mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2024-11-14 16:09:27 +01:00
3.9 KiB
3.9 KiB
Essential software for new systems
{{ page.excerpt }}
Automaattinen sisällysluettelo / Automatically generated Table of Contents
Security
microcode
- propietary, but otherwise CPU holes are going to be gaping open. Refer totail -n +1 /sys/devices/system/cpu/vulnerabilities/*
- Debian calls this as
amd64-microcode
orintel-microcode
- Debian calls this as
ufw
for Deb-based orfirewalld
on Fedorasshguard
for mitigating shared systems where others refuse to use keysneedrestart
for knowing when updates actually require services to be restarted or a kernel upgrade happens and requires rebootmolly-guard
so you won’t accidentallyreboot
orpoweroff
production rather than local machine.apt-listchanges
changelogs are worth knowing when updating.apt-listbugs
known bugs are especially nice when performing bigger updates.chrony
- security demands the time to be correct, Chrony supports NTS and is proper NTP server instead of just SNTP like systemd-timesyncd.- alternatively configure
systemd-timesyncd
- alternatively configure
unbound
- my choice for both DNSSEC validating and DNS-over-TLS, even if I had it connect to upstream dns[crypt]proxy- alternatively configure
systemd-resolved
. Simultaneouslysystemd-networkd
may be a good idea.
- alternatively configure
unattended-upgrades
ordnf-automatic
so security updates are at least downloaded if not even directly installed (see configuration and systemd units!)- if
dnf-automatic
, considersudo systemctl enable dnf-automatic-install.{timer,service}
or at leastsudo systemctl enable dnf-automatic-download.{timer,service}
- if
Usability
nvim git tmux zsh
- good luck without these- if cryptographic operations are taking ages, consider something like
haveged
. It’s controversial, so if there are no issues, don’t install a random number generator. - userspace oom killer, may avoid frozen systems, much more pleasant
than actually having to deal with a frozen system.
earlyoom
- remember to
sudo systemctl enable --now earlyoom
- remember to
systemd-oomd
- remember to
sudo systemctl enable --now systemd-oomd
- remember to
zram-tools
- small compressed swap in RAM- Remember to check configs! Fedora:
/etc/zram.conf
sudo systemctl enable --now zramswap.service zram-swap.service
- Remember to check configs! Fedora:
thermald
for additional help keeping system cool, especially intelsudo systemctl enable --now thermald
vnstat
- help for observing bandwidth usageyggdrasil
- essential for getting through Carrier Grade NAT whether there is IPv6 or not. Also gives static internal IPv6 reducing need for dynamic DNS.tlp
- for laptop power management, especially ThinkPad.sudo tlp-stat | less
sudo systemctl enable --now tlp
Offtopic system configuration
This is just too close to not mention here (and was besides in my planning issue):
Debian-based
sudo dpkg-reconfigure console-setup
- ensure UTF-8 and select Terminus
sudo dpkg-reconfigure keyboard-configuration
- compose key
SSD
sudo systemctl enable --now fstrim.timer
- check that
/etc/fstab
hasnoatime
so every file access isn’t written to the disk. BTRFS filesystems should also havessd
flag.