Start with "bare" ubuntu, I'm still on 22.04 LTS

Notes:

<code>
vi ~/.inputrc
set enable-bracketed-paste off
</code>

Update system and install prereq
<code>
apt update && sudo apt upgrade -y
apt -y install build-essential dkms linux-headers-$(uname -r) software-properties-common curl wget git 
apt -y install iputils-ping traceroute 
apt -y install vim 
apt -y install build-essential
apt -y install net-tools
apt -y install less
apt -y install libssl-dev
apt -y install libz-dev
apt -y install python3-pip
apt -y install python3-venv
apt -y install cron
apt -y install ipmitool
</code>

<code>
apt install -y openvswitch-switch
</code>

Temporarily allow SSH root access for setup
<code>
sed -i -E '/^\s*#?\s*PermitRootLogin\s+.*/d' /etc/ssh/sshd_config && echo 'PermitRootLogin yes' | sudo tee -a /etc/ssh/sshd_config
systemctl restart sshd
</code>

Add authorized_keys 
<code>
grep -qxF 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiKJ/84kE14mqkZllnBFHfsXD10UmEuE6phOvdBC8k/CbybfPEEYUbPW87hykxK8iE0vx8abD58DEOHh0KHpVK3uFB+NqufA5BXixUChZfBoNtK7kJIaJvo4OWOrU09uQ4KYTDXDX61H76MnDSGwPluRw2qSSRPyDS3jMpPpg0iwS1VWmkdvCqn+cqCkZrMGLvK+AKrB8QsaDT33qpmSteaWUM7ZbScVhpWv7o7Zmek0j1jJ8wpSULZpAUW+er0CVS2reaCSTpbX6wYfXs0Vkknt' /root/.ssh/authorized_keys || echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDiKJ/84kE14mqkZllnBFHfsXD10UmEuE6phOvdBC8k/CbybfPEEYUbPW87hykxK8iE0vx8abD58DEOHh0KHpVK3uFB+NqufA5BXixUChZfBoNtK7kJIaJvo4OWOrU09uQ4KYTDXDX61H76MnDSGwPluRw2qSSRPyDS3jMpPpg0iwS1VWmkdvCqn+cqCkZrMGLvK+AKrB8QsaDT33qpmSteaWUM7ZbScVhpWv7o7Zmek0j1jJ8wpSULZpAUW+er0CVS2reaCSTpbX6wYfXs0Vkknt' | tee -a /root/.ssh/authorized_keys
</code>

Set explicit root password
<code>
passwd root
</code>

Infinite bash history in .bashrc
<code>
cd /root
sed -i -E '/^\s*HISTSIZE=.*$/c\HISTSIZE=-1' .bashrc && sed -i -E '/^\s*HISTFILESIZE=.*$/c\HISTFILESIZE=-1\nPROMPT_COMMAND="history -a; history -n; $PROMPT_COMMAND"' .bashrc
source .bashrc
</code>

If you didn't config the machine as static but you want to
<code>
# detect current interface, IP/CIDR and gateway
iface=$(ip route show default | awk '/default/ {for(i=1;i<=NF;i++) if($i=="dev"){print $(i+1); exit}}')
cidr=$(ip -o -4 addr show dev "$iface" | awk '{print $4}')
gw=$(ip route show default | awk '/default/ {print $3}')

# disable cloud-init network config
sudo mkdir -p /etc/cloud/cloud.cfg.d \
  && echo 'network: {config: disabled}' \
      | sudo tee /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg >/dev/null

# write your custom netplan
sudo tee /etc/netplan/01-netcfg.yaml >/dev/null <<EOF
network:
  version: 2
  renderer: networkd
  ethernets:
    $iface:
      dhcp4: false
      addresses:
        - $cidr
      routes:
        - to: 0.0.0.0/0
          via: $gw
      nameservers:
        addresses:
          - 8.8.8.8
          - 8.8.4.4
EOF

# disable the auto-generated cloud-init netplan
sudo tee /etc/netplan/50-cloud-init.yaml >/dev/null <<EOF
# disabled by custom config (/etc/netplan/01-netcfg.yaml)
EOF

echo "✔️  Netplan written for $iface ($cidr) via $gw"

</code>

Fix DNS, e.g. 86 systemd-resolvd
<code>
sudo systemctl disable --now systemd-resolved
sudo rm /etc/resolv.conf
echo -e "nameserver 8.8.8.8\nnameserver 8.8.4.4" | sudo tee /etc/resolv.conf >/dev/null
</code>

If by chance auditd is running, disable it (auditd is off on a bare installation)
<code>
vi  /etc/audit/auditd.conf
vi /etc/audit/audit.rules
systemctl stop systemd-journald-audit.socket
systemctl disable systemd-journald-audit.socket
</code>

