├── LICENSE ├── README.md └── ubuntu-base-setup.sh /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2025 YurinDoctrine 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ubuntu-base-setup 2 | 3 | ## RUN 4 | 5 | ```sh 6 | curl --tlsv1.2 -fsSL https://raw.githubusercontent.com/YurinDoctrine/ubuntu-base-setup/main/ubuntu-base-setup.sh >ubuntu-base-setup.sh && \ 7 | chmod 0755 ubuntu-base-setup.sh && \ 8 | ./ubuntu-base-setup.sh 9 | 10 | ``` 11 | -------------------------------------------------------------------------------- /ubuntu-base-setup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Before hop in 3 | sudo apt update && 4 | DEBIAN_PRIORITY=critical sudo apt install -f --assume-yes base-files binutils fwupd git gnupg haveged kmod libc-bin libelf-dev libfaudio-dev libglvnd-dev libinput-dev libx11-dev lm-sensors lz4 libpci-dev pkgconf psmisc rtkit ufw upower va-driver-all wget xdg-utils xserver-xorg-video-vesa && 5 | DEBIAN_PRIORITY=critical sudo apt install -f --assume-yes software-properties-common && 6 | DEBIAN_PRIORITY=critical sudo apt install -f --assume-yes ubuntu-drivers-common ubuntu-restricted-addons ubuntu-restricted-extras 7 | 8 | # ------------------------------------------------------------------------ 9 | 10 | echo -e "path-exclude /usr/share/doc/* 11 | path-exclude /usr/share/help/* 12 | path-exclude /usr/share/man/* 13 | path-exclude /usr/share/groff/* 14 | path-exclude /usr/share/info/* 15 | path-exclude /usr/share/locale/* 16 | path-exclude /usr/share/gnome/help/*/* 17 | path-exclude /usr/share/doc/kde/HTML/*/* 18 | path-exclude /usr/share/omf/*/*-*.emf 19 | # lintian stuff is small, but really unnecessary 20 | path-exclude /usr/share/lintian/* 21 | path-exclude /usr/share/linda/* 22 | # paths to keep 23 | path-include /usr/share/locale/locale.alias 24 | path-include /usr/share/locale/en/* 25 | path-include /usr/share/locale/en_GB/* 26 | path-include /usr/share/locale/en_GB.UTF-8/* 27 | # we need to keep copyright files for legal reasons 28 | path-include /usr/share/doc/*/copyright" | sudo tee /etc/dpkg/dpkg.cfg.d/01_nodoc 29 | echo -e 'Acquire::Languages "none";' | sudo tee /etc/apt/apt.conf.d/90nolanguages 30 | # Compress indexes 31 | echo -e 'Acquire::CompressionTypes::lz4 "lz4";' | sudo tee /etc/apt/apt.conf.d/02compress-indexes 32 | # Disable APT terminal logging 33 | echo -e 'Dir::Log::Terminal "";' | sudo tee /etc/apt/apt.conf.d/01disable-log 34 | # Disable APT timers 35 | sudo systemctl mask apt-daily.service >/dev/null 2>&1 36 | sudo systemctl mask apt-daily-upgrade.service >/dev/null 2>&1 37 | sudo systemctl mask apt-daily.timer >/dev/null 2>&1 38 | sudo systemctl mask apt-daily-upgrade.timer >/dev/null 2>&1 39 | 40 | # ------------------------------------------------------------------------ 41 | 42 | # Setting up locales & timezones 43 | echo -e "LANG=en_GB.UTF8" | sudo tee -a /etc/environment 44 | echo -e "LANGUAGE=en_GB.UTF8" | sudo tee -a /etc/environment 45 | echo -e "LC_ALL=C" | sudo tee -a /etc/environment 46 | sudo apt install --reinstall --purge -yy locales 47 | sudo sed -i -e 's/^#en_GB.UTF-8 UTF-8/en_GB.UTF-8 UTF-8/' /etc/locale.gen 48 | sudo locale-gen en_GB.UTF-8 49 | sudo localectl set-locale LANG=en_GB.UTF-8 50 | sudo timedatectl set-timezone Europe/Moscow 51 | # Disable time sync service 52 | sudo systemctl mask time-sync.target >/dev/null 2>&1 53 | 54 | # ------------------------------------------------------------------------ 55 | 56 | # Don't reserve space man-pages, locales, licenses. 57 | echo -e "Remove useless companies" 58 | sudo apt-get remove --purge *texlive* -yy 59 | find /usr/share/doc/ -depth -type f ! -name copyright | xargs sudo rm -f || true 60 | find /usr/share/doc/ | grep '\.gz' | xargs sudo rm -f 61 | find /usr/share/doc/ | grep '\.pdf' | xargs sudo rm -f 62 | find /usr/share/doc/ | grep '\.tex' | xargs sudo rm -f 63 | find /usr/share/doc/ -empty | xargs sudo rmdir || true 64 | sudo rm -rfd /usr/share/groff/* /usr/share/info/* /usr/share/lintian/* \ 65 | /usr/share/linda/* /var/cache/man/* /usr/share/man/* /usr/share/X11/locale/!\(en_GB\) 66 | sudo rm -rfd /usr/share/locale/!\(en_GB\) 67 | 68 | # ------------------------------------------------------------------------ 69 | 70 | # GNOME tweaks 71 | sudo rm -rfd /etc/gdm{3}/custom.conf 72 | sudo rm -rfd /etc/dconf/db/gdm{3}.d/01-logo 73 | sudo rm -rfd /var/lib/gdm{3}/.cache/* 74 | 75 | # Privacy 76 | gsettings set org.gnome.system.location enabled false 77 | gsettings set org.gnome.desktop.privacy disable-camera true 78 | gsettings set org.gnome.desktop.privacy disable-microphone true 79 | gsettings set org.gnome.desktop.privacy remember-recent-files false 80 | gsettings set org.gnome.desktop.privacy hide-identity true 81 | gsettings set org.gnome.desktop.privacy report-technical-problems false 82 | gsettings set org.gnome.desktop.privacy send-software-usage-stats false 83 | 84 | # Security 85 | gsettings set org.gnome.login-screen allowed-failures 5 86 | gsettings set org.gnome.desktop.screensaver user-switch-enabled false 87 | gsettings set org.gnome.SessionManager logout-prompt false 88 | gsettings set org.gnome.desktop.media-handling autorun-never true 89 | 90 | # Media 91 | gsettings set org.gnome.desktop.sound event-sounds false 92 | gsettings set org.gnome.settings-daemon.plugins.media-keys max-screencast-length 0 93 | 94 | # Power 95 | gsettings set org.gnome.desktop.session idle-delay 0 96 | gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-type 'nothing' 97 | gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type 'nothing' 98 | gsettings set org.gnome.settings-daemon.plugins.power power-button-action 'interactive' 