Optimizing Kubuntu 24.04 LTS

Some useful links for optimizing system performance
Arch
KDE
Ubuntu
Ubuntu Desktop optimization
Ubuntu system hardening guide for desktops and servers

My Setup - Dell Optiplex 7050 Intel Core 5-Skylake CPU OC’d to 3.6Ghz, Intel GPU, 16GB RAM, 500GB NVME-SSD, 4TB HDD, 10Mib Internet

Caution, some settings are specific for my system setup, trying to get every performance gain i can on this older PC.

USE At OWN RISK!

Pre Install Setup

Create partitions for each drive before the install process

EFI partition for UEFI Boot drive 512MB type fat32 /dev/nvme0n1p1
- More space for custom kernel testing
Root system partition remaining space type ext4 /dev/nvme0n1p2
Swap space file 16GB
Data drive 4TB hdd ext4 /dev/sdc1

Install as usual after creating partitions.
Reboot

Before making changes to your system run this, then again when finished
Check system log for errors or issues
free -m
sudo hdparm -t --direct /dev/nvme0n1p2
systemd-analyze critical-chain
systemd-analyze --user blame

System Tuning

fstab

The fstab file configures the mounted drives/partitions Obtain UUID for each drive/partiton on system.
ext4

lsblk -f

edit /etc/fstab

Root   UUID="" /               ext4    defaults,noatime,auto_da_alloc,inode_readahead_blks=64,errors=remount-ro   0 1
Data   UUID="" /home/Data      ext4    defaults,noatime,auto_da_alloc,inode_readahead_blks=64,errors=remount-ro   0 2
tmpfs         /tmp             tmpfs   defaults,rw,nosuid,nodev,size=50%,noatime,nr_inodes=10k,mode=1777 0 0
/swapfile     swap             swap    defaults,noatime   0 0

noatime - disable access time stamps
auto_da_alloc - If auto_da_alloc is enabled, ext4 will detect the replace via-rename and replace-via-truncate patterns and orce that any delayed allocation blocks are allocated such that at the next journal commit
inode_readahead_blks - This tuning parameter controls the maximum number of inode table blocks that ext4’s inode table adahead algorithm will pre-read into the buffer cache. The value must be a power of 2. The default value is 32 blocks

EXT4 options

Enable fast_commit journal option speed up FS writes

sudo tune2fs -O fast_commit /dev/nvme0n1p2
sudo tune2fs -O fast_commit /dev/sdc1

Verify

sudo tune2fs -l /dev/nvme0n1p2 | grep features

Grub options

/etc/default/grub

Turning off CPU exploit mitigations may improve performance.
```
mitigations=off loglevel=3
```
CPUFreqUtils Change CPU Governor and Frequencies

/etc/init.d/cpufrequtils
```
ENABLE="true"
GOVERNOR="performance"
MAX_SPEED="3600000"
MIN_SPEED="2000000"
```
Intel GPU
Intel
Arch
GitHub

i915 GPU settings edit /etc/modprobe.d/i915.conf

options i915 modeset=1 mitigations=off enable_fbc=0 enable_guc=2 enable_psr=0

Override the security mitigations default for the Intel graphics driver for perfromance gains
Disabling framebuffer compression (FBC) to prevent screen flicker with VT-d enabled.
GuC is designed to perform graphics workload scheduling on the various graphics parallel engines, (better.faster x264 decoding)
Panel Self Refresh (PSR), a power saving feature used by Intel iGPUs is known to cause flickering in some instances
Some usefull tools for Intel GPU’s
```
sudo apt install
intel-media-va-driver *(decode)
intel-media-va-driver-non-free *(encode)
firmware-misc-nonfree
intel-gpu-tools
```
Run sudo update-initramfs -u Verify changes after reboot sudo systool -m i915 -av

