tonidy · August 9, 2025 23:45
diff --git a/trim-services.sh b/trim-services.sh
 #!/usr/bin/env bash
 set -euo pipefail

 # ===================== O P S I =====================
 PURGE_SNAPD=${PURGE_SNAPD:-true}           # purge snapd agar legah
 DISABLE_RSYSLOG=${DISABLE_RSYSLOG:-true}   # true: matikan & purge rsyslog → pakai journald saja
 DISABLE_POLKIT=${DISABLE_POLKIT:-true}     # true: matikan polkit (jarang perlu di server CLI)
 DISABLE_SERIAL_GETTY=${DISABLE_SERIAL_GETTY:-false} # true: matikan serial-getty@ttyS0 (opsional)
 DISABLE_MULTIPATH=${DISABLE_MULTIPATH:-true}        # true: matikan multipathd (umumnya tak perlu di VM sederhana)

 # Jurnal log ringan (volatile, batas memori kecil)
 JOURNAL_VOLATILE=${JOURNAL_VOLATILE:-true} # true: Storage=volatile (log hilang saat reboot)
 JOURNAL_RAM_CAP=${JOURNAL_RAM_CAP:-64M}    # batas size log di RAM

 # ===================== U T I L =====================
 log() { echo -e "[*] $*"; }
 ok()  { echo -e "[+] $*"; }
 warn(){ echo -e "[!] $*"; }

 require_root() { [[ $EUID -eq 0 ]] || { echo "Run as root."; exit 1; }; }
 mem() { free -h | awk 'NR<=2{print}'; }

 svc_exists() {
  systemctl list-unit-files --type=service | awk '{print $1}' | grep -qx "$1.service"
 }
 svc_disable_now() {
  local s="$1"
  if svc_exists "$s"; then
    systemctl stop  "$s" 2>/dev/null || true
    systemctl disable "$s" || true
    ok "$s disabled"
  else
    warn "$s not installed"
  fi
 }
 svc_mask_now() {
  local s="$1"
  if svc_exists "$s"; then
    systemctl stop "$s" 2>/dev/null || true
    systemctl disable "$s" || true
    systemctl mask "$s" || true
    ok "$s masked"
  else
    warn "$s not installed"
  fi
 }

 # ===================== M A I N =====================
 main() {
  require_root
  local stamp="$(date +%F_%H-%M-%S)"

  echo "=== Memory BEFORE ==="; mem
  log "Saving running services → /root/running-services-${stamp}.txt"
  systemctl list-units --type=service --state=running > "/root/running-services-${stamp}.txt"

  # --- Kandidat pasti aman untuk VM QEMU headless ---
  svc_disable_now ModemManager
  svc_disable_now udisks2
  svc_disable_now unattended-upgrades

  # snapd (berat)
  if dpkg -l | grep -q "^ii\s\+snapd"; then
    svc_disable_now snapd
    if [[ "$PURGE_SNAPD" == "true" ]]; then
      log "Purging snapd…"
      apt-get -y purge snapd || true
      rm -rf /snap /var/snap /var/lib/snapd 2>/dev/null || true
      ok "snapd purged"
    fi
  fi

  # polkit (jarang dibutuhkan di server tanpa GUI)
  if [[ "$DISABLE_POLKIT" == "true" ]]; then
    svc_disable_now polkit
  fi

  # multipathd (biasanya tidak perlu di VM QEMU tanpa SAN)
  if [[ "$DISABLE_MULTIPATH" == "true" ]]; then
    if svc_exists multipathd; then
      svc_mask_now multipathd
    fi
  fi

  # rsyslog → ganti ke journald saja (hemat RAM & I/O)
  if [[ "$DISABLE_RSYSLOG" == "true" ]]; then
    if dpkg -l | grep -q "^ii\s\+rsyslog"; then
      svc_disable_now rsyslog
      log "Purging rsyslog…"
      apt-get -y purge rsyslog || true
      ok "rsyslog purged, journald only"
    fi
  fi