99 | gsettings set org.gnome.desktop.interface enable-animations false 100 | 101 | # Display 102 | gsettings set org.gnome.desktop.interface scaling-factor 1 103 | gsettings set org.gnome.desktop.interface text-scaling-factor 1.2 104 | gsettings set org.gnome.mutter experimental-features "['x11-randr-fractional-scaling'"', '"'scale-monitor-framebuffer']" 105 | gsettings set org.gnome.settings-daemon.plugins.xsettings antialiasing 'rgba' 106 | gsettings set org.gnome.settings-daemon.plugins.xsettings hinting 'slight' 107 | 108 | # Keyboard 109 | gsettings set org.gnome.desktop.peripherals.keyboard delay 500 110 | gsettings set org.gnome.desktop.peripherals.keyboard repeat-interval 100 111 | 112 | # Mouse 113 | gsettings set org.gnome.desktop.peripherals.mouse accel-profile flat 114 | 115 | # Misc 116 | gsettings set org.gtk.Settings.FileChooser show-hidden true 117 | gsettings set org.gnome.mutter attach-modal-dialogs false 118 | gsettings set org.gnome.shell.overrides attach-modal-dialogs false 119 | gsettings set org.gnome.shell.overrides edge-tiling true 120 | gsettings set org.gnome.mutter edge-tiling true 121 | gsettings set org.gnome.desktop.background color-shading-type vertical 122 | 123 | # ------------------------------------------------------------------------ 124 | 125 | # KDE tweaks 126 | kwriteconfig5 --file kwinrc --group Compositing --key "Enabled" --type bool true 127 | kwriteconfig5 --file kwinrc --group Compositing --key "LatencyPolicy" "ExtremelyLow" 128 | kwriteconfig5 --file kwinrc --group Compositing --key "AnimationSpeed" 3 129 | kwriteconfig5 --file kwinrc --group Windows --key "AutoRaiseInterval" 125 130 | kwriteconfig5 --file kwinrc --group Windows --key "DelayFocusInterval" 125 131 | kwriteconfig5 --file kdeglobals --group KDE --key "AnimationDurationFactor" 0.125 132 | kwriteconfig5 --file ksplashrc --group KSplash --key Engine "none" 133 | kwriteconfig5 --file ksplashrc --group KSplash --key Theme "none" 134 | kwriteconfig5 --file klaunchrc --group FeedbackStyle --key "BusyCursor" --type bool false 135 | kwriteconfig5 --file klaunchrc --group BusyCursorSettings --key "Blinking" --type bool false 136 | kwriteconfig5 --file klaunchrc --group BusyCursorSettings --key "Bouncing" --type bool false 137 | kwriteconfig5 --file kwalletrc --group Wallet --key "Enabled" --type bool false 138 | kwriteconfig5 --file kwalletrc --group Wallet --key "First Use" --type bool false 139 | 140 | # ------------------------------------------------------------------------ 141 | 142 | # Set environment variables 143 | echo -e "CPU_LIMIT=0 144 | GPU_USE_SYNC_OBJECTS=1 145 | SHARED_MEMORY=1 146 | MALLOC_CONF=background_thread:true 147 | MALLOC_CHECK=0 148 | MALLOC_TRACE=0 149 | LD_DEBUG_OUTPUT=0 150 | LD_BIND_NOW=1 151 | MESA_DEBUG=0 152 | LIBGL_DEBUG=0 153 | LIBGL_NO_DRAWARRAYS=1 154 | LIBGL_THROTTLE_REFRESH=1 155 | LIBC_FORCE_NOCHECK=1 156 | HISTCONTROL=ignoreboth:eraseboth 157 | HISTSIZE=5 158 | LESSHISTFILE=- 159 | LESSHISTSIZE=0 160 | LESSSECURE=1 161 | PAGER=less" | sudo tee -a /etc/environment 162 | 163 | # ------------------------------------------------------------------------ 164 | 165 | # This may take time 166 | echo -e "Installing Base System" 167 | 168 | PKGS=( 169 | # --- Importants 170 | 171 | 'chrony' # Versatile implementation of the Network Time Protocol 172 | 'dbus-broker' # Linux D-Bus Message Broker 173 | 'mksh' # MirBSD Korn Shell 174 | 'powertop' # A tool to diagnose issues with power consumption and power management 175 | 'prelink' # Makes applications run faster by prefetching ELF shared libraries and executables 176 | 'preload' # Makes applications run faster by prefetching binaries and shared objects 177 | 'tumbler' # D-Bus service for applications to request thumbnails 178 | 179 | # GENERAL UTILITIES --------------------------------------------------- 180 | 181 | 'acpid' # A daemon for delivering ACPI power management events with netlink support 182 | 'ethtool' # An utility for controlling network drivers and hardware 183 | 'irqbalance' # IRQ balancing daemon for SMP systems 184 | 'linux-cpupower' # A tool to examine and tune power saving related features of your processor 185 | 'numad' # Simple NUMA policy support 186 | 'unscd' # Micro Name Service Caching Daemon 187 | 'upx-ucl' # An advanced executable file compressor 188 | 'woff2' # Web Open Font Format 2 189 | 190 | # DEVELOPMENT --------------------------------------------------------- 191 | 'clang' # C language family frontend for LLVM 192 | 'linux-libc-dev' # Linux support headers for userspace development 193 | 194 | ) 195 | 196 | for PKG in "${PKGS[@]}"; do 197 | echo -e "INSTALLING: ${PKG}" 198 | sudo apt install -f --assume-yes --install-recommends "$PKG" 199 | done 200 | 201 | echo -e "Done!" 202 | 203 | # ------------------------------------------------------------------------ 204 | 205 | echo -e "FINAL SETUP AND CONFIGURATION" 206 | 207 | # Sudo rights 208 | echo -e "Add sudo rights" 209 | sudo sed -i -e 's/^# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' /etc/sudoers 210 | 211 | # ------------------------------------------------------------------------ 212 | 213 | echo -e "Display asterisks when sudo" 214 | echo -e "Defaults pwfeedback" | sudo tee -a /etc/sudoers 215 | 216 | # ------------------------------------------------------------------------ 217 | 218 | echo -e "Disabling Pulse .esd_auth module" 219 | sudo killall -9 pulseaudio 220 | # Pulse audio loads the `esound-protocol` module, which best I can tell is rarely needed. 