Naptastic

User Tools

Site Tools

Trace:
nndocs:initial

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
nndocs:initial [2019/05/19 21:15] – update for ubuntu 18.04 (part 1/?) naptasticnndocs:initial [2024/12/05 18:16] (current) – stub out thing naptastic
Line 1: Line 1:
-===== Standard Ubuntu Setup at narf.rocks =====+===== Naptastic Network Playbook ===== 
 +====Partition drives==== 
 +Partitioning: The most recent rebuild was shark, for which I took Debian's default EFI setup for the 2TB OS drive. I only changed / to BTRFS instead of ext4. Debian installs itself to a subvolume named @root and makes that subvolume the default, so it's ready for snapshotting backups.
  
-Perform a network install of Ubuntu 18.04. Mirror settings:+Add /mnt/snapshots in fstab.
  
-  * host: mirror.narf.rocks +====Move ~ to a BTRFS subvolume==== 
-  * directory: /ubuntu +Separate snapshotting the OS from snapshotting your files.
-  * No proxy+
  
-    apt remove - isc-dhcp-* systemd-resolved +====SSH key for root==== 
-    apt install dhcpcd5+  mkdir /root/.ssh 
 +  chmod 700 /root/.ssh 
 +  curl https://keys.naptastic.com/david/naptastic.pub >> /root/.ssh/authorized_keys
  
-== Essentials ==+====Reconfigure SSH==== 
 +Configure ssh for a high-numbered port, and not to allow password-based logins. Restart sshd. Verify that 'ssh root@localhost' fails. (You didn't forward your agent, did you?).
  
-Take these, you'll need them:+====Backups==== 
 +Create /mnt/snapshots. Create an entry in /etc/fstab the same as for / but with "subvol=/":
  
-  * ''apt-get -y install git vim lynx openssh-server lame autoconf smartmontools'' (omit smartmontools on VMs)+  # / was on /dev/nvme0n1p2 during installation 
 +  UUID=some-long-string /               btrfs   noatime,nodiratime,subvol=@rootfs 0       0 
 +  UUID=some-long-string /mnt/snapshots  btrfs   noatime,nodiratime,subvol=/ 0       0
  
-== Make history include human-readable timestamps ==+====Install Shorewall==== 
 +  * customize interfaces, rules, policy...? 
 +  * /etc/default/shorewall 
 +  * /etc/shorewall/shorewall.conf 
 +  * systemctl enable 
 +  * reboot a bunch of times because it's not passing traffic for no reason
  
-Put this at the end of both ''/etc/profile'' and ''/etc/bash.bashrc'':+====Pick the best mirror==== 
 +If the repo is installed or mounted locally: 
 +  deb file:///mnt/debian bookworm main contrib non-free non-free-firmware 
 +  deb-src file:///mnt/debian bookworm main contrib non-free
  
-  # Color ls output +If you have to get it via HTTP: 
-  export LS_OPTIONS='--color=auto' +  deb http://mirror.narf.rocks/debian/ bookworm main contrib non-free non-free-firmware 
-  eval "`dircolors`" +  deb-src http://mirror.narf.rocks/debian/ bookworm main contrib non-free non-free-firmware 
-  alias ls='ls $LS_OPTIONS'+ 
 +If you have to use public mirrors (RIP): 
 +  deb http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware 
 +  deb-src http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware 
 + 
 +====Remove crap==== 
 +  apt -y remove update-notifier pulseaudio-module-bluetooth bluez blueman bluez-cups bluez-obexd modemmanager rtkit 
 + 
 +====Install extra packages==== 
 +(This is set up so you can triple-click each block you need, copy/paste or middle-paste into your terminal, then press enter at the end and install everything in one transaction.) 
 + 
 +  apt -y install curl vim whois 
 + 
 +Hardware hosts add: 
 +   smartmontools mdadm qemu-kvm gparted 
 + 
 +Desktops: 
 +   hexchat synaptic terminator fonts-lohit-knda fonts-knda keepassx evolution virt-manager network-manager-gnome 
 + 
 +Audio workstations: 
 +   qjackctl alsa-tools-gui eq10q jalv jamin lilv-utils 
 + 
 +If you plan to compile your own kernel: 
 +   bison flex libssl-dev ncurses-dev libelf-dev 
 + 
 +====Networking==== 
 +===Device Names=== 
 +  ln -s /dev/null /etc/systemd/network/99-default.link 
 + 
 +Here is what a link file looks like for an Ethernet device: 
 +  $ cat /etc/systemd/network/20-igb0.link  
 +  # 
 +  # Remember to `update-initramfs -uafter changing this file! 
 +  
 +  [Match] 
 +  MACAddress=b4:2e:99:38:a9:66
      