Sysctl Settings

Arch
Github
Ubuntu
sysAdmin

Some useful sysctl settings edit /etc/sysctl.conf

kernel.sysrq=0
fs.file-max = 209708
net.ipv4.tcp_fastopen=3
net.core.default_qdisc=cake
net.ipv4.tcp_congestion_control=bbr
net.ipv4.tcp_window_scaling = 1
vm.swappiness = 1
vm.vfs_cache_pressure=40
# vm.dirty_ratio = 30
# vm.dirty_background_ratio = 5
# speed up usb transfers, can't have both ratio or bytes, this will sync usb copy after ~ 64Mib transfers
# if possible format usb as exFAT instead of FAT32 better results/performance
vm.dirty_bytes = 134217728 # 1Gib
vm.dirty_background_bytes = 64108864 # 64Mib
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv4.ip_forward = 0
net.ipv4.tcp_mtu_probing = 1
net.ipv4.route.flush = 1
net.ipv6.route.flush = 1

Modprobe various driver settings

Disable power saving for audio device, remove pop sounds
Audio Device /etc/modprobe.d/audio.conf

options snd_hda_intel power_save=0 power_save_controller=N

GPU /etc/modprobe.d/i915.conf

options i915 modeset=1 mitigations=off enable_fbc=0 enable_psr=0 enable_guc=2

After creating these files run

sudo update-initramfs -u

This wil update boot image to include the changes.
Reboot.

Disable some uneeded system services

Remove plymouth boot splash screen

sudo apt purge plymouth && sudo apt autoremove
sudo rm -rf /usr/share/plymouth

Disable ModemManager If you do not have a mobile broadband interface.

sudo systemctl disable ModemManager.service
sudo systemctl mask ModemManager.service

fwupd is a daemon allowing you to update some devices’ firmware, including UEFI for several machines.
Remove fwupd from boot

sudo systemctl disable fwupd.service
sudo systemctl mask fwupd.service

GPU-Manager is software that creates a xorg.conf for you. So running this in every boot is just overkill. You only need to run this if you change your GPU.

sudo systemctl disable gpu-manager.service
sudo systemctl mask gpu-manager.service

Apt-daily-upgrade solves long boot up time with apt-daily-upgrade.

sudo systemctl disable apt-daily.service
sudo systemctl disable apt-daily.timer
sudo systemctl mask apt-daily.timer
sudo systemctl disable apt-daily-upgrade.timer
sudo systemctl disable apt-daily-upgrade.service
sudo systemctl mask apt-daily-upgrade.service

Logical Volume Manager (LVM) is a device mapper framework that provides logical volume management.
Disable LVM

sudo systemctl disable lvm2-monitor.service
sudo systemctl mask lvm2-monitor.service

Disable Wait for Network online service, slows down boot

sudo systemctl disable NetworkManager-wait-online.service
sudo systemctl mask NetworkManager-wait-online.service

Minimize logging

journald logging Change log retention and logging settings, check logs first for errors
/etc/systemd/journald.conf
```
MaxRetentionSec=3month
MaxFileSec=1month
MaxLevelStore=err
MaxLevelSyslog=err
MaxLevelKMsg=err
MaxLevelConsole=err
MaxLevelWall=emerg
```
Disable evbug logging

EVBUG is the driver for the Linux kernel input subsystem’s event debugging. Enabling the EVBUG driver (INPUT_EVBUG) will cause all input events to be logged to the system log… So all key presses, mouse movements, etc, will end up in the kernel log. That includes all key presses, so logging your passwords and other data to the kernel log. Practically a built-in kernel key logger. modprobe blacklist
Not sure why this enabled on kubuntu maybe they forgot to disable after testing…, safe to disable
```
/etc/modprobe.d/blacklist.conf
blacklist evbug
```
After creating these files run
```
sudo update-initramfs -u
```
This wil update boot image to include the changes.
Reboot.