221 | # That module creates a file called `.esd_auth` in the home directory which I'd prefer to not be there. So... 222 | sudo sed -i -e 's|load-module module-esound-protocol-unix|#load-module module-esound-protocol-unix|g' /etc/pulse/default.pa 223 | # Disable Pulse bluetooth switch 224 | sudo sed -i -e 's|load-module module-switch-on-connect|#load-module module-switch-on-connect|g' /etc/pulse/default.pa 225 | # Restart PulseAudio. 226 | sudo killall -HUP pulseaudio 227 | 228 | # ------------------------------------------------------------------------ 229 | 230 | # Prevent stupid feedbacks et cetera 231 | echo -e "blacklist pcspkr 232 | blacklist snd_pcsp 233 | blacklist lpc_ich 234 | blacklist gpio-ich 235 | blacklist iTCO_wdt 236 | blacklist iTCO_vendor_support 237 | blacklist joydev 238 | blacklist mousedev 239 | blacklist mac_hid 240 | blacklist uvcvideo 241 | blacklist parport_pc 242 | blacklist parport 243 | blacklist lp 244 | blacklist ppdev 245 | blacklist sunrpc 246 | blacklist floppy 247 | blacklist arkfb 248 | blacklist aty128fb 249 | blacklist atyfb 250 | blacklist radeonfb 251 | blacklist cirrusfb 252 | blacklist cyber2000fb 253 | blacklist kyrofb 254 | blacklist matroxfb_base 255 | blacklist mb862xxfb 256 | blacklist neofb 257 | blacklist pm2fb 258 | blacklist pm3fb 259 | blacklist s3fb 260 | blacklist savagefb 261 | blacklist sisfb 262 | blacklist tdfxfb 263 | blacklist tridentfb 264 | blacklist vt8623fb 265 | blacklist sp5100-tco 266 | blacklist sp5100_tco 267 | blacklist pcmcia 268 | blacklist yenta_socket 269 | blacklist dccp 270 | blacklist sctp 271 | blacklist rds 272 | blacklist tipc 273 | blacklist n-hdlc 274 | blacklist ax25 275 | blacklist netrom 276 | blacklist x25 277 | blacklist rose 278 | blacklist decnet 279 | blacklist econet 280 | blacklist af_802154 281 | blacklist ipx 282 | blacklist appletalk 283 | blacklist psnap 284 | blacklist p8022 285 | blacklist p8023 286 | blacklist llc 287 | blacklist i2400m 288 | blacklist i2400m_usb 289 | blacklist wimax 290 | blacklist parport 291 | blacklist parport_pc 292 | blacklist cramfs 293 | blacklist freevxfs 294 | blacklist jffs2 295 | blacklist hfs 296 | blacklist hfsplus 297 | blacklist squashfs 298 | blacklist wl 299 | blacklist ssb 300 | blacklist b43 301 | blacklist b43legacy 302 | blacklist bcma 303 | blacklist bcm43xx 304 | blacklist brcm80211 305 | blacklist brcmfmac 306 | blacklist brcmsmac" | sudo tee /etc/modprobe.d/nomisc.conf 307 | # Disable bios limit 308 | echo -e "options processor ignore_ppc=1" | sudo tee /etc/modprobe.d/ignore_ppc.conf 309 | 310 | # ------------------------------------------------------------------------ 311 | 312 | # Prevent motd news* 313 | sudo sed -i -e 's/ENABLED=.*/ENABLED=0/' /etc/default/motd-news 314 | sudo systemctl mask motd-news.timer >/dev/null 2>&1 315 | 316 | # ------------------------------------------------------------------------ 317 | 318 | # btrfs tweaks if disk is 319 | sudo systemctl enable btrfs-scrub@home.timer 320 | sudo systemctl enable btrfs-scrub@-.timer 321 | sudo btrfs property set / compression lz4 322 | sudo btrfs property set /home compression lz4 323 | sudo btrfs filesystem defragment -r -v -clz4 / 324 | sudo chattr +c / 325 | sudo btrfs filesystem defragment -r -v -clz4 /home 326 | sudo chattr +c /home 327 | sudo btrfs balance start -musage=0 -dusage=50 / 328 | sudo btrfs balance start -musage=0 -dusage=50 /home 329 | sudo chattr +C /swapfile 330 | 331 | # ------------------------------------------------------------------------ 332 | 333 | echo -e "Apply disk tweaks" 334 | sudo sed -i -e 's| defaults| rw,lazytime,commit=3600,delalloc,nobarrier,nofail,discard|g' /etc/fstab 335 | sudo sed -i -e 's| errors=remount-ro| rw,lazytime,commit=3600,delalloc,nobarrier,nofail,discard,errors=remount-ro|g' /etc/fstab 336 | 337 | # ------------------------------------------------------------------------ 338 | 339 | # Optimize sysctl 340 | sudo sed -i -e '/^\/\/swappiness/d' /etc/sysctl.conf 341 | echo -e "vm.swappiness = 1 342 | vm.vfs_cache_pressure = 50 343 | vm.overcommit_memory = 1 344 | vm.overcommit_ratio = 50 345 | vm.dirty_background_ratio = 5 346 | vm.dirty_ratio = 10 347 | vm.stat_interval = 60 348 | vm.page-cluster = 0 349 | vm.dirty_expire_centisecs = 500 350 | vm.dirty_writeback_centisecs = 1500 351 | vm.oom_dump_tasks = 0 352 | vm.oom_kill_allocating_task = 1 353 | vm.extfrag_threshold = 500 354 | vm.block_dump = 0 355 | vm.reap_mem_on_sigkill = 1 356 | vm.panic_on_oom = 0 357 | vm.zone_reclaim_mode = 0 358 | vm.scan_unevictable_pages = 0 359 | vm.compact_unevictable_allowed = 1 360 | vm.compaction_proactiveness = 0 361 | vm.page_lock_unfairness = 1 362 | vm.percpu_pagelist_high_fraction = 0 363 | vm.pagecache = 1 364 | vm.watermark_scale_factor = 1 365 | vm.memory_failure_recovery = 0 366 | vm.max_map_count = 262144 367 | min_perf_pct = 100 368 | kernel.io_delay_type = 3 369 | kernel.task_delayacct = 0 370 | kernel.sysrq = 0 371 | kernel.watchdog_thresh = 10 372 | kernel.nmi_watchdog = 0 373 | kernel.seccomp = 0 374 | kernel.timer_migration = 0 375 | kernel.core_pipe_limit = 0 376 | kernel.core_uses_pid = 1 377 | kernel.hung_task_timeout_secs = 0 378 | kernel.sched_rr_timeslice_ms = -1 379 | kernel.sched_rt_runtime_us = -1 380 | kernel.sched_rt_period_us = 1 381 | kernel.sched_child_runs_first = 1 382 | kernel.sched_tunable_scaling = 1 383 | kernel.sched_schedstats = 0 384 | kernel.sched_energy_aware = 0 385 | kernel.sched_autogroup_enabled = 0 386 | kernel.sched_compat_yield = 0 387 | kernel.sched_min_task_util_for_colocation = 0 388 | kernel.sched_nr_migrate = 4 389 | kernel.sched_migration_cost_ns = 100000 390 | kernel.sched_latency_ns = 100000 391 | kernel.sched_min_granularity_ns = 100000 392 | kernel.sched_wakeup_granularity_ns = 1000 393 | kernel.sched_scaling_enable = 1 394 | kernel.sched_itmt_enabled = 1 395 | kernel.numa_balancing = 1 396 | kernel.panic = 0 397 | kernel.panic_on_oops = 0 398 | kernel.perf_cpu_time_max_percent = 1 399 | kernel.printk = 3 3 3 3 400 | kernel.printk_devkmsg = off 401 | kernel.compat-log = 0 402 | kernel.yama.ptrace_scope = 1 403 | kernel.stack_tracer_enabled = 0 404 | kernel.random.urandom_min_reseed_secs = 120 405 | kernel.perf_event_paranoid = -1 406 | kernel.perf_event_max_contexts_per_stack = 2 407 | kernel.perf_event_max_sample_rate = 1 408 | kernel.kptr_restrict = 2 409 | kernel.randomize_va_space = 0 410 | kernel.exec-shield = 0 411 | kernel.kexec_load_disabled = 1 412 | kernel.acpi_video_flags = 0 413 | kernel.unknown_nmi_panic = 0 414 | kernel.panic_on_unrecovered_nmi = 0 415 | dev.i915.perf_stream_paranoid = 0 416 | dev.scsi.logging_level = 0 417 | debug.exception-trace = 0 418 | debug.kprobes-optimization = 1 419 | fs.inotify.max_user_watches = 1048576 420 | fs.inotify.max_user_instances = 1048576 421 | fs.inotify.max_queued_events = 1048576 422 | fs.quota.allocated_dquots = 0 423 | fs.quota.cache_hits = 0 424 | fs.quota.drops = 0 425 | fs.quota.free_dquots = 0 426 | fs.quota.lookups = 0 427 | fs.quota.reads = 0 428 | fs.quota.syncs = 0 429 | fs.quota.warnings = 0 430 | fs.quota.writes = 0 431 | fs.leases-enable = 1 432 | fs.lease-break-time = 5 433 | fs.dir-notify-enable = 0 434 | force_latency = 1 435 | net.ipv4.tcp_frto=1 436 | net.ipv4.tcp_frto_response=2 437 | net.ipv4.tcp_low_latency=1 438 | net.ipv4.tcp_slow_start_after_idle=0 439 | net.ipv4.tcp_window_scaling=1 440 | net.ipv4.tcp_keepalive_time=300 441 | net.ipv4.tcp_keepalive_probes=5 442 | net.ipv4.tcp_keepalive_intvl=15 443 | net.ipv4.tcp_ecn=1 444 | net.ipv4.tcp_fastopen=3 445 | net.ipv4.tcp_early_retrans=2 446 | net.ipv4.tcp_thin_dupack=1 447 | net.ipv4.tcp_autocorking=0 448 | net.ipv4.tcp_reordering=3 449 | net.ipv4.tcp_timestamps=0 450 | net.core.bpf_jit_enable=1 451 | net.core.bpf_jit_harden=0 452 | net.core.bpf_jit_kallsyms=0" | sudo tee /etc/sysctl.d/99-swappiness.conf 453 | echo -e "Drop caches" 454 | sudo sysctl -w vm.compact_memory=1 && sudo sysctl -w vm.drop_caches=3 && sudo sysctl -w vm.drop_caches=2 455 | echo -e "Restart swap" 456 | sudo swapoff -av && sudo swapon -av 457 | 458 | # ------------------------------------------------------------------------ 459 | 460 | # Enable trim 461 | sudo systemctl enable fstrim.service 462 | sudo systemctl enable fstrim.timer 463 | sudo systemctl start fstrim.service 464 | sudo systemctl start fstrim.timer 465 | echo -e "Run fstrim" 466 | sudo fstrim -Av 467 | 468 | # ------------------------------------------------------------------------ 469 | 470 | ## Remove floppy cdrom 471 | sudo sed -i -e '/floppy/d' /etc/fstab 472 | sudo sed -i -e '/sr/d' /etc/fstab 473 | 474 | # ------------------------------------------------------------------------ 475 | 476 | ## DPKG keep current versions of configs 477 | echo -e 'DPkg::Options { 478 | "--force-confdef"; 479 | };' | sudo tee /etc/apt/apt.conf.d/71debconf 480 | ## APT no install suggests 481 | echo -e 'APT::Get::Install-Suggests "false";' | sudo tee /etc/apt/apt.conf.d/95nosuggests 482 | ## Disable APT caches 483 | echo -e 'Dir::Cache { 484 | archives ""; 485 | srcpkgcache ""; 486 | pkgcache ""; 487 | };' | sudo tee /etc/apt/apt.conf.d/02nocache 488 | 489 | # ------------------------------------------------------------------------ 490 | 491 | ## Set some ulimits to unlimited 492 | echo -e "* soft nofile 524288 493 | * hard nofile 524288 494 | root soft nofile 524288 495 | root hard nofile 524288 496 | * soft as unlimited 497 | * hard as unlimited 498 | root soft as unlimited 499 | root hard as unlimited 500 | * soft memlock unlimited 501 | * hard memlock unlimited 502 | root soft memlock unlimited 503 | root hard memlock unlimited 504 | * soft core unlimited 505 | * hard core unlimited 506 | root soft core unlimited 507 | root hard core unlimited 508 | * soft nproc unlimited 509 | * hard nproc unlimited 510 | root soft nproc unlimited 511 | root hard nproc unlimited 512 | * soft sigpending unlimited 513 | * hard sigpending unlimited 514 | root soft sigpending unlimited 515 | root hard sigpending unlimited 516 | * soft stack unlimited 517 | * hard stack unlimited 518 | root soft stack unlimited 519 | root hard stack unlimited 520 | * soft data unlimited 521 | * hard data unlimited 522 | root soft data unlimited 523 | root hard data unlimited" | sudo tee /etc/security/limits.conf 524 | ## Set realtime to unlimited 525 | echo -e "@realtime - rtprio 99 526 | @realtime - memlock unlimited" | sudo tee -a /etc/security/limits.conf 527 | 528 | # ------------------------------------------------------------------------ 529 | 530 | echo -e "Disable wait online service" 531 | echo -e "[connectivity] 532 | enabled=false" | sudo tee /etc/NetworkManager/conf.d/20-connectivity.conf 533 | sudo systemctl mask NetworkManager-wait-online.service >/dev/null 2>&1 534 | 535 | # ------------------------------------------------------------------------ 536 | 537 | echo -e "Disable SELINUX" 538 | echo -e "SELINUX=disabled 539 | SELINUXTYPE=minimum" | sudo tee /etc/selinux/config 540 | sudo setenforce 0 541 | 542 | # ------------------------------------------------------------------------ 543 | 544 | ## Don't autostart .desktop 545 | sudo sed -i -e 's/NoDisplay=true/NoDisplay=false/g' /etc/xdg/autostart/*.desktop 546 | 547 | # ------------------------------------------------------------------------ 548 | 549 | echo -e "Enable tmpfs ramdisk" 550 | sudo sed -i -e '/^\/\/tmpfs/d' /etc/fstab 551 | echo -e "tmpfs /var/tmp tmpfs