From 1102c314ca78991b3a329a6f2bed24858770b904 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.de>
Date: Sun, 14 Aug 2022 21:33:07 +0200
Subject: [PATCH] Add info about potentially breaking quota

---
 README.md                  | 16 ++++++++--------
 etc/rc.local               |  2 +-
 etc/systemd/timesyncd.conf |  1 +
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index de6e61a..d5b15c2 100644
--- a/README.md
+++ b/README.md
@@ -90,7 +90,14 @@ To harden the system and hide pids from non-root users, also add the following:
 proc /proc proc defaults,hidepid=2 0 0
 ```
 
-As time syncronisation is important, you should configure ntp servers in `/etc/systemd/timesyncd.conf` and make them match with the entries in `/etc/rc.local` iptables configuration
+And add the `noatime,usrjquota=aquota.user,jqfmt=vfsv1` options to the `/home` mountpoint (if not a separate partition, the `/` mointpoint and `noatime`to `/`. Then initialize quota (replace `/home` with `/`, if you do not have a separate partition):
+```
+mount -o remount /home
+quotacheck -cMu /home
+quotaon /home
+```
+
+In some cases, you might get an error, that quota is not supported. This is usually the case in virtual environments. Make sure you have the full kernel installed, not one with a `-virtual` package. They usually are `linux-image-amd64`, `linux-image-arm64` or `linux-image-generic`, depending on your distribution. Also make sure, you are running a real virtual machine (e.g. KVM). Some providers sell containerized VPSes (e.g. OpenVZ), which means you don't run your own kernel...
 
 Enable the PHP-FPM default instances and nginx:
 ```
@@ -99,13 +106,6 @@ systemctl enable php8.0-fpm@default
 systemctl enable nginx
 ```
 
-Edit `/etc/fstab` and add the `noatime,usrjquota=aquota.user,jqfmt=vfsv1` option to the `/home` mountpoint and `noatime`to `/`. Then initialize quota:
-```
-mount -o remount /home
-quotacheck -cMu /home
-quotaon /home
-```
-
 Install sodium_compat for v3 hidden_service support
 ```
 cd /var/www && composer install
diff --git a/etc/rc.local b/etc/rc.local
index bc2ad9f..4f9067e 100755
--- a/etc/rc.local
+++ b/etc/rc.local
@@ -69,7 +69,7 @@ ip6tables -A OUTPUT -d $clearnet -j ACCEPT
 #accet IPv6 ICMP packages required for SLAAC
 ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
 ip6tables -A OUTPUT -p ipv6-icmp -j ACCEPT
-#allow querriying ntp servers (must mach /etc/systemd/timesyncd.conf
+#allow querriying ntp servers (must mach /etc/systemd/timesyncd.conf)
 for clearnet in 164.68.124.74 185.244.195.159 78.46.53.2 88.99.86.9; do(
 iptables -t nat -A OUTPUT -p udp --dport 123 -d $clearnet -j RETURN
 iptables -A OUTPUT -p udp --dport 123 -d $clearnet -j ACCEPT
diff --git a/etc/systemd/timesyncd.conf b/etc/systemd/timesyncd.conf
index a831917..5ccf118 100644
--- a/etc/systemd/timesyncd.conf
+++ b/etc/systemd/timesyncd.conf
@@ -12,6 +12,7 @@
 # See timesyncd.conf(5) for details.
 
 [Time]
+#These must mach with firewll config in /etc/systemd/timesyncd.conf
 Servers=164.68.124.74 185.244.195.159 78.46.53.2 88.99.86.9 2a02:c207:3004:9819::1 2a03:4000:27:602:d4cf:50ff:fedb:b65a 2a01:4f8:110:12d5::2 2a01:4f8:c17:b041::1
 #NTP=
 #FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org