海运的博客

linux下修改sysctl.conf：

net.ipv6.conf.all.use_tempaddr=0
net.ipv6.conf.eth0.use_tempaddr=0 
net.ipv6.conf.default.use_tempaddr=0 

windows下执行命令：

netsh interface ipv6 set privacy state=disable

新建个2G的img文件，不要小于系统占用空间大小：

fallocate -l $(( 2048 * 1024 *1024 )) ubuntu.img

分区：

 cat > fdisk.cmd <<-EOF
o
n
p
1

+128MB
t
c
n
p
2


w
EOF
fdisk ubuntu.img < fdisk.cmd 

挂载img为loop设备：

losetup -f -P --show ubuntu.img 
/dev/loop0

格式化及挂载：

mkfs.vfat -n "BOOTFS" /dev/loop0p1 
mke2fs -F -q -t ext4 -L ROOTFS -m 0 /dev/loop0p2
mkdir /img
mount /dev/loop0p2 /img
mkdir /img/boot
mount /dev/loop0p1 /img/boot

备份系统：

cd /
DIR_INSTALL=/img
cp -r /boot/* /img/boot/
mkdir -p $DIR_INSTALL/dev
mkdir -p $DIR_INSTALL/media
mkdir -p $DIR_INSTALL/mnt
mkdir -p $DIR_INSTALL/proc
mkdir -p $DIR_INSTALL/run
mkdir -p $DIR_INSTALL/sys
mkdir -p $DIR_INSTALL/tmp

tar -cf - bin | (cd $DIR_INSTALL; tar -xpf -)
tar -cf - boot | (cd $DIR_INSTALL; tar -xpf -)
tar -cf - etc | (cd $DIR_INSTALL; tar -xpf -)
tar -cf - home | (cd $DIR_INSTALL; tar -xpf -)
tar -cf - lib | (cd $DIR_INSTALL; tar -xpf -)
tar -cf - opt | (cd $DIR_INSTALL; tar -xpf -)
tar -cf - root | (cd $DIR_INSTALL; tar -xpf -)
tar -cf - sbin | (cd $DIR_INSTALL; tar -xpf -)
tar -cf - selinux | (cd $DIR_INSTALL; tar -xpf -)
tar -cf - srv | (cd $DIR_INSTALL; tar -xpf -)
tar -cf - usr | (cd $DIR_INSTALL; tar -xpf -)
tar -cf - var | (cd $DIR_INSTALL; tar -xpf -)
sync

umount /img/boot
umount /img
losetup -d /dev/loop0

用作U盘启动，boot/uEnv.ini文件：

bootargs=root=LABEL=ROOTFS rootflags=data=writeback rw console=ttyAML0,115200n8 console=tty0 no_console_suspend consoleblank=0 fsck.fix=yes fsck.repair=yes net.ifnames=0

etc/fstab文件：

LABEL=ROOTFS / ext4 defaults,noatime,nodiratime,commit=600,errors=remount-ro 0 1
LABEL=BOOTFS /boot vfat defaults 0 2
tmpfs /tmp tmpfs defaults,nosuid 0 0

挂载移动硬盘fstab配置文件，nofail当移动硬盘没插入时不提示错误，要不然提示错误进不去系统，noatime提升硬盘文件系统性能。

/dev/sda1       /mnt            ext4            defaults,nofail,noatime,errors=remount-ro       0 2

配置transmission当移动硬盘挂载后才开始启动，且启动前检查下载目录是否存在，否则启动失败。

查看system生成的移动硬盘挂载服务，然后配置transmission在其挂载之后启动。

systemctl list-unit-files |grep -i mount|grep mnt
mnt.mount                                  generated      

transmission service配置：

[Unit]
Description=Transmission BitTorrent Daemon
After=network.target mnt.mount 

[Service]
LimitNOFILE=65535
User=debian-transmission
#Type=notify
Type=simple
ExecStartPre=/usr/bin/test -d /mnt/downloads
#RequiresMountsFor=/mnt
ExecStart=/usr/bin/transmission-daemon -f --log-error -g /var/lib/transmission-daemon/.config/transmission-daemon/
ExecStop=/bin/kill -s STOP $MAINPID
ExecReload=/bin/kill -s HUP $MAINPID

[Install]
WantedBy=multi-user.target

参考：
https://unix.stackexchange.com/questions/246935/set-systemd-service-to-execute-after-fstab-mount

N1盒子的存储设备是emmc，为了延长emmc的使用寿命尽可能的将读写文件在内存中完成。
修改systemd journald日志存放目录为内存，也就是/run/log目录，限制最大使用内存空间64MB：

sed -i 's/#Storage=auto/Storage=volatile/' /etc/systemd/journald.conf
sed -i 's/#RuntimeMaxUse=/RuntimeMaxUse=64M/' /etc/systemd/journald.conf

然后重新启动systemd-journald服务：

systemctl restart systemd-journald

修改rsyslog日志存放目录为/run/log：

sed -i 's/\/var\/log/\/run\/log/g' /etc/rsyslog.d/50-default.conf

修改rsyslog运行用户为root，不然/run/log没写入权限：

sed 's/PrivDropToUser syslog/PrivDropToUser root/' /etc/rsyslog.conf  
sed 's/PrivDropToUser syslog/PrivDropToGroup root/' /etc/rsyslog.conf 

然后重启rsyslog即可：

systemctl restart rsyslog

修改nginx日志目录：

sed -i 's/\/var\/log/\/run\/log/g' /etc/nginx/nginx.conf
mkdir /run/log/nginx
systemctl restart nginx

修改php-fpm日志目录：

sed -i 's/\/var\/log/\/run\/log/g' /etc/php/7.2/fpm/php-fpm.conf
systemctl restart php7.2-fpm

cups修改日志目录：

sed -i 's/\/var\/log/\/run\/log/g' /etc/cups/cups-files.conf
mkdir /run/log/cups
systemctl restart cups

samba修改配置文件日志目录：

log file = /run/log/samba/log.%m
max log size = 50 

mkdir /run/log/samba
systemctl restart smbd

添加个开机启动脚本在启动时创建/run/log目录下nginx cups samba目录。

cat /lib/systemd/system/mklogdir.service
[Unit]
Description=mklogdir
Before=network.target

[Service]
Type=oneshot
ExecStart=/usr/bin/mklogdir.sh

[Install]
WantedBy=multi-user.target

修改日志轮询logrotate：

sed -i 's/\/var\/log/\/run\/log/g' /etc/logrotate.d/cups-daemon 
sed -i 's/\/var\/log/\/run\/log/g' /etc/logrotate.d/nginx 
sed -i 's/\/var\/log/\/run\/log/g' /etc/logrotate.d/php7.2-fpm 
sed -i 's/\/var\/log/\/run\/log/g' /etc/logrotate.d/rsyslog 
sed -i 's/\/var\/log/\/run\/log/g' /etc/logrotate.d/samba 

tincvpn
ZeroTier
n2n
tailscale
nebula
VpnCloud