{
"meta": {
"title": "Post-Install: System | ProxMenux Documentation",
"description": "System-level optimizations in the ProxMenux Customizable post-install script: journald and logrotate size limits, higher kernel and file-descriptor limits, balanced memory tuning, kexec for quick reboots, and kernel panic recovery."
},
"header": {
"title": "Post-Install: System",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "What this category covers",
"body": "Six independent, system-level optimizations. They tune journald and logrotate to stop logs from filling the disk, raise kernel and file-descriptor limits so applications with many open files don't hit ceilings, balance memory for a virtualization host, add kexec for \"reboots without the BIOS\", and configure automatic recovery on kernel panic. All six are tracked and reversible from the Uninstall menu."
},
"journald": {
"heading": "Optimize journald",
"intro": "Rewrites /etc/systemd/journald.conf with sane defaults so the systemd journal can't slowly eat your root partition, then restarts systemd-journald and vacuums existing logs.",
"keyTitle": "Key values",
"keyItems": [
"Storage=persistent — keep logs on disk across reboots.",
"SystemMaxUse=64M / RuntimeMaxUse=60M — hard caps on journal disk/memory usage.",
"Compress=yes, Seal=no — compress logs, skip forward-secure sealing (saves CPU).",
"MaxLevelStore=info — store info and above (required for ProxMenux Monitor's log viewer and for Fail2Ban to detect SSH/Proxmox auth failures from the journal).",
"Rate-limits: 1000 events / 30 s to prevent log flooding.",
"ForwardToSyslog=no, ForwardToWall=no — don't duplicate messages to syslog or broadcast to consoles."
],
"tipTitle": "Why MaxLevelStore=info matters",
"tipBody": "Using a stricter level like warning makes ProxMenux Monitor's log viewer show nearly identical entries across all date ranges (because most activity is info-level), and it prevents Fail2Ban from seeing failed logins. If you want less log volume, rely on the SystemMaxUse cap and RateLimitBurst instead of lowering the stored level."
},
"logrotate": {
"heading": "Optimize logrotate",
"intro": "Rewrites /etc/logrotate.conf with a tighter policy suitable for a host that's also part of an SSD-protecting Log2RAM setup: daily rotation, 7-day retention, 10 MB size trigger, compression, and copytruncate so active services keep writing without reopening their log files. Original logrotate.conf is backed up to .bak on first apply.",
"tipTitle": "Log2RAM-friendly",
"tipBody": "The size 10M trigger means logs rotate on size or daily, whichever comes first. Combined with Log2RAM's RAM-backed /var/log, this keeps the working set small so flushes to disk stay cheap."
},
"limits": {
"heading": "Increase various system limits",
"intro": "Raises a bunch of kernel, systemd and PAM limits that default to values too low for a host running many VMs, containers and networked services.",
"headerFile": "File",
"headerSets": "What it sets",
"rows": [
{
"file": "/etc/sysctl.d/99-maxwatches.conf",
"sets": "fs.inotify.max_user_watches / max_user_instances / max_queued_events = 1048576"
},
{
"file": "/etc/sysctl.d/99-maxkeys.conf",
"sets": "kernel.keys.maxkeys / root_maxkeys = 1000000"
},
{
"file": "/etc/sysctl.d/99-swap.conf",
"sets": "vm.swappiness = 10, vm.vfs_cache_pressure = 100"
},
{
"file": "/etc/sysctl.d/99-fs.conf",
"sets": "fs.nr_open / file-max = 2097152, fs.aio-max-nr = 1048576"
},
{
"file": "/etc/security/limits.d/99-limits.conf",
"sets": "nofile and nproc to 1,048,576 (unlimited for root)"
},
{
"file": "/etc/systemd/system.conf + user.conf",
"sets": "DefaultLimitNOFILE=1048576 for systemd services"
},
{
"file": "/etc/pam.d/common-session + runuser-l",
"sets": "session required pam_limits.so so the above apply to login shells"
},
{
"file": "/root/.profile",
"sets": "ulimit -n 1048576 for the root shell"
}
],
"tipTitle": "Why inotify matters",
"tipBody": "Applications like Docker, Syncthing, Node.js watchers, Plex's library scanner and many more hit max_user_watches quickly. Default on Debian is 8192 — a single running Plex can exhaust it. 1M is generous and costs ~1 KB of RAM per watch, which is negligible."
