Skip to main content
  1. n3tuk Documentation/

Bare Metal Server Configuration

··5 mins·
documentation bare-metal installation ansible arch-linux
Table of Contents
This document is currently just a placeholder; it has yet to be written.
Please wait for it to be updated.

Sub-Documents #

DocumentDescription
PartitionsA breakdown of the partitions layout for all bare metal machines.
Arch Linu InstallationA step-by-step guide for the initial configuration of Arch Linux on the server using commands in the live-boot environment, and Ansible

Initial Configuration #

UEFI Update #

Using a USB Flash Drive, take a copy of the latest UEFI Firmware release from Intel and copy the .cap file to the root of the flash drive, and plug it into the Intel NUC.

  1. Power on the Intel NUC and regularly press F7 until the UEFI (BIOS) Flash Update screen is shown.
  2. Using the arrow keys, select the USB Flash Drive from the menu and press return. The .cap file should now be shown, press return with the .cap file selected.
  3. Press enter on Yes to confirm that we wish to update the BIOS with the .cap file.
  4. The Intel NUC should now reboot and go through the firmware update. The screen may go dark for a while before a progress meter shows. The whole process should take about five minutes.

UEFI Settings #

There are a number of standard settings to be configured for the Intel NUC which should be done during initial setup, as it’s connected to a monitor, including things such as controlling fan speeds, power light brightness, and disabling secure boot for installation.

When entering the UEFI, check the Version at the top of the screen matches the version loaded. For example, with the AN0027.cap file, you should see ANRPL357.0027.{year}... as the version. If this is not the case, re-run the UEFI update above.

  1. Power on the Intel NUC and regularly press F2 until the UEFI Settings screen is shown.

  2. There are no changes to be made under Main, but move down and check the System Date and System Time values. If they are not correct, update them to be close to the current time, making it easier for NTP to set them later.

    The Date/Time should be based on UTC and not BST (if in the summer) as the system will apply the configured Timezone over the top of this.

  3. Move up and then right to select Advanced:

    1. For STORAGE:

      1. SATA Controllers is un-checked
      2. SMART Self Test is checked
      3. M.2 Slot 1 is checked
      4. HDD Activity LED is checked
      5. Enable VMD controller is un-checked

    2. For Onboard Devices:

      1. HD Audio is Disabled
      2. LAN is checked
      3. Thunderbolt Support is checked (this is needed for access to the monitors via the thunderbolt supports on the rear of the Intel NUC)
      4. WLAN is un-checked
      5. Bluetooth is un-checked
      6. Gaussian Mixture Modules is checked
      7. HDMI CEC Control is un-checked
      8. High Precision Event Timers is checked
      9. Bootup Numlock State is On
      10. Failsafe Watchdog is checked

    3. For USB:

      1. Portable Device Charging Mode is Off
      2. Front USB Charging Port to Enabled
      3. Front Type A Port to Enabled
      4. Rear Upper Type A Port and Rear Lower Type A Port to No Detect
      5. Internal USB Header Connection 1 and Internal USB Header Connection 2 to Disabled (Prevent access to the Operating System)
      6. USB via M.2 2242 Slot to Disabled
      7. Front Type A Port Power On/Off to Enabled
      8. Rear Upper Type A Port Power On/Off and Rear Lower Type A Port Power On/Off to Enabled
      9. Internal USB Header Connection 1 Power Power On/Off and Internal USB Header Connection 2 Port Power On/Off to Disabled
      10. USB via M.2 2242 Slot Power On/Off to Disabled

    4. For Video:

      1. IGD Minimum Memory to 64 MB
      2. IGD Aperture Size to 128 MB
      3. IGD Primary Video Port to Auto
      4. Screen Rotation Policy to Normal
      5. Display Emulation to No emulation
      6. Clear Software Control State to No

    5. For Add-in Config:

      1. There is nothing to set or change here.

    6. Auto RTC Reset to checked

    7. Force-enable power to 2242 m.2 slot to un-checked

    8. BIOS WU Support to un-checked (Windows Update Support is not required)

  4. Move up and then right to select Power, Performance and Cooling:

    1. External Ambient temperature Tolerance to 35oC

    2. For Secondary Power Settings:

      1. Button LED to Power State Indicator
      2. S0 Indicator Brightness to 25
      3. S0 Indicator Blinking Behavior to Breathing
      4. S0 Indicator Blinking Frequency (Hz) to 0.1 (every 10 seconds)
      5. S0 Indicator Color to Blue
      6. Modern Standby Brightness to 20
      7. Modern Standby Blinking Behavior to Solid
      8. Modern Standby Color to Amber
      9. Power Sense to checked
      10. After Power Failure to Power On
      11. Deep power saving mode (Pseudo G3) to un-checked (we need WOL)
      12. Wake on LAN from S4/S5 to Power On - Normal Boot
      13. Wake System from S5 to un-checked
      14. USB S4/S Power to un-checked (Do not provider power to USB ports in sleep)
      15. Wake from Thunderbolt Devices to un-checked
      16. PCIe ASPM Support to checked
      17. Native ACPI OS PCIe Support to checked

    3. Fan Mode to Balanced

    4. Fan Control Mode to Automatic Fan Control Mode

  5. Move up and then right to select Security:

    1. Press Enter on Supervisor Password and enter a password for Supervisor access to the UEFI Settings, ensuring that it is saved under personal/servers/{hostname}/uefi/supervisor for the Password Store. Press Enter on Ok.

    2. User Access Level to View Only

    3. For Security Features:

      1. Allow UEFI 3rd party driver loaded to un-checked
      2. Intel Virtualisation Technology to checked
      3. Intel VT for Directed I/O (VT-d) to checked
      4. Intel Platform Trust Technology to checked
      5. iSetupCfg Password Check to Enabled

  6. Move up and then right to select Boot:

    1. For Secure Boot:

      1. Secure Boot to Disabled
      2. Secure Boot Mode to Custom

    2. For Boot Priority:

      1. Fast Boot is un-checked
      2. Boot USB Devices First to un-checked
      3. Boot Network Devices Last to checked
      4. Unlimited Boot to Network Attempts to un-checked
      5. BIOS Setup Auto-Entry to un-checked
      6. Internal UEFI Shell to un-checked
      7. USB and Optical to checked (Optical needed where the USB image is based on a .iso format even though it’s not an actual optical drive)
      8. Network Boot to Disabled

    3. For Boot Display Configuration:

      1. BIOS Self Recovery to un-checked
      2. Suppress Alert Messages at Boot to un-checked
      3. POST Function Hotkeys Displayed to checked
      4. Display F2 to Enter Setup to checked
      5. Display F7 to Update BIOS to checked
      6. Display F10 to Enter Boot Menu to checked
      7. Display F12 for Network Boot to checked
      8. POST Logo to un-checked
      9. BIOS Self-Help to un-checked

  7. Press F10 to Save & Exit Setup. Press Enter on Ok.