This blog is part of a series on self-hosting. I bought a server, and I’m setting it up. But I wonder: Am I doing things right?
By sharing, others can share their ideas, and together we can help people.
After I got the hardware in the last blog, it was time for software. We of course need to make some choices here in relation to operating system, but what are our goals?
- Have a system that’s easy to get help with
- Maintenance should be kept to a minimum
Operating system: Ubuntu Server LTS
For the operating system, I’m selecting Ubuntu Server. There’s only one reason for this: I’m used to this, and there is a lot of help available online. In the end, if I don’t want to spend a lot of time maintaining the system, it should be as easy as possible for me.
Of course, I also choose the long-term support version. This means I only need to do a bigger upgrade every two years. But how do we handle our regular upgrades?
Automated Updates
There are some guides available online on how to install the unattended-upgrades package. Based on this, I installed it like this:
sudo apt update
sudo apt install unattended-upgradesHowever, I got the message that this was already installed. I also checked if it was enabled, and it was! I assume this was likely an option during installation. Luckily, doing these commands again doesn’t hurt.
By default, the guide only does security updates, which is great! But remember, I wanted to be lazy? Yeah, we’re going to uncomment the lines. Run the following to open the config file:
sudo nano /etc/apt/apt.conf.d/50unattended-upgradesNow uncomment line 15 & 17, so it looks like this:
"${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
"${distro_id}:${distro_codename}-backports";Great! It will now install all updates.
Now there’s a chance the system will slowly fill up. Old kernels can fill the boot partition, and sometimes updates leave unneeded dependencies behind. I also want the system to reboot itself automatically when it’s needed. For this, we uncomment and set the following settings between lines 83 to 94:
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";I also change line 103, so the reboots happen at night for me.
Unattended-Upgrade::Automatic-Reboot-Time "04:00";Quickly restarting the service and we’re good to go.
sudo systemctl restart unattended-upgrades.serviceThat’s it! Package updates all done. However… There’s also Kernel Updates. The guide says the following:
Your unattended apt updates can be configured to install and prepare new kernels along with other packages, and after rebooting, your server should automatically use the new kernel.
The alternative is using Canonical Livepatch, which requires registering for a key. Now, this would be fine, but I’m actually fine with a reboot. I’m less fine with using an API key for system updates.
So we actually want to do kernel updates with unattended-upgrades! So how do we do it? Well, apparently we did! I think… The internet is quite unclear on this, so if somebody has more information, please let me know!
That’s it! What do you think? What would you do differently? Let me know below or on Mastodon.
See you in the next blog, where we talk about containers.
Be First to Comment