nodiratime,nodev,nosuid,mode=1777 0 0 552 | tmpfs /var/log tmpfs nodiratime,nodev,nosuid,mode=1777 0 0 553 | tmpfs /var/run tmpfs nodiratime,nodev,nosuid,mode=1777 0 0 554 | tmpfs /var/lock tmpfs nodiratime,nodev,nosuid,mode=1777 0 0 555 | tmpfs /var/cache tmpfs nodiratime,nodev,nosuid,mode=1777 0 0 556 | tmpfs /var/volatile tmpfs nodiratime,nodev,nosuid,mode=1777 0 0 557 | tmpfs /var/spool tmpfs nodiratime,nodev,nosuid,mode=1777 0 0 558 | tmpfs /media tmpfs nodiratime,nodev,nosuid,mode=1777 0 0 559 | tmpfs /dev/shm tmpfs nodiratime,nodev,nosuid,mode=1777 0 0 560 | tmpfs /sys/fs/cgroup tmpfs nodiratime,nodev,nosuid,mode=1777 0 0" | sudo tee -a /etc/fstab 561 | 562 | # ------------------------------------------------------------------------ 563 | 564 | ## Disable resume from hibernate 565 | echo -e "#" | sudo tee /etc/initramfs-tools/conf.d/resume 566 | echo -e "Disable hibernate/hybrid-sleep service" 567 | sudo systemctl mask hibernate.target hybrid-sleep.target 568 | 569 | # ------------------------------------------------------------------------ 570 | 571 | echo -e "Enable dbus-broker" 572 | sudo systemctl enable dbus-broker.service 573 | sudo systemctl --global enable dbus-broker.service 574 | 575 | # ------------------------------------------------------------------------ 576 | 577 | echo -e "Disable systemd-timesync daemon" 578 | sudo systemctl disable systemd-timesyncd.service 579 | sudo systemctl --global disable systemd-timesyncd.service 580 | 581 | # ------------------------------------------------------------------------ 582 | 583 | echo -e "Optimize writes to the disk" 584 | sudo sed -i -e s"/\#Storage=.*/Storage=none/"g /etc/systemd/coredump.conf 585 | sudo sed -i -e s"/\#Seal=.*/Seal=no/"g /etc/systemd/coredump.conf 586 | sudo sed -i -e s"/\#Storage=.*/Storage=none/"g /etc/systemd/journald.conf 587 | sudo sed -i -e s"/\#Seal=.*/Seal=no/"g /etc/systemd/journald.conf 588 | 589 | # ------------------------------------------------------------------------ 590 | 591 | ## Enable ALPM 592 | if [[ -e /etc/pm/config.d ]]; then 593 | echo -e "SATA_ALPM_ENABLE=true 594 | SATA_LINKPWR_ON_BAT=min_power" | sudo tee /etc/pm/config.d/sata_alpm 595 | else 596 | sudo mkdir /etc/pm/config.d 597 | echo -e "SATA_ALPM_ENABLE=true 598 | SATA_LINKPWR_ON_BAT=min_power" | sudo tee /etc/pm/config.d/sata_alpm 599 | fi 600 | 601 | # ------------------------------------------------------------------------ 602 | 603 | echo -e "Enable NetworkManager powersave on" 604 | echo -e "[connection] 605 | wifi.powersave = 1" | sudo tee /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf 606 | 607 | # ------------------------------------------------------------------------ 608 | 609 | ## Suspend when lid is closed 610 | sudo sed -i -e 's/#HandleLidSwitch=.*/HandleLidSwitch=suspend/' /etc/systemd/logind.conf 611 | sudo sed -i -e 's/#HandleLidSwitchExternalPower=.*/HandleLidSwitchExternalPower=suspend/' /etc/systemd/logind.conf 612 | sudo sed -i -e 's/#HandleLidSwitchDocked=.*/HandleLidSwitchDocked=ignore/' /etc/systemd/logind.conf 613 | ## Reboot when long press power key 614 | sudo sed -i -e 's/#HandlePowerKeyLongPress=.*/HandlePowerKeyLongPress=reboot/' /etc/systemd/logind.conf 615 | 616 | # ------------------------------------------------------------------------ 617 | 618 | echo -e "Disable bluetooth autostart" 619 | sudo sed -i -e 's/AutoEnable.*/AutoEnable = false/' /etc/bluetooth/main.conf 620 | sudo sed -i -e 's/FastConnectable.*/FastConnectable = false/' /etc/bluetooth/main.conf 621 | sudo sed -i -e 's/ReconnectAttempts.*/ReconnectAttempts = 1/' /etc/bluetooth/main.conf 622 | sudo sed -i -e 's/ReconnectIntervals.*/ReconnectIntervals = 1/' /etc/bluetooth/main.conf 623 | 624 | # ------------------------------------------------------------------------ 625 | 626 | echo -e "Disable systemd radio service/socket" 627 | sudo systemctl disable systemd-rfkill.service 628 | sudo systemctl --global disable systemd-rfkill.service 629 | sudo systemctl disable systemd-rfkill.socket 630 | sudo systemctl --global disable systemd-rfkill.socket 631 | echo -e "Disable ModemManager" 632 | sudo systemctl disable ModemManager 633 | sudo systemctl --global disable ModemManager 634 | echo -e "Disable speech-dispatcher" 635 | sudo systemctl disable speech-dispatcher 636 | sudo systemctl --global disable speech-dispatcher 637 | echo -e "Disable smartmontools" 638 | sudo systemctl disable smartmontools 639 | sudo systemctl --global disable smartmontools 640 | echo -e "Disable kerneloops" 641 | sudo systemctl disable kerneloops.service 642 | sudo systemctl --global disable kerneloops.service 643 | echo -e "Disable whoopsie" 644 | sudo systemctl disable whoopsie.service 645 | sudo systemctl --global disable whoopsie.service 646 | echo -e "Disable saned service/socket" 647 | sudo systemctl disable saned.service 648 | sudo systemctl --global disable saned.service 649 | sudo systemctl disable saned.socket 650 | sudo systemctl --global disable saned.socket 651 | echo -e "Disable apport service/socket" 652 | sudo systemctl disable apport.service 653 | sudo systemctl --global disable apport.service 654 | sudo systemctl disable apport-forward.socket 655 | sudo systemctl --global disable apport-forward.socket 656 | echo -e "Disable brltty" 657 | sudo systemctl disable brltty.service 658 | sudo systemctl --global disable brltty.service 659 | sudo systemctl disable brltty-udev.service 660 | sudo systemctl --global disable brltty-udev.service 661 | echo -e "Disable man-db service/timer" 662 | sudo systemctl disable man-db.service 663 | sudo systemctl --global disable man-db.service 664 | sudo systemctl disable man-db.timer 665 | sudo systemctl --global disable man-db.timer 666 | 667 | # ------------------------------------------------------------------------ 668 | 669 | ## Fix connecting local devices 670 | sudo sed -i -e 's/hosts: .