  # optional: serial-getty (kalau tidak pakai konsol serial)
  if [[ "$DISABLE_SERIAL_GETTY" == "true" ]]; then
    if systemctl list-units | grep -q 'serial-getty@ttyS0'; then
      systemctl stop [email protected] || true
      systemctl disable [email protected] || true
      ok "serial-getty@ttyS0 disabled"
    fi
  fi

  # journald ringan
  if [[ "$JOURNAL_VOLATILE" == "true" ]]; then
    log "Configuring journald (volatile, cap ${JOURNAL_RAM_CAP})…"
    mkdir -p /etc/systemd/journald.conf.d
    cat >/etc/systemd/journald.conf.d/10-compact.conf <<EOF
 [Journal]
 Storage=volatile
 RuntimeMaxUse=${JOURNAL_RAM_CAP}
 SystemMaxUse=${JOURNAL_RAM_CAP}
 RateLimitIntervalSec=30s
 RateLimitBurst=1000
 EOF
    systemctl restart systemd-journald
    ok "journald tuned"
  fi

  # bersih & sync
  systemctl daemon-reload || true
  log "Dropping caches (pagecache dentries inodes)…"
  sync; echo 3 > /proc/sys/vm/drop_caches || true

  echo "=== Memory AFTER  ==="; mem

  # Undo helper
  cat >"/root/qemu-trim-UNDO-${stamp}.sh" <<'UNDO'
 #!/usr/bin/env bash
 set -euo pipefail
 systemctl unmask multipathd.service 2>/dev/null || true
 for s in ModemManager udisks2 unattended-upgrades snapd polkit rsyslog serial-getty@ttyS0; do
  systemctl enable --now "$s.service" 2>/dev/null || true
 done
 rm -f /etc/systemd/journald.conf.d/10-compact.conf
 systemctl restart systemd-journald || true
 echo "[+] Undo attempted. Some services may need reinstall (snapd/rsyslog)."
 UNDO
  chmod +x "/root/qemu-trim-UNDO-${stamp}.sh"
  ok "Undo script: /root/qemu-trim-UNDO-${stamp}.sh"

  echo -e "\nDone. Reboot ringan bisa menurunkan jejak RAM lebih jauh."
 }

 main "$@"
	#!/usr/bin/env bash
	set -euo pipefail

	# ===================== O P S I =====================
	PURGE_SNAPD=${PURGE_SNAPD:-true} # purge snapd agar legah
	DISABLE_RSYSLOG=${DISABLE_RSYSLOG:-true} # true: matikan & purge rsyslog → pakai journald saja
	DISABLE_POLKIT=${DISABLE_POLKIT:-true} # true: matikan polkit (jarang perlu di server CLI)
	DISABLE_SERIAL_GETTY=${DISABLE_SERIAL_GETTY:-false} # true: matikan serial-getty@ttyS0 (opsional)
	DISABLE_MULTIPATH=${DISABLE_MULTIPATH:-true} # true: matikan multipathd (umumnya tak perlu di VM sederhana)

	# Jurnal log ringan (volatile, batas memori kecil)
	JOURNAL_VOLATILE=${JOURNAL_VOLATILE:-true} # true: Storage=volatile (log hilang saat reboot)
	JOURNAL_RAM_CAP=${JOURNAL_RAM_CAP:-64M} # batas size log di RAM

	# ===================== U T I L =====================
	log() { echo -e "[] $"; }
	ok() { echo -e "[+] $*"; }
	warn(){ echo -e "[!] $*"; }

	require_root() { [[ $EUID -eq 0 ]] \|\| { echo "Run as root."; exit 1; }; }
	mem() { free -h \| awk 'NR<=2{print}'; }

	svc_exists() {
	systemctl list-unit-files --type=service \| awk '{print $1}' \| grep -qx "$1.service"
	}
	svc_disable_now() {
	local s="$1"
	if svc_exists "$s"; then
	systemctl stop "$s" 2>/dev/null \|\| true
	systemctl disable "$s" \|\| true
	ok "$s disabled"
	else
	warn "$s not installed"
	fi
	}
	svc_mask_now() {
	local s="$1"
	if svc_exists "$s"; then
	systemctl stop "$s" 2>/dev/null \|\| true
	systemctl disable "$s" \|\| true
	systemctl mask "$s" \|\| true
	ok "$s masked"
	else
	warn "$s not installed"
	fi
	}