},
"memory": {
"heading": "Optimize memory settings",
"intro": "Writes a balanced sysctl profile to /etc/sysctl.d/99-memory.conf. Designed for a hypervisor host — prefers keeping VM working sets in RAM and frees pages proactively so allocation bursts don't stall.",
"warnTitle": "swappiness=10 on memory-tight hosts",
"warnBody": "On a host with 16 GB RAM running many VMs, lowering swappiness can push the kernel to OOM-kill processes instead of swapping. If you're routinely seeing OOM events, raise swappiness back to 30–60 in /etc/sysctl.d/99-memory.conf after the script runs."
},
"kexec": {
"heading": "Enable fast reboots (kexec)",
"intro": "Installs kexec-tools and wires it up so you can reboot the host straight into a new kernel without going through BIOS/UEFI firmware. On big servers where POST takes 45 – 90 seconds, this turns a reboot from a coffee break into a few seconds of downtime.",
"installsTitle": "What ProxMenux installs",
"installsItems": [
"Package kexec-tools (with debconf pre-answered so apt doesn't prompt during install).",
"Systemd unit /etc/systemd/system/kexec-pve.service — loads the Proxmox kernel and initrd into memory at boot, reusing the current cmdline.",
"An alias in /root/.bash_profile: reboot-quick → systemctl kexec."
],
"usageIntro": "Usage after the next reboot (or manual systemctl start kexec-pve):",
"warnTitle": "When not to use kexec",
"warnBody": "kexec skips firmware-level init. If you rely on BIOS/UEFI to reset hardware state — for example, a GPU doing passthrough that only resets cleanly on full POST, or a troublesome HBA firmware — kexec reboots may leave those devices in a half-initialized state. Use a normal reboot after kernel upgrades or when you need BIOS/UEFI changes to take effect. reboot-quick is for everyday restarts."
},
"panic": {
"heading": "Enable restart on kernel panic",
"intro": "Makes the kernel auto-reboot instead of sitting forever on a panic screen. Critical on headless/remote Proxmox hosts where a hung kernel means all your VMs are down until you can power-cycle the box.",
"tipTitle": "Pair this with remote console access",
"tipBody": "Auto-reboot is a recovery mechanism, not a debug tool. If you want to investigate a panic rather than just come back up, use the kexec option above with the kernel kdump support (not configured by ProxMenux) or capture a serial console to another host before enabling auto-reboot."
},
"verify": {
"heading": "Verification",
"intro": "After applying the System optimizations:",
"tipTitle": "Fully reversible",
"tipBody": "All six options are tracked in installed_tools.json, so they appear in Uninstall Optimizations if you want to back any of them out. Reverts restore the sysctl files' defaults, drop the systemd unit and alias for kexec, and reset journald/logrotate to stock Debian configs."
},
"related": {
"heading": "Related",
"items": [
{
"label": "Useful System Commands",
"href": "/docs/help-info/system-commands",
"tail": " — verify the changes (free -h, journalctl, ulimit -a)."
},
{
"label": "Performance",
"href": "/docs/post-install/performance",
"tail": " — additional system-level tuning (pigz)."
},
{
"label": "Uninstall Optimizations",
"href": "/docs/post-install/uninstall",
"tail": " — revert any of these changes."
},
{
"label": "Customizable Post-Install",
"href": "/docs/post-install/customizable",
"tail": " — back to the parent menu."
}
]
}
}