*/hosts: files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns mdns4 mdns/' /etc/nsswitch.conf 671 | 672 | # ------------------------------------------------------------------------ 673 | 674 | echo -e "Reduce systemd timeout" 675 | sudo sed -i -e 's/#DefaultTimeoutStartSec.*/DefaultTimeoutStartSec=5s/g' /etc/systemd/system.conf 676 | sudo sed -i -e 's/#DefaultTimeoutStopSec.*/DefaultTimeoutStopSec=5s/g' /etc/systemd/system.conf 677 | 678 | # ------------------------------------------------------------------------ 679 | 680 | echo -e "Enable NetworkManager dispatcher" 681 | sudo systemctl enable NetworkManager-dispatcher.service 682 | sudo systemctl --global enable NetworkManager-dispatcher.service 683 | 684 | # ------------------------------------------------------------------------ 685 | 686 | echo -e "Disable systemd avahi daemon service" 687 | sudo systemctl disable avahi-daemon.service 688 | sudo systemctl --global disable avahi-daemon.service 689 | 690 | # ------------------------------------------------------------------------ 691 | 692 | ## Set zram 693 | sudo sed -i -e 's/#ALGO.*/ALGO=lz4/g' /etc/default/zramswap 694 | sudo sed -i -e 's/PERCENT.*/PERCENT=25/g' /etc/default/zramswap 695 | 696 | # ------------------------------------------------------------------------ 697 | 698 | ## Flush bluetooth 699 | sudo rm -rfd /var/lib/bluetooth/* 700 | 701 | # ------------------------------------------------------------------------ 702 | 703 | echo -e "Disable plymouth" 704 | sudo systemctl mask plymouth-read-write.service >/dev/null 2>&1 705 | sudo systemctl mask plymouth-start.service >/dev/null 2>&1 706 | sudo systemctl mask plymouth-quit.service >/dev/null 2>&1 707 | sudo systemctl mask plymouth-quit-wait.service >/dev/null 2>&1 708 | 709 | # ------------------------------------------------------------------------ 710 | 711 | echo -e "Disable remote-fs" 712 | sudo systemctl mask remote-fs.target >/dev/null 2>&1 713 | 714 | # ------------------------------------------------------------------------ 715 | 716 | ## Some powersavings 717 | echo "options vfio_pci disable_vga=1 718 | options cec debug=0 719 | options kvm mmu_audit=0 720 | options kvm ignore_msrs=1 721 | options kvm report_ignored_msrs=0 722 | options kvm kvmclock_periodic_sync=1 723 | options nfs enable_ino64=1 724 | options pstore backend=null 725 | options libata allow_tpm=0 726 | options libata ignore_hpa=0 727 | options libahci ignore_sss=1 728 | options libahci skip_host_reset=1 729 | options snd_hda_intel power_save=1 730 | options snd_ac97_codec power_save=1 731 | options uhci-hcd debug=0 732 | options usbhid mousepoll=5 733 | options usb-storage quirks=p 734 | options usbcore usbfs_snoop=0 735 | options usbcore autosuspend=10" | sudo tee /etc/modprobe.d/misc.conf 736 | echo -e "min_power" | sudo tee /sys/class/scsi_host/*/link_power_management_policy 737 | echo 1 | sudo tee /sys/module/snd_hda_intel/parameters/power_save 738 | echo -e "auto" | sudo tee /sys/bus/{i2c,pci}/devices/*/power/control 739 | sudo powertop --auto-tune && sudo powertop --auto-tune 740 | sudo cpupower frequency-set -g powersave 741 | sudo cpupower set --perf-bias 9 742 | sudo sensors-detect --auto 743 | 744 | # ------------------------------------------------------------------------ 745 | 746 | ## Disable file indexer 747 | balooctl suspend 748 | balooctl disable 749 | balooctl purge 750 | sudo systemctl disable plasma-baloorunner 751 | for dir in $HOME $HOME/*/; do touch "$dir/.metadata_never_index" "$dir/.noindex" "$dir/.nomedia" "$dir/.trackerignore"; done 752 | 753 | # ------------------------------------------------------------------------ 754 | 755 | echo -e "Enable write cache" 756 | echo -e "write back" | sudo tee /sys/block/*/queue/write_cache 757 | sudo tune2fs -o journal_data_writeback $(df / | grep / | awk '{print $1}') 758 | sudo tune2fs -O ^has_journal $(df / | grep / | awk '{print $1}') 759 | sudo tune2fs -o journal_data_writeback $(df /home | grep /home | awk '{print $1}') 760 | sudo tune2fs -O ^has_journal $(df /home | grep /home | awk '{print $1}') 761 | echo -e "Enable fast commit" 762 | sudo tune2fs -O fast_commit $(df / | grep / | awk '{print $1}') 763 | sudo tune2fs -O fast_commit $(df /home | grep /home | awk '{print $1}') 764 | 765 | # ------------------------------------------------------------------------ 766 | 767 | echo -e "Compress .local/bin" 768 | upx /home/$USER/.local/bin/* 769 | 770 | # ------------------------------------------------------------------------ 771 | 772 | echo -e "Improve I/O throughput" 773 | echo 32 | sudo tee /sys/block/sd*[!0-9]/queue/iosched/fifo_batch 774 | echo 32 | sudo tee /sys/block/mmcblk*/queue/iosched/fifo_batch 775 | echo 32 | sudo tee /sys/block/nvme[0-9]*/queue/iosched/fifo_batch 776 | 777 | # ------------------------------------------------------------------------ 778 | 779 | ## Default target graphical user 780 | sudo systemctl set-default graphical.target 781 | 782 | # ------------------------------------------------------------------------ 783 | 784 | echo -e "Disable systemd foo service" 785 | sudo systemctl disable foo.service 786 | sudo systemctl --global disable foo.service 787 | 788 | # ------------------------------------------------------------------------ 789 | 790 | ## Improve wifi and ethernet 791 | if ip -o link | grep -q wlan; then 792 | echo -e "options iwlwifi bt_coex_active=0 swcrypto=1 11n_disable=8 793 | options