Naptastic

User Tools

Site Tools

Trace: initial
nndocs:initial

Table of Contents

Naptastic Network Playbook

Partition drives

Partitioning: The most recent rebuild was shark, for which I took Debian's default EFI setup for the 2TB OS drive. I only changed / to BTRFS instead of ext4. Debian installs itself to a subvolume named @root and makes that subvolume the default, so it's ready for snapshotting backups.

Add /mnt/snapshots in fstab.

Move ~ to a BTRFS subvolume

Separate snapshotting the OS from snapshotting your files.

SSH key for root

mkdir /root/.ssh
chmod 700 /root/.ssh
curl https://keys.naptastic.com/david/naptastic.pub >> /root/.ssh/authorized_keys

Reconfigure SSH

Configure ssh for a high-numbered port, and not to allow password-based logins. Restart sshd. Verify that 'ssh root@localhost' fails. (You didn't forward your agent, did you?).

Backups

Create /mnt/snapshots. Create an entry in /etc/fstab the same as for / but with “subvol=/”: 

# / was on /dev/nvme0n1p2 during installation
UUID=some-long-string /               btrfs   noatime,nodiratime,subvol=@rootfs 0       0
UUID=some-long-string /mnt/snapshots  btrfs   noatime,nodiratime,subvol=/ 0       0

Install Shorewall

  • customize interfaces, rules, policy…?
  • /etc/default/shorewall
  • /etc/shorewall/shorewall.conf
  • systemctl enable
  • reboot a bunch of times because it's not passing traffic for no reason

Pick the best mirror

If the repo is installed or mounted locally: 

deb file:///mnt/debian bookworm main contrib non-free non-free-firmware
deb-src file:///mnt/debian bookworm main contrib non-free

If you have to get it via HTTP: 

deb http://mirror.narf.rocks/debian/ bookworm main contrib non-free non-free-firmware
deb-src http://mirror.narf.rocks/debian/ bookworm main contrib non-free non-free-firmware

If you have to use public mirrors (RIP): 

deb http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware

Remove crap

apt -y remove update-notifier pulseaudio-module-bluetooth bluez blueman bluez-cups bluez-obexd modemmanager rtkit

Install extra packages

(This is set up so you can triple-click each block you need, copy/paste or middle-paste into your terminal, then press enter at the end and install everything in one transaction.) 

apt -y install curl vim whois

Hardware hosts add: 

 smartmontools mdadm qemu-kvm gparted

Desktops: 

 hexchat synaptic terminator fonts-lohit-knda fonts-knda keepassx evolution virt-manager network-manager-gnome

Audio workstations: 

 qjackctl alsa-tools-gui eq10q jalv jamin lilv-utils

If you plan to compile your own kernel: 

 bison flex libssl-dev ncurses-dev libelf-dev

Networking

Device Names

ln -s /dev/null /etc/systemd/network/99-default.link

Here is what a link file looks like for an Ethernet device: 

$ cat /etc/systemd/network/20-igb0.link 
#
# Remember to `update-initramfs -u` after changing this file!
#
[Match]
MACAddress=b4:2e:99:38:a9:66

[Link]
Name=emo0
MTUBytes=9000
  • emoX for ports on the motherboard
  • enX for (multi-)gigabit stand-up cards
  • ibX for InfiniBand IPoIB devices (these do not need .link files though)
  • mlxX for Mellanox devices in Ethernet mode

Port Conventions

X is 0-indexed. Port 0 on a stand-up card is the farthest from the motherboard. On a motherboard, it's the left-most port if there's more than one port. I configure ConnectX-3 cards to be InfiniBand on port 0 and Ethernet on port 1, so a system ends up with interfaces named ib0 and mlx1.

InfiniBand

  • infiniband
  • mst* installer
  • copy production opensm configuration in case you have take over as SM
  • (what needs to change here for VMs using virtual functions?)

Comment out svcrdma in /etc/rdma/modules/rdma.conf or nfs-kernel-server won't start. I'm not sure what's actually needed to make NFS/RDMA work.

Ethernet configuration

Is a total mess right now. I don't know what I'm doing or how I want to do it.

Hugepages

Useful for databases, PHP, Factorio, and probably other things! Add something like this to /etc/sysctl.conf: 

vm.nr_hugepages=512

To make a non-persistent change, 

sysctl -w vm.nr_hugepages=512

Make sure your locked memory limit is equal to or greater than the amount of RAM you're reserving for hugepages.

Shell profile

  • Profile stuff: Bash, Vim, ? Can I automate this? (Of course I can.)

Logging

  • disable journald; configure logging for everything.
  • Make a list of things that need to log

Email

lol, not yet

Disable TTY screen blanking

I don't know when this is necessary anymore. Add this to /etc/rc.local above the exit 0 line: 

sh -c 'setterm -blank 0 -powersave off -powerdown 0 < /dev/console > /dev/console 2>&1'

Audio workstations

cat >> /etc/pulse/daemon.conf
default-sample-format = s24le
default-sample-rate = 96000
^D

More on lad.

nndocs/initial.txt · Last modified: 2024/12/05 18:16 by naptastic