RoE | Wiki

User Tools

Site Tools

Trace:
distros:ubuntu_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
distros:ubuntu_server [2019/10/18 12:57] Sean Rhonedistros:ubuntu_server [2024/02/07 09:22] (current) Sean Rhone
Line 1: Line 1:
 ====== Information ====== ====== Information ======
  
-  * Ubuntu Server ((http://www.ubuntu.com/server)) +  * Ubuntu ((https://ubuntu.com/)) 
-  * 18.04.3 LTS+  * Server ((http://www.ubuntu.com/server)) 
 +  * 23.10 
 + 
 +====== Installation Notes ====== 
 + 
 +  * 23.10's installers don't work with only 512 MB of physical RAM ((2024: can't use Vultr's free tier VPS option; [[https://www.vultr.com/?ref=6906013|referral]])), but fine with 1 GB+ 
 +  * :!: 2024/02/07: The 23.10 installer seems to progress very slowly or hang with 1 GB physical RAM at the very end both when waiting for it to do security updates and with pressing cancel updates and reboot; hard-rebooting a VPS at this point seems fine
  
 ====== Download ====== ====== Download ======
 +
 +===== Etcher Image Writer =====
 +
 +  * https://etcher.balena.io/#download-etcher
 +
 +===== Ubuntu =====
  
   * http://www.ubuntu.com/download/server   * http://www.ubuntu.com/download/server
   * http://cdimage.ubuntu.com/releases/   * http://cdimage.ubuntu.com/releases/
  
-====== Installation Notes ======+====== HOSTS ======
  
-  * :!: Either use the Alternate or Network installer images to avoid cloud-init stuff +  * https://github.com/StevenBlack/hosts/ 
-  * During installation, allow network autoconfig to occur, and then go back once prompted for a hostname; this will allow setting a static IPv4 address and custom DNS settings+  * Unified hosts + fakenews + gambling
  
-====== Software ======+===== Initial ===== 
 + 
 +  * Only run once 
 + 
 +  ls '/etc/hosts~' || wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sudo cp --backup '/tmp/hosts-tmp' '/etc/hosts' && sync 
 + 
 +===== Update ===== 
 + 
 +**** 
 + 
 +  ls '/etc/hosts~' && wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sudo mv --force '/tmp/hosts-tmp' '/etc/hosts' && sync 
 + 
 +===== Restore Backup ===== 
 + 
 +**** 
 + 
 +  ls '/etc/hosts~' && sudo mv --force '/etc/hosts~' '/etc/hosts' && sync 
 + 
 +====== Repositories ====== 
 + 
 +===== Disable cdrom Repo ===== 
 + 
 +  * Add a ''#'' to the line mentioning ''cdrom'' 
 +  * Solves ''E: The repository file:/cdrom mantic Release no longer has a Release file.'' 
 + 
 +  sudo -e '/etc/apt/sources.list'
  
-===== Repositories =====+<code>#deb [check-date=no] file:///cdrom mantic main restricted</code>
  
-=== Additional Ubuntu ===+===== Additional Ubuntu =====
  
   * https://help.ubuntu.com/community/Repositories/Ubuntu   * https://help.ubuntu.com/community/Repositories/Ubuntu
-  * Only ''universe'' is likely necessary +  * Only ''universe'' is likely needed 
-  * TODOMay not even need universe on servers+  * 2023/05/04There doesn't seem to be a need to enable any of these by-default
  
   sudo add-apt-repository 'universe'   sudo add-apt-repository 'universe'
Line 29: Line 66:
  
   sudo add-apt-repository 'restricted'   sudo add-apt-repository 'restricted'
 +
 +===== Keybase =====
 +
 +  * https://keybase.io/
 +  * https://prerelease.keybase.io/
 +  * :!: This is only the signing key, see [[#keybase1|Keybase]] for client installation
 +
 +  wget -O '/tmp/code_signing_key.asc' 'https://keybase.io/docs/server_security/code_signing_key.asc' && sudo mv '/tmp/code_signing_key.asc' '/etc/apt/trusted.gpg.d/keybase.asc' && sync
 +
 +====== Software ======
  