iwlmvm power_scheme=0" | sudo tee /etc/modprobe.d/wlan.conf 794 | echo -e "options rfkill default_state=0 master_switch_mode=0" | sudo tee /etc/modprobe.d/wlanextra.conf 795 | sudo ethtool -K wlan0 gro on 796 | sudo ethtool -K wlan0 gso on 797 | sudo ethtool -c wlan0 798 | sudo iwconfig wlan0 txpower auto 799 | sudo iwpriv wlan0 set_power 5 800 | else 801 | sudo ethtool -s eth0 wol d 802 | sudo ethtool -K eth0 gro off 803 | sudo ethtool -K eth0 gso off 804 | sudo ethtool -C eth0 adaptive-rx on 805 | sudo ethtool -C eth0 adaptive-tx on 806 | sudo ethtool -c eth0 807 | fi 808 | 809 | # ------------------------------------------------------------------------ 810 | 811 | echo -e "Enable HDD write caching" 812 | sudo hdparm -A1 -W1 -B254 -S0 /dev/sd*[!0-9] 813 | 814 | # ------------------------------------------------------------------------ 815 | 816 | echo -e "Enable compose cache on disk" 817 | sudo mkdir -p /var/cache/libx11/compose 818 | mkdir -p /home/$USER/.compose-cache 819 | touch /home/$USER/.XCompose 820 | 821 | # ------------------------------------------------------------------------ 822 | 823 | ## Improve NVME 824 | if $(find /sys/block/nvme[0-9]* | grep -q nvme); then 825 | echo -e "options nvme_core default_ps_max_latency_us=0" | sudo tee /etc/modprobe.d/nvme.conf 826 | fi 827 | 828 | # ------------------------------------------------------------------------ 829 | 830 | ## Improve PCI latency 831 | sudo setpci -v -s '*:*' latency_timer=10 >/dev/null 2>&1 832 | sudo setpci -v -s '0:0' latency_timer=0 >/dev/null 2>&1 833 | 834 | # ------------------------------------------------------------------------ 835 | 836 | ## Improve preload 837 | sudo sed -i -e 's/sortstrategy =.*/sortstrategy = 0/' /etc/preload.conf 838 | 839 | # ------------------------------------------------------------------------ 840 | 841 | echo -e "Disable fsck" 842 | sudo tune2fs -c 0 -i 0 $(df / | grep / | awk '{print $1}') 843 | sudo tune2fs -c 0 -i 0 $(df /home | grep /home | awk '{print $1}') 844 | echo -e "Disable checksum" 845 | sudo tune2fs -O ^metadata_csum $(df / | grep / | awk '{print $1}') 846 | sudo tune2fs -O ^metadata_csum $(df /home | grep /home | awk '{print $1}') 847 | echo -e "Disable quota" 848 | sudo tune2fs -O ^quota $(df / | grep / | awk '{print $1}') 849 | sudo tune2fs -O ^quota $(df /home | grep /home | awk '{print $1}') 850 | 851 | # ------------------------------------------------------------------------ 852 | 853 | echo -e "Disable logging services" 854 | sudo systemctl mask dev-mqueue.mount >/dev/null 2>&1 855 | sudo systemctl mask sys-kernel-tracing.mount >/dev/null 2>&1 856 | sudo systemctl mask sys-kernel-debug.mount >/dev/null 2>&1 857 | sudo systemctl mask sys-kernel-config.mount >/dev/null 2>&1 858 | sudo systemctl mask systemd-update-utmp.service >/dev/null 2>&1 859 | sudo systemctl mask systemd-update-utmp-runlevel.service >/dev/null 2>&1 860 | sudo systemctl mask systemd-update-utmp-shutdown.service >/dev/null 2>&1 861 | sudo systemctl mask systemd-journal-flush.service >/dev/null 2>&1 862 | sudo systemctl mask systemd-journal-catalog-update.service >/dev/null 2>&1 863 | sudo systemctl mask systemd-journald-dev-log.socket >/dev/null 2>&1 864 | sudo systemctl mask systemd-journald-audit.socket >/dev/null 2>&1 865 | sudo systemctl mask logrotate.service >/dev/null 2>&1 866 | sudo systemctl mask logrotate.timer >/dev/null 2>&1 867 | sudo systemctl mask syslog.service >/dev/null 2>&1 868 | sudo systemctl mask syslog.socket >/dev/null 2>&1 869 | sudo systemctl mask rsyslog.service >/dev/null 2>&1 870 | 871 | # ------------------------------------------------------------------------ 872 | 873 | ## GRUB timeout 874 | sudo sed -i -e 's/GRUB_DEFAULT=.*/GRUB_DEFAULT=0/' /etc/default/grub 875 | sudo sed -i -e 's/GRUB_TIMEOUT=.*/GRUB_TIMEOUT=1/' /etc/default/grub 876 | sudo sed -i -e 's/GRUB_RECORDFAIL_TIMEOUT=.*/GRUB_RECORDFAIL_TIMEOUT=0/' /etc/default/grub 877 | ## Change GRUB defaults 878 | sudo sed -i -e 's/GRUB_DISABLE_OS_PROBER=.*/GRUB_DISABLE_OS_PROBER=true/' /etc/default/grub 879 | sudo sed -i -e 's/GRUB_DISABLE_RECOVERY=.*/GRUB_DISABLE_RECOVERY=true/' /etc/default/grub 880 | sudo sed -i -e 's/GRUB_DISABLE_SUBMENU=.*/GRUB_DISABLE_SUBMENU=true/' /etc/default/grub 881 | sudo sed -i -e 's/GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="quiet rootfstype=ext4,btrfs,xfs,f2fs biosdevname=0 nowatchdog noautogroup noresume default_hugepagesz=2M hugepagesz=2M hugepages=256 zswap.enabled=1 zswap.compressor=lz4 zswap.max_pool_percent=10 zswap.zpool=zsmalloc workqueue.power_efficient=1 pcie_aspm=force pci=noaer rd.plymouth=0 plymouth.enable=0 plymouth.ignore-serial-consoles logo.nologo consoleblank=0 vt.global_cursor_default=0 rd.systemd.show_status=auto loglevel=0 rd.udev.log_level=0 udev.log_priority=0 enable_hangcheck=0 error_capture=0 msr.allow_writes=on audit=0 nosoftlockup selinux=0 enforcing=0 debugfs=off mce=0 mds=full,nosmt vsyscall=none no_timer_check skew_tick=1 clocksource=tsc tsc=perfect nohz=on rcutree.enable_rcu_lazy=1 rcupdate.rcu_expedited=1 rcu_nocb_poll irqpoll threadirqs irqaffinity=0 noirqdebug iomem=relaxed iommu.passthrough=1 kthread_cpus=0 sched_policy=1 noreplace-smp nodiratime boot_delay=0 io_delay=none rootdelay=0 elevator=noop realloc init_on_alloc=0 init_on_free=0 pti=on no_stf_barrier mitigations=off ftrace_enabled=0 fsck.repair=no fsck.mode=skip cryptomgr.notests"/' /etc/default/grub 882 | sudo update-grub 883 | sudo grub-mkconfig -o /boot/grub/grub.cfg 884 | echo -e "Disable GPU polling" 885 | echo -e "options drm_kms_helper poll=0" | sudo tee /etc/modprobe.d/disable-gpu-polling.conf 886 | echo -e "Enable BFQ scheduler" 887 | echo -e "bfq" | sudo tee /etc/modules-load.d/bfq.conf 888 | echo -e 'ACTION=="add|change", ATTR{queue/scheduler}=="*bfq*", KERNEL=="sd*[!0-9]|sr*|mmcblk[0-9]*|nvme[0-9]*", ATTR{queue/scheduler}="bfq"' | sudo tee /etc/udev/rules.d/60-scheduler.rules 889 | echo -e 'ACTION=="add|change", KERNEL=="sd*[!0-9]|sr*|mmcblk[0-9]*|nvme[0-9]*", ATTR{queue/iosched/slice_idle}="0", ATTR{queue/iosched/low_latency}="1"' | sudo tee /etc/udev/rules.d/90-low-latency.rules 890 | ## Enable lz4 compression 891 | sudo sed -i -e 's/MODULES=most/MODULES=dep/g' /etc/initramfs-tools/initramfs.conf 892 | sudo sed -i -e 's/COMPRESS=.