-  # Timestamp history   +  [Link] 
-  export HISTTIMEFORMAT="%Y/%m/%e-%H:%M:%S "+  Name=emo0 
 +  MTUBytes=9000 
 + 
 +  * emoX for ports on the motherboard 
 +  * enX for (multi-)gigabit stand-up cards 
 +  * ibX for InfiniBand IPoIB devices (these do not need .link files though) 
 +  * mlxX for Mellanox devices in Ethernet mode 
 + 
 +===Port Conventions=== 
 +X is 0-indexed. Port 0 on a stand-up card is the farthest from the motherboard. On a motherboard, it's the left-most port if there's more than one port. I configure ConnectX-3 cards to be InfiniBand on port 0 and Ethernet on port 1, so a system ends up with interfaces named ib0 and mlx1. 
 + 
 +===InfiniBand=== 
 +  * [[infiniband]] 
 +  * mst* installer 
 +  * copy production opensm configuration in case you have take over as SM 
 +  * (what needs to change here for VMs using virtual functions?
 + 
 +Comment out svcrdma in /etc/rdma/modules/rdma.conf or nfs-kernel-server won't start. I'm not sure what's **actually** needed to make NFS/RDMA work. 
 + 
 +===Ethernet configuration=== 
 +Is a total mess right now. I don't know what I'm doing or how I want to do it.
  
-== Disable %!@#^ing console beeps ==+====Hugepages==== 
 +Useful for databases, PHP, Factorio, and probably other things! Add something like this to /etc/sysctl.conf:
  
-  * ''echo 'blacklist pcspkr' > /etc/modprobe.d/nobeep.conf'' (not sure if necessary anymore)+  vm.nr_hugepages=512
  
-== Disable %!@#^ing screen blanking ==+To make a non-persistent change,
  
-Add this to ''/etc/rc.local'' above the ''exit 0'' line:+  sysctl -w vm.nr_hugepages=512
  
-  sh -c 'setterm -blank 0 -powersave off -powerdown 0 < /dev/console > /dev/console 2>&1' (not sure if necessary anymore)+Make sure your locked memory limit is equal to or greater than the amount of RAM you're reserving for hugepages.
  
-== PS1 ==+====Shell profile==== 
 +  * Profile stuff: Bash, Vim, ? Can I automate this? (Of course I can.)
  
-Add this to your ''~/.bashrc'' file:+====Logging==== 
 +  * disable journald; configure logging for everything. 
 +  * Make a list of things that need to log
  
-  * ''PS1='\[\033[32;1m\][\u]@[\h]\[\033[0m\]\[\033[34;1m\][\t]\[\033[0m\]\[\033[35;1m\][\w]\[\033[0m\]\$ ' '' (this needs an update)+====Email==== 
 +lol, not yet
  
-===== If you are using a graphical desktop environment =====+====Disable TTY screen blanking==== 
 +I don't know when this is necessary anymore. Add this to ''/etc/rc.local'' above the ''exit 0'' line:
  
-  ''apt-get -y install gparted hexchat pidgin synaptic terminator fonts-lohit-knda fonts-knda'(this needs an update)+  sh -c 'setterm -blank 0 -powersave off -powerdown 0 < /dev/console > /dev/console 2>&1'
  
-===== If you plan to compile your own kernel =====+====Audio workstations==== 
 +  cat >> /etc/pulse/daemon.conf 
 +  default-sample-format s24le 
 +  default-sample-rate 96000 
 +  ^D
  
-  * ''apt-get -y install ncurses-dev'' (this is no longer sufficient)+More on [[lad]].
nndocs/initial.1558300547.txt.gz · Last modified: 2019/05/19 21:15 by naptastic