Pop!_OS 22.04 on a server: btrfs, BTRBK, docker, NoMachine, Tailscale, UFW, IO_PAGE_FAULT скачать в хорошем качестве

Pop!_OS 22.04 on a server: btrfs, BTRBK, docker, NoMachine, Tailscale, UFW, IO_PAGE_FAULT

All commands and a written guide: https://mutschler.dev/linux/install-g... (coming soon) If you want to support the creation of such videos: https://buymeacoff.ee/mutschler --------------------------------------------- In this video I will do a clean install of my Lenovo server with POP!_OS 22.04 focusing on the following features: adapt POP!_OS installation for best use with btrfs and how to run in headless mode set up and use BTRBK for automatic btrfs snapshots and backups lock down server with UFW firewall and Tailscale ssh (only over Tailscale) remote desktop via NoMachine (only over Tailscale) docker containers for hugo website, nextcloud (with redis), gitea Solve IO_PAGE_FAULT errors following this video:    • AMD IO_PAGE_FAULT Woes? Here's The Fix For...   This is a long video as I am doing everything from scratch, but maybe there is a thing or two that you might find useful for your servers (see timestamps below). If you have other best practices and approaches that you can share with me to improve my server installation, please leave comments or write me an email. WARNING: I am just an enthusiastic linux user and have no professional training in running or securing servers! So any tips are very welcome! --------------------------------------------- Contents 0:00:00 - Start 0:03:07 - Access Lenovo SR655 Server via IPMI (or on-site) 0:03:22 - In-place update of POP!_OS from 21.10 to 22.04 does work (but we will still do a fresh install) 0:03:47 - Server boots into CLI 0:04:10 - Remote Desktop via NoMachine (secured via Tailscale) 0:04:34 - Specs of the server using neofetch 0:05:08 - Partition layout: Hardware RAID1, luks encryption, btrfs subvolumes for system, home, and docker user files 0:07:21 - fstab with additional mountpoints for optimal use with btrbk 0:09:21 - crypttab: backup and docker disk are encrypted with luks 0:09:53 - docker containers for my website, nextcloud, and gitea instance 0:10:03 - Reboot into POP!_OS 22.04. installer 0:11:10 - Double check partition layout because the names might change! 0:12:10 - Why am I relaxed to simply nuke and pave? Because I have btrfs snapshots and backups of those snapshots that can very easily be restored! 0:14:30 - Just out of curiosity: how does POP!_OS 22.04 clean install partition the disk 0:17:09 - Actual Install: Now we're going to re-use the partition layout, but use btrfs for the system filesystem 0:19:25 - Don't restart yet, but open a terminal for post installation steps 0:19:36 - Create btrfs subvolumes @ and @home (with some reasons why) 0:24:18 - Make changes to fstab (add btrfs subvolumes, use optimized mount options) 0:27:51 - Quicklook into crypttab 0:28:05 - Change kernel boot options: kernelstub and bootloader 0:28:22 - Re-Mount the @ subvolume 0:29:03 - Chroot into your system, i.e. into the @ subvolume 0:29:54 - Mount everything inside your system, i.e. check whether new fstab works 0:30:08 - Add rootflags to kernelstub configuration file 0:30:59 - Add rootflags to systemd bootloader 0:32:11 - update initramfs 0:32:50 - Finally reboot! Then some checks, connect to internet and update system. 0:35:56 - Enable fstrim.timer for SSD and NVME drives 0:36:23 - By default boot into CLI (terminal) and not into GUI (desktop) by disabling gdm 0:37:40 - Install OpenSSH Server 0:38:38 - Harden server by installing UFW and Tailscale 0:42:00 - Harden ssh config file by using only ssh keys and AllowUsers 0:43:06 - Install NoMachine 0:43:25 - Notice AMD IO_PAGE_FAULT errors 0:45:00 - For headless use stop gdm again and make NoMachine create a X virtual framebuffer on demand 0:45:24 - Put NoMachine behind firewall using Tailscale (NoMachine by default opens a port in your firewall) 0:51:07 - Solve IO_PAGE_FAULT_ERRORS following    • AMD IO_PAGE_FAULT Woes? Here's The Fix For...   0:52:52 - Automatically mount luks encrypted disks with key files via crypttab 0:59:48 - Prepare fstab for optimal use with BTRBK 1:08:38 - Load server scripts from GitHub and create .env with passwords 1:11:23 - Create btrfs snapshots and backups with BTRBK 1:19:25 - Install docker and docker compose 1:23:42 - Start docker container for SWAG, Nextcloud (with mariadb and redis), Gitea 1:25:30 - Set overcommit_memory = 1 for redis container --------------------------------------------- Corrections: --------------------------------------------- If you want to support the creation of such videos: https://buymeacoff.ee/mutschler