133 lines
2.9 KiB
Markdown
133 lines
2.9 KiB
Markdown
# Foobar
|
|
|
|
These docs frequently reference an "operator" and a "client". The operator is
|
|
your laptop, computer, pipeline, or any device will be connecting to, or
|
|
configuring, the OS during/after install. The client is the device you're
|
|
installing the OS onto.
|
|
|
|
- [Foobar](#foobar)
|
|
- [Installation](#installation)
|
|
- [Network](#network)
|
|
- [Firewall](#firewall)
|
|
- [Setup SSH](#setup-ssh)
|
|
- [Enable IPv6](#enable-ipv6)
|
|
- [Set up Network Bridge](#set-up-network-bridge)
|
|
- [Storage](#storage)
|
|
- [Volumes](#volumes)
|
|
- [Snapshots](#snapshots)
|
|
- [Maintenance](#maintenance)
|
|
- [Backups](#backups)
|
|
- [TPM2 Luks Decryption](#tpm2-luks-decryption)
|
|
- [Users](#users)
|
|
- [Change your password](#change-your-password)
|
|
- [Updates](#updates)
|
|
- [Automatic Updates](#automatic-updates)
|
|
- [Monitoring](#monitoring)
|
|
- [Disk Usage](#disk-usage)
|
|
- [Disk Wear](#disk-wear)
|
|
- [Apps](#apps)
|
|
- [Troubleshooting](#troubleshooting)
|
|
|
|
## Installation
|
|
|
|
1. Configure network first
|
|
1. Set a hostname
|
|
2. Disable ipv6 privacy extensions
|
|
2. Software Selection
|
|
1. Headless Management
|
|
3. User Creation
|
|
1. Set a simple password, we'll change it later
|
|
4. Disk partitioning
|
|
1. Select manual (blivet) partitioning
|
|
2. Create a 1GB EFI system partition and mount it at `/boot/efi`
|
|
3. Create a 1GB ext4 partition and mount it at `/boot`
|
|
4. Create a btrfs volume with the remaining data and name it something unqiue, do not mount it
|
|
5. Create a btrfs subvolume called "root" and mount it at `/`
|
|
6. Create any other btrfs subvolumes you might need
|
|
5. Take note of the ipv4 and ipv6 address. Update any DNS records at this time.
|
|
6. Install and reboot
|
|
|
|
## Network
|
|
|
|
### Firewall
|
|
|
|
Allow SSH
|
|
|
|
```bash
|
|
# Your firewall command here
|
|
```
|
|
|
|
### Setup SSH
|
|
|
|
Install SSH
|
|
|
|
```bash
|
|
# Steps to install SSH server
|
|
```
|
|
|
|
### Enable IPv6
|
|
|
|
1. Disable privacy
|
|
2. Enable eui64 addressing
|
|
|
|
### Set up Network Bridge
|
|
|
|
Create a network bridge for VMs
|
|
|
|
## Storage
|
|
|
|
### Volumes
|
|
|
|
Create volumes for `/home`, `/var`, `/var/log`, `/tmp`, etc.
|
|
|
|
### Snapshots
|
|
|
|
If supported, set up automated snapshots to keep a history of your data.
|
|
|
|
### Maintenance
|
|
|
|
If supported, set up scrub and check jobs to ensure data integrity.
|
|
|
|
### Backups
|
|
|
|
Set up regular backups via a supported tool like Borg.
|
|
|
|
### TPM2 Luks Decryption
|
|
|
|
If you want automatic decryption via TPM2, set it up here.
|
|
|
|
## Users
|
|
|
|
### Change your password
|
|
|
|
Change the default user's password.
|
|
|
|
## Updates
|
|
|
|
Describe what needs updated regularly and how to update it.
|
|
|
|
### Automatic Updates
|
|
|
|
Set up automatic updates or security patches.
|
|
|
|
## Monitoring
|
|
|
|
Set up a monitoring service for resources or uptime.
|
|
|
|
### Disk Usage
|
|
|
|
Set up disk usage monitoring.
|
|
|
|
### Disk Wear
|
|
|
|
Set up physical disk wear monitoring for SSDs if applicable.
|
|
|
|
## Apps
|
|
|
|
Document any recommended apps here.
|
|
|
|
If your package manager requires specific configuration, put it here.
|
|
|
|
## Troubleshooting
|
|
|
|
Any troubleshooting recommendations for common issues. |