Before making changes to your system run these commands and take note of the info, then compare when finished
Check system log for errors or issues, try to resolve those first before proceeding
free -m
sudo hdparm -t --direct /dev/nvme0n1p2
systemd-analyze critical-chain
systemd-analyze --user blame
The fstab file configures the mounted drives/partitions
Obtain UUID for each drive/partiton on system. ext4
lsblk -f
edit /etc/fstab
Root UUID="" / ext4 defaults,noatime,auto_da_alloc,inode_readahead_blks=64,errors=remount-ro 0 1
Data UUID="" /home/Data ext4 defaults,noatime,auto_da_alloc,inode_readahead_blks=64,errors=remount-ro 0 2
tmpfs /tmp tmpfs defaults,rw,nosuid,nodev,size=50%,noatime,nr_inodes=10k,mode=1777 0 0
/swapfile swap swap defaults,noatime 0 0
- noatime - disable access time stamps
- auto_da_alloc - If auto_da_alloc is enabled, ext4 will detect the replace via-rename and replace-via-truncate patterns and orce that any delayed allocation blocks are allocated such that at the next journal commit
- inode_readahead_blks - This tuning parameter controls the maximum number of inode table blocks that ext4's inode table adahead algorithm will pre-read into the buffer cache. The value must be a power of 2. The default value is 32 blocks
Enable fast_commit journal option speed up FS writes
sudo tune2fs -O fast_commit /dev/nvme0n1p2
sudo tune2fs -O fast_commit /dev/sdc1
Verify
sudo tune2fs -l /dev/nvme0n1p2 | grep features
/etc/init.d/cpufrequtils
ENABLE="true"
GOVERNOR="performance"
MAX_SPEED="3600000"
MIN_SPEED="2000000"
Disable power saving for audio device, remove pop sounds
Audio Device - create /etc/modprobe.d/audio.conf
options snd_hda_intel power_save=0 power_save_controller=N
Disable ModemManager If you do not have a mobile broadband interface.
sudo systemctl disable ModemManager.service
sudo systemctl mask ModemManager.service
fwupd is a daemon allowing you to update some devices' firmware, including UEFI for several machines.
Remove fwupd from boot, newer hardware may want to leave this enabled for future updates...
sudo systemctl disable fwupd.service
sudo systemctl mask fwupd.service
GPU-Manager is software that creates a xorg.conf for you. So running this in every boot is just overkill. You only need to run this if you change your GPU.
sudo systemctl disable gpu-manager.service
sudo systemctl mask gpu-manager.service
Logical Volume Manager (LVM) is a device mapper framework that provides logical volume management.
Disable LVM
sudo systemctl disable lvm2-monitor.service
sudo systemctl mask lvm2-monitor.service
Disable Wait for Network online service, slows down boot
sudo systemctl disable NetworkManager-wait-online.service
sudo systemctl mask NetworkManager-wait-online.service
Disable plymouth boot spash, slows down boot; disable and mask
plymouth-halt.service
plymouth-kexec.service
plymouth-poweroff.service
plymouth-quit.service
plymouth-quit-wait.service
plymouth-read-write.service
plymouth-reboot.service
plymouth-start.service
plymouth-switch-root.service
plymouth-switch-root-initramfs.service
- journald logging
Change log retention and logging settings, check logs first for errors
/etc/systemd/journald.conf
MaxRetentionSec=3month
MaxFileSec=1month
MaxLevelStore=err
MaxLevelSyslog=err
MaxLevelKMsg=err
MaxLevelConsole=err
MaxLevelWall=emerg
50 boot-ups or 1 month, change devices for your system
sudo tune2fs -c 50 -i 1m /dev/nvme0n1p2
sudo tune2fs -c 50 -i 1m /dev/sdb1
pactl get-sink-volume @DEFAULT_SINK@
pactl set-sink-volume @DEFAULT_SINK@ 65536
Used for HTPC connected to HDTV, when switching monitor outputs
/etc/pipewire/pipewire-pulse.conf.d/switch-on-connect.conf (or ~/.config/pipewire/pipewire-pulse.conf.d/switch-on-connect.conf)
override for pipewire-pulse.conf file
pulse.cmd = [
{ cmd = "load-module" args = "module-always-sink" flags = [ ] }
{ cmd = "load-module" args = "module-switch-on-connect" }
]
/etc/pulse/daemon.conf
default-sample-format = float32le
default-sample-rate = 48000
alternate-sample-rate = 44100
default-sample-channels = 2
default-channel-map = front-left,front-right
default-fragments = 2
default-fragment-size-msec = 125
resample-method = soxr-vhq
avoid-resampling = yes
high-priority = yes
nice-level = -11
realtime-scheduling = yes
realtime-priority = 9
rlimit-rtprio = 9
daemonize = no
systemd-resolved provides a system-level DNS cache that can substantially improve performance for applications that do not cache their own DNS results. DNS queries and responses have traditionally been unencrypted, but more and more resolvers now support DNS over an encrypted TLS connection (DNS over TLS.) TLS can help ensure that no parties between the DNS server and the resolver can see or modify the DNS responses.