 ===== Update ===== ===== Update =====
 +
 +==== System ====
  
 **** ****
Line 36: Line 85:
   sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean && sync   sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean && sync
  
-====== Settings ======+==== Firmware ====
  
-===== Secure Shell =====+****
  
-  * See [[Clients:Secure Shell]]+  sudo fwupdmgr refresh --force && sudo fwupdmgr update --verbose && sync
  
-===== TRIM =====+==== Snaps ====
  
-==== Swap ====+****
  
-  * Add ''discard'' after ''defaults'' for the ''swap'' mountpoint ((defaults,discard))+  sudo snap refresh
  
-  sudo -e '/etc/fstab'+===== Keybase =====
  
-  ,discard+  * https://keybase.io 
 +  * TODO: Figure out backup script
  
-==== Service ====+  rm -Rf '/tmp/keybase_amd64.deb' && wget -O '/tmp/keybase_amd64.deb' 'https://prerelease.keybase.io/keybase_amd64.deb' && sudo apt install '/tmp/keybase_amd64.deb' && rm '/tmp/keybase_amd64.deb' && sync && run_keybase
  
-  * ''fstrim.timer'' is already enabled out-the-box, but this is useful for historical purposes +====== Settings ====== 
-  TODO: Verify+ 
 +===== GRUB ===== 
 + 
 +==== Config ==== 
 + 
 +  * :!: [[notes:kernel_parameters|More Kernel Parameters]] 
 +  Add options in ''GRUB_CMDLINE_LINUX_DEFAULT='' 
 + 
 +  sudo -e '/etc/default/grub' && sudo update-grub 
 + 
 +===== Drive Maintenance ===== 
 + 
 +==== Trim ==== 
 + 
 +****
  
   sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l   sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l
 +
 +==== XFS Scrub ====
 +
 +  * [[https://wiki.archlinux.org/title/XFS#Online_Metadata_Checking_(scrub)|XFS - ArchWiki]]
 +  * :!: This is only necessary if XFS is being used on any persistent drives such as a NAS, and requires ''xfsprogs'' to be installed
 +
 +  sudo apt install 'xfsprogs'
 +
 +  sudo systemctl enable 'xfs_scrub_all.timer' --now && sudo systemctl start 'xfs_scrub_all' && sync && sudo systemctl status 'xfs_scrub_all' -l
 +
 +===== UTC =====
 +
 +  * [[https://wiki.archlinux.org/index.php/System_time#Time_standard|System time - ArchWiki]]
 +  * Set RTC to UTC
 +  * :!: Needed if Windows is installed first
 +  * :!: Windows should also be set to UTC
 +
 +  sudo timedatectl set-local-rtc '0'
 +
 +==== Verify ====
 +
 +****
 +
 +  timedatectl | grep local
 +
 +===== OpenSSH =====
 +
 +  * See [[clients:secure_shell|Client]] notes to generate/restore public key
 +  * See [[servers:secure_shell|Server]] notes to force public key auth and to further secure the OpenSSH server
 +
 +===== Sensors =====
 +
 +==== Install ====
 +
 +****
 +
 +  sudo apt install lm-sensors
 +
 +==== Detect ====
 +
 +****
 +
 +  sudo sensors-detect --auto
 +
 +==== Watch ====
 +
 +****
 +
 +  sudo watch --interval '0.5' sensors
  
