mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-09 03:31:33 -05:00
Compare commits
No commits in common. "46ea5f81bfa845085aee64fdf10a98a1287f1153" and "5c7a2850e63ea77214c8457bd98cb1b26fb2268d" have entirely different histories.
46ea5f81bf
...
5c7a2850e6
@ -128,11 +128,6 @@ sudo chmod 644 /etc/systemd/system/unbound.service.d/override.conf
|
||||
sudo systemctl enable --now unbound
|
||||
sudo systemctl disable systemd-resolved
|
||||
|
||||
### Differentiating bare metal and virtual installs
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
# Setup fwupd
|
||||
if [ "$virtualization" = 'none' ]; then
|
||||
sudo dnf install -y fwupd
|
||||
@ -145,6 +140,11 @@ if [ "$virtualization" = 'none' ]; then
|
||||
sudo systemctl enable --now fwupd-refresh.timer
|
||||
fi
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
### Differentiating bare metal and virtual installs
|
||||
|
||||
# Setup tuned
|
||||
sudo dnf install -y tuned
|
||||
sudo systemctl enable --now tuned
|
||||
@ -155,6 +155,17 @@ else
|
||||
sudo tuned-adm profile virtual-guest
|
||||
fi
|
||||
|
||||
|
||||
# Setup real-ucode
|
||||
MACHINE_TYPE=$(uname -m)
|
||||
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
||||
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
||||
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
||||
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
||||
sudo dnf install -y real-ucode
|
||||
sudo dracut -f
|
||||
fi
|
||||
|
||||
# Setup networking
|
||||
sudo firewall-cmd --permanent --remove-service=cockpit
|
||||
sudo firewall-cmd --reload
|
||||
|
@ -219,15 +219,15 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc' | sudo tee /etc/yum.re
|
||||
sudo chmod 644 /usr/local/share/applications/microsoft-edge.desktop
|
||||
fi
|
||||
|
||||
# Setup fwupd
|
||||
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
|
||||
sudo systemctl restart fwupd
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
### Differentiating bare metal and virtual installs
|
||||
|
||||
# Setup fwupd
|
||||
echo 'UriSchemes=file;https' | sudo tee -a /etc/fwupd/fwupd.conf
|
||||
sudo systemctl restart fwupd
|
||||
|
||||
# Setup tuned
|
||||
if [ "$virtualization" = 'none' ]; then
|
||||
output "Bare Metal installation. Tuned will not be set up here - PPD should take care of it."
|
||||
@ -238,6 +238,15 @@ else
|
||||
sudo tuned-adm profile virtual-guest
|
||||
fi
|
||||
|
||||
# Setup real-ucode
|
||||
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
||||
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
||||
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
||||
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
||||
sudo dnf install -y real-ucode
|
||||
sudo dracut -f
|
||||
fi
|
||||
|
||||
# Setup networking
|
||||
sudo firewall-cmd --set-default-zone=block
|
||||
sudo firewall-cmd --permanent --add-service=dhcpv6-client
|
||||
|
26
RHEL-9.sh
26
RHEL-9.sh
@ -89,12 +89,6 @@ sudo systemctl enable --now dnf-automatic.timer
|
||||
# Remove unnecessary packages
|
||||
sudo dnf remove -y cockpit*
|
||||
|
||||
# Install hardened_malloc
|
||||
sudo dnf copr enable secureblue/hardened_malloc -y
|
||||
sudo dnf install -y hardened_malloc
|
||||
echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
|
||||
sudo chmod 644 /etc/ld.so.preload
|
||||
|
||||
# Install appropriate virtualization drivers
|
||||
if [ "$virtualization" = 'kvm' ]; then
|
||||
sudo dnf install -y qemu-guest-agent
|
||||
@ -166,11 +160,6 @@ sudo systemctl enable --now unbound
|
||||
#sudo insights-client --collector malware-detection
|
||||
#sudo sed -i 's/test_scan: true/test_scan: false/' /etc/insights-client/malware-detection-config.yml
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
### Differentiating bare metal and virtual installs
|
||||
|
||||
# Setup fwupd
|
||||
if [ "$virtualization" = 'none' ]; then
|
||||
sudo dnf install -y fwupd
|
||||
@ -183,6 +172,11 @@ if [ "$virtualization" = 'none' ]; then
|
||||
sudo systemctl enable --now fwupd-refresh.timer
|
||||
fi
|
||||
|
||||
# Enable auto TRIM
|
||||
sudo systemctl enable fstrim.timer
|
||||
|
||||
### Differentiating bare metal and virtual installs
|
||||
|
||||
# Setup tuned
|
||||
sudo dnf install -y tuned
|
||||
sudo systemctl enable --now tuned
|
||||
@ -193,6 +187,16 @@ else
|
||||
sudo tuned-adm profile virtual-guest
|
||||
fi
|
||||
|
||||
# Setup real-ucode
|
||||
MACHINE_TYPE=$(uname -m)
|
||||
if [ "$virtualization" = 'none' ] && [ "${MACHINE_TYPE}" == 'x86_64' ]; then
|
||||
sudo dnf install -y 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
|
||||
sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
|
||||
sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware
|
||||
sudo dnf install -y real-ucode
|
||||
sudo dracut -f
|
||||
fi
|
||||
|
||||
# Setup networking
|
||||
sudo firewall-cmd --permanent --remove-service=cockpit
|
||||
sudo firewall-cmd --reload
|
||||
|
Loading…
Reference in New Issue
Block a user