tier1.jp

Debian settings for suspend, sensors, etc. (2nd.)

STATUS: Frozen (2019-11-17)

No more updates for this guide.

Please refer to the TOC page.

If you install Debian GNU/Linux in expert mode, like this guide in this site, some of the essential tools are not be installed.

Rev 4

Buster feedback (gpg package).

DON'T FORGET WE ARE IN READ-ONLY ROOT FILESYSTEM.

root# apt install ... # this is okay
root# something other # may require rw /, so,
root# mount -o remount,rw /
(and do something)
root# mount -o remount,ro / # don't forget this, too.

Basic tools

The most biggest problem with minimum system installation might be a lack of man-db and less.

root# apt install less man-db # at least

gpg package

Debian stretch has gpg but buster does not on this minimal installation process.

If you need it, install gpg manually (buster).

Suspend to RAM (optional)

To suspend to RAM, we need s2ram in uswsusp package.

root# apt install uswsusp

Tip

To make machine suspended by power button, edit /etc/systemd/logind.conf, HandlePowerKey=suspend.

Make sure you enabled CPU C state support on BIOS.

System temperature

System temperature monitoring is very important.

Warm hardware does not last so long. Keep them cooled.

root# apt install lm-sensors
root# sensors-detect # follow its instruction.
...
Do you want to add these lines automatically to /etc/modules? (yes/NO)yes # your choice
root# /etc/init.d/kmod start
[ ok ] Starting kmod (via systemctl): kmod.service.

and then, you can know the temperatures by,

user$ sensors

It also tell you voltages and fan speeds provided the firmware support is available.

S.M.A.R.T. and NVMe device monitoring (optional)

To monitor HDD/SSD/NVMe health status, we need two packages.

root# apt install smartmontools nvme-cli

You should at least test your new HDD once.

It takes times, but it pays. Same could be said for SATA SSDs.

root# smartctl --test=extend /dev/sdX
root# smartctl --all /dev/sdX | more # after the est. finish time.

To check health status of storage device,

root# nvme list
root# nvme smart-log /dev/nvmeX # for NVMe
root# smartctl --all /dev/sdX # for SATA HDD and SSD

Cron for SSD/NVMe status check

It would be good to have some cron jobs to monitor SSD/NVMe health.

This tells us installed NVMe basic health status everyday, as syslog "nvme" entry (which would be sent as a part log logcheck summary mails).

For SATA SSDs, simply use smartmontools.

Debian handy tools (optional)

apt-file can search package by a file name.

root# apt install apt-file
root# apt-file update # should do this after upgrades
user$ apt-file search FILENAME # try ``s2ram`` for example.

Automatic System Upgrades (optional)

unattended-upgrades allows you to keep the box updated.

However, in "ro" root filesystem Debian, we do not recommend this.

root# apt install unattended-upgrades # we do not recommend this.
root# dpkg-reconfigure unattended-upgrades # after remount,rw /

Especially on "ro" root filesystem sometimes it fails to remount "/" "/usr" as "ro"; it means "ro" become "rw" after automatic upgrades (and you probably miss it for a while).

  1. You should subscribe to the debian security mailing list,
  2. You should do upgrades manually.

Unfortunately we need more reboot (or file lock workarounds) on "ro" root filesystem kept "read-only" after upgrades.

Various Firmware binaries (optional)

There are two firmware packages, free and non-free.

Warning

It become an important license issue when you re-distribute the system.

Free firmwares are installable without license issues.

root# apt install firmware-linux-free

For non-free firmwares, you have to add non-free in sources.list.

DONE

Now you have AppArmor enabled Read-Only filesystem Debian GNU/Linux Stretch.

Thank you for reading this guide. Have a nice day.

published: MODIFIED: