labs/linux/setup/docs/fresh-install-checklist.md

# Fresh Install Checklist

## Before bootstrap

- Confirm Ubuntu 24.04 or newer and record the release and kernel.
- Apply firmware settings for virtualization, IOMMU, or Secure Boot as needed.
- Confirm console or out-of-band access before firewall work.
- Record interfaces, addresses, routes, DNS, storage, and intended mountpoints.
- Patch the base system and reboot if required.
- Decide whether the host needs Docker, libvirt, Cockpit, or NVIDIA support.
- Review application ports and VM networking before enabling UFW.
- Confirm backups exist for any pre-existing host configuration.

## Bootstrap

Start with the least capability required:

```bash
sudo ./install.sh --base --shell
```

Add reviewed platform profiles:

```bash
sudo ./install.sh --cockpit --docker --libvirt --nvidia-tools --tuning --security
```

Do not select `--enable-ufw` until remote access and application rules are
understood. Do not install an NVIDIA driver until hardware, kernel, Secure Boot,
and workload compatibility are known.

## Post-bootstrap evidence

- Review all installer warnings.
- Run `systemctl --failed`.
- Confirm expected services with `systemctl status`.
- Review `ss -tulpn`, `df -hT`, `ip -brief address`, and `ip route`.
- Confirm Docker with `docker version` and `docker compose version`.
- Confirm libvirt with `virsh list --all` and `virsh net-list --all`.
- Confirm GPU state with `lspci -nn | grep -i nvidia` and `nvidia-smi`.
- Reboot after driver installation and repeat the postcheck.

## Handover

Document host-specific storage, network, firewall, backup, application, GPU,
and VM decisions. Install the separate `ailab-maintenance` toolkit only after
reviewing its scheduled day-2 behavior.
Add Linux fresh setup toolkit 2026-06-06 00:23:11 +00:00			`# Fresh Install Checklist`

			`## Before bootstrap`

			`- Confirm Ubuntu 24.04 or newer and record the release and kernel.`
			`- Apply firmware settings for virtualization, IOMMU, or Secure Boot as needed.`
			`- Confirm console or out-of-band access before firewall work.`
			`- Record interfaces, addresses, routes, DNS, storage, and intended mountpoints.`
			`- Patch the base system and reboot if required.`
			`- Decide whether the host needs Docker, libvirt, Cockpit, or NVIDIA support.`
			`- Review application ports and VM networking before enabling UFW.`
			`- Confirm backups exist for any pre-existing host configuration.`

			`## Bootstrap`

			`Start with the least capability required:`

			```bash
			`sudo ./install.sh --base --shell`
			```

			`Add reviewed platform profiles:`

			```bash
			`sudo ./install.sh --cockpit --docker --libvirt --nvidia-tools --tuning --security`
			```

			Do not select `--enable-ufw` until remote access and application rules are
			`understood. Do not install an NVIDIA driver until hardware, kernel, Secure Boot,`
			`and workload compatibility are known.`

			`## Post-bootstrap evidence`

			`- Review all installer warnings.`
			- Run `systemctl --failed`.
			- Confirm expected services with `systemctl status`.
			- Review `ss -tulpn`, `df -hT`, `ip -brief address`, and `ip route`.
			- Confirm Docker with `docker version` and `docker compose version`.
			- Confirm libvirt with `virsh list --all` and `virsh net-list --all`.
			- Confirm GPU state with `lspci -nn \| grep -i nvidia` and `nvidia-smi`.
			`- Reboot after driver installation and repeat the postcheck.`

			`## Handover`

			`Document host-specific storage, network, firewall, backup, application, GPU,`
			and VM decisions. Install the separate `ailab-maintenance` toolkit only after
			`reviewing its scheduled day-2 behavior.`