*/COMPRESS=lz4/g' /etc/initramfs-tools/initramfs.conf 893 | sudo update-initramfs -u -k all 894 | sudo mkinitramfs -c lz4 -o /boot/initrd.img-* 895 | 896 | # ------------------------------------------------------------------------ 897 | 898 | extra() { 899 | cd /tmp 900 | curl --tlsv1.2 -fsSL https://raw.githubusercontent.com/YurinDoctrine/ultra-gaming-setup-wizard/main/ultra-gaming-setup-wizard.sh >ultra-gaming-setup-wizard.sh && 901 | chmod 0755 ultra-gaming-setup-wizard.sh && 902 | ./ultra-gaming-setup-wizard.sh 903 | } 904 | 905 | extra2() { 906 | cd /tmp 907 | curl --tlsv1.2 -fsSL https://raw.githubusercontent.com/YurinDoctrine/secure-linux/master/secure.sh >secure.sh && 908 | chmod 0755 secure.sh && 909 | ./secure.sh 910 | } 911 | 912 | final() { 913 | sleep 1s 914 | clear 915 | echo -e " 916 | ############################################################################### 917 | # All Done! Would you also mind to run the author's ultra-gaming-setup-wizard? 918 | ############################################################################### 919 | " 920 | 921 | read -p $'yes/no >_: ' ans 922 | if [[ "$ans" == "yes" ]]; then 923 | echo -e "RUNNING ..." 924 | sudo ln -sfT mksh /usr/bin/sh # Link mksh to /usr/bin/sh 925 | extra 926 | elif [[ "$ans" == "no" ]]; then 927 | echo -e "LEAVING ..." 928 | echo -e "" 929 | echo -e "FINAL: DO YOU ALSO WANT TO RUN THE AUTHOR'S secure-linux?" 930 | read -p $'yes/no >_: ' noc 931 | if [[ "$noc" == "yes" ]]; then 932 | echo -e "RUNNING ..." 933 | sudo ln -sfT mksh /usr/bin/sh # Link mksh to /usr/bin/sh 934 | extra2 935 | elif [[ "$noc" == "no" ]]; then 936 | echo -e "LEAVING ..." 937 | sudo ln -sfT mksh /usr/bin/sh # Link mksh to /usr/bin/sh 938 | return 0 939 | else 940 | echo -e "INVALID VALUE!" 941 | final 942 | fi 943 | else 944 | echo -e "INVALID VALUE!" 945 | final 946 | fi 947 | } 948 | final 949 | cd 950 | 951 | # ------------------------------------------------------------------------ 952 | 953 | echo -e "Purge snapd garbage" 954 | sudo systemctl mask snapd >/dev/null 2>&1 955 | sudo systemctl mask snapd.service >/dev/null 2>&1 956 | sudo systemctl mask snapd.socket >/dev/null 2>&1 957 | sudo systemctl mask snapd.seeded.service >/dev/null 2>&1 958 | sudo systemctl mask snapd.autoimport.service >/dev/null 2>&1 959 | sudo systemctl mask snapd.apparmor.service >/dev/null 2>&1 960 | sudo rm -rfd /etc/apparmor.d/usr.lib.snapd.snap-confine.real 961 | sudo umount /run/snap/ns 962 | sudo snap remove $(snap list | awk '!/^Name|^bare|^core|^snapd/ {print $1}') 963 | sudo apt-get remove -yy --purge snapd *-snap 964 | sudo apt-mark hold snapd 965 | sudo rm -rfd /home/$USER/snap 966 | sudo rm -rfd /snap 967 | sudo rm -rfd /var/snap 968 | sudo rm -rfd /var/lib/snapd 969 | sudo rm -rfd /var/cache/snapd 970 | sudo rm -rfd /usr/lib/snapd 971 | echo -e "Flush flatpak database" 972 | sudo flatpak uninstall --unused --delete-data -y 973 | sudo flatpak repair 974 | echo -e "Clear the caches" 975 | for n in $(find / -type d \( -name ".tmp" -o -name ".temp" -o -name ".cache" \) 2>/dev/null); do sudo find "$n" -type f -delete; done 976 | echo -e "Clear the patches" 977 | rm -rfd /{tmp,var/tmp}/{.*,*} 978 | sudo rm -rfd /var/cache/apt/archives/* 979 | sudo rm -rfd /var/lib/dpkg/info/*.postinst 980 | sudo dpkg --configure -a 981 | sudo apt-get remove -yy --purge --ignore-missing $(/bin/dpkg -l | /bin/grep "^rc" | /bin/awk '{print $2}') 982 | sudo apt-get autoremove -yy --purge --ignore-missing 983 | sudo apt-get clean -y 984 | sudo apt-get autoclean -y 985 | sudo apt-get install -f --assume-yes 986 | 987 | # ------------------------------------------------------------------------ 988 | 989 | echo -e "Compress fonts" 990 | woff2_compress /usr/share/fonts/opentype/*/*ttf 991 | woff2_compress /usr/share/fonts/truetype/*/*ttf 992 | ## Optimize font cache 993 | fc-cache -rfv 994 | ## Optimize icon cache 995 | gtk-update-icon-cache 996 | 997 | # ------------------------------------------------------------------------ 998 | 999 | echo -e "Clean crash log" 1000 | sudo rm -rfd /var/crash/* 1001 | echo -e "Clean archived journal" 1002 | sudo journalctl --rotate --vacuum-time=0.1 1003 | sudo sed -i -e 's/^#ForwardToSyslog=yes/ForwardToSyslog=no/' /etc/systemd/journald.conf 1004 | sudo sed -i -e 's/^#ForwardToKMsg=yes/ForwardToKMsg=no/' /etc/systemd/journald.conf 1005 | sudo sed -i -e 's/^#ForwardToConsole=yes/ForwardToConsole=no/' /etc/systemd/journald.conf 1006 | sudo sed -i -e 's/^#ForwardToWall=yes/ForwardToWall=no/' /etc/systemd/journald.conf 1007 | echo -e "Compress log files" 1008 | sudo sed -i -e 's/^#Compress=yes/Compress=yes/' /etc/systemd/journald.conf 1009 | sudo sed -i -e 's/^#compress/compress/' /etc/logrotate.conf 1010 | echo -e "Scrub free space and sync" 1011 | echo -e "kernel.core_pattern=/dev/null" | sudo tee /etc/sysctl.d/50-coredump.conf 1012 | sudo dd bs=4k if=/dev/null of=/var/tmp/dummy || sudo rm -rfd /var/tmp/dummy 1013 | sync -f 1014 | --------------------------------------------------------------------------------