1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-22 17:41:32 -05:00

Compare commits

..

No commits in common. "46ea5f81bfa845085aee64fdf10a98a1287f1153" and "5c7a2850e63ea77214c8457bd98cb1b26fb2268d" have entirely different histories.

3 changed files with 44 additions and 20 deletions

View File

@ -128,11 +128,6 @@ sudo chmod 644 /etc/systemd/system/unbound.service.d/override.conf
sudo systemctl enable --now unbound sudo systemctl enable --now unbound
sudo systemctl disable systemd-resolved sudo systemctl disable systemd-resolved
### Differentiating bare metal and virtual installs
# Enable auto TRIM
sudo systemctl enable fstrim.timer
# Setup fwupd # Setup fwupd
if [ "$virtualization" = 'none' ]; then if [ "$virtualization" = 'none' ]; then
sudo dnf install -y fwupd sudo dnf install -y fwupd
@ -145,6 +140,11 @@ if [ "$virtualization" = 'none' ]; then
sudo systemctl enable --now fwupd-refresh.timer sudo systemctl enable --now fwupd-refresh.timer
fi fi
# Enable auto TRIM
sudo systemctl enable fstrim.timer
### Differentiating bare metal and virtual installs
# Setup tuned # Setup tuned
sudo dnf install -y tuned sudo dnf install -y tuned
sudo systemctl enable --now tuned sudo systemctl enable --now tuned
@ -155,6 +155,17 @@ else
sudo tuned-adm profile virtual-guest sudo tuned-adm profile virtual-guest
fi fi
# Setup real-ucode
MACHINE_TYPE=$(uname -m)
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
sudo dnf install -y real-ucode
sudo dracut -f
fi
# Setup networking # Setup networking
sudo firewall-cmd --permanent --remove-service=cockpit sudo firewall-cmd --permanent --remove-service=cockpit
sudo firewall-cmd --reload sudo firewall-cmd --reload

View File

@ -219,15 +219,15 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc' | sudo tee /etc/yum.re
sudo chmod 644 /usr/local/share/applications/microsoft-edge.desktop sudo chmod 644 /usr/local/share/applications/microsoft-edge.desktop
fi fi
# Setup fwupd
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
sudo systemctl restart fwupd
# Enable auto TRIM # Enable auto TRIM
sudo systemctl enable fstrim.timer sudo systemctl enable fstrim.timer
### Differentiating bare metal and virtual installs ### Differentiating bare metal and virtual installs
# Setup fwupd
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
sudo systemctl restart fwupd
# Setup tuned # Setup tuned
if [ "$virtualization" = 'none' ]; then if [ "$virtualization" = 'none' ]; then
output "Bare Metal installation. Tuned will not be set up here - PPD should take care of it." output "Bare Metal installation. Tuned will not be set up here - PPD should take care of it."
@ -238,6 +238,15 @@ else
sudo tuned-adm profile virtual-guest sudo tuned-adm profile virtual-guest
fi fi
# Setup real-ucode
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
sudo dnf install -y real-ucode
sudo dracut -f
fi
# Setup networking # Setup networking
sudo firewall-cmd --set-default-zone=block sudo firewall-cmd --set-default-zone=block
sudo firewall-cmd --permanent --add-service=dhcpv6-client sudo firewall-cmd --permanent --add-service=dhcpv6-client

View File

@ -89,12 +89,6 @@ sudo systemctl enable --now dnf-automatic.timer
# Remove unnecessary packages # Remove unnecessary packages
sudo dnf remove -y cockpit* sudo dnf remove -y cockpit*
# Install hardened_malloc
sudo dnf copr enable secureblue/hardened_malloc -y
sudo dnf install -y hardened_malloc
echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
sudo chmod 644 /etc/ld.so.preload
# Install appropriate virtualization drivers # Install appropriate virtualization drivers
if [ "$virtualization" = 'kvm' ]; then if [ "$virtualization" = 'kvm' ]; then
sudo dnf install -y qemu-guest-agent sudo dnf install -y qemu-guest-agent
@ -166,11 +160,6 @@ sudo systemctl enable --now unbound
#sudo insights-client --collector malware-detection #sudo insights-client --collector malware-detection
#sudo sed -i 's/test_scan: true/test_scan: false/' /etc/insights-client/malware-detection-config.yml #sudo sed -i 's/test_scan: true/test_scan: false/' /etc/insights-client/malware-detection-config.yml
# Enable auto TRIM
sudo systemctl enable fstrim.timer
### Differentiating bare metal and virtual installs
# Setup fwupd # Setup fwupd
if [ "$virtualization" = 'none' ]; then if [ "$virtualization" = 'none' ]; then
sudo dnf install -y fwupd sudo dnf install -y fwupd
@ -183,6 +172,11 @@ if [ "$virtualization" = 'none' ]; then
sudo systemctl enable --now fwupd-refresh.timer sudo systemctl enable --now fwupd-refresh.timer
fi fi
# Enable auto TRIM
sudo systemctl enable fstrim.timer
### Differentiating bare metal and virtual installs
# Setup tuned # Setup tuned
sudo dnf install -y tuned sudo dnf install -y tuned
sudo systemctl enable --now tuned sudo systemctl enable --now tuned
@ -193,6 +187,16 @@ else
sudo tuned-adm profile virtual-guest sudo tuned-adm profile virtual-guest
fi fi
# Setup real-ucode
MACHINE_TYPE=$(uname -m)
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
sudo dnf install -y real-ucode
sudo dracut -f
fi
# Setup networking # Setup networking
sudo firewall-cmd --permanent --remove-service=cockpit sudo firewall-cmd --permanent --remove-service=cockpit
sudo firewall-cmd --reload sudo firewall-cmd --reload