Differences

This shows you the differences between two versions of the page.

--- nndocs:initial [2024/02/15 16:32] – add infiniband info naptastic
+++ nndocs:initial [2026/04/01 22:21] (current) – [Move ~ to a BTRFS subvolume] fix thinko naptastic
@@ Line 1: / Line 1: @@
 ===== Naptastic Network Playbook =====
+====Partition drives====
-== Pre-install ==
 Partitioning: The most recent rebuild was shark, for which I took Debian's default EFI setup for the 2TB OS drive. I only changed / to BTRFS instead of ext4. Debian installs itself to a subvolume named @root and makes that subvolume the default, so it's ready for snapshotting backups.
-    apt -y install curl vim whois
+Add /mnt/snapshots in fstab.
-Make sure to enable contrib, non-free, non-free-firmware in /etc/apt/sources.list.
+====Disable resume from hibernate messages====
+  echo 'RESUME=none' > /etc/initramfs-tools/conf.d/resume
+  update-initramfs -u
-Comment out svcrdma in /etc/rdma/modules/rdma.conf or nfs-kernel-server won't start. I'm not sure what's **actually** needed to make NFS/RDMA work.
+====Move ~ to a BTRFS subvolume====
+Separate snapshotting the OS from snapshotting your files.
-==== All systems ====
+====SSH key for root====
-  * network interface names. Can I automate this? (Of course I can.)
+  mkdir /root/.ssh
-  * Profile stuff: Bash, Vim, ? Can I automate this? (Of course I can.)
+  chmod 700 /root/.ssh
-  * Network stuff. Too much goddamn customization.
+  curl https://keys.naptastic.com/david/naptastic.pub >> /root/.ssh/authorized_keys
-  * disable journald; configure logging for everything.
-    * Make a list of things that need to log
-    * How exactly do I want logging set up?
-=== All systems with Mellanox adapters ===
+====Reconfigure SSH====
-  * mst* installer
+Configure ssh for a high-numbered port, and not to allow password-based logins. Restart sshd. Verify that 'ssh root@localhost' fails. (You didn't forward your agent, did you?).
-  * copy production opensm configuration in case you have take over as SM
-  * (what needs to change here for VMs using virtual functions?)
-If your host is going to do audio stuff, follow the LAD playbook. Which also badly need an update.
+====Backups====
+Create /mnt/snapshots. Create an entry in /etc/fstab the same as for / but with "subvol=/":
-If your host is going to host web stuff, follow the LAMP playbook but keep in mind it's badly out-of-date. Be prepared to search, read docs, look for a better way.
+  # / was on /dev/nvme0n1p2 during installation
-===== Getting Started =====
+  UUID=some-long-string /               btrfs   noatime,nodiratime,subvol=@rootfs 0       0
+  UUID=some-long-string /mnt/snapshots  btrfs   noatime,nodiratime,subvol=/ 0       0
-Perform a network install of Debian.
+====Install Shorewall====
+  * customize interfaces, rules, policy...?
+  * /etc/default/shorewall
+  * /etc/shorewall/shorewall.conf
+  * systemctl enable
+  * reboot a bunch of times because it's not passing traffic for no reason
-run the naptastic installer if it didn't run as part of the installer:
+====Pick the best mirror====
+If the repo is installed or mounted locally:
+  deb file:///mnt/debian bookworm main contrib non-free non-free-firmware
+  deb-src file:///mnt/debian bookworm main contrib non-free
-  curl https://naptastic.com/initial.sh | /bin/bash
+If you have to get it via HTTP:
+  deb http://mirror.narf.rocks/debian/ bookworm main contrib non-free non-free-firmware
+  deb-src http://mirror.narf.rocks/debian/ bookworm main contrib non-free non-free-firmware
-  # This is not necessary unless the installer failed to do it.
+If you have to use public mirrors (RIP):
-  mkdir /root/.ssh
+  deb http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
-  chmod 700 /root/.ssh
+  deb-src http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
-  curl https://keys.naptastic.com/david/naptastic.pub >> /root/.ssh/authorized_keys
-Configure ssh for a high-numbered port, and not to allow password-based logins. Restart sshd. Verify that 'ssh root@localhost' fails. (You didn't forward your agent, did you?).
+====Remove crap====
+  apt -y remove update-notifier pulseaudio-module-bluetooth bluez blueman bluez-cups bluez-obexd modemmanager rtkit
-==== Networking ====
+====Install extra packages====
+(This is set up so you can triple-click each block you need, copy/paste or middle-paste into your terminal, then press enter at the end and install everything in one transaction.)
-  ln -s /dev/null /etc/systemd/network/99-default.link
+  apt -y install curl vim whois
-Here is what a link file looks like for an Ethernet device:
+Hardware hosts add:
+   smartmontools mdadm qemu-kvm gparted
-    $ cat /etc/systemd/network/20-igb0.link
+Desktops:
-    #
+   hexchat synaptic terminator fonts-lohit-knda fonts-knda keepassx evolution virt-manager network-manager-gnome
-    # Remember to `update-initramfs -u` after changing this file!
-    #
-    [Match]
-    MACAddress=b4:2e:99:38:a9:66
-    [Link]
-    Name=emo0
-    MTUBytes=9000
-Also update the interface names in /etc/network/interfaces. My current convention is to name devices with just a prefix and a number. "eth" is out because of kernel naming, so
+Audio workstations:
-  * emoX for ports on the motherboard
+   qjackctl alsa-tools-gui eq10q jalv jamin lilv-utils
-  * enX for gigabit stand-up cards
-  * mlxX for Mellanox devices in Ethernet mode (It could happen!)