	# ===================== M A I N =====================
	main() {
	require_root
	local stamp="$(date +%F_%H-%M-%S)"

	echo "=== Memory BEFORE ==="; mem
	log "Saving running services → /root/running-services-${stamp}.txt"
	systemctl list-units --type=service --state=running > "/root/running-services-${stamp}.txt"

	# --- Kandidat pasti aman untuk VM QEMU headless ---
	svc_disable_now ModemManager
	svc_disable_now udisks2
	svc_disable_now unattended-upgrades

	# snapd (berat)
	if dpkg -l \| grep -q "^ii\s\+snapd"; then
	svc_disable_now snapd
	if [[ "$PURGE_SNAPD" == "true" ]]; then
	log "Purging snapd…"
	apt-get -y purge snapd \|\| true
	rm -rf /snap /var/snap /var/lib/snapd 2>/dev/null \|\| true
	ok "snapd purged"
	fi
	fi

	# polkit (jarang dibutuhkan di server tanpa GUI)
	if [[ "$DISABLE_POLKIT" == "true" ]]; then
	svc_disable_now polkit
	fi

	# multipathd (biasanya tidak perlu di VM QEMU tanpa SAN)
	if [[ "$DISABLE_MULTIPATH" == "true" ]]; then
	if svc_exists multipathd; then
	svc_mask_now multipathd
	fi
	fi

	# rsyslog → ganti ke journald saja (hemat RAM & I/O)
	if [[ "$DISABLE_RSYSLOG" == "true" ]]; then
	if dpkg -l \| grep -q "^ii\s\+rsyslog"; then
	svc_disable_now rsyslog
	log "Purging rsyslog…"
	apt-get -y purge rsyslog \|\| true
	ok "rsyslog purged, journald only"
	fi
	fi

	# optional: serial-getty (kalau tidak pakai konsol serial)
	if [[ "$DISABLE_SERIAL_GETTY" == "true" ]]; then
	if systemctl list-units \| grep -q 'serial-getty@ttyS0'; then
	systemctl stop [email protected] \|\| true
	systemctl disable [email protected] \|\| true
	ok "serial-getty@ttyS0 disabled"
	fi
	fi

	# journald ringan
	if [[ "$JOURNAL_VOLATILE" == "true" ]]; then
	log "Configuring journald (volatile, cap ${JOURNAL_RAM_CAP})…"
	mkdir -p /etc/systemd/journald.conf.d
	cat >/etc/systemd/journald.conf.d/10-compact.conf <<EOF
	[Journal]
	Storage=volatile
	RuntimeMaxUse=${JOURNAL_RAM_CAP}
	SystemMaxUse=${JOURNAL_RAM_CAP}
	RateLimitIntervalSec=30s
	RateLimitBurst=1000
	EOF
	systemctl restart systemd-journald
	ok "journald tuned"
	fi

	# bersih & sync
	systemctl daemon-reload \|\| true
	log "Dropping caches (pagecache dentries inodes)…"
	sync; echo 3 > /proc/sys/vm/drop_caches \|\| true

	echo "=== Memory AFTER ==="; mem

	# Undo helper
	cat >"/root/qemu-trim-UNDO-${stamp}.sh" <<'UNDO'
	#!/usr/bin/env bash
	set -euo pipefail
	systemctl unmask multipathd.service 2>/dev/null \|\| true
	for s in ModemManager udisks2 unattended-upgrades snapd polkit rsyslog serial-getty@ttyS0; do
	systemctl enable --now "$s.service" 2>/dev/null \|\| true
	done
	rm -f /etc/systemd/journald.conf.d/10-compact.conf
	systemctl restart systemd-journald \|\| true
	echo "[+] Undo attempted. Some services may need reinstall (snapd/rsyslog)."
	UNDO
	chmod +x "/root/qemu-trim-UNDO-${stamp}.sh"
	ok "Undo script: /root/qemu-trim-UNDO-${stamp}.sh"

	echo -e "\nDone. Reboot ringan bisa menurunkan jejak RAM lebih jauh."
	}

	main "$@"