distros:ubuntu_server
This is an old revision of the document!
Table of Contents
Information
Installation Notes
- 23.10's installers don't work with only 512 MB of physical RAM 3), but fine with 1 GB+
Download
Etcher Image Writer
Ubuntu
HOSTS
- Unified hosts + fakenews + gambling
Initial
- Only run once
ls '/etc/hosts~' || wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sudo cp --backup '/tmp/hosts-tmp' '/etc/hosts' && sync
Update
ls '/etc/hosts~' && wget -O '/tmp/hosts-tmp' 'https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling/hosts' && sudo mv --force '/tmp/hosts-tmp' '/etc/hosts' && sync
Restore Backup
ls '/etc/hosts~' && sudo mv --force '/etc/hosts~' '/etc/hosts' && sync
Repositories
Disable cdrom Repo
- Add a
#to the line mentioningfile:/cdrom* SolvesE: The repository 'file:/cdrom mantic Release' no longer has a Release file.sudo -e '/etc/apt/sources.list' <code>#deb [check-date=no] file:/cdrom mantic main restricted</code> ===== Additional Ubuntu ===== * https://help.ubuntu.com/community/Repositories/Ubuntu * Onlyuniverseis likely needed * 2023/05/04: There doesn't seem to be a need to enable any of these by-default sudo add-apt-repository 'universe' sudo add-apt-repository 'multiverse' sudo add-apt-repository 'restricted' ===== Keybase ===== * https://keybase.io/ * https://prerelease.keybase.io/ *
This is only the signing key, see Keybase for client installation
wget -O '/tmp/code_signing_key.asc' 'https://keybase.io/docs/server_security/code_signing_key.asc' && sudo mv '/tmp/code_signing_key.asc' '/etc/apt/trusted.gpg.d/keybase.asc' && sync
====== Software ======
===== Update =====
==== System ====
sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean && sync
==== Firmware ====
sudo fwupdmgr refresh --force && sudo fwupdmgr update --verbose && sync
==== Snaps ====
sudo snap refresh
===== Keybase =====
* https://keybase.io
* TODO: Figure out backup script
rm -Rf '/tmp/keybase_amd64.deb' && wget -O '/tmp/keybase_amd64.deb' 'https://prerelease.keybase.io/keybase_amd64.deb' && sudo apt install '/tmp/keybase_amd64.deb' && rm '/tmp/keybase_amd64.deb' && sync && run_keybase
====== Settings ======
===== GRUB =====
==== Config ====
* More Kernel Parameters
* Add options in GRUB_CMDLINE_LINUX_DEFAULT=sudo -e '/etc/default/grub' && sudo update-grub ===== Drive Maintenance ===== ==== Trim ==== sudo systemctl enable 'fstrim.timer' --now && sudo systemctl start 'fstrim' && sync && sudo systemctl status 'fstrim' -l ==== XFS Scrub ==== * XFS - ArchWiki * This is only necessary if XFS is being used on any persistent drives such as a NAS, and requires xfsprogsto be installed sudo apt install 'xfsprogs' sudo systemctl enable 'xfs_scrub_all.timer' --now && sudo systemctl start 'xfs_scrub_all' && sync && sudo systemctl status 'xfs_scrub_all' -l ===== UTC ===== * System time - ArchWiki * Set RTC to UTC * Needed if Windows is installed first
* Windows should also be set to UTC
sudo timedatectl set-local-rtc '0'
==== Verify ====
timedatectl | grep local
===== OpenSSH =====
* See Client notes to generate/restore public key
* See Server notes to force public key auth and to further secure the OpenSSH server
===== Sensors =====
==== Install ====
sudo apt install lm-sensors
==== Detect ====
sudo sensors-detect --auto
==== Watch ====
sudo watch --interval '0.5' sensors
===== Uncomplicated Firewall =====
* Allows SSH
* Does not limit SSH 4)
* See ufw for more notes
sudo ufw reset && sudo ufw default deny && sudo ufw logging off && sudo ufw allow 'ssh' && sudo ufw enable && sudo systemctl enable 'ufw'
====== Automatic Updates ======
===== Config =====
* Should keep old config files in-case updated package changes their config (needs tested)
* 2023/05/04: Not sure if this is needed still?
sudo -e '/etc/apt/apt.conf.d/99auto-update-custom'
<code>
Dpkg::Options {
“--force-confdef”;
“--force-confold”;
}</code>
===== Service =====
* 2023/05/04: snap refreshneeds tested sudo -e '/etc/systemd/system/ubuntu-up.service' <code> [Service] Type=oneshot ExecStartPre='/usr/bin/apt' clean ExecStart='/usr/bin/apt' update ExecStart='/usr/bin/apt' full-upgrade -y ExecStart='/usr/bin/apt' autoremove -y ExecStart='/usr/bin/snap' refresh ExecStartPost='/usr/bin/sync' ExecStartPost='/usr/bin/systemctl' reboot</code> ===== Timer ===== * 03:00 Oak sudo -e '/etc/systemd/system/ubuntu-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'ubuntu-up.timer' --now <code> [Unit] Description=Software Package Maintenance and Updater After=network-online.target Wants=network-online.target [Timer] OnCalendar=*-*-* 03:00:00 Persistent=true [Install] WantedBy=timers.target</code> ====== External Backup ====== * 2023/05/04: This hasn't been used for years and likely needs re-factored
===== fstab =====
* Expects a drive of some kind with a XFS partition at /dev/sdb1sudo mkdir -p '/mnt/USB' && sudo -e '/etc/fstab' <code> # USB /dev/sdb1 /mnt/USB xfs rw,relatime,attr2,inode64,noquota 0 2</code> sudo mount '/dev/sdb1' ===== Service ===== sudo -e '/etc/systemd/system/backup-external.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/backup-external.service' <code> [Service] Type=oneshot ExecStartPre='/usr/bin/sync' ExecStart='/usr/bin/rsync' -r '/home/CHANGEME/backups' '/mnt/USB' --verbose --ignore-existing ExecStartPost='/usr/bin/sync'</code> ===== Timer ===== sudo -e '/etc/systemd/system/backup-external.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'backup-external.timer' --now <code> [Unit] Description=Backup Backups to External Device [Timer] OnCalendar=*-*-* 07:00:00 Persistent=true [Install] WantedBy=timers.target</code> ====== Notable Folders and Commands ====== * See misc_linux
/srv/www/wiki/data/attic/distros/ubuntu_server.1707314195.txt.gz · Last modified: (external edit)