-==== InfiniBand ====
+If you plan to compile your own kernel:
+   bison flex libssl-dev ncurses-dev libelf-dev
-Just make a page for this please.
+====Networking====
+===Device Names===
+  ln -s /dev/null /etc/systemd/network/99-default.link
-    apt -y install ibutils infiniband-diags libvma mstflint rdma-core qperf
+Here is what a link file looks like for an Ethernet device:
+  $ cat /etc/systemd/network/20-igb0.link
+  #
+  # Remember to `update-initramfs -u` after changing this file!
+  #
+  [Match]
+  MACAddress=b4:2e:99:38:a9:66
+  [Link]
+  Name=emo0
+  MTUBytes=9000
-  * opensm config--the defaults are awful
+  * emoX for ports on the motherboard
-  * partitions--the default config is awful
+  * enX for (multi-)gigabit stand-up cards
-    * Subnet speeds listed below.
+  * ibX for InfiniBand IPoIB devices (these do not need .link files though)
-  * the iSCSI page should mention iSER
+  * mlxX for Mellanox devices in Ethernet mode
-  * NFS-RDMA needs info
-    * **DO NOT** restart nfsd if there are active RDMA mounts. They will not recover.
-    * export needs 'insecure' option
-    * echo 'rdma 20049' > /proc/fs/nfsd/portlist # does not persist across reboots or restarts
-    * edit /etc/nfs.conf, set rdma=yes (I THINK) and rdma-port=20049 to make it persist
-Here are the speeds for partitions.conf:
+===Port Conventions===
+X is 0-indexed. Port 0 on a stand-up card is the farthest from the motherboard. On a motherboard, it's the left-most port if there's more than one port. I configure ConnectX-3 cards to be InfiniBand on port 0 and Ethernet on port 1, so a system ends up with interfaces named ib0 and mlx1.
-    #   2  = 2.5   GBit/s SDR
+===InfiniBand===
-    #   3  = 10    GBit/s SDR x4, QDR
+  * [[infiniband]]
-    #   4  = 30    GBit/s SDR x12
+  * mst* installer
-    #   5  = 5     GBit/s DDR
+  * copy production opensm configuration in case you have take over as SM
-    #   6  = 20    GBit/s DDR x4
+  * (what needs to change here for VMs using virtual functions?)
-    #   7  = 40    GBit/s QDR x4
-    #   8  = 60    GBit/s DDR x12
-    #   9  = 80    GBit/s QDR x8 (?)
-    #   10 = 120   GBit/s QDR x12
-    #   11 = 14    Gbit/s FDR
-    #   12 = 56    Gbit/s FDR x4
-    #   there are more, faster, in a weird order. Grep opensm's header files.
-===== Options =====
+Comment out svcrdma in /etc/rdma/modules/rdma.conf or nfs-kernel-server won't start. I'm not sure what's **actually** needed to make NFS/RDMA work.
-maybe you feel like it, maybe you don't. idk.
+===Ethernet configuration===
+Is a total mess right now. I don't know what I'm doing or how I want to do it.
-== Disable TTY screen blanking (Only necessary on Debian Jessie and older) ==
+====Hugepages====
+Useful for databases, PHP, Factorio, and probably other things! Add something like this to /etc/sysctl.conf:
-Add this to ''/etc/rc.local'' above the ''exit 0'' line:
+  vm.nr_hugepages=512
-  sh -c 'setterm -blank 0 -powersave off -powerdown 0 < /dev/console > /dev/console 2>&1'
+To make a non-persistent change,
-== For all systems ==
+  sysctl -w vm.nr_hugepages=512
-  apt -y remove update-notifier pulseaudio-module-bluetooth bluez blueman bluez-cups bluez-obexd modemmanager rtkit
+Make sure your locked memory limit is equal to or greater than the amount of RAM you're reserving for hugepages.
-== For hardware boxes ==
+====Shell profile====
+  * Profile stuff: Bash, Vim, ? Can I automate this? (Of course I can.)
-  apt -y install smartmontools qemu-kvm gparted
+====Logging====
+  * disable journald; configure logging for everything.
+  * Make a list of things that need to log
-== If you are using a graphical desktop environment ==
+====Email====
+lol, not yet
-(this needs an update: not sure about fonts packages. Also some network-manager-*-gnome packages might be useful depending on what kind of networking you're doing.)
+====Disable TTY screen blanking====
+I don't know when this is necessary anymore. Add this to ''/etc/rc.local'' above the ''exit 0'' line:
-  apt -y install hexchat synaptic terminator fonts-lohit-knda fonts-knda keepassx evolution virt-manager network-manager-gnome
+  sh -c 'setterm -blank 0 -powersave off -powerdown 0 < /dev/console > /dev/console 2>&1'
-== If you plan to do audio work ==
+====Audio workstations====
-  apt -y install qjackctl alsa-tools-gui eq10q jalv jamin lilv-utils
   cat >> /etc/pulse/daemon.conf
   default-sample-format = s24le
@@ Line 126: / Line 134: @@
   ^D
-== If you plan to compile your own kernel ==
+More on [[lad]].
-  apt -y install bison flex libssl-dev ncurses-dev libelf-dev