User Tools

Site Tools


distros:ubuntu_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
distros:ubuntu_server [2019/07/06 08:54] Sean Rhonedistros:ubuntu_server [2024/02/07 09:22] (current) Sean Rhone
Line 1: Line 1:
 ====== Information ====== ====== Information ======
  
-  * Ubuntu Server ((http://www.ubuntu.com/server)) +  * Ubuntu ((https://ubuntu.com/)) 
-  * 18.04.1 LTS+  * Server ((http://www.ubuntu.com/server)) 
 +  * 23.10 
 + 
 +====== Installation Notes ====== 
 + 
 +  * 23.10's installers don't work with only 512 MB of physical RAM ((2024: can't use Vultr's free tier VPS option; [[https://www.vultr.com/?ref=6906013|referral]])), but fine with 1 GB+ 
 +  * :!: 2024/02/07: The 23.10 installer seems to progress very slowly or hang with GB physical RAM at the very end both when waiting for it to do security updates and with pressing cancel updates and reboot; hard-rebooting a VPS at this point seems fine
  
 ====== Download ====== ====== Download ======
 +
 +===== Etcher Image Writer =====
 +
 +  * https://etcher.balena.io/#download-etcher
 +
 +===== Ubuntu =====
  
   * http://www.ubuntu.com/download/server   * http://www.ubuntu.com/download/server
   * http://cdimage.ubuntu.com/releases/   * http://cdimage.ubuntu.com/releases/
  
-====== Installation Notes ======+====== HOSTS ======
  
-  * :!: Either use the Alternate or Network installer images to avoid cloud-init stuff +  * https://github.com/StevenBlack/hosts/ 
-  * During installation, allow network autoconfig to occur, and then go back once prompted for a hostname; this will allow setting a static IPv4 address and custom DNS settings+  * Unified hosts + fakenews + gambling
  
-====== Software ======+===== Initial ===== 
 + 
 +  * Only run once 
 + 
 +  ls '/etc/hosts~' || wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sudo cp --backup '/tmp/hosts-tmp' '/etc/hosts' && sync 
 + 
 +===== Update ===== 
 + 
 +**** 
 + 
 +  ls '/etc/hosts~' && wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sudo mv --force '/tmp/hosts-tmp' '/etc/hosts' && sync 
 + 
 +===== Restore Backup ===== 
 + 
 +**** 
 + 
 +  ls '/etc/hosts~' && sudo mv --force '/etc/hosts~' '/etc/hosts' && sync 
 + 
 +====== Repositories ====== 
 + 
 +===== Disable cdrom Repo ===== 
 + 
 +  * Add a ''#'' to the line mentioning ''cdrom'' 
 +  * Solves ''E: The repository file:/cdrom mantic Release no longer has a Release file.'' 
 + 
 +  sudo -e '/etc/apt/sources.list'
  
-===== Repositories =====+<code>#deb [check-date=no] file:///cdrom mantic main restricted</code>
  
-=== Additional Ubuntu ===+===== Additional Ubuntu =====
  
   * https://help.ubuntu.com/community/Repositories/Ubuntu   * https://help.ubuntu.com/community/Repositories/Ubuntu
-  * Only ''universe'' is likely necessary +  * Only ''universe'' is likely needed 
-  * TODOMay not even need universe on servers+  * 2023/05/04There doesn't seem to be a need to enable any of these by-default
  
   sudo add-apt-repository 'universe'   sudo add-apt-repository 'universe'
Line 29: Line 66:
  
   sudo add-apt-repository 'restricted'   sudo add-apt-repository 'restricted'
 +
 +===== Keybase =====
 +
 +  * https://keybase.io/
 +  * https://prerelease.keybase.io/
 +  * :!: This is only the signing key, see [[#keybase1|Keybase]] for client installation
 +
 +  wget -O '/tmp/code_signing_key.asc' 'https://keybase.io/docs/server_security/code_signing_key.asc' && sudo mv '/tmp/code_signing_key.asc' '/etc/apt/trusted.gpg.d/keybase.asc' && sync
 +
 +====== Software ======
  
 ===== Update ===== ===== Update =====
 +
 +==== System ====
  
 **** ****
Line 36: Line 85:
   sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean && sync   sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean && sync
  
-====== Settings ======+==== Firmware ====
  
-===== Secure Shell =====+****
  
-  * See [[Clients:Secure Shell]]+  sudo fwupdmgr refresh --force && sudo fwupdmgr update --verbose && sync
  
-===== TRIM =====+==== Snaps ====
  
-==== Swap ====+****
  
-  * Add ''discard'' after ''defaults'' for the ''swap'' mountpoint ((defaults,discard))+  sudo snap refresh
  
-  sudo -e '/etc/fstab'+===== Keybase =====
  
-  ,discard+  * https://keybase.io 
 +  * TODO: Figure out backup script
  
-==== Service ====+  rm -Rf '/tmp/keybase_amd64.deb' && wget -O '/tmp/keybase_amd64.deb' 'https://prerelease.keybase.io/keybase_amd64.deb' && sudo apt install '/tmp/keybase_amd64.deb' && rm '/tmp/keybase_amd64.deb' && sync && run_keybase
  