Set fsck check interval

50 boot-ups or 1 month, change devices for your system
```
sudo tune2fs -c 50 -i 1m /dev/nvme0n1p2
sudo tune2fs -c 50 -i 1m /dev/sdb1
```
MultiMedia

Restricted Codecs

sudo apt install gstreamer1.0-libav gstreamer1.0-plugins-bad gstreamer1.0-plugins-ugly gstreamer1.0-vaapi libk3b-extracodecs lame libavcodec-extra libavcodec-extra60 intel-media-va-driver-non-free

To automatically switch audio device to newly connected devices, create this file:

Used for HTPC connected to HDTV, when switching monitor outputs

/etc/pipewire/pipewire-pulse.conf.d/switch-on-connect.conf (or ~/.config/pipewire/pipewire-pulse.conf.d/switch-on-connect.conf)

override for pipewire-pulse.conf file

pulse.cmd = [
  { cmd = "load-module" args = "module-always-sink" flags = [ ] }
  { cmd = "load-module" args = "module-switch-on-connect" }
]

Better Pulse Audio Settings

/etc/pulse/daemon.conf

default-sample-format = float32le
default-sample-rate = 48000
alternate-sample-rate = 44100
default-sample-channels = 2
default-channel-map = front-left,front-right
default-fragments = 2
default-fragment-size-msec = 125
resample-method = soxr-vhq
avoid-resampling = yes
high-priority = yes
nice-level = -11
realtime-scheduling = yes
realtime-priority = 9
rlimit-rtprio = 9
daemonize = no

Networking

systemd-resolved

systemd-resolved provides a system-level DNS cache that can substantially improve performance for applications that do not cache their own DNS results. DNS queries and responses have traditionally been unencrypted, but more and more resolvers now support DNS over an encrypted TLS connection (DNS over TLS.) TLS can help ensure that no parties between the DNS server and the resolver can see or modify the DNS responses.

CTRL Blog
Linux Insider
Blog
Check Status

resolvectl status

Edit /etc/systemd/resolved.conf
Add, change DNS to your preferred DNS server

DNS=1.1.1.1
DNSSEC=yes
DNSOverTLS=yes

Change Network Manager
/etc/NetworkManager/NetworkManager.conf

[main]
dns=systemd-resolved

if working just restart after changes to resolved.conf file

systemctl restart systemd-resolved.service
systemctl restart NetworkManager.service

if not running then

systemctl enable systemd-resolved.service
systemctl start systemd-resolved.service

Verify Status

resolvectl status

Some useful sites to verify internet security connection
Test your connection
IP Leak Test
Cloudfare Test

Optimize network MTU

The ping command will let you know if the packet was sent as more than one fragment with multiple header data attached.

ping -s 1472 -c1 espn.com

Retest changing packet size until 0% packet loss

NFS Shares

NFS
NFS shares on Ubuntu

 sudo apt install nfs-kernel-server

Create /etc/exports

/home/data/Movies/    192.168.1.0/24(ro,sync,no_subtree_check,no_root_squash,all_squash)

sudo exportfs -ra
sudo systemctl restart nfs-server

mount share

sudo mount -t nfs -o resvport,ro 192.168.1.101:/home/data/Movies/ /home/matt/Temp/
sudo showmount -e

For iOS NFS path 192.168.1.101:/home/data/Movies/

Remove snapd

snap list
sudo systemctl disable snapd.service
sudo systemctl disable snapd.socket
sudo systemctl disable snapd.seeded.service
sudo snap remove firefox
sudo snap remove snap-store
sudo snap remove gtk-common-themes
sudo snap remove gnome-3-38-2004
sudo snap remove core18
sudo snap remove snapd-desktop-integration
sudo rm -rf /var/cache/snapd/
sudo apt autoremove --purge snapd
rm -rf ~/snap

cat <<EOF | sudo tee /etc/apt/preferences.d/nosnap.pref
# This file forbids snapd from ever being installed by APT.