Verify UFW is inactive if installed, should return "Status: inactive"
<code>
ufw status
</code>

Fix nvme bug and turn off audit and app armor
<code>
sudo sed -i '/^\s*GRUB_CMDLINE_LINUX_DEFAULT=/d' /etc/default/grub && echo 'GRUB_CMDLINE_LINUX_DEFAULT="audit=0 pcie_aspm=off pcie_port_pm=off nvme_core.default_ps_max_latency_us=0 apparmor=0 security=apparmor"' | sudo tee -a /etc/default/grub && sudo update-grub
update-grub
</code>

<code>

</code>

<code>
Install ipmitool
@reboot /usr/bin/python3 /root/hostinfoLCDbyid.py
</code>

AI

Cuda 12.x uses ≥525
<code>
add-apt-repository ppa:graphics-drivers/ppa -y
apt update
</code>
Check for latest recommended NVIDIA driver
<code>
ubuntu-drivers devices
</code>
Replace 575-open with the recommended, for certain 40 series and all 50 series use the open
<code>
apt install nvidia-driver-575-open -y
</code>

<code>
reboot
</code>

Verify Installation
<code>
nvidia-smi
</code>

Add CUDA repo
<code>
# Ensure NVIDIA CUDA repo is added:
sudo apt install software-properties-common
distribution="ubuntu2204"
wget https://developer.download.nvidia.com/compute/cuda/repos/$distribution/x86_64/cuda-keyring_1.1-1_all.deb
sudo dpkg -i cuda-keyring_1.1-1_all.deb
sudo apt update

# List the latest CUDA toolkit packages available:
apt-cache madison cuda-toolkit
</code>

Returns
<code>
cuda-toolkit |   12.9.0-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
cuda-toolkit |   12.8.1-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
cuda-toolkit |   12.8.0-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
cuda-toolkit |   12.6.3-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
cuda-toolkit |   12.6.2-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
cuda-toolkit |   12.6.1-1 | https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64  Packages
</code>

Install the latest toolkit
<code>
sudo apt install cuda-toolkit-12-9 -y
</code>

Set CUDA environment variables
<code>
echo 'export PATH=/usr/local/cuda/bin${PATH:+:${PATH}}' >> ~/.bashrc
echo 'export LD_LIBRARY_PATH=/usr/local/cuda/lib64${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}' >> ~/.bashrc
source ~/.bashrc
</code>

Verify CUDA
<code>
nvcc --version
</code>


<code>
apt install nfs-common

apt install nfs-kernel-server
</code>






<code>
apt install apache2
systemctl start apache2

apt install mariadb-server
systemctl start mariadb.service
mysql_secure_installation
mysql -uroot -p

apt install libapache2-mod-php php-mysql
cd /etc/apache2/mods-enabled/
vi dir.conf
systemctl restart apache2
systemctl status apache2
openssl genrsa -aes128 -out private.key 2048
openssl req  -nodes -new -x509  -keyout server.key -out server.cert
openssl req -new -days 999 -key private.key -out request.csr
openssl req -new -days 999 -key server.key -out server.csr
openssl x509 -in server.csr -out certificate.crt -req -signkey server.key -days 999
cd /etc/apache2/conf-available/
vi ssl-params.conf
cd ../sites-available/
openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pem
openssl rsa -in server.key -text > private.pem
openssl x509 -inform PEM -in server.crt > public.pem
vi default-ssl.conf
a2enmod ssl
a2enconf ssl-params
a2ensite default-ssl
vi /etc/apache2/conf-enabled/ssl-params.conf
apache2ctl configtest
systemctl restart apache2
vi /etc/php/7.4/apache2/php.ini
apt install nmap
</code>

===== WiFi + “jerky typing” fix for low power wifi cards!!!! =====

Run <code>ip addr</code> to find the wlan card, mine is wlp2s0.

Test if this is the problem first.
<code>
iw dev wlan0 get power_save
</code>
if its on, it will report:
<code>
Power save: on
</code>
Turn off power save via:
<code>
sudo iw dev wlan0 set power_save off
</code>
If that works, make it permanent via (also note this isn't the "right" way, just the fastest way)
<code>
vi /etc/systemd/system/wifi-powersave-off.service
</code>
Add the following snippet
<code>
[Unit]
Description=Disable WiFi Power Save
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/iw dev wlp2s0 set power_save off

[Install]
WantedBy=multi-user.target
</code>
Make it permanent
<code>
sudo systemctl daemon-reexec
sudo systemctl enable wifi-powersave-off
sudo systemctl start wifi-powersave-off
</code>