-  * ''fstrim.timer'' is already enabled out-the-box, but this is useful for historical purposes +====== Settings ====== 
-  TODO: Verify+ 
 +===== GRUB ===== 
 + 
 +==== Config ==== 
 + 
 +  * :!: [[notes:kernel_parameters|More Kernel Parameters]] 
 +  Add options in ''GRUB_CMDLINE_LINUX_DEFAULT='' 
 + 
 +  sudo -e '/etc/default/grub' && sudo update-grub 
 + 
 +===== Drive Maintenance ===== 
 + 
 +==== Trim ==== 
 + 
 +****
  
   sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l   sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l
 +
 +==== XFS Scrub ====
 +
 +  * [[https://wiki.archlinux.org/title/XFS#Online_Metadata_Checking_(scrub)|XFS - ArchWiki]]
 +  * :!: This is only necessary if XFS is being used on any persistent drives such as a NAS, and requires ''xfsprogs'' to be installed
 +
 +  sudo apt install 'xfsprogs'
 +
 +  sudo systemctl enable 'xfs_scrub_all.timer' --now && sudo systemctl start 'xfs_scrub_all' && sync && sudo systemctl status 'xfs_scrub_all' -l
 +
 +===== UTC =====
 +
 +  * [[https://wiki.archlinux.org/index.php/System_time#Time_standard|System time - ArchWiki]]
 +  * Set RTC to UTC
 +  * :!: Needed if Windows is installed first
 +  * :!: Windows should also be set to UTC
 +
 +  sudo timedatectl set-local-rtc '0'
 +
 +==== Verify ====
 +
 +****
 +
 +  timedatectl | grep local
 +
 +===== OpenSSH =====
 +
 +  * See [[clients:secure_shell|Client]] notes to generate/restore public key
 +  * See [[servers:secure_shell|Server]] notes to force public key auth and to further secure the OpenSSH server
 +
 +===== Sensors =====
 +
 +==== Install ====
 +
 +****
 +
 +  sudo apt install lm-sensors
 +
 +==== Detect ====
 +
 +****
 +
 +  sudo sensors-detect --auto
 +
 +==== Watch ====
 +
 +****
 +
 +  sudo watch --interval '0.5' sensors
  
 ===== Uncomplicated Firewall ===== ===== Uncomplicated Firewall =====
  
   * Allows SSH   * Allows SSH
 +  * :!: Does not limit SSH ((this caused issues; better to just secure SSH))
 +  * See [[notes:ufw|ufw]] for more notes
  
   sudo ufw reset && sudo ufw default deny && sudo ufw logging off && sudo ufw allow 'ssh' && sudo ufw enable && sudo systemctl enable 'ufw'   sudo ufw reset && sudo ufw default deny && sudo ufw logging off && sudo ufw allow 'ssh' && sudo ufw enable && sudo systemctl enable 'ufw'
Line 70: Line 185:
  
   * Should keep old config files in-case updated package changes their config (needs tested)   * Should keep old config files in-case updated package changes their config (needs tested)
 +  * :!: 2023/05/04: Not sure if this is needed still?
  
   sudo -e '/etc/apt/apt.conf.d/99auto-update-custom'   sudo -e '/etc/apt/apt.conf.d/99auto-update-custom'
Line 90: Line 206:
 ExecStart='/usr/bin/apt' full-upgrade -y ExecStart='/usr/bin/apt' full-upgrade -y
 ExecStart='/usr/bin/apt' autoremove -y ExecStart='/usr/bin/apt' autoremove -y
-ExecStartPost='/bin/sync' +ExecStart='/usr/bin/snap' refresh 
-ExecStartPost='/bin/systemctl' reboot</code>+ExecStartPost='/usr/bin/sync' 
 +ExecStartPost='/usr/bin/systemctl' reboot</code>
  
 ===== Timer ===== ===== Timer =====
  
-  * 06:10 Kraityn +  * ''00:00'' Alira
-  * 06:20 Alira +
-  * 06:30 Oak +
-  * 06:40 Hatebeat+
  
   sudo -e '/etc/systemd/system/ubuntu-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'ubuntu-up.timer' --now   sudo -e '/etc/systemd/system/ubuntu-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'ubuntu-up.timer' --now
Line 109: Line 223:
  
 [Timer] [Timer]
-OnCalendar=*-*-* 06:10:00+OnCalendar=*-*-* 00:00:00
 Persistent=true Persistent=true
  
Line 116: Line 230:
  
 ====== External Backup ====== ====== External Backup ======
 +
 +  * :!: 2023/05/04: This hasn't been used for years and likely needs re-factored
  
 ===== fstab ===== ===== fstab =====
Line 130: Line 246:
  
 ===== Service ===== ===== Service =====
- 
-  * TODO: Ubuntu paths 
  
   sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'   sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'
Line 159: Line 273:
 ====== Notable Folders and Commands ====== ====== Notable Folders and Commands ======
  
-===== fstrim ===== +  See [[notes:misc_linux]]
- +
-**** +
- +
-  sudo fstrim -v --all +
- +
-===== Show CPU Frequency ===== +
- +
-  grep 'MHz' '/proc/cpuinfo' +
- +
-  watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo' +
- +
-===== Partition Information ===== +
- +
-**** +
- +
-  df -hT +
- +
-===== Hyper-threading Information ===== +
- +
-**** +
- +
-  grep -e "processor" -e "core id" -e "^$" /proc/cpuinfo +
- +
-===== Optimal GCC compiler flags ===== +
- +
-**** +
- +
-  gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;' +
- +
-====== Privacy ====== +
- +
-===== Clear Terminal History ===== +
- +
-**** +
- +
-  history -cw +
- +
-===== Create 7z Password Archive ===== +
- +
-  * Change ''x'' in ''x.7z'' to the desired archive name +
-  * Change ''CHANGEME'' in ''-pCHANGEME'' to the desired password+
  
-  7za a 'x.7z' -p'CHANGEME' 
/var/www/wiki/data/attic/distros/ubuntu_server.1562417658.txt.gz · Last modified: 2019/07/06 08:54 by Sean Rhone