 ===== Uncomplicated Firewall ===== ===== Uncomplicated Firewall =====
  
   * Allows SSH   * Allows SSH
 +  * :!: Does not limit SSH ((this caused issues; better to just secure SSH))
 +  * See [[notes:ufw|ufw]] for more notes
  
   sudo ufw reset && sudo ufw default deny && sudo ufw logging off && sudo ufw allow 'ssh' && sudo ufw enable && sudo systemctl enable 'ufw'   sudo ufw reset && sudo ufw default deny && sudo ufw logging off && sudo ufw allow 'ssh' && sudo ufw enable && sudo systemctl enable 'ufw'
Line 70: Line 185:
  
   * Should keep old config files in-case updated package changes their config (needs tested)   * Should keep old config files in-case updated package changes their config (needs tested)
 +  * :!: 2023/05/04: Not sure if this is needed still?
  
   sudo -e '/etc/apt/apt.conf.d/99auto-update-custom'   sudo -e '/etc/apt/apt.conf.d/99auto-update-custom'
Line 90: Line 206:
 ExecStart='/usr/bin/apt' full-upgrade -y ExecStart='/usr/bin/apt' full-upgrade -y
 ExecStart='/usr/bin/apt' autoremove -y ExecStart='/usr/bin/apt' autoremove -y
-ExecStartPost='/bin/sync' +ExecStart='/usr/bin/snap' refresh 
-ExecStartPost='/bin/systemctl' reboot</code>+ExecStartPost='/usr/bin/sync' 
 +ExecStartPost='/usr/bin/systemctl' reboot</code>
  
 ===== Timer ===== ===== Timer =====
  
-  * 06:10 Kraityn +  * ''00:00'' Alira
-  * 06:20 Alira +
-  * 06:30 Oak +
-  * 06:40 Hatebeat+
  
   sudo -e '/etc/systemd/system/ubuntu-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'ubuntu-up.timer' --now   sudo -e '/etc/systemd/system/ubuntu-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'ubuntu-up.timer' --now
Line 109: Line 223:
  
 [Timer] [Timer]
-OnCalendar=*-*-* 06:10:00+OnCalendar=*-*-* 00:00:00
 Persistent=true Persistent=true
  
Line 116: Line 230:
  
 ====== External Backup ====== ====== External Backup ======
 +
 +  * :!: 2023/05/04: This hasn't been used for years and likely needs re-factored
  
 ===== fstab ===== ===== fstab =====
Line 130: Line 246:
  
 ===== Service ===== ===== Service =====
- 
-  * TODO: Ubuntu paths 
  
   sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'   sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service'
Line 159: Line 273:
 ====== Notable Folders and Commands ====== ====== Notable Folders and Commands ======
  
-===== fstrim ===== +  See [[notes:misc_linux]]
- +
-**** +
- +
-  sudo fstrim -v --all +
- +
-===== Show CPU Frequency ===== +
- +
-  grep 'MHz' '/proc/cpuinfo' +
- +
-  watch -n 0.1 grep \'cpu MHz\' '/proc/cpuinfo' +
- +
-===== Partition Information ===== +
- +
-**** +
- +
-  df -hT +
- +
-===== Hyper-threading Information ===== +
- +
-**** +
- +
-  grep -e "processor" -e "core id" -e "^$" /proc/cpuinfo +
- +
-===== Optimal GCC compiler flags ===== +
- +
-**** +
- +
-  gcc -v -E -x c -march=native -mtune=native - < /dev/null 2>&1 | grep cc1 | perl -pe 's/ -mno-\S+//g; s/^.* - //g;' +
- +
-====== Privacy ====== +
- +
-===== Clear Terminal History ===== +
- +
-**** +
- +
-  history -cw +
- +
-===== Create 7z Password Archive ===== +
- +
-  * Change ''x'' in ''x.7z'' to the desired archive name +
-  * Change ''CHANGEME'' in ''-pCHANGEME'' to the desired password+
  
-  7za a 'x.7z' -p'CHANGEME' 
/var/www/wiki/data/attic/distros/ubuntu_server.1571417839.txt.gz · Last modified: 2019/10/18 12:57 by Sean Rhone