Post Install Tasks

First setup AUR

Time

Setup time using systemd-timesyncd.

timedatectl set-ntp true
timedatectl set-ntp 1

Configure Reflector

So you always have fresh mirrors, setup reflector.

pacman -S reflector

Create service to select the 200 most recently synchronized HTTP or HTTPS mirrors, sort them by download speed, and overwrite the file /etc/pacman.d/mirrorlist.

nano /etc/systemd/system/reflector.service
[Unit]
Description=Pacman mirrorlist update

[Service]
Type=oneshot
ExecStart=/usr/bin/reflector --latest 200 --protocol http --protocol https --sort rate --save /etc/pacman.d/mirrorlist

Create timer.

nano /etc/systemd/system/reflector.timer
[Unit]
Description=Run reflector weekly

[Timer]
OnCalendar=weekly
RandomizedDelaySec=12h
Persistent=true

[Install]
WantedBy=timers.target

That will run reflector weekly.

systemctl enable --now reflector.timer

Configure SMTP

I used to use ssmtp but since it's now unmaintained I've started using Msmtp.

pacman -S msmtp msmtp-mta

Setup system default.

cp /usr/share/doc/msmtp/msmtprc-system.example /etc/msmtprc

Example config file

# msmtp system wide configuration file

# A system wide configuration file with default account.
defaults

# The SMTP smarthost.
host smtp.fastmail.com
port 465

# Construct envelope-from addresses of the form "[email protected]".
#auto_from on
maildomain <your domain>

# Use TLS.
tls on
tls_starttls off

# Activate server certificate verification
tls_trust_file /etc/ssl/certs/ca-certificates.crt

# Syslog logging with facility LOG_MAIL instead of the default LOG_USER.
syslog LOG_MAIL

aliases               /etc/aliases

# msmtp root account, inherit from 'default' account
account default

user <your email>

from system@<your domain>

# Terrible...
# auth plain
# password <pass>

# or with passwordeval,
# passwordeval "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.msmtp-root.gpg"

account root : default

# password, see below

Set permissions.

chmod 600 /etc/msmtprc

You can setup a gpg encrypted passphrase if using interactively. The other (not very good option) is setting with 'password' in config.

Add aliases to /etc/aliases.

root: root@<yourdomain>

If anything private is in /etc/msmtprc, secure the file as shown on the Arch wiki.

Create an ssmtp group and set the owner of /etc/msmtp and the msmtp binary.

groupadd msmtp
chown :msmtp /etc/msmtprc
chown :msmtp /usr/bin/msmtp

Make sure only root, and the msmtp group can access msmtprc, then et the SGID bit on the binary

chmod 640 /etc/msmtprc
chmod g+s /usr/bin/msmtp

Then add a pacman hook to always set the file permissions after the package has been upgraded:

nano /usr/local/bin/msmtp-set-permissions
#!/bin/sh

chown :msmtp /usr/bin/msmtp
chmod g+s /usr/bin/msmtp

Make it executable:

chmod u+x /usr/local/bin/msmtp-set-permissions

Now add the pacman hook:

nano /usr/share/libalpm/hooks/msmtp-set-permissions.hook
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = msmtp

[Action]
Description = Set msmtp permissions for security
When = PostTransaction
Exec = /usr/local/bin/msmtp-set-permissions

Test mail

Send a test mail.

 echo "Text, more text." | /usr/bin/mail -s SUBJECT [email protected]

ZFS Configuration

I always set up snapshotting and replication as one of the first things I do on a new desktop.

Enable Snapshots

Install zfs-auto-snapshot (AUR) and setup snapshotting on all datasets.

pacaur -S zfs-auto-snapshot-git
systemctl enable --now zfs-auto-snapshot-daily.timer

Set all datasets to snapshot and disable any datasets that dont require snapshotting.

for ds in $(zfs list -H -o name); do
  MP="$(zfs get -H -o value mountpoint $ds )";
  if [ ${MP} == "legacy" ] || [ "${MP}" == "/" ]; then
    echo "${ds}: on";
    zfs set com.sun:auto-snapshot=true ${ds};
  else
    echo "${ds}: off";
    zfs set com.sun:auto-snapshot=false ${ds};
  fi;
done

In one line:

for ds in $(zfs list -H -o name); do MP="$(zfs get -H -o value mountpoint $ds )"; if [ ${MP} == "legacy" ] || [ "${MP}" == "/" ]; then echo "${ds}: on"; zfs set com.sun:auto-snapshot=true ${ds}; else echo "${ds}: off";zfs set com.sun:auto-snapshot=false ${ds}; fi; done

ZFS Replication With ZnapZend

Install ZnapZend (AUR) (it's a great tool, I maintain the AUR package).

pacaur -S znapzend
systemctl enable --now znapzend

Create a config for each dataset thet needs replicating, where SYSTEM will be a name for the dataset at ${POOL}/replication/${SYSTEM} on the remote. Specify the remote user and IP as well. Here is a small script I use for my setup. The grep can be adjusted to exclude any datasets that are unwanted.

#!/bin/sh

REMOTE_POOL_ROOT="${1}"
REMOTE_USER="${2}"
REMOTE_IP="${3}"

for ds in $(zfs list -H -o name | \
    grep -E 'data/|default|john|usr/|var/|lib/' | \
    grep -v cache); do
  echo "Creating: ${REMOTE_USER}@${REMOTE_IP}:${REMOTE_POOL_ROOT}/${ds}"

  # See ssh(1) for -tt
  # https://www.freebsd.org/cgi/man.cgi?query=ssh
  # In simple terms, force pseudo-terminal and pseudo tty
    ssh -tt ${REMOTE_USER}@${REMOTE_IP} \
      "~/znap_check_dataset ${REMOTE_POOL_ROOT}/${ds}"

  znapzendzetup create --tsformat='%Y-%m-%d-%H%M%S' \
    SRC '1d=>15min,7d=>1h,30d=>4h,90d=>1d' ${ds} \
    DST:${REMOTE_IP} '1d=>15min,7d=>1h,30d=>4h,90d=>1d,1y=>1w,10y=>1month' \
    "${REMOTE_USER}@${REMOTE_IP}:${REMOTE_POOL_ROOT}/${ds}"
done

On remote I have a pre-znazendzetup script which makes sure the remote location exists.

