Severed/Severed-Blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes in homelab part 1

Browse Source
This commit is contained in:
wboughattas
2026-01-01 23:34:36 -05:00
parent ed110c4006
commit 1df3fb90f4
1 changed files with 22 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
_posts/homelab/2025-12-31-homelab.md
View File

@@ -1,10 +1,9 @@
---
layout: post
title: 'ThinkCentre M720q + Debian: 24/7 Server Setup'
title: 'ThinkCentre M720q + Debian: 24/7 Server Setup Step 1'
date: 2025-12-31 22:00:00 -0400
categories:
- homelab
- debian
highlight: true
---
@@ -46,27 +45,29 @@ take advantage of features that come with ThinkCentre BIOS such as the auto-powe
We want to strip away desktop features to save power and reduce the potential attack surface.
| Menu Path | Setting | Action | Why |
| :-------------------------- | :------------------ | :-------------- | :--------------------------------------------------------- |
| **Devices > Audio Setup** | Integrated Audio | **Disabled** | Servers don't need sound |
| **Devices > Network Setup** | Wi-Fi / BT / PXE | **Disabled** | Forces the node to rely on the Onboard Ethernet. |
| **Devices > USB Setup** | USB Legacy Support | **Disabled** | Prevents the use of less secure USB protocols during boot. |
| **Power** | After Power Loss | **Power On** | The Auto-Restart rule. |
| **Power** | Intelligent Cooling | **Performance** | To prevent thermal throttling. |
| Menu Path | Setting | Action | Why |
| :-------------------------- | :------------------ | :-------------------------- | :--------------------------------------------------------- |
| **Devices > Audio Setup** | Integrated Audio | **Disabled** | Servers don't need sound |
| **Devices > Network Setup** | Wi-Fi / BT / PXE | **Disabled** | Forces the node to rely on the Onboard Ethernet. |
| **Devices > USB Setup** | USB Legacy Support | **Disabled** | Prevents the use of less secure USB protocols during boot. |
| **Power** | After Power Loss | **Power On** | The Auto-Restart rule. |
| **Power** | Intelligent Cooling | **Performance or Acoustic** | Either to prevent thermal throttling or lower noise. |
## 3. Security Governance
| Menu Path | Setting | Action | Why |
| :----------- | :------------------ | :----------- | :--------------------------------------------------------------- |
| **Security** | Supervisor Password | **Set** | Prevents tampering with the BIOS settings. |
| **Security** | Windows UEFI Update | **Disabled** | We are replacing Windows with Debian. |
| **Security** | Secure Boot | **Enabled** | Verifies the Debian kernel signature before allowing it to boot. |
| **Security** | Password for F12 | **Yes** | Requires your admin password to boot from an unauthorized USB. |
| Menu Path | Setting | Action | Why |
| :----------- | :--------------------- | :----------- | :--------------------------------------------------------------- |
| **Security** | Administrator Password | **Set** | Prevents tampering with the BIOS settings. |
| **Security** | Windows UEFI Update | **Disabled** | We are replacing Windows with Debian. |
| **Security** | Password for F1/F12 | **Yes** | Requires your admin password to boot from an unauthorized USB. |
| **Security** | POP Changeable by User | **No** | Requires your admin to change his password. |
| **Security** | Secure Boot | **Enabled** | Verifies the Debian kernel signature before allowing it to boot. |
## 4. Boot Sequence
**Startup > Boot Sequence:** Move the drive(s) to the #1 spot (prioritize the one storing the OS Bootloader). Exclude
everything else.
**Startup > CSM:** must be disabled to restrict non-UEFI operating systems.
## 5. Post-Install
@@ -116,3 +117,9 @@ During a scheduled maintenance window:
3. **Upgrade Firmware:** `fwupdmgr update` (if applicable)
4. **Reboot:** `sudo reboot`
5. **Bring it back:** `kubectl uncordon <node-name>`
---
Next step, we will set up the firewall, ssh rules, and a custom vpn via an ec2 proxy server with a static IP.
[[2025-12-31-homelab-part2]]