CTRL Blog
Linux Insider
Blog
Check Status
resolvectl status
Edit /etc/systemd/resolved.conf
Add, change DNS to your preferred DNS server
DNS=1.1.1.1
FallbackDNS=8.8.8.8
Domains=~.
DNSSEC=allow-downgrade
DNSOverTLS=yes
Cache=yes
Change Network Manager
/etc/NetworkManager/NetworkManager.conf
[main]
dns=systemd-resolved
Change network manager dns in gui to 127.0.0.53
if working just restart after changes to resolved.conf file
systemctl restart systemd-resolved.service
systemctl restart NetworkManager.service
if not running then
systemctl enable systemd-resolved.service
systemctl start systemd-resolved.service
Verify Status
resolvectl status
Some useful sites to verify internet security connection
No firewall needed as most of us are behind an ISP router that has a built in firewall
Test your connection
IP Leak Test
Cloudfare Test
Disable Qt Logging, add to /etc/environment or .bashrc
QT_LOGGING_RULES="*.debug=false;qt*.debug=false;qt5.debug=false;*.warning=false;*.critical=false;qt.qpa.xcb.xcberror.warning=false;qt.qpa.xcb.xcberror.error=false;qt.qpa.xcb.warning=false;qt.qpa.xcb.error=false;qt.qpa.xcb=false"
Allow xmlrequest for loading json files
Add to /etc/environment or .bashrc
QML_XHR_ALLOW_FILE_READ="1"
kdebugdialog5 - kde debugging settings
Remove extra fonts, check Noto Sans/Serif extra language fonts, unnecessary for most cases
Run this after, clean font cache
fc-cache -f -v
-
Replace grub, speeds up boot time, this is the future of Linux startup
-
A Unified Kernel Image (UKI) is a combination of a UEFI boot stub program, a Linux kernel image, an initramfs, and further resources in a single UEFI PE file (device tree, cpu µcode, splash screen, secure boot sig/key, ...). This file can either be directly invoked by the UEFI firmware or through a boot loader.
-
different script using kernel cmdline options
Create /etc/kernel/install.conf
layout=uki uki_generator=ukify BOOT_ROOT=/boot/efiCreate /etc/kernel/uki.conf
Cmdline=@/etc/kernel/cmdline OSRelease=@/etc/os-release Splash=/boot/bootSplash.bmpedit /etc/kernel/cmdline
Check /etc/default/grub for boot options of your system, add them here to cmdlinequiet mitigations=off raid=noautodetect nowatchdog preempt=voluntary threadirqs loglevel=3 rd.udev.log-priority=3 udev.log_priority=3 vt.global_cursor_default=0 plymouth.enable=0 disablehooks=plymouth ipv6.disable=1 systemd.show_status=no bgrt_disable zswap.enabled=0 systemd.zram=0 rw root=UUID=''- preempt=full A fully-preemptible kernel is most suitable for low-latency workloads - such as gaming, live-streaming, multimedia, etc.
- preempt=voluntary
- threadirqs - Improved interrupt handling, by distributing interrupts across multiple threads, the system can handle a higher volume of interrupts concurrently, potentially reducing latency and improving responsiveness.
- nowatchdog
sudo mkinitcpio -P