#!/bin/sh

# Pre zapzendzetup script. Put in ~/znap_check_dataset on remote and run with

ds="${1}"

if [ "$(zfs list -H -o name "${ds}")" = "${ds}" ]; then
  echo "${ds} exists, running ZnapZend."
else
  echo "Creating non-existant dataset ${ds}"
  zfs create -p "${ds}"
  zfs unmount "${ds}"
  echo "${ds} created, running ZnapZend."
fi

I would then run, for chin on replicator@<server ip>.

./znapcfg "tank/replication/chin" "replicator" "<server ip>"

Scrub

Setup a monthly scrub with a systemd unit and timercontaining the following.

nano /usr/lib/systemd/system/[email protected]
# /etc/systemd/system/[email protected]
[Unit]
Description=Scrub ZFS Pool
Requires=zfs.target
After=zfs.target

[Service]
Type=oneshot
ExecStartPre=-/usr/bin/zpool scrub -s %i
ExecStart=/usr/bin/zpool scrub %i
nano /etc/systemd/system/[email protected]
[Unit]
Description=Scrub ZFS pool weekly

[Timer]
OnCalendar=weekly
Persistent=true

[Install]
WantedBy=timers.target

Enable for pool.

systemctl enable --now [email protected]

Enable The ZFS Event Daemon

If an SMTP or MTA is configured, setup The ZFS Event Daemon (ZED)

nano /etc/zfs/zed.d/zed.rc

Ad an email and mail program and set verbosity.

ZED_EMAIL_ADDR="root"
ZED_EMAIL_PROG="mail"
ZED_NOTIFY_VERBOSE=1

Start and enable the daemon.

systemctl enable --now zfs-zed.service

Start a scrub and check for an email.

zpool scrub vault

Define Hostid

Define a hostid or problems arise at boot.

smart

Install smartmontools.

pacman -S smartmontools

Tests

Long or short tests can be run on a disk. A short test will check for device problems. The long test is just a short test plus complete disc surface examination.

Long test example:

smartctl -t long /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_152271401093
smartctl -t long /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_154501401266
smartctl -t long /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_164277402487
smartctl -t long /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_164277402657
smartctl -t long /dev/disk/by-id/ata-Samsung_SSD_840_EVO_250GB_S1DBNSADA75563M

Veiw results:

smartctl -H /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_152271401093
smartctl -H /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_154501401266
smartctl -H /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_164277402487
smartctl -H /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_164277402657
smartctl -H /dev/disk/by-id/ata-Samsung_SSD_840_EVO_250GB_S1DBNSADA75563M

Or, veiw all test results.

smartctl -l selftest /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_152271401093
smartctl -l selftest /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_154501401266
smartctl -l selftest /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_164277402487
smartctl -l selftest /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_164277402657
smartctl -l selftest /dev/disk/by-id/ata-Samsung_SSD_840_EVO_250GB_S1DBNSADA75563M

Or detailed results.

smartctl -a /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_152271401093
smartctl -a /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_154501401266
smartctl -a /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_164277402487
smartctl -a /dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_164277402657
smartctl -a /dev/disk/by-id/ata-Samsung_SSD_840_EVO_250GB_S1DBNSADA75563M

Daemon

The smartd daemon can also run, periodically running tests and will send you a message if a problem occurs.

Edit the configuration file at /etc/smartd.conf.

nano /etc/smartd.conf

To check for all errors on a disk use the option -a after the disk ID.

/dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_152271401093 -a -m <email>
/dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_154501401266 -a -m <email>
/dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_164277402487 -a -m <email>
/dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_164277402657 -a -m <email>
/dev/disk/by-id/ata-Samsung_SSD_840_EVO_250GB_S1DBNSADA75563M -a -m <email>

To test if your mail notification is working run a test, add -m <email address> -M test to the end of the config. This will run the test on the start of the daemon.:

DEVICESCAN -m <email address> -M test

Start smartd:

systemctl start smartd

My config looks like:

/dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_152271401093 -a -m <email>
/dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_154501401266 -a -m <email>
/dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_164277402487 -a -m <email>
/dev/disk/by-id/ata-SanDisk_SDSSDXPS480G_164277402657 -a -m <email>
/dev/disk/by-id/ata-Samsung_SSD_840_EVO_250GB_S1DBNSADA75563M -a -m <email>

nfs

pacman -S nfs-utils
systemctl enable --now rpcbind.service nfs-client.target remote-fs.target

Autofs

Install autofs.

pacman -S autofs
nano /etc/autofs/auto.master

Add or uncomment the following.

/net    -hosts   --timeout=60

Start and enable.

systemctl enable --now autofs

User Cache

I like to keep certain directories in tmpfs. It avoids extra writes to disk and can be faster since everything is stored in memory.

Cleaning the cache

I like periodically have my users cache directory cleaned. This can easily be done using tmpfiles.d.

Create a new file in the /etc/tmpfiles.d directory.

nano /etc/tmpfiles.d/home-cache.conf

Add a rule that will delete any file older than 10 days.

# remove files in /home/john/.cache older than 10 days
D /home/john/.cache 1755 john john 10d
PreviouslibvirtNextPackage Management

Last updated