODO: Ubuntu paths 
  
   sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'   sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'
Line 182: Line 277:
 ====== Notable Folders and Commands ====== ====== Notable Folders and Commands ======
  
-===== fstrim ===== +  See [[notes:misc_linux]]
- +
-**** +
- +
-  sudo fstrim -v --all +
- +
-===== Show CPU Frequency ===== +
- +
-  grep 'MHz' '/proc/cpuinfo' +
- +
-  watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo' +
- +
-===== Partition Information ===== +
- +
-**** +
- +
-  df -hT +
- +
-===== Hyper-threading Information ===== +
- +
-**** +
- +
-  grep -e "processor" -e "core id" -e "^$" /proc/cpuinfo +
- +
-===== Optimal GCC compiler flags ===== +
- +
-**** +
- +
-  gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;' +
- +
-====== Privacy ====== +
- +
-===== Clear Terminal History ===== +
- +
-**** +
- +
-  history -cw +
- +
-===== Create 7z Password Archive ===== +
- +
-  * Change ''x'' in ''x.7z'' to the desired archive name +
-  * Change ''CHANGEME'' in ''-pCHANGEME'' to the desired password+
  
-  7za a 'x.7z' -p'CHANGEME' 
/var/www/wiki/data/pages/distros/ubuntu_server.txt · Last modified: 2024/02/07 09:22 by Sean Rhone