Package: snapd
Pin: release a=*
Pin-Priority: -10
EOF

KDE Plasma Fixes

kubuntu

Reduce systemd timeouts for desktop installations, the system will not “hang” for 90 seconds and longer from time to time when logging out, rebooting or shutting down.
Edit etc/systemd/system.conf.d/99-systemtimeout.conf
Change line
```
[Manager]
DefaultTimeoutStopSec=15s
```
Edit /etc/systemd/user.conf.d/99-usertimeout.conf
Change line
```
[Manager]
DefaultTimeoutStopSec=15s
```
Disable fast user switching

Edit /usr/share/kubuntu-default-settings/kf5-settings/kdeglobals

[KDE Action Restrictions]
switch_user=false
start_new_session=false

X11 setup for dual monitors
Run xrandr to get inuput id’s
Create /etc/X11/xorg.conf.d/10-monitor.conf

Section "Monitor"
  Identifier  "HDMI-3"
  Option      "Primary" "true"
  Option      "Enable"   "true"
  Option      "PreferredMode" "1920x1080x60.0"
  Option      "Broadcast RGB" "Full"
EndSection
Section "Monitor"
  Identifier  "HDMI-1"
  Option      "RightOf" "HDMI-3"
  Option      "Primary" "false"
  Option      "Disable"  "true"
  Option      "Enable"   "false"
  Option      "PreferredMode" "1920x1080x60.0"
  Option      "Broadcast RGB" "Full"
EndSection

This will allow SDDM to show login prompt focused on primary screen.
After creating this file run

sudo update-initramfs -u

WSL messes up Qt.openUrlExternally()
sudo mv /usr/share/applications/wslview.desktop /usr/share/applications/wslview.desktop.disabled MSFT is starting to mess with my linux desktop :(
Disable Qt Logging, add to /etc/environment or .bashrc

QT_LOGGING_RULES="*.debug=false;qt*.debug=false;qt5.debug=false;*.warning=false;*.critical=false;qt.qpa.xcb.xcberror.warning=false;qt.qpa.xcb.xcberror.error=false;qt.qpa.xcb.warning=false;qt.qpa.xcb.error=false;qt.qpa.xcb=false"

Allow xmlrequest for loading json files
Add to /etc/environment or .bashrc
QML_XHR_ALLOW_FILE_READ="1"
kdebugdialog5 - kde debugging settings
Remove extra fonts, check Noto Sans/Serif extra language fonts, unnecessary for most cases
Run this after, clean font cache
fc-cache -f -v

Reboot to apply changes

Install Firefox PPA

FireFox

Firefox Extensions

systemd-boot

Replace grub, speeds up boot time.
systemd-boot loader - grub replacement
systemd-boot
Custom scipt to update systemd-boot config files after kernel updates
post-kernel-script
different script using kernel cmdline options

Install systemd-boot loader
```
sudo apt install systemd-boot systemd-ukify
sudo bootctl install --path=/boot/efi
```
updates for Ubuntu 24.04:
install systemd-ukify - it has been added since

the zz-update-systemd-boot script is not needed add in /etc/kernel/install.conf

layout=uki
BOOT_ROOT=/boot/efi

edit /etc/kernel/cmdline
add

root=UUID=xxxyyy ro quiet preempt=voluntary threadirqs mitigations=off vt.handoff=7 loglevel=3 rd.udev.log-priority=3 udev.log_priority=3

threadirqs - Improved interrupt handling: By distributing interrupts across multiple threads, the system can handle a higher volume of interrupts concurrently, potentially reducing latency and improving responsiveness.
Root flags are same as grub options in /etc/default/grub
```
ROOTFLAGS="root=UUID=efc95b50-5747-*** ro quiet preempt=voluntary threadirqs loglevel=3 mitigations=off"
ROOTFLAGS1="root=UUID=efc95b50-5747-*** ro quiet mitigations=off 3"
```
After install and setup of systemd-boot run
```
sudo update-initramfs -u
```
Verify
sudo bootctl
Reboot
System should now be running at optimal performance and security

Some usefull tips i have collected over the years

Optimizing Kubuntu 24.04 LTS